Page 49 - CITP Review
P. 49

Data management



            When it comes to data management and analytics, the ability to recognize data that can influence the
            effectiveness of operational and strategic decisions is an important skillset. This recognition requires
            critical thinking about data — what is valuable, what is not, how best to report it, what purposes it would
            best serve — and how to leverage information to gain competitive advantages or long-term business
            success.
            For the purposes of this discussion, data is defined as a collection of numbers, characters, images, and
            other outputs from devices or processes that collect data and information. Data is a collection of raw,
                                                                                   1
            unorganized, alphabetic, numeric, or symbolic representations of objects.



            Information lifecycle management


            The foundation of effective information management is a thorough understanding of the information
            lifecycle management (ILM). There is a wide range of lifecycle descriptions, but the one presented herein
            is consistent with the body of ILM models; our steps will be to identify, capture, manage, utilize, archive,
            and destroy, as seen in exhibit 2-1.


            Identify

            For information to serve its optimal benefits, there must be a formal, structured approach to identifying
            what data to capture that has the potential to significantly assist management in operational and
            strategic decisions. In the basic information requirements stage of systems development life cycle
            (SDLC), or systems analysis, the appropriate transactional data should be identified using standard
            principles (that is, meeting with users and business owners, studying business processes, understanding
            the outputs, and so on). End users and business owners or sponsors often do not realize the full scope of
            effective data, so the entity needs a formal, structured approach to ensure that security, and business
            intelligence (BI) needs will be met with the data being identified. That structure could involve a cross-
            functional team, some form of IT governance guideline or body, a change control committee, or similar
            structure. The process would include involving end users, business managers, information security
            specialists, and BI specialists or analysts up front in the project to identify a complete body of data,
            as well as a formal, documented process.


            At this stage, the entity may also perform a risk assessment to identify vulnerabilities associated with the
            data, and subsequently understand the threats capable of exploiting the vulnerabilities.










            1
              See www.businessdictionary.com

            © 2019 Association of International Certified Professional Accountants. All rights reserved.    2-3
   44   45   46   47   48   49   50   51   52   53   54