Data Resource Management

Chapter 6

Motivation toward the DA and DBA Roles

Many organizations now recognize a that data is a critical resource that must be managed properly.

Accordingly, they attempt to subject it to centralized planning and control.

Four Fundamental Objectives

For data to be managed better, four objectives must be achieved: Sharability Users must be able to share data Availability Data must be available to users

when it is needed, in the location where it is needed and in the form in which it is needed

Evolvability It must be possible to modify the data fairly easily in the light of changing user requirements and

Integrity The integrity of data must be preserved

Figure 6-1 The Chain of Events Produced By The Sharability Objective

Resource Sharing

User Conflict

Need formediation

Intervention by the data/database administrator

Compromise

Database Management SystemsClient Server SystemsData WarehousingData MiningInternet AccessTransaction ServersElectronic CommerceKnowledge Management Enterprise Information Portals

Data Standards

Solutions

Technical solutions are provided by database management systems and data repository systems. These systems allow organizations to define, establish, maintain and protect the integrity of shared databases.

Administrative solutions have come in the form of the data administration and database administration roles. The data administrator handles administrative and policy matters. The database administrator handles technical matters.

Functions of the DA and DBA

Defining, creating, redefining and retiring data

Making the database, available to users

Informing and servicing usersMaintaining database integrityMonitoring operations

Auditor’s Concerns

Auditors need a good understanding of the DA and DBA roles.

If the incumbents do not perform these roles effectively, the quality of the database environment can be seriously undermined.

The incumbents can also provide auditors with important information they to know about control strengths and weaknesses and the means by which they can access the database for evidence collection and evaluation purposes.

Table 6-1 Data/Database Administrative Responsibilities

Important summary of functions and roles of DA and DBA

Defining data / creating data / redefining data / Retiring data

Informing and servicing usersMaintaining data integrityMonitoring operations

Defining, Creating, Redefining and Retiring Data

ExternalSchema

Particular users view of the database interms of the objects/entities, attributes,relationships and integrity constraintsMany users – many external schemas

Control user access to subset

ConceptualSchema

Entire contents of the database form a user’sperspective

Amalgamation of external schema –accurate, complete and consistent

InternalSchema

Contents of database are mapped ontophysical storage media

Records, fields, access paths, processes usedto represent conceptual schema

Figure 6-2 Database Definition schemas and Their Mappings

External Schema

1

External Schema

2

External Schema

3

ConceptualSchema

Internal Schema

Stored data

Individual user views of the

database

Total Logical View of the database

Total Storage Structure of the database

Instances of the database definition

Conceptual/Internal Mapping

Internal/PhysicalMapping

Figure 6-3 Three Levels of Database Definition

External Schemas

Object Type Binary Association Type Constraints

Internal Schema

Conceptual Schema

Personbelongs

tohas

Dept.

Person

has paidto

Salary

Person

has paidto

Salarybelongsto

hasDept.

Person Dept Salary

Making the Database, Available to Users

Determine end user needsDevelop or obtain tools or programs -

query facilities, SQLEvaluate toolsAuditors examine how well this

performed

Informing and Servicing Users

Education and trainingCommunications - documentation,

electronic bulletin boards, web sites, e-mail

Auditors interview, examine documentation and test controls

Maintaining Database IntegrityDefinitioncontrol

Develops standardsmonitors and controls

Technical aspects

Existencecontrol

Consults with usersre strategies

Implement strategiesfor backup andrecovery

Access control Assigns users tolevels

Implements securitysystem

Update control Level of updateauthority

Implements level

Concurrencycontrol

Negotiate with usersto establishrequirements

Take agreed uponschedules and devisestrategy

Quality control Policy maters andaddress end users

Implements qualitycontrol policies andmonitors database

DA DBA

Monitoring Operations

Identify areas for improvement - optimization

Identify areas to monitor, statistics to report and measurement methods

User satisfactionAuditor interview DA and DBA to determine

proceduresDocumentation re statistics and controlsTest controls

Placement of the DA and DBA

If the data administrator and the database administrator are to perform there mediation job effectively, they must be placed in the organizational hierarchy so users can perceive they have substantial independence and autonomy

Figure 6-4 Organizational placement of the data administration role

Staff function reporting to top management

Staff function reporting to CIO

Figure 6-5 Organizational placement of the database administration role

DBA reports to data administrator outside IS department

DBA reports to DADBA and DA report to manager of

data resources

Effects of Decentralization of the Information Systems Function

Choosing the location of DA and DBA is more difficult

Objectives of centralized planning and control of data and decentralization of operations in conflict

Partitioning of data - replication of dataSeparation of duties between corporate and

divisional levels - Local DBA and DAEnd-user computing and corporate standards

Decentralized DA and DBA

In a decentralized organization, corporate standards must be formulated to facilitate management of data that must be shared.

Divisional standards must be formulated to facilitate management of data that will be only used locally.

Corporate DA’s and DBA’s must prepare, promulgate, and enforce corporate standards for data. Divisional DA’s and DBA’s have these same responsibilities for divisional standards.

Data Repositories

Data repository systems are used to provide automated support for managing the data definition in a database environment.

Ideally, these systems will maintain a single authentic, accurate, complete, consistent, and up-to-date definition that all users and programs could access.

In practice, multiple data definitions often exist and multiple data repository systems are often used. As a result, data integrity could be undermined.

Figure 6-8 Major facilities in a data repository system

Data / Database administrators

DataRepository

System

Stored database Definition

Data definition Language processor

Interrogation and reporting

Creates Retrieves

Some Problems With a DRSs

Embedded in other softwareDistributed data systems make it difficult to

maintain uniformityTechnical difficulties of building DRS which

supports all users and data uses Active and Passive systems

How can these problems undermine objectives of asset safeguarding, data integrity, system efficiency and effectiveness

Audit Aspects of a DRS

Enhance data and application systems reliability assists planning,

requirements analysis, database design and maintenance

facilitates programming - less effort to define data

enhances documentation Improves data integrity

because data validation criteria can be enforced via the DRS

Control over the data definition and DRS backup, log of changes

access controls organization commitment

Facilitates the audit process record layout and use of

CAAT Validation criteria Tracing data corruption to

files backup and recovery

strategies

Power of the DA and DBA

Substantial power is often vested in the DA and

DBA roles. The consequences can be serious if the roles are performed incompetently or the incumbents use their power to perpetrate irregularities. Careful control should be exercised over the roles by appointing senior , trustworthy

Figure 6-11 Control over DA Exposures

ControlsExposures

In competenceOpportunities for irregularitiesPowerful tools

Appropriate seniorityAdequate trainingSeparation of dutiesReview of logs

Some Exposures

Incompetent performance of rolesOpportunities to perpetrate

irregularitiesAvailability of tools to override

controls

Some Remedial Measures

Depends upon power of DBA and DAAppropriate seniority to the DBA and DA

roles and appoint competent and trustworthy persons

Employee search, training and bondingSeparation of dutiesSeparate authority to use a database tool

from the authority to use and maintain it (see next slide)

Table 6-2 Possible Breakdown to Authority and Responsibility for High-Exposure Database Tools

Storage of source code and object code Program Librarian

Storage of documentation Documentation librarian

Authorization to use tool andmaintain tool

Data Administrator

Usage of tool Database Administrator

Maintenance of tool Programming Manager

Safeguarding machine logs of tool Operations manager

Reconciling manual and machine logsof tool use

Operations manager