Data Resource Management

1
Data Resource Management

• Chapter 6

2
Motivation toward the DA and DBA Roles

• Many organizations now recognize a that data is a
  critical resource that must be managed properly.
• Accordingly, they attempt to subject it to
  centralized planning and control.

3
Four Fundamental Objectives

• For data to be managed better, four objectives
  must be achieved
• Sharability Users must be able to share data
• Availability Data must be available to users when
  it is needed, in the location where it is needed
  and in the form in which it is needed
• Evolvability It must be possible to modify the
  data fairly easily in the light of changing user
  requirements and
• Integrity The integrity of data must be preserved

4
Figure 6-1 The Chain of Events Produced By The
Sharability Objective
Database Management Systems Client Server
Systems Data Warehousing Data Mining Internet
Access Transaction Servers Electronic
Commerce Knowledge Management Enterprise
Information Portals
Resource Sharing
Data Standards
User Conflict
Need formediation
Intervention by the data/database administrator
Compromise
5
Solutions

• Technical solutions are provided by database
  management systems and data repository systems.
  These systems allow organizations to define,
  establish, maintain and protect the integrity of
  shared databases.
• Administrative solutions have come in the form of
  the data administration and database
  administration roles. The data administrator
  handles administrative and policy matters. The
  database administrator handles technical matters.

6
Functions of the DA and DBA

• Defining, creating, redefining and retiring data
• Making the database, available to users
• Informing and servicing users
• Maintaining database integrity
• Monitoring operations

7
Auditors Concerns

• Auditors need a good understanding of the DA and
  DBA roles.
• If the incumbents do not perform these roles
  effectively, the quality of the database
  environment can be seriously undermined.
• The incumbents can also provide auditors with
  important information they to know about control
  strengths and weaknesses and the means by which
  they can access the database for evidence
  collection and evaluation purposes.

8
Table 6-1 Data/Database Administrative
Responsibilities

• Important summary of functions and roles of DA
  and DBA
• Defining data / creating data / redefining data /
  Retiring data
• Informing and servicing users
• Maintaining data integrity
• Monitoring operations

9
Defining, Creating, Redefining and Retiring Data
10
Figure 6-2 Database Definition schemas and Their
Mappings
External Schema1
External Schema2
External Schema3
Individual user views of the database
ConceptualSchema
Total Logical View of the database
Conceptual/Internal Mapping
Internal Schema
Total Storage Structure of the database
Internal/PhysicalMapping
Stored data
Instances of the database definition
11
Figure 6-3 Three Levels of Database Definition
Constraints
Object Type
Binary Association Type
Salary
paid to
belongsto
Dept.
Person
has
Person
has
External Schemas
Salary
paid to
belongsto
Person
has
has
Dept.
Conceptual Schema
Dept
Person
Salary
Internal Schema
12
Making the Database, Available to Users

• Determine end user needs
• Develop or obtain tools or programs - query
  facilities, SQL
• Evaluate tools
• Auditors examine how well this performed

13
Informing and Servicing Users

• Education and training
• Communications - documentation, electronic
  bulletin boards, web sites, e-mail
• Auditors interview, examine documentation and
  test controls

14
Maintaining Database Integrity
DA
DBA
15
Monitoring Operations

• Identify areas for improvement - optimization
• Identify areas to monitor, statistics to report
  and measurement methods
• User satisfaction
• Auditor interview DA and DBA to determine
  procedures
• Documentation re statistics and controls
• Test controls

16
Placement of the DA and DBA

• If the data administrator and the database
  administrator are to perform there mediation job
  effectively, they must be placed in the
  organizational hierarchy so users can perceive
  they have substantial independence and autonomy

17
Figure 6-4 Organizational placement of the data
administration role

• Staff function reporting to top management
• Staff function reporting to CIO

18
Figure 6-5 Organizational placement of the
database administration role

• DBA reports to data administrator outside IS
  department
• DBA reports to DA
• DBA and DA report to manager of data resources

19
Effects of Decentralization of the Information
Systems Function

• Choosing the location of DA and DBA is more
  difficult
• Objectives of centralized planning and control of
  data and decentralization of operations in
  conflict
• Partitioning of data - replication of data
• Separation of duties between corporate and
  divisional levels - Local DBA and DA
• End-user computing and corporate standards

20
Decentralized DA and DBA

• In a decentralized organization, corporate
  standards must be formulated to facilitate
  management of data that must be shared.
• Divisional standards must be formulated to
  facilitate management of data that will be only
  used locally.
• Corporate DAs and DBAs must prepare,
  promulgate, and enforce corporate standards for
  data. Divisional DAs and DBAs have these same
  responsibilities for divisional standards.

21
Data Repositories

• Data repository systems are used to provide
  automated support for managing the data
  definition in a database environment.
• Ideally, these systems will maintain a single
  authentic, accurate, complete, consistent, and
  up-to-date definition that all users and programs
  could access.
• In practice, multiple data definitions often
  exist and multiple data repository systems are
  often used. As a result, data integrity could be
  undermined.

22
Figure 6-8 Major facilities in a data repository
system
Data / Database administrators
DataRepository System
Data definition Language processor
Interrogation and reporting
Creates
Retrieves
Stored database Definition
23
Some Problems With a DRSs

• Embedded in other software
• Distributed data systems make it difficult to
  maintain uniformity
• Technical difficulties of building DRS which
  supports all users and data uses
• Active and Passive systems
• How can these problems undermine objectives of
  asset safeguarding, data integrity, system
  efficiency and effectiveness

24
Audit Aspects of a DRS

• Enhance data and application systems reliability
• assists planning, requirements analysis, database
  design and maintenance
• facilitates programming - less effort to define
  data
• enhances documentation
• Improves data integrity because data validation
  criteria can be enforced via the DRS

• Control over the data definition and DRS
• backup, log of changes access controls
• organization commitment
• Facilitates the audit process
• record layout and use of CAAT
• Validation criteria
• Tracing data corruption to files
• backup and recovery strategies

25
Power of the DA and DBA

• Substantial power is often vested in the DA and
• DBA roles. The consequences can be serious if the
  roles are performed incompetently or the
  incumbents use their power to perpetrate
  irregularities. Careful control should be
  exercised over the roles by appointing senior ,
  trustworthy

26
Figure 6-11 Control over DA Exposures
Appropriate seniority Adequate training Separation
of duties Review of logs
In competence Opportunities for
irregularities Powerful tools
Exposures
Controls
27
Some Exposures

• Incompetent performance of roles
• Opportunities to perpetrate irregularities
• Availability of tools to override controls

28
Some Remedial Measures

• Depends upon power of DBA and DA
• Appropriate seniority to the DBA and DA roles and
  appoint competent and trustworthy persons
• Employee search, training and bonding
• Separation of duties
• Separate authority to use a database tool from
  the authority to use and maintain it (see next
  slide)

29
Table 6-2 Possible Breakdown to Authority and
Responsibility for High-Exposure Database Tools