F.2. Data Governance and Management

Question 1

What is data governance?

Answer 1

It encompasses the practices, procedures, processes, methods, technologies, and activities that deal with the overall management of the data assets and data flows within an organization.

Question 2

What is the objective of data governance?

Answer 2

To enable reliable and consistent data so that management can properly assess the organization’s performance, make decisions, and manage the associated risks.

Question 3

Data management is part of data governance.

What does data management include?

Answer 3

• Creating data
• Collecting data
• Storing data
• Maintaining data
• Securing data
• Archiving data
• Destroying data
• Using data to add value to a business

Question 4

Data governance and data management involve management of:

Answer 4

• Data availability
• Data usability
• Data integrity
• Data security
• Data privacy
• Data integration
• System availability
• System maintenance
• Compliance with regulations
• Determination of roles and responsibilities of managers and employees
• Data flows, both internal and external

Question 5

What does management of data integrity in the context of data governance involve?

Answer 5

It involves managing the completeness, consistency, reliability, and accuracy of data, including specifications for data entry, fields, timing, entry by whom, sources, and control structures.

Question 6

What does management of data privacy in the context of data governance involve?

Answer 6

It involves determining who is authorized to access data and which items of data each authorized person can access.

Question 7

What is the purpose of IT governance and control frameworks?

Answer 7

To provide models or sets of standardized guidelines for managing IT resources and processes, identifying roles and responsibilities, assessing risks and controls, and achieving regulatory compliance. They break down overall objectives and activities into components in order to provide specific guidance for each component.

Question 8

What are the five interrelated components of COSO’s Internal Control – Integrated Framework?

Answer 8

• Control environment
• Risk assessment
• Control activities
• Information and communication
• Monitoring activities

Question 9

What is the data life cycle?

Answer 9

It encompasses the period from creation of data and its initial storage through the time the data becomes out of date or no longer needed and is purged.

Question 10

What are the stages of the data life cycle?

Answer 10

• Data capture
• Data qualifying
• Data maintenance
• Data transformation, synthesis, and simplification
• Data usage
• Data analytics
• Data publication or reporting
• Data archival
• Data purging

Question 11

What is the main governance challenge in the data capture stage?

Answer 11

Governance involves identifying the methods of capture and defining the data to be captured.

Question 12

What is data purging?

Answer 12

The removal of every copy of a data item from all locations within the organization, typically done only for data that has been previously archived.

Question 13

What should a records management policy establish?

Answer 13

How records are to be maintained, identified, retrieved, preserved, and when and how they are to be destroyed.

Question 14

What are the benefits of a documented and well-executed records management policy?

Answer 14

• Easier and more efficient document location
• Demonstrates legitimate purpose for document destruction in the event of an examination
• Increases compliance with regulations
• Records are adequately protected and accessibility maintained
• Timely destruction of records no longer needed