Chapter 5 - Information Management & Business Intelligence

Question 1

What is the most important aspect of information management?

Answer 1

Perhaps the most important aspect of information management is the ability to recognize transactional data and other relevant data that has the potential to affect the effectiveness of operational and strategic decisions, and the benefits thereof.

Question 2

What are the six steps in the information lifecycle?

Answer 2

1) Identify
2) Capture
3) Manage
4) Utilize
5) Archive
6) Destroy

Question 3

In the information life cycle, describe the step “identify”.

Answer 3

“Identify” is the first step of the six steps in the information lifecycle. For information to serve its optimal benefits, there must be a formal, structured approach to identifying what data to capture that has the potential to significantly assist management. Appropriate transactional data should be identified using standard practices - meeting with users and business owners, studying business processes, and understanding their outputs. A formal, structured approach to identifying relevant data is needed because end-users and business owners/sponsors often do not realize the full scope of effective data.

Question 4

In the information life cycle, describe the step “capture”.

Answer 4

“Capture” is the second step of the six steps in the information lifecycle. Whether the data is being created or already has been created, the next step is to capture data in all of the processes that should be able to be captured by transactional processing systems (TPS). Captured data is usually aggregated into a data warehouse or similar system. Some data that needs to be captured might be manual data, such as data manually entered into offline databases or spreadsheets.

Question 5

In the information life cycle, describe the step “manage”.

Answer 5

“Manage” is the third step of the six steps in the information lifecycle. Managing data that has been captured involves organizing it into systems, and eventually organizing down to the tables/files. Data also needs to be organized at the enterprise level for strategic purposes.

Question 6

What are some of the key factors involved in managing data?

Answer 6

The management of the captured data includes several key factors, such as:
Access - proper data management should provide appropriate access to users.
Quality - data should be managed to ensure the quality of the data.
Timeliness - timeliness of delivery of data as information is another factor in managing data.
Format - as data is transferred into information and communicated to users, the format needs to be one that suits the task being performed and suits the person performing the task

Question 7

In the information life cycle, describe the step “utilize”.

Answer 7

“Utilize” is the fourth step of the information lifecycle. After proper management of data is in place, the next step is to provide proper utilization of that data as information. Users will need access to information, especially users associated with operational or strategic responsibilities. One key benefit of a database approach is the fact data can be shared, as data or information, with all need-to-know parties. Information management thus would include delivering and reporting information timely to the right person.

Question 8

In the information life cycle, describe the step “archive”.

Answer 8

“Archive” is the fifth step of the information lifecycle. Some data will need to be come part of the “permanent” data, some semi-permanent, and some temporary. The life span of the data being collected needs to be identified to provide an appropriate archive system, storage and management for permanent data. A data warehouse is often employed to archive permanent and semi-permanent data needed for BI or other strategic purposes.

Question 9

In the information lifecycle, describe the step “destroy”.

Answer 9

“Destroy” is the sixth and final step of the information lifecycle. Data that reaches the end of its life span should be recognized as such, and provisions should be in place to appropriately destroy that data. Different types of data have different archival lives, and some of the life spans differ between entities. Thus data destruction policies need to be developed based on contractual, legal , and other constraints.

Question 10

Does proper information management involve compliance?

Answer 10

Yes. Proper information management means the information is in compliance with relevant policies and procedures, laws and regulations, and contractual obligations. Management should develop policies and procedures related to information, and the ILM provides a start of items to be considered. Monitoring compliance with P&P should also have been provided, and compliance monitored through the various processes established by management.

Question 11

Describe four of the laws and regulations which impact the compliance function of data storage in ILM.

Answer 11

There are several federal and state reglations related to personally identifiable information (PII). Some are HIPAA, GLBA, California SB-1386 and MDPA.
HIPAA - Health Infomration Portability and Accountability Act of 1996
GLBA - Gramm-Leach-Bliley act of 1999
California SB-136, California Database Breach Act of 2002
MDPA - Massachusetts Data Privacy
All four of these laws cover both privacy and security issues related to data and information, and PII in particular.
(see Glossary cards)

Question 12

What are other external compliance guidelines related to PII?

Answer 12

Other external compliance-related issues would relate to contractual obligations and industry requirements. The PCI compliance is an example of industry requirements. Banks have other requirements from FFIEC.

Question 13

What is the process of prescribing data in a format? Why is this important?

Answer 13

The process of prescribing data format is known as information or data modeling. Data must be standardized in order for efficient processing to occur across systems and interfaces.

Question 14

In data modeling, name the two formats of data.

Answer 14

Data can be unstructured or structured.

Question 15

In data modeling, describe “unstructured” data.

Answer 15

Unstructured data does not have a prescribed format and are captured, stored, and processed in free form. For example, a text editor and taxed file, similar to word processing, is unstructured data.

Question 16

In data modeling, describe “structured” data.

Answer 16

Structured data has a prescribed format, and is organized and stored into files, records, and fields with criteria for that format - such as transaction data stored from the business processes of an enterprise resource planning (ERP) system.

Question 17

Why is structured data important?

Answer 17

In order for computers to process data properly, it must be structured.

Question 18

Data modeling provides an effective means of doing what?

Answer 18

Data modeling provides an effective means for defining and analyzing data needed to support the business processes and other needs of the entities.

Question 19

Should data modeling be the foundation for reporting?

Answer 19

Yes. By gathering reporting needs first, data modeling can lead to an effective design of the data that will be captured, stored, and ultimately the information that is reported. By following the data modeling approach, the resulting normalized data structure will lead to true process-based reporting and eliminate the limitations of systems-based reporting.

Question 20

Can data modeling lead to more effective controls?

Answer 20

Yes. The construction of the data models should identify key controls and key integration points. These factors enable management to develop effective controls, especially those associated with data transfers at points of integrations as they represent high inherent risk.

Question 21

Name some of the good results data modeling can bring to an entity.

Answer 21

• Provides an effective means for defining and analyzing data
• Is the foundation for true process-based reporting
• Can lead to more effective controls

Question 22

When structuring data, name the three levels of schemas.

Answer 22

In gathering information requirements, or the identify stage of the ILM, data can be structured using standard schemas: user, conceptual and physical schema levels.

Question 23

What is an external schema associated with?

Answer 23

The external schema is associated with information requirements, specifically a schema for each user or group of users. This view is also known as the user view or schema. External view means the perspective of the data from external sources, specifically the users of the data. These schemas are valuable for CITPs because they define what data a user or group of users need in order to perform their duties and as such are a tool for establishing logical access controls.

Question 24

What is the hierarchical structure of data?

Answer 24

Data builds into information from small pieces to large pieces (sorry, I don’t have any other way to describe it). Data is turned into information in the order of:

• a bit (0 or 1)
• byte - eight bits make up a bite, or a keystroke or character
• field - stream of sensible bytes (keystrokes) (relational term = column); data value; grouping of characters; attribute
• record - a closely related set of fields (relational term = row); set of data values or a collection of attributes
• file - a closely related set of records (relational term = table); group of related records
• database - a closely related set of files; integrated collection of related files
• enterprise database - a closely related set of databases

Question 25

Describe the different data types data values can be

Answer 25

Data values take on one of a variety of basic data types. Data types can be simplified into three types:

• Numbers
• Alphanumeric characters
• Dates

Question 26

What are the two forms of data files? Which one is the outcome of data normalization?

Answer 26

Data files are in two forms:

• flat files with all the transactional data in a single record (row)
• Databases where transactional data is broken down into separate files using a structured processes. Databases are the outcome of data normalization.

Question 27

What is normalized data?

Answer 27

Normalized data is a transactional flat file that has gone through a formal process where certain factors are eliminated in order to eliminate data anomalies; addition, deletion, and change anomalies (errors). One of the outcomes of normalized data is to maximize the efficiency of the data model.

Question 28

Why is normalization of data important?

Answer 28

The steps in the normalization process eliminates unnecessary redundancy of data elements, leaving any specific data field represented only once in the normalized database, except for the duplication of fields as key fields to establish the relationship between files. Integrating data from different systems is more efficient if the data model is normalized.

Question 29

Why should data be consistent?

Answer 29

In order for computer processing and the actual “reporting” on information to be efficient and correct, data should follow a consistent form of data entry.

Question 30

Why is data modeling important?

Answer 30

Data structures should be documented and accurately portrayed with one or more conceptual data modeling tools available. Modeling data captures the data users needs and the processes they perform in carrying out their responsibilities. A good data model shows the components that lead to the physical model, which lead to the data structure, which lead to database generation - including relational database construction where applicable.

Question 31

What elements does a thorough business information architecture contain?

Answer 31

• Components of the structure of the enterprise information capabilities
• IT / information governance structure
• Business processes, and
• Business information
  The information architecture illustrates the common occurrence of integration of data from various sources that get used by applications. This integration represents some level of complexity to that integration, and the more complex it is, or the more data being moved, the greater the risk becomes.

Question 32

What is the goal of business process improvement (BPI)

Answer 32

BPI has the goal of optimizing business processes to achieve efficiencies and effectiveness, using a structured approach. The approach is generic and can apply equally to commercial, not-for-profit, or government entities.

Question 33

How is Business Process Management (BPrM) different from Total Quality Management (TQM)

Answer 33

BPrM is similar to total quality management in that it considers processes as potentially strategic tools that can be better managed; however, BPrM is the deliberate focus it has on leveraging technology.

Question 34

Describe the phases of the Business Process Management (BPrM) life cycle.

Answer 34

The phases are: design; modeling; execution; monitoring; and optimization.

Question 35

Describe the “design” phase of the Business Process Management (BPrM) life cycle.

Answer 35

The design phase identifies existing processes and describes the “to be” processes. The process flow is documented along with relevant actors, alerts, standard operating procedures (SOP), service level agreements (SLA), and manual movement mechanisms.

Question 36

Describe the “modeling” phase of the Business Process Management (BPrM) life cycle.

Answer 36

The model phase uses the theoretical design described and introduces new combinations of variables. What-if analysis is performed on those “to be” processes.

Question 37

Describe the “execution” phase of the Business Process Management (BPrM) life cycle.

Answer 37

In the execution phase, the entity either develops or purchases a solution that is best suited to execute the required steps of the process determined in the model phase.

Question 38

Describe the “monitoring” phase of the Business Process Management (BPrM) life cycle.

Answer 38

The monitoring phase can take place in real time, a reasonable time frame, or ad hoc. Monitoring encompasses observation of the individual processes that result in accurate performance.

Question 39

Describe the “optimization” phase of the Business Process Management (BPrM) life cycle.

Answer 39

Optimization includes gathering process performance information from the monitoring and modeling phase. That information is used to identify potential or actual problem areas, such as bottlenecks, and potential opportunities for efficiencies or effectiveness improvements. Any improvements recognized are taken to the design phase for another iteration through the life cycle.

Question 40

Why will the CITP be interested in business processes that impact financial data?

Answer 40

The CITP will be particularly interested in business processes associated with the initiation, authorization, processing, and reporting of financial data, and the processes included in the financial reporting function. The approach to gaining a proper understanding means the CITP will need to know the flow of data and/or the body of processes used in financial transactions and financial reporting.

Question 41

What are some of the methods that could used when designing and implementing controls in business processes to ensure their effectiveness?

Answer 41

Each entity should have a formal structure for designing and implementing the proper level and effectiveness of controls into the body of the business processes. That structure could take various forms: a form of IT governance; a change management committee; a cross functional BP steering committee; an expert on business process change team; and so on.

Question 42

What type of monitoring does continuous monitoring tools address?

Answer 42

Continuous monitoring tools usually address one or more of the following types of monitoring: continuous audit, continuous transaction analysis continuous controls monitoring, or continuous reporting. CM focuses primarily on the quantitative side of controls and risk issues.