Data Policies and Procedures

Study Guide

1. What Is Data Governance?

1. Data governance is a set of defined procedures, policies, rules, and processes that
oversee the following attributes of an organization's data:
1. Availability refers to the ability to make data accessible when it is needed
and where it is needed. Data that is available can be easily accessed in a
timely manner. Policies and procedures related to data availability can also
cover how data is accessed when disruptions occur within an
organization's IT system.
2. Usability refers to data being delivered to end-users in formats and
structures that allow the completion of desired business activities,
analysis, and operations. Usable data can be successfully integrated and
processed in software and applications desired by end-users.
3. Integrity of data refers to the accuracy and consistency of data. Data must
be reliable in order for proper inferences and decisions. Data governance
policies should provide specific safeguards and protections to ensure that
data is accurate and valid.
4. Security of data governs how data is protected from unauthorized access
and from possible data corruption. Examples of data security techniques
include data encryption and physical barriers. Secure data is protected
against accidental or intentional modifications, removals, or disclosures.
Data security includes both electronic and physical safeguards to protect
data.
2. Data Governance Frameworks
1. COSO's Internal Control-Integrated Framework
 The COSO internal control framework helps companies visualize various
dimensions of internal control. Internal controls must be implemented to ensure
proper data governance. The framework does not provide specific policies that
should be implemented. Rather, it provides guidelines to help companies consider
which internal controls make sense for their organization.

1. Internal controls over data governance are necessary for operations,

reporting, and compliance with applicable laws and regulations.
2. Internal controls over data governance should be implemented at all levels
of the organization, including the entity, divisions, operating units, and
individual functions.
3. According to the framework, there are five components of internal
controls:
1. Control environment – internal control over data governance
depends on good leadership and culture.
2. Risk assessment – companies need to identify risks to data
governance.
3. Control activities – these are the specific policies and procedures
put in place to ensure data governance.
4. Information and communication – ensuring proper internal
controls over data governance improves information quality
throughout the company.
5. Monitoring activities – companies need to monitor and adapt
controls to respond to changes in the environment.
2. ISACA's COBIT
1. ISACA created a best-practice framework called the Control Objectives
for Information and Related Technologies (COBIT) to guide information
technology (IT) management and governance. COBIT provides not only a
framework, but also a variety of resources, technical guides, and trainings.
 2. COBIT focuses specifically on security, risk management, and
information governance.

Summary
Companies’ success depends on good data. Data governance is a set of procedures, policies,
rules, and processes to ensure that data can be relied upon. Data governance frameworks help
companies envision the steps that must be taken to protect and safeguard data.