1 / 46

Resource Management, Data Integrity, and the Computing Environment

Resource Management, Data Integrity, and the Computing Environment. Sandra Featherson Office of the Controller. Doug Drury Information Systems & Computing. September 15, 2011. Agenda. Computing Environment Resource Management Data Integrity. Computing Environment.

veata
Download Presentation

Resource Management, Data Integrity, and the Computing Environment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Resource Management, Data Integrity, and the Computing Environment Sandra Featherson Office of the Controller Doug Drury Information Systems & Computing September 15, 2011

  2. Agenda • Computing Environment • Resource Management • Data Integrity

  3. Computing Environment Maintaining a reliable computing environment: • Why is this important?

  4. Computing Environment Physical Security • Equipment is properly secured • Equipment is maintained

  5. Computing Environment Systems Development • IS-10 – UC Policy • Establish a plan • Well trained technical professionals • Identify projects • Define scope, benefits, risks, priorities, timing, and implementation method

  6. Computing Environment Systems Development • What is ‘System Development’? • Impact of the project • Determine staffing, equipment, and other needs • Funding requirements and sources • Documentation of system • UC Policy – IS-2, IS-3, IS-10, IS-11 http://www.ucop.edu/ucophome/policies/bfb/bfbis.html

  7. Computing Environment Other Things to Think About: • Systems Management • Password Maintenance • Disaster Recovery • Separating Employees

  8. Electronic Personal Information: What Is It? • SB1386 designed to address identity theft • took effect July 1st, 2003 • added §1798.29, §1798.82 to State Civil Code (Information Practices Act) • created disclosure requirements upon a security breach of systems containing “unencrypted” personal information • An individual’s first name or initial and last name in combination with one or more of the following: • Social Security Number • Driver’s License Number • Financial account or credit card number in combination with any password that would permit access to the individual's account • See http://www.oit.ucsb.edu/committees/itpg/sb1386.aspfor more information

  9. Electronic Personal InformationUCSB Campus Roles • Data Proprietor - A personal information data store proprietor is the department director or senior manager who is the functional owner of the application that is the primary source of the personal information. It is the responsibility of the data store proprietor to ensure that the inventory of personal information data stores is kept current for the data stores for which the proprietor is responsible.

  10. Electronic Personal InformationUCSB Campus Roles • Data Custodian - A personal information data store custodian is an individual or organization that is responsible for providing technical or system administration support for the data store. It is the responsibility of the personal information data store custodian to ensure that the implementation and administration of the personal information data store conforms to IS-3 requirements, as a minimum, and to campus and industry best practices for system security where appropriate. • Campus Sensitive Data Incident Coordinators - Doug Drury doug.drury@asit.ucsb.edu • Karl Heins karl.heins@oist.ucsb.edu

  11. Electronic Personal Information Policy & Guidelines • UC Policy IS-3 and IS-11 define policy regarding management of Electronic Personal Information (as well as other information system issues) http://www.ucop.edu/ucophome/policies/bfb/bfbis.html • UCSB Guideline provides process for handling exposure of personal information http://www.oit.ucsb.edu/committees/ITPG/sb1386.asp

  12. Electronic Personal Information Best Practices • Don’t Store It Unless Absolutely Necessary • If You Do Store It • Follow IS-3 Policy • Retain contact information for stored individuals • Submit Inventory Data To Campus Coordinators (doug.drury@asit.ucsb.edu) and / or (karl.heins@oist.ucsb.edu) • Follow Industry Best Practices For System Security • UC Electronic Communication Policy allows UC campuses to encrypt personal information data stores – ENCRYPT IF POSSIBLE http://www.ucop.edu/ucophome/policies/ec/

  13. Electronic Personal InformationIncident Process • Incident Detection • Requires active monitoring of data store • Requires extensive analysis to determine if a breach as occurred • UCSB Guideline provides assessment guidancehttp://www.oit.ucsb.edu/committees/ITPG/sb1386.asp • Incident Handling Process • Follow the UCSB Guideline closely • Allow appointed UCSB/UC officials to handle any communication

  14. Electronic Personal Information Information Sources • UC Policy: http://www.ucop.edu/ucophome/policies/bfb/is3.pdf • UCSB Guideline: http://www.oit.ucsb.edu/committees/ITPG/sb1386.asp • California Law: http://www.oit.ucsb.edu/committees/itpg/sb1386.asp • Finally – The UC/UCSB definition of Personal Data is evolving. You will be kept up to date if the definition changes

  15. Resource Management • Financial Data • Value of Budgets • Analyze Costs, Benefits, and Risks • Asset Management

  16. Resource Management:Financial Data • Verify data is accurate and complete • Compare GLO60 to any Shadow System • Review significant deviations • Document corrective action

  17. Resource Management:Value of Budgets • Represents your financial plan for future periods • Decisions based on data • Proper use of resources • Valuable control • Evaluate resource opportunities

  18. Resource Management:Value of Budgets Budget for: • Departmental Operations • Events • Projects

  19. Resource Management andSAS 112 Department Key Controls • GL Reconciliation • Review of Budget Reports • Equipment Inventory

  20. Scenario #1 Your department is hosting an international conference. The expected number of participants is 250. Pre-registration is required. The PI, who is the host, believes $500 is the going rate for conferences. In Groups: List the steps you would take to develop the budget and track expenditures for the conference.

  21. Resource Management:Analyze Costs, Benefits, and Risks Something sounds like a good idea, but is it?

  22. Resource Management:Analyze Costs, Benefits, and Risks Components of Analysis • Statement of Purpose • Statement of Benefits • Assumptions • Impact on administrative support

  23. Resource Management:Analyze Costs, Benefits, and Risks Components of Analysis • Quantify costs (one time vs. on-going), space needs, and capital outlay • Funding sources • Potential risks/problems

  24. Resource Management:Analyze Costs, Benefits, and Risks Components of Analysis • Performance follow-up • Did cost projections come in on target? • Did the benefits outweigh the costs? • Did the results meet expectations?

  25. Scenario #2 Your department wants to purchase new desktops for the office. In Groups: Do a cost-benefit-risk analysis and make a recommendation to your department about the purchase of new desktop machines.

  26. Resource Management:Asset Management • Cash • Receivables • University Resources/Equipment • People

  27. Resource Management:Asset Management Cash • Proper receiving and storing • Proper depositing and recording • Reconcile the deposits

  28. Resource Management:Asset Management Cash Management: Short Term Investment Pool (STIP) • Depository bank accounts • Disbursement bank accounts • Vendor • Payroll • Balances are invested in STIP daily

  29. Resource Management:Asset Management Cash Management: Short Term Investment Pool (STIP) • Earnings are credited back to the funds which generated the interest • The interest for “campus owned” funds is distributed back to the campus

  30. Resource Management:Asset Management Receivables • Do you have any? • Collections • Monitor status • Collection Agencies • Write Off • If you have receivables, you should be using the BA/RC process

  31. Discussion Item #1 Do you have any cash management issues?

  32. Resource Management:Asset Management University Resources • Use of the University Seal • Use of the University Name/Logo

  33. Resource Management:Asset Management • Use of the University Name/Logo • Policy 5010: “Use of the University’s Name” • Use of the University Seal • Policy 5015: “Use of the Unofficial Seal”

  34. Resource Management:Asset Management • Campus designees to authorize use of the seal/name/logo are: • Meta Clow • Mark Beisecker (for commercial products)

  35. Resource Management:Asset Management Equipment • Proper purchasing • Proper tracking • Physical assets are compared to recorded assets and discrepancies are resolved • Proper disposing

  36. Resource Management:Asset Management People - This is our most important asset! • Proper training • Formal delegations • Current job descriptions • Timely evaluations • Consistent and fair treatment

  37. Data Integrity Why do we care? What could go wrong?

  38. Data Integrity How do you maintain data integrity? • Separation of duties • Small departments might need to partner with other departments • Adequate documentation and description • Well trained employees

  39. Data Integrity How do you maintain data integrity? • Compliance with policies and procedures • Coding Transactions Correctly • Reconcile departmental reports to the GLO60 • Reconcile the GLO60 on a timely basis • Record retention

  40. Data IntegrityCoding Transactions Correctly Types of Costs • Direct • Indirect • Unallowable Function of Cost • Teaching • Research • Public Service • Purpose of Costs • Travel • Office Supplies • Services • Consistency in treatment of costs is a critical policy for the federal government.

  41. Discussion Item #2 You are given a list of transactions for today’s activity. Identify the correct coding for each transaction.

  42. Data Integrity:Record Retention Why is this important? • The institution needs to consistently apply a records management program • If your practice is to keep everything, you will be expected to produce what is requested • If you can show that you consistently follow the record management program, the court will accept your inability to produce the record

  43. Data Integrity:Record Retention How long do we have to keep records? • The UC Records Disposition Schedules Manual specifies the length of time records must be maintained by the office of record and others: http://www.policies.uci.edu/adm/records/721-11a.html

  44. Data Integrity:Record Retention Who is the office of record? • The office of record is the office responsible for retaining the original record, and for producing a requested record

  45. Data Integrity:Record Retention Who do you call if you have questions? • Meta Clow, the Campus Policy and Records Management Coordinator: • x4212 • meta.clow@vcadmin.ucsb.edu

  46. Questions?

More Related