Description
Data management plays a significant role in an organizations ability to generate revenue, control costs and mitigate risks.
An Overview of
Data Management
Recognition of Contribution
The AICPA
®
gratefully recognizes the invaluable contribution and involvement from the
AICPA’s IMTA Executive Committee Data Management Task Force in the development
of this document.
IMTA EC — Data Management Task Force
John Barile, CPA, CITP
Ernst & Young, LLP
Doris Cantagallo, CPA, CITP
CGMA
Michael Garber, CPA, CITP
Garber Associates, Inc.
Steve Palomino, CPA, CITP
Ernst & Young, LLP
Dan Schroeder, CPA, CITP
Habif, Arogeti & Wynne, LLP
Donny Shimamoto, CPA, CITP, CGMA
IntrapriseTechKnowlogies LLC
Michael Smith, CPA, CITP
McGladrey & Pullen, LLP
Steve Ursillo Jr., CPA, CITP
Sparrow Johnson & Ursillo Inc.
AICPA Staff
Janis Parthun, CPA, CITP, CGMA
Senior Technical Manager, AICPA IMTA Division
1
Table of Contents
What is Data Management and Why is It Important? ............................... 3
How Does Data Management Compare to Information Management? . 3
What Are the Functions of Data Management? ...................................... 4
How Can an Organization Understand What
Data It Needs to Manage? .......................................................................... 5
How Does an Organization Know What Data Are Important? ................ 6
How Does an Organization Document Its Data? ..................................... 6
What is Data Governance? .......................................................................... 7
What Are the Functions of Data Governance? ........................................ 7
What Are the Principles of Data Governance? ........................................ 8
What AICPA Resources Are Available to
Guide a Data Management Initiative? ........................................................ 9
2
Data management plays a signi?cant role in an
organization’s ability to generate revenue, control
costs and mitigate risks. Successfully being able to
share, store, protect and retrieve the ever-increasing
amount of data can be the competitive advantage
needed to grow in today’s business environment.
Management of data generally focuses on the de?ning
of the data element, how it is structured, stored
and moved. Management of information is more
concerned with the security, accuracy, completeness
and timeliness of multiple pieces of data. These are all
concerns that accountants are trained to assess and
help manage for an organization.
Most organizations today are inundated with data,
the volume of which is increasing at an alarming rate.
It is vital, therefore, to determine which data are
most relevant and essential from an enterprise-wide
perspective. Identi?cation and classi?cation of the
enterprise’s critical data should be performed by a
team of senior-level representatives from each line of
business or department. These team members must
have knowledge of the relevant contributing business
systems and processes, and the requirements of their
respective stakeholders, systems and processes, and
the requirements of their respective stakeholders.
Primary data management functions include:
1. Data Governance
2. Data Architecture Management
3. Data Development
4. Database Operations Management
5. Data Security Management
6. Reference & Master Data Management
7. Data Warehousing & Business Intelligence
Management
8. Document & Content Management
9. Meta Data Management
10. Data Quality Management
Accountants can play a key role in enabling Data
Governance, and ensuring that it is aligned with an
organization’s overall corporate governance processes.
Data Governance principles include:
1. Integrity
2. Transparency
3. Auditability
4. Accountability
5. Stewardship
6. Checks-and-Balances
7. Standardization
8. Change Management
Accountants already are familiar with applying many of
the principles above to the ?nancial data that they work
with in a regular basis. Becoming involved in a data
management or data governance initiatives provides
the opportunity to apply these principles into other
parts of the organization.
This document provides an overview to help
accountants understand the potential value that data
management and data governance initiatives can
provide to their organizations, and the critical role that
accountants can play to help ensure these initiatives are
a success.
Executive Summary
3
1
The DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK), 1st Edition 2009, p.4
What is Data Management
and Why is It Important?
The de?nition provided by the Data Management Association (DAMA) is:
“Data management is the development, execution and supervision of plans,
policies, programs and practices that control, protect, deliver and enhance
the value of data and information assets.”
1
Data management plays a signi?cant role in an
organization’s ability to generate revenue, control costs
and mitigate risks. Successfully being able to share,
store, protect and retrieve the ever-increasing amount
of data can be the competitive advantage needed to
grow in today’s business environment.
Managing customer data results in improved customer
relationships, which ultimately drives revenues. While
expanded data storage requirements have increased
equipment investments; there also are many other
hidden costs associated with data management.
Some of these costs include power consumption,
cooling requirements, installation, cabling, backup
management and data recovery. Inherent within all
of these costs is the need for more time and space
leading to increases in payroll and occupancy expenses.
Lastly, but just as important, data management plays
a key role in helping an organization mitigate risks. For
example, establishing a formal data retention policy can
help decrease storage costs and reduce litigation risks.
How Does Data Management Compare
to Information Management?
Data are just facts. In IT processes, data are generally
represented as content in a ?eld. Data, for example, can
be the amount of money for a check, a bank balance or
an amount for an income statement or balance sheet
account. Data become information when they are
structured to provide context and meaning. Information
for a payment is the combination of the data for the
amount paid, date of the transaction, bank account
charge and the payee.
Management of data generally focuses on the de?ning
of the data element and how it is structured, stored
and moved. Management of information is more
concerned with the security, accuracy, completeness
and timeliness of multiple pieces of data. These are all
concerns that accountants are trained to assess and
help manage for an organization.
4
2
Ibid., pp.337-338
What Are the Functions of Data
Management?
Per DAMA, the following are 10 primary functions
related to a comprehensive data management
program
2
:
1
Data Governance: The exercise of authority,
control and shared decision-making (planning,
monitoring and enforcement) over the
management of data assets (See What is Data
Governance? on page 6 for more detail)
2
Data Architecture Management: The
development and maintenance of enterprise
data architecture within the context of all
enterprise architecture, and its connection with
the application system solutions and projects that
implement enterprise architecture
3
Data Development: The data-focused activities
within the system development lifecycle (SDLC),
including data modeling and data requirements
analysis, design, implementation and
maintenance of databases and data-related
solution components
4
Database Operations Management: Planning,
control and support for structured data assets
across the data lifecycle, from creation and
acquisition through archival and purge
5
Data Security Management: Planning,
implementation and control activities to ensure
privacy and con?dentiality and to prevent
unauthorized and inappropriate data access,
creation or change
6
Reference & Master Data Management: Planning,
implementation and control activities to ensure
consistency of contextual data values with a
“golden version” of these data values
7
Data Warehousing & Business Intelligence
Management: Planning, implementation and
control processes to provide decision support
data and support knowledge workers engaged
in reporting, query and analysis
8
Document & Content Management: Planning,
implementation and control activities to store,
protect and access data found within electronic
?les and physical records (including text,
graphics, image, audio and video)
9
Meta Data Management: Planning,
implementation and control activities to enable
easy access to high quality, integrated meta data
10
Data Quality Management: Planning,
implementation and control activities that apply
quality management techniques to measure,
assess, improve and ensure the ?tness of data
for use
While many of the above functions may appear to be
technical (i.e., needs to be done by the IT department),
note that all of the functions except Data Architecture
Management (No. 2) and Data Development (No. 3)
include a reference to the word control in their
description. Thus each of the areas involves assessment
of risk of the function and design of control points
to help manage the processes — all areas where an
accountant can help provide expertise.
5
How Can an Organization Understand
What Data It Needs to Manage?
Most organizations today are inundated with data,
the volume of which is increasing at an alarming
rate. It is vital, therefore, to determine which data are
most relevant and essential from an enterprise-wide
perspective. Yet, surprisingly few have performed a
data inventory or documented the locations where
their important data are stored.
Data exist in a variety of formats, and include
information found in business documents such as
contracts and invoices, customer data, employee
records, ?nancial data and intellectual property.
Some of this has been captured in an electronic
format and resides within an application data ?le on
a corporate network server. It may also be stored in a
spreadsheet or ?le on an employee’s desktop computer
or on a corporate laptop. Some data may only exist in
hard copy format stored in a ?le cabinet and accessed
infrequently.
6
How Does an Organization Know
What Data Are Important?
To help identify data that are vital to the enterprise,
consider the following questions. Additions or
modi?cations may be made as needed to meet an
organization’s circumstances due to relevant privacy
and security considerations.
Are the data used in performing a major
system-wide operation, role or responsibility?
Are the data relevant to the strategic planning needs
of the company?
Are the data needed for corporate decision making?
Are the data included in an of?cial
system-wide report?
Are the data required by regulatory authorities?
Are the data used to derive an element used in one
of the previous criteria?
Are the data disseminated internally only or made
available outside the organization?
Identi?cation and classi?cation of the enterprise’s
critical data should be performed by a team of
senior-level representatives from each line of business
or department. These team members must have
knowledge of the relevant contributing business
systems and processes, and the requirements of
their respective stakeholders.
Executive sponsorship also is important to ensure that
the effort aligns with the enterprise’s strategic business
plans and to demonstrate management’s recognition
of, and commitment to, the importance of this
undertaking. The project team should categorize
and prioritize data according to what is currently
most important to the organization.
How Does an Organization Document
Its Data?
It is important to organize the information gathered
about the organization’s data in documents that can
be easily updated and maintained, and that will aid in
making the data management information actionable.
Spreadsheets or tabular formats are frequently
utilized for this purpose. Suggested documentation
may include:
Data Requirements Matrix: Identi?es data and
reporting requirements by constituency
Data Category Analysis: Identi?es existing reports,
data sources and nature/usage
Report Matrix: Identi?es data elements, documents
computations or derived data, and network
paths/servers/?les or other locations where the
data is stored
As the information is gathered, it should be validated
against the organization’s business rules and policies.
Requirements should be prioritized, planned
future data identi?ed and any data inconsistencies
remediated. Software tools may be utilized to aid in
the data validation process. These deliverables will
be useful in designing comprehensive enterprise data
retention policies and procedures and in assessing
compliance with those policies.
7
What is Data Governance?
Accountants can play a key role in enabling Data
Governance, and ensuring that it is aligned with an
organization’s overall corporate governance processes.
DAMA de?nes Data Governance as: “The exercise
of authority, control and shared decision-making
(planning, monitoring and enforcement) over the
management of data assets. Data Governance
is high-level planning and control over data
management.”
3
The objectives of data governance
are to:
A. Enable better decision-making
B. Reduce operational friction
C. Protect the needs of data stakeholders
D. Train management and staff to adopt
common approaches to data issues
E. Build standard, repeatable processes
F. Reduce costs and increase effectiveness
through coordination of efforts
G. Ensure transparency of processes
According to the Data Governance Institute,
“Data Governance is a system of decision rights
and accountabilities for information-related processes,
executed according to agreed-upon models which
describe who can take what actions with what
information, and when, under what circumstances,
using what methods.”
4
Both de?nitions essentially focus on the
high-level process by which decisions related to
the management of data are made, and the use
of its associated information.
What Are the Functions of Data
Governance?
Under the DAMA model, Data Governance represents
two primary functions:
1. Data Management Planning
Identify Strategic Enterprise Data Needs
Develop & Maintain the Data Strategy
Establish the Data Management
Professional Organizations
Identify & Appoint Data Stewards
Establish Data Governance & Stewardship
Organizations
Develop, Review & Approve Data Policies,
Standards and Procedures
Review & Approve Data Architecture
Plan and Sponsor Data Management
Projects & Services
Estimate Data Asset Value & Associated
Data Management Costs
2. Data Management Supervision & Control
Supervise the Data Management Professional
Staff & Organizations
Coordinate Data Governance Activities
Manage & Resolve Data Related Issues
Monitor & Ensure Regulatory Compliance
Monitor Conformance with Data Policies,
Standards and Architecture
Oversee Data Management Projects & Services
Communicate & Promote the Value of Data Assets
Note that like Data Management functions, Data
3
The DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK), 1st Edition 2009, p.19
4
Data Governance Institute, datagovernance.com/adg_data_governance_de?nition.html
8
Governance functions are primarily non-technical in
nature and similar to the normal corporate governance
functions that many accountants are used to facilitating.
What Are the Principles of Data Governance?
The following principles are imbued in all successful
Data Governance and Stewardship programs,
processes and projects. They are the principles
that help stakeholders come together to resolve
the types of data-related con?icts that are inherent
in every organization.
5
1
Integrity: Data Governance participants will
practice integrity with their dealings with each
other; they will be truthful and forthcoming when
discussing drivers, constraints, options and
impacts for data-related decisions.
2
Transparency: Data Governance and Stewardship
processes will exhibit transparency; it should be
clear to all participants and auditors how and
when data-related decisions and controls were
introduced into the processes.
3
Auditability: Data-related decisions, processes,
and controls subject to Data Governance will
be auditable; they will be accompanied by
documentation to support compliance-based
and operational auditing requirements.
4
Accountability: Data Governance will de?ne
accountabilities for cross-functional data-related
decisions, processes and controls.
5
Stewardship: Data Governance will de?ne
accountabilities for stewardship activities
that are the responsibilities of individual
contributors, as well as accountabilities for
groups of Data Stewards.
6
Checks-and-Balances: Data Governance
will de?ne accountabilities in a manner that
introduces checks and balances between
business and technology teams as well as
between those who create/collect information,
those who manage it, those who use it,
and those who introduce standards and
compliance requirements.
7
Standardization: Data Governance will introduce
and support standardization of enterprise data.
8
Change Management: Data Governance
will support proactive and reactive Change
Management activities for reference data
values and the structure/use of master data
and metadata.
Accountants already are familiar with applying many
of the principles above to the ?nancial data that they
work with in a regular basis. Becoming involved in
a data management or data governance initiatives
provides the opportunity to apply these principles into
other parts of the organization.
5
Data Governance Institute,http://datagovernance.comdg_data_governance_goals.html
9
What AICPA Resources Are Available to
Guide a Data Management Initiative?
AICPA IMTA Section members have the following additional resources available:
Information: A Company’s Most Valuable, Yet Mismanaged Asset, Robert Green, CPA.CITP
and Scott Cooper, CMC, 2007 (article)
IMTA Governance — The Role of Internal Audit, Scott Kenny, CISA, CPA and Cheryl Strackeljahn, 12/9/2010
(archived webcast)
Ensuring Data Quality and Auditability in Business Reporting, Donny Shimamoto, CPA, CITP
and Rob Fisher, CPA, CITP, 9/29/2009 (archived webcast)
Closing the Privacy GAPP — Best Practices to Protect Your Data, Don Sheehy, CPA and Nancy Cohen, CPA, CITP,
3/23/2011 (archived webcast)
Archived webcasts are available for IMTA Section members on this page.
For more information about the AICPA IMTA Section membership, please visit aicpa.org/IMTA.
Copyright © 2013 American Institute of CPAs. All rights reserved.
12
888.777.7077 | [email protected] | aicpa.org/IMTA
1
2
9
8
5
-
3
7
8
doc_426412702.pdf
Data management plays a significant role in an organizations ability to generate revenue, control costs and mitigate risks.
An Overview of
Data Management
Recognition of Contribution
The AICPA
®
gratefully recognizes the invaluable contribution and involvement from the
AICPA’s IMTA Executive Committee Data Management Task Force in the development
of this document.
IMTA EC — Data Management Task Force
John Barile, CPA, CITP
Ernst & Young, LLP
Doris Cantagallo, CPA, CITP
CGMA
Michael Garber, CPA, CITP
Garber Associates, Inc.
Steve Palomino, CPA, CITP
Ernst & Young, LLP
Dan Schroeder, CPA, CITP
Habif, Arogeti & Wynne, LLP
Donny Shimamoto, CPA, CITP, CGMA
IntrapriseTechKnowlogies LLC
Michael Smith, CPA, CITP
McGladrey & Pullen, LLP
Steve Ursillo Jr., CPA, CITP
Sparrow Johnson & Ursillo Inc.
AICPA Staff
Janis Parthun, CPA, CITP, CGMA
Senior Technical Manager, AICPA IMTA Division
1
Table of Contents
What is Data Management and Why is It Important? ............................... 3
How Does Data Management Compare to Information Management? . 3
What Are the Functions of Data Management? ...................................... 4
How Can an Organization Understand What
Data It Needs to Manage? .......................................................................... 5
How Does an Organization Know What Data Are Important? ................ 6
How Does an Organization Document Its Data? ..................................... 6
What is Data Governance? .......................................................................... 7
What Are the Functions of Data Governance? ........................................ 7
What Are the Principles of Data Governance? ........................................ 8
What AICPA Resources Are Available to
Guide a Data Management Initiative? ........................................................ 9
2
Data management plays a signi?cant role in an
organization’s ability to generate revenue, control
costs and mitigate risks. Successfully being able to
share, store, protect and retrieve the ever-increasing
amount of data can be the competitive advantage
needed to grow in today’s business environment.
Management of data generally focuses on the de?ning
of the data element, how it is structured, stored
and moved. Management of information is more
concerned with the security, accuracy, completeness
and timeliness of multiple pieces of data. These are all
concerns that accountants are trained to assess and
help manage for an organization.
Most organizations today are inundated with data,
the volume of which is increasing at an alarming rate.
It is vital, therefore, to determine which data are
most relevant and essential from an enterprise-wide
perspective. Identi?cation and classi?cation of the
enterprise’s critical data should be performed by a
team of senior-level representatives from each line of
business or department. These team members must
have knowledge of the relevant contributing business
systems and processes, and the requirements of their
respective stakeholders, systems and processes, and
the requirements of their respective stakeholders.
Primary data management functions include:
1. Data Governance
2. Data Architecture Management
3. Data Development
4. Database Operations Management
5. Data Security Management
6. Reference & Master Data Management
7. Data Warehousing & Business Intelligence
Management
8. Document & Content Management
9. Meta Data Management
10. Data Quality Management
Accountants can play a key role in enabling Data
Governance, and ensuring that it is aligned with an
organization’s overall corporate governance processes.
Data Governance principles include:
1. Integrity
2. Transparency
3. Auditability
4. Accountability
5. Stewardship
6. Checks-and-Balances
7. Standardization
8. Change Management
Accountants already are familiar with applying many of
the principles above to the ?nancial data that they work
with in a regular basis. Becoming involved in a data
management or data governance initiatives provides
the opportunity to apply these principles into other
parts of the organization.
This document provides an overview to help
accountants understand the potential value that data
management and data governance initiatives can
provide to their organizations, and the critical role that
accountants can play to help ensure these initiatives are
a success.
Executive Summary
3
1
The DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK), 1st Edition 2009, p.4
What is Data Management
and Why is It Important?
The de?nition provided by the Data Management Association (DAMA) is:
“Data management is the development, execution and supervision of plans,
policies, programs and practices that control, protect, deliver and enhance
the value of data and information assets.”
1
Data management plays a signi?cant role in an
organization’s ability to generate revenue, control costs
and mitigate risks. Successfully being able to share,
store, protect and retrieve the ever-increasing amount
of data can be the competitive advantage needed to
grow in today’s business environment.
Managing customer data results in improved customer
relationships, which ultimately drives revenues. While
expanded data storage requirements have increased
equipment investments; there also are many other
hidden costs associated with data management.
Some of these costs include power consumption,
cooling requirements, installation, cabling, backup
management and data recovery. Inherent within all
of these costs is the need for more time and space
leading to increases in payroll and occupancy expenses.
Lastly, but just as important, data management plays
a key role in helping an organization mitigate risks. For
example, establishing a formal data retention policy can
help decrease storage costs and reduce litigation risks.
How Does Data Management Compare
to Information Management?
Data are just facts. In IT processes, data are generally
represented as content in a ?eld. Data, for example, can
be the amount of money for a check, a bank balance or
an amount for an income statement or balance sheet
account. Data become information when they are
structured to provide context and meaning. Information
for a payment is the combination of the data for the
amount paid, date of the transaction, bank account
charge and the payee.
Management of data generally focuses on the de?ning
of the data element and how it is structured, stored
and moved. Management of information is more
concerned with the security, accuracy, completeness
and timeliness of multiple pieces of data. These are all
concerns that accountants are trained to assess and
help manage for an organization.
4
2
Ibid., pp.337-338
What Are the Functions of Data
Management?
Per DAMA, the following are 10 primary functions
related to a comprehensive data management
program
2
:
1
Data Governance: The exercise of authority,
control and shared decision-making (planning,
monitoring and enforcement) over the
management of data assets (See What is Data
Governance? on page 6 for more detail)
2
Data Architecture Management: The
development and maintenance of enterprise
data architecture within the context of all
enterprise architecture, and its connection with
the application system solutions and projects that
implement enterprise architecture
3
Data Development: The data-focused activities
within the system development lifecycle (SDLC),
including data modeling and data requirements
analysis, design, implementation and
maintenance of databases and data-related
solution components
4
Database Operations Management: Planning,
control and support for structured data assets
across the data lifecycle, from creation and
acquisition through archival and purge
5
Data Security Management: Planning,
implementation and control activities to ensure
privacy and con?dentiality and to prevent
unauthorized and inappropriate data access,
creation or change
6
Reference & Master Data Management: Planning,
implementation and control activities to ensure
consistency of contextual data values with a
“golden version” of these data values
7
Data Warehousing & Business Intelligence
Management: Planning, implementation and
control processes to provide decision support
data and support knowledge workers engaged
in reporting, query and analysis
8
Document & Content Management: Planning,
implementation and control activities to store,
protect and access data found within electronic
?les and physical records (including text,
graphics, image, audio and video)
9
Meta Data Management: Planning,
implementation and control activities to enable
easy access to high quality, integrated meta data
10
Data Quality Management: Planning,
implementation and control activities that apply
quality management techniques to measure,
assess, improve and ensure the ?tness of data
for use
While many of the above functions may appear to be
technical (i.e., needs to be done by the IT department),
note that all of the functions except Data Architecture
Management (No. 2) and Data Development (No. 3)
include a reference to the word control in their
description. Thus each of the areas involves assessment
of risk of the function and design of control points
to help manage the processes — all areas where an
accountant can help provide expertise.
5
How Can an Organization Understand
What Data It Needs to Manage?
Most organizations today are inundated with data,
the volume of which is increasing at an alarming
rate. It is vital, therefore, to determine which data are
most relevant and essential from an enterprise-wide
perspective. Yet, surprisingly few have performed a
data inventory or documented the locations where
their important data are stored.
Data exist in a variety of formats, and include
information found in business documents such as
contracts and invoices, customer data, employee
records, ?nancial data and intellectual property.
Some of this has been captured in an electronic
format and resides within an application data ?le on
a corporate network server. It may also be stored in a
spreadsheet or ?le on an employee’s desktop computer
or on a corporate laptop. Some data may only exist in
hard copy format stored in a ?le cabinet and accessed
infrequently.
6
How Does an Organization Know
What Data Are Important?
To help identify data that are vital to the enterprise,
consider the following questions. Additions or
modi?cations may be made as needed to meet an
organization’s circumstances due to relevant privacy
and security considerations.
Are the data used in performing a major
system-wide operation, role or responsibility?
Are the data relevant to the strategic planning needs
of the company?
Are the data needed for corporate decision making?
Are the data included in an of?cial
system-wide report?
Are the data required by regulatory authorities?
Are the data used to derive an element used in one
of the previous criteria?
Are the data disseminated internally only or made
available outside the organization?
Identi?cation and classi?cation of the enterprise’s
critical data should be performed by a team of
senior-level representatives from each line of business
or department. These team members must have
knowledge of the relevant contributing business
systems and processes, and the requirements of
their respective stakeholders.
Executive sponsorship also is important to ensure that
the effort aligns with the enterprise’s strategic business
plans and to demonstrate management’s recognition
of, and commitment to, the importance of this
undertaking. The project team should categorize
and prioritize data according to what is currently
most important to the organization.
How Does an Organization Document
Its Data?
It is important to organize the information gathered
about the organization’s data in documents that can
be easily updated and maintained, and that will aid in
making the data management information actionable.
Spreadsheets or tabular formats are frequently
utilized for this purpose. Suggested documentation
may include:
Data Requirements Matrix: Identi?es data and
reporting requirements by constituency
Data Category Analysis: Identi?es existing reports,
data sources and nature/usage
Report Matrix: Identi?es data elements, documents
computations or derived data, and network
paths/servers/?les or other locations where the
data is stored
As the information is gathered, it should be validated
against the organization’s business rules and policies.
Requirements should be prioritized, planned
future data identi?ed and any data inconsistencies
remediated. Software tools may be utilized to aid in
the data validation process. These deliverables will
be useful in designing comprehensive enterprise data
retention policies and procedures and in assessing
compliance with those policies.
7
What is Data Governance?
Accountants can play a key role in enabling Data
Governance, and ensuring that it is aligned with an
organization’s overall corporate governance processes.
DAMA de?nes Data Governance as: “The exercise
of authority, control and shared decision-making
(planning, monitoring and enforcement) over the
management of data assets. Data Governance
is high-level planning and control over data
management.”
3
The objectives of data governance
are to:
A. Enable better decision-making
B. Reduce operational friction
C. Protect the needs of data stakeholders
D. Train management and staff to adopt
common approaches to data issues
E. Build standard, repeatable processes
F. Reduce costs and increase effectiveness
through coordination of efforts
G. Ensure transparency of processes
According to the Data Governance Institute,
“Data Governance is a system of decision rights
and accountabilities for information-related processes,
executed according to agreed-upon models which
describe who can take what actions with what
information, and when, under what circumstances,
using what methods.”
4
Both de?nitions essentially focus on the
high-level process by which decisions related to
the management of data are made, and the use
of its associated information.
What Are the Functions of Data
Governance?
Under the DAMA model, Data Governance represents
two primary functions:
1. Data Management Planning
Identify Strategic Enterprise Data Needs
Develop & Maintain the Data Strategy
Establish the Data Management
Professional Organizations
Identify & Appoint Data Stewards
Establish Data Governance & Stewardship
Organizations
Develop, Review & Approve Data Policies,
Standards and Procedures
Review & Approve Data Architecture
Plan and Sponsor Data Management
Projects & Services
Estimate Data Asset Value & Associated
Data Management Costs
2. Data Management Supervision & Control
Supervise the Data Management Professional
Staff & Organizations
Coordinate Data Governance Activities
Manage & Resolve Data Related Issues
Monitor & Ensure Regulatory Compliance
Monitor Conformance with Data Policies,
Standards and Architecture
Oversee Data Management Projects & Services
Communicate & Promote the Value of Data Assets
Note that like Data Management functions, Data
3
The DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK), 1st Edition 2009, p.19
4
Data Governance Institute, datagovernance.com/adg_data_governance_de?nition.html
8
Governance functions are primarily non-technical in
nature and similar to the normal corporate governance
functions that many accountants are used to facilitating.
What Are the Principles of Data Governance?
The following principles are imbued in all successful
Data Governance and Stewardship programs,
processes and projects. They are the principles
that help stakeholders come together to resolve
the types of data-related con?icts that are inherent
in every organization.
5
1
Integrity: Data Governance participants will
practice integrity with their dealings with each
other; they will be truthful and forthcoming when
discussing drivers, constraints, options and
impacts for data-related decisions.
2
Transparency: Data Governance and Stewardship
processes will exhibit transparency; it should be
clear to all participants and auditors how and
when data-related decisions and controls were
introduced into the processes.
3
Auditability: Data-related decisions, processes,
and controls subject to Data Governance will
be auditable; they will be accompanied by
documentation to support compliance-based
and operational auditing requirements.
4
Accountability: Data Governance will de?ne
accountabilities for cross-functional data-related
decisions, processes and controls.
5
Stewardship: Data Governance will de?ne
accountabilities for stewardship activities
that are the responsibilities of individual
contributors, as well as accountabilities for
groups of Data Stewards.
6
Checks-and-Balances: Data Governance
will de?ne accountabilities in a manner that
introduces checks and balances between
business and technology teams as well as
between those who create/collect information,
those who manage it, those who use it,
and those who introduce standards and
compliance requirements.
7
Standardization: Data Governance will introduce
and support standardization of enterprise data.
8
Change Management: Data Governance
will support proactive and reactive Change
Management activities for reference data
values and the structure/use of master data
and metadata.
Accountants already are familiar with applying many
of the principles above to the ?nancial data that they
work with in a regular basis. Becoming involved in
a data management or data governance initiatives
provides the opportunity to apply these principles into
other parts of the organization.
5
Data Governance Institute,http://datagovernance.comdg_data_governance_goals.html
9
What AICPA Resources Are Available to
Guide a Data Management Initiative?
AICPA IMTA Section members have the following additional resources available:
Information: A Company’s Most Valuable, Yet Mismanaged Asset, Robert Green, CPA.CITP
and Scott Cooper, CMC, 2007 (article)
IMTA Governance — The Role of Internal Audit, Scott Kenny, CISA, CPA and Cheryl Strackeljahn, 12/9/2010
(archived webcast)
Ensuring Data Quality and Auditability in Business Reporting, Donny Shimamoto, CPA, CITP
and Rob Fisher, CPA, CITP, 9/29/2009 (archived webcast)
Closing the Privacy GAPP — Best Practices to Protect Your Data, Don Sheehy, CPA and Nancy Cohen, CPA, CITP,
3/23/2011 (archived webcast)
Archived webcasts are available for IMTA Section members on this page.
For more information about the AICPA IMTA Section membership, please visit aicpa.org/IMTA.
Copyright © 2013 American Institute of CPAs. All rights reserved.
12
888.777.7077 | [email protected] | aicpa.org/IMTA
1
2
9
8
5
-
3
7
8
doc_426412702.pdf