Data Governance: Managing Integrity, Conducting Risk Scoring and Handling Exception Processes

November 29, 2022 11:15am

Joshua Black
VP, Editorial
Diligent Corporation

Andy Gandhi
Global Leader, Data Insights and Forensics

An effective data governance program is comprised of many moving parts, as critical data can be coming in from a variety of sources, documents, systems, and technologies that are needed to run operations. In addition, it is crucial to evaluate existing and available resources – budget, personnel and technology – to navigate and prioritize areas of higher risk.

Join us in this session as we review key considerations when developing an effective data governance program, such as:

  • Do compliance and control personnel have the appropriate experience and qualifications for their roles and responsibilities?
  • Has there been sufficient staffing for compliance personnel to effectively audit, document, analyze, and act on the results of the compliance effort?
  • Determining what to do when payments and expenditures are above aggregate risk score thresholds:
    • Define what constitutes a red flag
    • Understand the details of the activity – and analyze whether approvals, third parties, amounts, and circumstances align with existing policies and procedures
    • Track and document each follow-up activity
    • Assess remediation and consider whether follow-up risk assessments, communication and/or discipline is necessary
  • Using data feeds for continuous risk re-assessments and monitoring program upgrades
  • Providing training and ongoing support to ensure that employees and third parties can analyze incoming data to determine if it is consistent and trustworthy
  • Steps to take when data reveals employees and third parties are not following critical policies:
    • Understanding whether any controls failed
    • Determining if the employee received the appropriate compliance training – and if the compliance expectations were extended to third parties
    • Performing the appropriate investigative steps and addressing remediation
    • Deciding if additional predictive and detective measures should be implemented