Page 451 - ITGC_Audit Guides
P. 451
3.7 Executive management should The big data program is inclusive of all relevant key organizational areas
develop a big data strategy that to limit duplication of effort and redundant technology environments
provides solutions across the in the company.
organization.
3.8 Prior to approving the business case, A pilot project (with known opportunities and without significant
management should conduct a proof complexity) has been selected, and priority areas are identified for
of concept to validate that the “wins” to further support the build-out of the program.
system design aligns with strategic
goals.
3.9 Roles and responsibilities should be An executive sponsor, who provides strong executive-level support and
clearly defined. sponsorship for the big data program, has been identified.
Roles and responsibilities of data owners, stewards, and subject matter
experts (SMEs) have been established and defined.
A responsibility assignment matrix has been documented and
maintained for enterprisewide data governance roles and
responsibilities.
Roles and responsibilities for business partners that rely on big data
solutions and reporting have been established and defined, including
the necessary controls that these resources must implement to
successfully consume data from these environments.
3.10 The organization should provide the The organization has identified and funded critical positions to support
necessary resources to deploy and the big data program, and has introduced appropriate talent into the
maintain the big data strategy. organization with the requisite skills and experience to make the
program successful. The skills assessment is periodically reperformed
in alignment with the changing needs of the organization and the
technology in use.
3.11 Third-party vendor management Contracts include adequate provisions on security, availability, support
practices should be used to manage models, pricing, etc. Appropriate legal and control partner feedback is
big data suppliers. incorporated into the agreement prior to execution.
Contractual agreements are monitored for third-party vendors who
host and/or access big data environments. These contracts
appropriately account for dynamically scaling the environment to
support increased or decreased demand.
Vendor roles and responsibilities are documented and approved in a
master services agreement.
SLAs are documented, approved, and monitored to ensure third parties
meet minimum performance levels. Adequate penalties are defined
and enforced when these SLAs are not met. Management has vendor
governance routines in place to formally assess and take action on SLA
results.
Transition and termination considerations were factored into the
agreement and overall solution assessment (e.g., What happens to the
data when the contract ends? How long will it take to transition critical
analytics for the organization?).
32 — theiia.org
