The acquisition of client data, more than any other single factor, will determine the success or failure the audit. As custodians of system data, the IT department has some (valid) concerns about granting access:
We have outlined how data analytics technology can be used to address these concerns, plus some guidelines for accessing data.
The 3-Step Data Acquisition Process
Before you consider how to access data, you must first locate the data you need to analyze. You must then make arrangements to transfer the data from its source to a computer where analysis software can be used. This 3-step process is often referred to as Locate/Transfer/ Access.
Locate the source and the provider of the data, then learn about the nature of the data so you make an informed request to the data provider. This process forms an essential element of the data analysis project plan. It is important to understand the policies and processes associated with managing, monitoring and controlling the data including:
Next, determine where to process the data. In some cases, you may need to transfer the data from its source to a drive where you can read the data. Some server-based data sources can be accessed directly and processed on the server where you have access to an analysis tool. With the data on an accessible drive, you can begin the process of data access. All data analysis tools are not alike in that they read different file types with varying degrees of automation. Data from newer technologies require less manual process than data from legacy systems.
Working with IT to Address Data Acquisition Concerns
Audit and IT often work together to complete data acquisition requests, and there are some things to keep in mind when working together. First, learn the language of technology so you can effectively communicate what you need.
Next, identify available data:
Lastly, address these top concerns IT may have about granting data access:
Security – Will the user compromise the security of the data?
A professional-grade technology like IDEA® is a read-only data analytics tool. IT can set permissions to the database objects according to the credentials audit is using to access the data. Only data that the user is allowed to read will be available for download. IDEA is also able to extract data from database views so the DBA may want to make this simpler by creating those views.
Data Integrity – Will the business data be compromised?
There are no features in IDEA that allows the tool to write to a database via the database connection. The data is only copied and moved to a local hard drive or server.
Performance – Will the data copying affect my system performance?
There is no noticeable degradation of system performance when data is being copied. IT also has the option in most systems to give data extraction the lowest priority for system resources or scheduling extracts at off-peaks hours. If performance of production systems is not to be altered or impacted in anyway, we suggest connecting to non-production instances or connecting to a data warehouse.
Confidentiality – Will confidentiality of the data be maintained after it is copied?
Auditors access and work with highly confidential data every day. The existing policies and protection implemented for the team should suffice. If greater protection is needed IDEA also offers a secured server option where the data remains on that server and cannot be copied to other computers.
Need help with accessing or analyzing data?
We can continue this dialog with your IT department and assist you with overcoming these and other challenges. Let our data analysis experts help you get the data you need and prepare it for analysis. Visit our Professional Services page to learn more.
Contact us for a complimentary consultation at [email protected]