Transcription
An Overview ofData Management
Recognition of ContributionThe AICPA gratefully recognizes the invaluable contribution and involvement from theAICPA’s IMTA Executive Committee Data Management Task Force in the developmentof this document.IMTA EC — Data Management Task ForceJohn Barile, CPA, CITPErnst & Young, LLPDoris Cantagallo, CPA, CITPCGMAMichael Garber, CPA, CITPGarber Associates, Inc.Steve Palomino, CPA, CITPErnst & Young, LLPDan Schroeder, CPA, CITPHabif, Arogeti & Wynne, LLPDonny Shimamoto, CPA, CITP, CGMAIntrapriseTechKnowlogies LLCMichael Smith, CPA, CITPMcGladrey & Pullen, LLPSteve Ursillo Jr., CPA, CITPSparrow Johnson & Ursillo Inc.AICPA StaffJanis Parthun, CPA, CITP, CGMASenior Technical Manager, AICPA IMTA Division
Table of ContentsWhat is Data Management and Why is It Important?. 3How Does Data Management Compare to Information Management?. 3What Are the Functions of Data Management?. 4How Can an Organization Understand WhatData It Needs to Manage?. 5How Does an Organization Know What Data Are Important?. 6How Does an Organization Document Its Data?. 6What is Data Governance?. 7What Are the Functions of Data Governance?. 7What Are the Principles of Data Governance?. 8What AICPA Resources Are Available toGuide a Data Management Initiative?. 91
Executive SummaryData management plays a significant role in anorganization’s ability to generate revenue, controlcosts and mitigate risks. Successfully being able toshare, store, protect and retrieve the ever-increasingamount of data can be the competitive advantageneeded to grow in today’s business environment.Management of data generally focuses on the definingof the data element, how it is structured, storedand moved. Management of information is moreconcerned with the security, accuracy, completenessand timeliness of multiple pieces of data. These are allconcerns that accountants are trained to assess andhelp manage for an organization.Most organizations today are inundated with data,the volume of which is increasing at an alarming rate.It is vital, therefore, to determine which data aremost relevant and essential from an enterprise-wideperspective. Identification and classification of theenterprise’s critical data should be performed by ateam of senior-level representatives from each line ofbusiness or department. These team members musthave knowledge of the relevant contributing businesssystems and processes, and the requirements of theirrespective stakeholders, systems and processes, andthe requirements of their respective stakeholders.Primary data management functions include:1. Data Governance2. Data Architecture Management3. Data Development4. Database Operations Management5. Data Security Management6. Reference & Master Data Management7. Data Warehousing & Business IntelligenceManagement8. Document & Content Management9. Meta Data Management10. Data Quality Management2Accountants can play a key role in enabling DataGovernance, and ensuring that it is aligned with anorganization’s overall corporate governance processes.Data Governance principles include:1. Integrity2. Transparency3. Auditability4. Accountability5. Stewardship6. Checks-and-Balances7. Standardization8. Change ManagementAccountants already are familiar with applying many ofthe principles above to the financial data that they workwith in a regular basis. Becoming involved in a datamanagement or data governance initiatives providesthe opportunity to apply these principles into otherparts of the organization.This document provides an overview to helpaccountants understand the potential value that datamanagement and data governance initiatives canprovide to their organizations, and the critical role thataccountants can play to help ensure these initiatives area success.
What is Data Managementand Why is It Important?The definition provided by the Data Management Association (DAMA) is:“Data management is the development, execution and supervision of plans,policies, programs and practices that control, protect, deliver and enhancethe value of data and information assets.”1Data management plays a significant role in anorganization’s ability to generate revenue, control costsand mitigate risks. Successfully being able to share,store, protect and retrieve the ever-increasing amountof data can be the competitive advantage needed togrow in today’s business environment.Managing customer data results in improved customerrelationships, which ultimately drives revenues. Whileexpanded data storage requirements have increasedequipment investments; there also are many otherhidden costs associated with data management.Some of these costs include power consumption,cooling requirements, installation, cabling, backupmanagement and data recovery. Inherent within allof these costs is the need for more time and spaceleading to increases in payroll and occupancy expenses.Lastly, but just as important, data management playsa key role in helping an organization mitigate risks. Forexample, establishing a formal data retention policy canhelp decrease storage costs and reduce litigation risks.1How Does Data Management Compareto Information Management?Data are just facts. In IT processes, data are generallyrepresented as content in a field. Data, for example, canbe the amount of money for a check, a bank balance oran amount for an income statement or balance sheetaccount. Data become information when they arestructured to provide context and meaning. Informationfor a payment is the combination of the data for theamount paid, date of the transaction, bank accountcharge and the payee.Management of data generally focuses on the definingof the data element and how it is structured, storedand moved. Management of information is moreconcerned with the security, accuracy, completenessand timeliness of multiple pieces of data. These are allconcerns that accountants are trained to assess andhelp manage for an organization. The DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK), 1st Edition 2009, p.43
What Are the Functions of DataManagement?6 Reference & Master Data Management: Planning,implementation and control activities to ensureconsistency of contextual data values with a“golden version” of these data values7 Data Warehousing & Business IntelligenceManagement: Planning, implementation andcontrol processes to provide decision supportdata and support knowledge workers engagedin reporting, query and analysis8 Document & Content Management: Planning,implementation and control activities to store,protect and access data found within electronicfiles and physical records (including text,graphics, image, audio and video)9 Meta Data Management: Planning,implementation and control activities to enableeasy access to high quality, integrated meta data10 Data Quality Management: Planning,implementation and control activities that applyquality management techniques to measure,assess, improve and ensure the fitness of datafor usePer DAMA, the following are 10 primary functionsrelated to a comprehensive data managementprogram2:1234524 Data Governance: The exercise of authority,control and shared decision-making (planning,monitoring and enforcement) over themanagement of data assets (See What is DataGovernance? on page 6 for more detail) Data Architecture Management: Thedevelopment and maintenance of enterprisedata architecture within the context of allenterprise architecture, and its connection withthe application system solutions and projects thatimplement enterprise architecture Data Development: The data-focused activitieswithin the system development lifecycle (SDLC),including data modeling and data requirementsanalysis, design, implementation andmaintenance of databases and data-relatedsolution components Database Operations Management: Planning,control and support for structured data assetsacross the data lifecycle, from creation andacquisition through archival and purge Data Security Management: Planning,implementation and control activities to ensureprivacy and confidentiality and to preventunauthorized and inappropriate data access,creation or change Ibid., pp.337-338While many of the above functions may appear to betechnical (i.e., needs to be done by the IT department),note that all of the functions except Data ArchitectureManagement (No. 2) and Data Development (No. 3)include a reference to the word control in theirdescription. Thus each of the areas involves assessmentof risk of the function and design of control pointsto help manage the processes — all areas where anaccountant can help provide expertise.
How Can an Organization UnderstandWhat Data It Needs to Manage?Most organizations today are inundated with data,the volume of which is increasing at an alarmingrate. It is vital, therefore, to determine which data aremost relevant and essential from an enterprise-wideperspective. Yet, surprisingly few have performed adata inventory or documented the locations wheretheir important data are stored.Some of this has been captured in an electronicformat and resides within an application data file ona corporate network server. It may also be stored in aspreadsheet or file on an employee’s desktop computeror on a corporate laptop. Some data may only exist inhard copy format stored in a file cabinet and accessedinfrequently.Data exist in a variety of formats, and includeinformation found in business documents such ascontracts and invoices, customer data, employeerecords, financial data and intellectual property.5
How Does an Organization KnowWhat Data Are Important?How Does an Organization DocumentIts Data?To help identify data that are vital to the enterprise,consider the following questions. Additions ormodifications may be made as needed to meet anorganization’s circumstances due to relevant privacyand security considerations.It is important to organize the information gatheredabout the organization’s data in documents that canbe easily updated and maintained, and that will aid inmaking the data management information actionable. Are the data used in performing a majorsystem-wide operation, role or responsibility? Are the data relevant to the strategic planning needsof the company? Data Requirements Matrix: Identifies data andreporting requirements by constituency Are the data needed for corporate decision making? Data Category Analysis: Identifies existing reports,data sources and nature/usage Are the data included in an officialsystem-wide report? Are the data required by regulatory authorities? Are the data used to derive an element used in oneof the previous criteria? Are the data disseminated internally only or madeavailable outside the organization?Identification and classification of the enterprise’scritical data should be performed by a team ofsenior-level representatives from each line of businessor department. These team members must haveknowledge of the relevant contributing businesssystems and processes, and the requirements oftheir respective stakeholders.Executive sponsorship also is important to ensure thatthe effort aligns with the enterprise’s strategic businessplans and to demonstrate management’s recognitionof, and commitment to, the importance of thisundertaking. The project team should categorizeand prioritize data according to what is currentlymost important to the organization.6Spreadsheets or tabular formats are frequentlyutilized for this purpose. Suggested documentationmay include: Report Matrix: Identifies data elements, documentscomputations or derived data, and networkpaths/servers/files or other locations where thedata is storedAs the information is gathered, it should be validatedagainst the organization’s business rules and policies.Requirements should be prioritized, plannedfuture data identified and any data inconsistenciesremediated. Software tools may be utilized to aid inthe data validation process. These deliverables willbe useful in designing comprehensive enterprise dataretention policies and procedures and in assessingcompliance with those policies.
What is Data Governance?Accountants can play a key role in enabling DataGovernance, and ensuring that it is aligned with anorganization’s overall corporate governance processes.DAMA defines Data Governance as: “The exerciseof authority, control and shared decision-making(planning, monitoring and enforcement) over themanagement of data assets. Data Governanceis high-level planning and control over datamanagement.”3 The objectives of data governanceare to:What Are the Functions of DataGovernance?Under the DAMA model, Data Governance representstwo primary functions:1. Data Management Planning Identify Strategic Enterprise Data Needs Develop & Maintain the Data Strategy Establish the Data ManagementProfessional OrganizationsA. Enable better decision-making Identify & Appoint Data StewardsB. Reduce operational friction Establish Data Governance & StewardshipOrganizationsC. Protect the needs of data stakeholdersD. Train management and staff to adoptcommon approaches to data issuesE. Build standard, repeatable processesF. Reduce costs and increase effectivenessthrough coordination of effortsG. Ensure transparency of processesAccording to the Data Governance Institute,“Data Governance is a system of decision rightsand accountabilities for information-related processes,executed according to agreed-upon models whichdescribe who can take what actions with whatinformation, and when, under what circumstances,using what methods.”4Both definitions essentially focus on thehigh-level process by which decisions related tothe management of data are made, and the useof its associated information. Develop, Review & Approve Data Policies,Standards and Procedures Review & Approve Data Architecture Plan and Sponsor Data ManagementProjects & Services Estimate Data Asset Value & AssociatedData Management Costs2. Data Management Supervision & Control Supervise the Data Management ProfessionalStaff & Organizations Coordinate Data Governance Activities Manage & Resolve Data Related Issues Monitor & Ensure Regulatory Compliance Monitor Conformance with Data Policies,Standards and Architecture Oversee Data Management Projects & Services Communicate & Promote the Value of Data AssetsNote that like Data Management functions, Data3 The DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK), 1st Edition 2009, p.194 Data Governance Institute, datagovernance.com/adg data governance definition.html7
Governance functions are primarily non-technical innature and similar to the normal corporate governancefunctions that many accountants are used to facilitating.6 Checks-and-Balances: Data Governancewill define accountabilities in a manner thatintroduces checks and balances betweenbusiness and technology teams as well asbetween those who create/collect information,those who manage it, those who use it,and those who introduce standards andcompliance requirements.7 Standardization: Data Governance will introduceand support standardization of enterprise data.8 Change Management: Data Governancewill support proactive and reactive ChangeManagement activities for reference datavalues and the structure/use of master dataand metadata.What Are the Principles of Data Governance?The following principles are imbued in all successfulData Governance and Stewardship programs,processes and projects. They are the principlesthat help stakeholders come together to resolvethe types of data-related conflicts that are inherentin every organization.5581 Integrity: Data Governance participants willpractice integrity with their dealings with eachother; they will be truthful and forthcoming whendiscussing drivers, constraints, options andimpacts for data-related decisions.2 Transparency: Data Governance and Stewardshipprocesses will exhibit transparency; it should beclear to all participants and auditors how andwhen data-related decisions and controls wereintroduced into the processes.3 Auditability: Data-related decisions, processes,and controls subject to Data Governance willbe auditable; they will be accompanied bydocumentation to support compliance-basedand operational auditing requirements.4 Accountability: Data Governance will defineaccountabilities for cross-functional data-relateddecisions, processes and controls.5 Stewardship: Data Governance will defineaccountabilities for stewardship activitiesthat are the responsibilities of individualcontributors, as well as accountabilities forgroups of Data Stewards.Accountants already are familiar with applying manyof the principles above to the financial data that theywork with in a regular basis. Becoming involved ina data management or data governance initiativesprovides the opportunity to apply these principles intoother parts of the organization. Data Governance Institute, http://datagovernance.comdg data governance goals.html
What AICPA Resources Are Available toGuide a Data Management Initiative?AICPA IMTA Section members have the following additional resources available: Information: A Company’s Most Valuable, Yet Mismanaged Asset, Robert Green, CPA.CITPand Scott Cooper, CMC, 2007 (article) IMTA Governance — The Role of Internal Audit, Scott Kenny, CISA, CPA and Cheryl Strackeljahn, 12/9/2010(archived webcast) Ensuring Data Quality and Auditability in Business Reporting, Donny Shimamoto, CPA, CITPand Rob Fisher, CPA, CITP, 9/29/2009 (archived webcast) Closing the Privacy GAPP — Best Practices to Protect Your Data, Don Sheehy, CPA and Nancy Cohen, CPA, CITP,3/23/2011 (archived webcast)Archived webcasts are available for IMTA Section members on this page.For more information about the AICPA IMTA Section membership, please visit aicpa.org/IMTA.9
Copyright 2013 American Institute of CPAs. All rights reserved.
12985-378888.777.7077 imta@aicpa.org aicpa.org/IMTA12
2 Data Architecture Management: The development and maintenance of enterprise data architecture within the context of all enterprise architecture, and its connection with the application system solutions and projects that implement enterprise architecture
