Page 437 - ITGC_Audit Guides
P. 437

Key Risks









                   Risks related to big data  can  arise from  many factors, both internal and external to the
                   organization. The following categories represent the primary risk areas:

                   •   Program governance.

                   •   Technology availability and performance.
                   •   Security and privacy.
                   •   Data quality, management, and reporting.



                   Exhibit 1: Key Risks and Controls Related to Big Data

                    Area: Program Governance


                    Key Risk: Lack of appropriate management support, funding, and/or governance over the big data
                    program can expose the organization to undue risk or failure to meet strategic goals.

                    Control Activities
                    •  Funding should be adequate to support business needs.
                    •  Program objectives should support enterprisewide strategy initiatives.
                    •  Management should receive metrics that demonstrate achievement of goals.
                    •  The organization should establish a governing entity to manage the big data strategy.
                    •  There should be agreed-upon SLAs between the business and IT to describe and measure performance
                      expectations.
                    •  Business and technical requirements should be documented, analyzed, and approved.
                    •  Executive management should develop a big data strategy that provides solutions across the organization.
                    •  Prior to approving the business case, management should conduct a proof of concept to validate that the systems
                      designs align with strategic goals.
                    •  Roles and responsibilities should be clear and well defined.
                    •  The organization should provide the necessary resources to deploy and maintain the big data strategy.
                    •  Third-party vendor management best practices should be used to manage big data suppliers.
                    •  Data governance should be part of the overall enterprise governance to ensure that big data objectives align with
                      the organization’s strategic goals (see Standard 2110 – Governance).


                    Area: Technology Availability and Performance

                    Key Risk: Ineffective technology solutions and/or configurations may result in a negative customer
                    experience, reduced system availability, and/or degraded performance. program can expose the
                    organization to undue risk or failure to meet strategic goals.

                    Control Activities
                    •  IT operations should be structured in a manner that supports big data service level expectations.
                    •  Data lifecycle policies and procedures should be documented and followed.




                   18 — theiia.org
   432   433   434   435   436   437   438   439   440   441   442