Contenu connexe Similaire à Building a Strategy customers and Auditors Love (20) Building a Strategy customers and Auditors Love1. DGIQ 2018
JUNE 13, 2018
How to be Successful in the Post GDPR Landscape –
Building a Strategy Customers & Auditors Love
Confidential and Proprietary. Copyright© 2018. DATUM LLC
2. 2
Agenda
• Who we are
• Compliance
Being Compliant AND being Audit Resilient
The Data Control Model; Control Elements
4 Steps to a Governance Framework
• Building the Governance Framework in Information Value
Management
Confidential and Proprietary. Copyright© 2018. DATUM LLC
3. We help the world’s
leading organizations
identify, organize and use
data to solve problems
and create opportunities.
Confidential and Proprietary. Copyright© 2018. DATUM LLC3
4. 4
Compliance evolves with capabilities
Confidential and Proprietary. Copyright© 2018. DATUM LLC
Compliance is the goal, but over time what you want is
Audit Resilience
Easy, Stress Free, Repeatable,
Transparent, Extensible
Compliance is about defining the Data Control Model
that reduces risk, and creates “Audit Resilience”
5. Data Control Model
5 Confidential and Proprietary. Copyright© 2018. DATUM LLC
Control System Defined:
Control Environment
• Sets the tone for the organization
Risk Assessment
• Identification and analysis of relevant
risks to the achievement of objectives
Information and Communication
• Systems or processes that support the
identification, capture, and exchange
of information
Control Activities
• Policies and procedures that help
ensure management directives are
carried out
Monitoring-processes
• Assess the quality of internal control
performance over time.
The configuration of
the Governance
Framework to align
impacted data with
compliance
requirements
An Operating Model
that ensures
accountability and
minimizes risk
For DATUM a Data Control Model sits within
the Control System, and is always:
https://www.aicpa.org/
6. Data Control Model
6 Confidential and Proprietary. Copyright© 2018. DATUM LLC
Control Elements:
Data is labelled with sufficient metadata to
support risk analysis and alignment to
larger Control System Elements
• Data Catalog / Dictionary have been
configured with appropriate metadata
labelling to support risk processes
Control activities are completely defined
• All data in scope is controlled via Rule(s)
that are supported by Standards
• All Composers have Owners, and Rules
have execution Owners (Roles)
The controls are exposed and
communicated
• Reports are configured in Information
Value Management
Monitoring process exists
• Data Quality feature is activated and are
monitoring Control Rules
1. Configure Governance Framework
2. Configure Operating Model
3. Identify Control Points
4. Ensure that the Control Points have
all control elements implemented
Steps to setting up Control Model:
7. 7
Four Steps to a Governance Framework
Confidential and Proprietary. Copyright© 2017. DATUM LLC
What are Value
Driver Goals ?
What Objectives
Support Goals?
How do I
Recognize
Success?
Start with Business Value!
8. 8
1. Build out the Goals, Objectives &
Metrics to align Value
Confidential and Proprietary. Copyright© 2017. DATUM LLC
StrategyAction
9. 9
2. Build the Catalog
Confidential and Proprietary. Copyright© 2017. DATUM LLC
2 Catalog Data: Foundational to Managing Data
3 Describe Data: Tag to align with value drivers
Identify Data: What are my sources?1
What is the data that matters?
If data is not cataloged, it is not governed!
10. 10
Value emerges…
Confidential and Proprietary. Copyright© 2017. DATUM LLC
Data Asset:
Transaction File dd/mm/yy
Purchase $
Purchase Date
Purchase SKU
Customer Metric Tags
Purchase Activity
PI Collected
Channel = Web
Product Category
All business processes
where customers
present must have 95%
completion of
Customer Metrics
StrategyData
• Data’s role in supporting
business strategies is
established
• Provides the basis for data’s
value as an “Asset”
11. 11
3. Define Processes
Confidential and Proprietary. Copyright© 2017. DATUM LLC
Where Is the data; how Is It Used?
• E-commerce sites
• Marketing functions
• Shipping fulfillment
• CRM
Start with known
Business
Functions
Focus on Core
Requirements
• What data is where?
• What are value drivers?
• Who gets the value?
• What are standards, controls
& metrics
12. 12
Processes complete alignment of data,
people & processes
Confidential and Proprietary. Copyright© 2017. DATUM LLC
• Identifies business
function & Owner
• Ensures business
alignment to “value”
• Addresses order &
efficiency objectives
StrategyPeople
13. 13
4. Add Standards & Rules to address control
objectives
Confidential and Proprietary. Copyright© 2017. DATUM LLC
• Standards provide
enterprise wide
guidance on the
implementation of
policy
• Rules implement
Standards at the
data level
StrategyGovernance
14. 14
The “Managed” Data Ecosystem
Confidential and Proprietary. Copyright© 2017. DATUM LLC
Data Aligned
• The data required to meet
objectives
Strategy Driven
Business Focused
• Measurable Objectives
Action Oriented
• What people do
Managed
• The observable, measurable
“controls” and metrics;
evidence of business impact
15. 15
Example: GDPR Obligation Management
Confidential and Proprietary. Copyright© 2017. DATUM LLC
GDPR
Compliance
Goals
Remediation
Management
Objectives
GDPR Obligation
Management
Processes
GDPR Remediation Standard
GDPR Risk Management
Communication Standards
Standards
GDPR Task Management
GDPR PI Owner Identification
GDPR Remediation Log Detail
GDPR Communication Template
Rules
Metrics GDPR Article 12
GDPR Article 18
GDPR Article 19
GDPR Article 16
POLICY
16. 16
Multiple Frameworks may exist
Confidential and Proprietary. Copyright© 2018. DATUM LLC
GDPR Case Study
For GDPR, a Framework
exists for each of the
Capability Areas
specified in the Best
Practices Model
Each Framework
answers a key question
required for Audit
Resilience
17. Benefits of a
Governance Framework
17 Confidential and Proprietary. Copyright© 2017. DATUM LLC
Clear Line of Site between
Compliance & Controls
Business Aligned
Accountability
Easy to Communicate
Easy to Defend
Audit Defensibility
The degree to which
the organization is
ready to address the
demands of an
auditor:
• Observable
• Measureable
• Repeatable
• Robust
• Transparent
• Defensible
18. 18
Information Value Management®
01| Discover where GDPR personal information data lives, who uses it and how it is used.
02| Connect that information to data governance processes.
03| Enable collaboration with all stakeholders across the organization.
Confidential and Proprietary. Copyright© 2018. DATUM LLC