Portals eNewsletters Web Seminars dataWarehouse.com DM Review Magazine
DM Review | Covering Business Intelligence, Integration & Analytics
   Covering Business Intelligence, Integration & Analytics Advanced Search
advertisement

RESOURCE PORTALS
View all Portals

WEB SEMINARS
Scheduled Events

RESEARCH VAULT
White Paper Library
Research Papers

CAREERZONE
View Job Listings
Post a job

Advertisement

INFORMATION CENTER
DM Review Home
Newsletters
Current Magazine Issue
Magazine Archives
Online Columnists
Ask the Experts
Industry News
Search DM Review

GENERAL RESOURCES
Bookstore
Buyer's Guide
Glossary
Industry Events Calendar
Monthly Product Guides
Software Demo Lab
Vendor Listings

DM REVIEW
About Us
Press Releases
Awards
Advertising/Media Kit
Reprints
Magazine Subscriptions
Editorial Calendar
Contact Us
Customer Service

Auditing and Risk Management:
Data Auditing Can Help Meet Corporate Governance, Risk Management and Compliance Challenges

online columnist Murray S. Mazer     Column published in DMReview.com
September 29, 2005
 
  By Murray S. Mazer

The effects of corporate governance, risk management and compliance pressures on the management team of an organization have been oft publicized. It is foolish, however, to assume that these pressures start and end in the boardroom. Database professionals face similar pressures in choosing and maintaining the systems and processes that will help protect the integrity of corporate data.

Data can be a company's most valuable asset, and properly protecting the data is often a common element in addressing challenges related to governance, risk and compliance. Data auditing is a primary means for protecting corporate data assets against potential risk and loss. It provides an unimpeachable record of corporate data use, allowing enterprises to validate compliance and implement key practices to insure that the company operates at the very highest levels of ethics and compliance. Data auditing is key to identifying potential legal threats because it provides a transparent view of the evolution of information upon which corporate financial reports and other corporate legal documents rely.

Corporate Governance

How do independent audit solutions contribute to good governance? Governance is largely about controls; that is, the policies, procedures and safeguards the organization uses to assure corporate objectives are being met and exceptional activity is quickly identified and managed. A data auditing solution can provide confidence that the organization's internal corporate policies and processes are effective and help ensure that individuals and divisions within the enterprise are operating within the same set of corporate guidelines.

In addition, the automation of a comprehensive data auditing solution offers several benefits:

  • It increases the degree of trust associated with the controls and their validation, since humans are taken further out of the process.
  • The organization experiences operational efficiencies associated with having fewer people engaged with the gathering, analysis and reporting of control information.
  • The cost of an external audit can be lower because automated controls generally need less testing than do human controls.
  • Finally, information from audit records can be used to respond quickly and effectively to regulators and governance stakeholders. Without the benefit of an audit solution, it can be extremely difficult, or even impossible, to answer the questions posed by these interrogators.

Risk Management

An effective risk management oversight program identifies and manages risks that potentially threaten a company, such as fraud, failed audits, lost customers, damage to brand and reputation, and increased capital costs. Executives now insist that their management team develops a risk profile for the company and reviews it frequently, increasingly involving internal auditors and the board of director's audit committee as an integral part of this effort.

To combat internal threats, such as a malicious insider tampering with data, an enterprise data auditing solution provides a trusted audit trail that safeguards the back doors to corporate data by auditing direct database access by internal users, including privileged IT users.

For a sound risk-management process, organizations should use data auditing to:

  • Capture key types of data activity, including data modifications, database structure and data views;
  • Detect and analyze breaches in user and application behavior, intentional or accidental;
  • Offer alerting of key database events and rapidly respond to violations and vulnerabilities;
  • Perform forensic analysis for detecting fraud, outsider intrusion and employee misbehavior; and
  • Comply with government regulations regarding the security and privacy of data.

Compliance

Today's regulations place strict requirements on enterprises to audit access to corporate information and produce reports detailing who has changed (or even seen) that information. Data auditing is the core of any compliance solution because the collected activity information enables the organization to have a complete record of access to those databases, letting them produce reports that are necessary to ensure compliance with regulations or to satisfy their own internal audit needs.

Because an effective data auditing solution provides such a granular level of detail on data access, enterprises can be confident they have collected the information necessary to meet compliance requirements and provide an evidentiary trail when needed.

Data Auditing Done Right

Because of the high threat associated with privileged users, it is essential to capture activity information at the database itself. A preferred way to do this without the pain of triggers - a special-purpose application logic embedded in the database to execute whenever a data-changing operation is invoked - is through audit agents, which are associated with each database server containing important data. These audit agents harvest information about data-related activity, and because they operate at the database server, they capture all relevant data activity and all direct access, regardless of the application used. Applications need not be modified to accommodate this approach.

Data auditing delivers the records that enterprises need to insure good governance, enable better corporate decisions, protect against business and legal risk, and comply with government regulations. The ideal solutions for auditing data-related activity capture user activity effectively and provide active monitoring and alerting. The best approaches minimize performance overhead while consolidating a complete audit of data access across multiple servers and providing active monitoring and alerting. Prudent organizations are implementing data auditing solutions to meet today's demanding governance and compliance requirements.

...............................................................................

For more information on related topics visit the following related portals...
Risk Management, Compliance and Corporate Performance Management.

Dr. Murray S. Mazer is co-founder and vice president of Lumigent Technologies, a leading risk management solutions company. With 20 years of industry experience in startups and established companies, he has directed security, server, intellectual property and technology licensing strategies and development. Before becoming an entrepreneur, Mazer led R&D programs for the Defense Advanced Research Projects Agency (DARPA), OSF and Digital Equipment Corporation; he and his teams innovated in areas such as data replication, workflow, location-aware computing, mobile data access, security and proxy-based applications. You can reach him at murray.mazer@lumigent.com.

Solutions Marketplace
Provided by IndustryBrains

Numara Track-It! Help Desk Software
Numara provides Track-It! - the leading help desk solution for call tracking, problem resolution, IT asset management, LAN/PC auditing, patch management, electronic software distribution, remote control, and more. Free demo

Way better than backup! - Continuous Protection
Free White Paper. TimeSpring's CDP software for Windows automatically captures all changes in REAL TIME so you can recover from data loss, corruption or security breaches in minutes. Analyze, report and test data anytime without impacting operations.

Website tracking, web statistics and analytics
Watch your visitors in real time as they browse your site. Website statistics provide insight. Understanding website traffic and visitor clickstream behavior is crucial to managing a website on a daily basis. Real-Time reporting. 4 week free trial.

Rosette Linguistics Platform
Basis Technology utilizes powerful techniques to provide software solutions for extracting meaningful intelligence from unstructured text in Asian, European and Middle Eastern languages.

Click here to advertise in this space


E-mail This Column E-Mail This Column
Printer Friendly Version Printer-Friendly Version
Related Content Related Content
Request Reprints Request Reprints
Advertisement
advertisement
Site Map Terms of Use Privacy Policy
SourceMedia (c) 2006 DM Review and SourceMedia, Inc. All rights reserved.
SourceMedia is an Investcorp company.
Use, duplication, or sale of this service, or data contained herein, is strictly prohibited.