data resource management controls
TRANSCRIPT
Data Resource Management
Chapter 6
Motivation toward the DA and DBA Roles
Many organizations now recognize a that data is a critical resource that must be managed properly.
Accordingly, they attempt to subject it to centralized planning and control.
Four Fundamental Objectives
For data to be managed better, four objectives must be achieved: Sharability Users must be able to share data Availability Data must be available to users
when it is needed, in the location where it is needed and in the form in which it is needed
Evolvability It must be possible to modify the data fairly easily in the light of changing user requirements and
Integrity The integrity of data must be preserved
Figure 6-1 The Chain of Events Produced By The Sharability Objective
Resource Sharing
User Conflict
Need formediation
Intervention by the data/database administrator
Compromise
Database Management SystemsClient Server SystemsData WarehousingData MiningInternet AccessTransaction ServersElectronic CommerceKnowledge Management Enterprise Information Portals
Data Standards
Solutions
Technical solutions are provided by database management systems and data repository systems. These systems allow organizations to define, establish, maintain and protect the integrity of shared databases.
Administrative solutions have come in the form of the data administration and database administration roles. The data administrator handles administrative and policy matters. The database administrator handles technical matters.
Functions of the DA and DBA
Defining, creating, redefining and retiring data
Making the database, available to users
Informing and servicing usersMaintaining database integrityMonitoring operations
Auditor’s Concerns
Auditors need a good understanding of the DA and DBA roles.
If the incumbents do not perform these roles effectively, the quality of the database environment can be seriously undermined.
The incumbents can also provide auditors with important information they to know about control strengths and weaknesses and the means by which they can access the database for evidence collection and evaluation purposes.
Table 6-1 Data/Database Administrative Responsibilities
Important summary of functions and roles of DA and DBA
Defining data / creating data / redefining data / Retiring data
Informing and servicing usersMaintaining data integrityMonitoring operations
Defining, Creating, Redefining and Retiring Data
ExternalSchema
Particular users view of the database interms of the objects/entities, attributes,relationships and integrity constraintsMany users – many external schemas
Control user access to subset
ConceptualSchema
Entire contents of the database form a user’sperspective
Amalgamation of external schema –accurate, complete and consistent
InternalSchema
Contents of database are mapped ontophysical storage media
Records, fields, access paths, processes usedto represent conceptual schema
Figure 6-2 Database Definition schemas and Their Mappings
External Schema
1
External Schema
2
External Schema
3
ConceptualSchema
Internal Schema
Stored data
Individual user views of the
database
Total Logical View of the database
Total Storage Structure of the database
Instances of the database definition
Conceptual/Internal Mapping
Internal/PhysicalMapping
Figure 6-3 Three Levels of Database Definition
External Schemas
Object Type Binary Association Type Constraints
Internal Schema
Conceptual Schema
Personbelongs
tohas
Dept.
Person
has paidto
Salary
Person
has paidto
Salarybelongsto
hasDept.
Person Dept Salary
Making the Database, Available to Users
Determine end user needsDevelop or obtain tools or programs -
query facilities, SQLEvaluate toolsAuditors examine how well this
performed
Informing and Servicing Users
Education and trainingCommunications - documentation,
electronic bulletin boards, web sites, e-mail
Auditors interview, examine documentation and test controls
Maintaining Database IntegrityDefinitioncontrol
Develops standardsmonitors and controls
Technical aspects
Existencecontrol
Consults with usersre strategies
Implement strategiesfor backup andrecovery
Access control Assigns users tolevels
Implements securitysystem
Update control Level of updateauthority
Implements level
Concurrencycontrol
Negotiate with usersto establishrequirements
Take agreed uponschedules and devisestrategy
Quality control Policy maters andaddress end users
Implements qualitycontrol policies andmonitors database
DA DBA
Monitoring Operations
Identify areas for improvement - optimization
Identify areas to monitor, statistics to report and measurement methods
User satisfactionAuditor interview DA and DBA to determine
proceduresDocumentation re statistics and controlsTest controls
Placement of the DA and DBA
If the data administrator and the database administrator are to perform there mediation job effectively, they must be placed in the organizational hierarchy so users can perceive they have substantial independence and autonomy
Figure 6-4 Organizational placement of the data administration role
Staff function reporting to top management
Staff function reporting to CIO
Figure 6-5 Organizational placement of the database administration role
DBA reports to data administrator outside IS department
DBA reports to DADBA and DA report to manager of
data resources
Effects of Decentralization of the Information Systems Function
Choosing the location of DA and DBA is more difficult
Objectives of centralized planning and control of data and decentralization of operations in conflict
Partitioning of data - replication of dataSeparation of duties between corporate and
divisional levels - Local DBA and DAEnd-user computing and corporate standards
Decentralized DA and DBA
In a decentralized organization, corporate standards must be formulated to facilitate management of data that must be shared.
Divisional standards must be formulated to facilitate management of data that will be only used locally.
Corporate DA’s and DBA’s must prepare, promulgate, and enforce corporate standards for data. Divisional DA’s and DBA’s have these same responsibilities for divisional standards.
Data Repositories
Data repository systems are used to provide automated support for managing the data definition in a database environment.
Ideally, these systems will maintain a single authentic, accurate, complete, consistent, and up-to-date definition that all users and programs could access.
In practice, multiple data definitions often exist and multiple data repository systems are often used. As a result, data integrity could be undermined.
Figure 6-8 Major facilities in a data repository system
Data / Database administrators
DataRepository
System
Stored database Definition
Data definition Language processor
Interrogation and reporting
Creates Retrieves
Some Problems With a DRSs
Embedded in other softwareDistributed data systems make it difficult to
maintain uniformityTechnical difficulties of building DRS which
supports all users and data uses Active and Passive systems
How can these problems undermine objectives of asset safeguarding, data integrity, system efficiency and effectiveness
Audit Aspects of a DRS
Enhance data and application systems reliability assists planning,
requirements analysis, database design and maintenance
facilitates programming - less effort to define data
enhances documentation Improves data integrity
because data validation criteria can be enforced via the DRS
Control over the data definition and DRS backup, log of changes
access controls organization commitment
Facilitates the audit process record layout and use of
CAAT Validation criteria Tracing data corruption to
files backup and recovery
strategies
Power of the DA and DBA
Substantial power is often vested in the DA and
DBA roles. The consequences can be serious if the roles are performed incompetently or the incumbents use their power to perpetrate irregularities. Careful control should be exercised over the roles by appointing senior , trustworthy
Figure 6-11 Control over DA Exposures
ControlsExposures
In competenceOpportunities for irregularitiesPowerful tools
Appropriate seniorityAdequate trainingSeparation of dutiesReview of logs
Some Exposures
Incompetent performance of rolesOpportunities to perpetrate
irregularitiesAvailability of tools to override
controls
Some Remedial Measures
Depends upon power of DBA and DAAppropriate seniority to the DBA and DA
roles and appoint competent and trustworthy persons
Employee search, training and bondingSeparation of dutiesSeparate authority to use a database tool
from the authority to use and maintain it (see next slide)
Table 6-2 Possible Breakdown to Authority and Responsibility for High-Exposure Database Tools
Storage of source code and object code Program Librarian
Storage of documentation Documentation librarian
Authorization to use tool andmaintain tool
Data Administrator
Usage of tool Database Administrator
Maintenance of tool Programming Manager
Safeguarding machine logs of tool Operations manager
Reconciling manual and machine logsof tool use
Operations manager