Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Resource Management, Data Integrity, and the Computing Environment September 2, 2015 Resource Management, Data Integrity, and the Computing Environment.

Published byAndrew Jeremy Watkins Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Resource Management, Data Integrity, and the Computing Environment September 2, 2015 Resource Management, Data Integrity, and the Computing Environment."— Presentation transcript:

1 1 Resource Management, Data Integrity, and the Computing Environment September 2, 2015 Resource Management, Data Integrity, and the Computing Environment Jim Corkill | Controller Business and Financial Services Controller’s Office Doug Drury | Director ETS Business Relationship Management Enterprise Technology Service (ETS)

2 September 2, 2015 2 Resource Management, Data Integrity, and the Computing Environment Agenda Computing Environment Resource Management Data Integrity

3 September 2, 2015 3 Resource Management, Data Integrity, and the Computing Environment Computing Environment Maintaining a reliable computing environment: Why is this important?

4 September 2, 2015 4 Resource Management, Data Integrity, and the Computing Environment Computing Environment Physical Security Equipment is properly secured Equipment is maintained Contact Sam Horowitz (Chief Information Security Officer) – samh@ucsb.edu

5 September 2, 2015 5 Resource Management, Data Integrity, and the Computing Environment Computing Environment Systems Development IS-10 – UC Policy Establish a plan Well trained technical professionals Identify projects Define scope, benefits, risks, priorities, timing, and implementation method Contact Doug Drury – doug.drury@ucsb.edu to determine if a solution to your need may already existdoug.drury@ucsb.edu

6 September 2, 2015 6 Resource Management, Data Integrity, and the Computing Environment Computing Environment Systems Development What is ‘System Development’? Impact of the project – campus impacts – IT Governance Determine staffing, equipment, and other needs Funding requirements and sources Documentation of system UC Policy – IS-2, IS-3, IS-10, IS-11 http://www.ucop.edu/ucophome/policies/bfb/bfbis.ht ml http://www.ucop.edu/ucophome/policies/bfb/bfbis.ht ml

7 September 2, 2015 7 Resource Management, Data Integrity, and the Computing Environment Computing Environment Other Things to Think About: Systems Management Password Maintenance Disaster Recovery Separating Employees

8 September 2, 2015 8 Resource Management, Data Integrity, and the Computing Environment Electronic Personal Information: What Is It? SB1386 designed to address identity theft  took effect July 1 st, 2003  added §1798.29, §1798.82 to State Civil Code (Information Practices Act)  created disclosure requirements upon a security breach of systems containing “unencrypted” personal information An individual’s first name or initial and last name in combination with one or more of the following:  Social Security Number  Driver’s License Number  Financial account or credit card number in combination with any password that would permit access to the individual's account See http://www.oit.ucsb.edu/committees/itpg/sb1386.asp for more information

9 September 2, 2015 9 Resource Management, Data Integrity, and the Computing Environment Electronic Personal Information UCSB Campus Roles Data Proprietor Data Proprietor - A personal information data store proprietor is the department director or senior manager who is the functional owner of the application that is the primary source of the personal information. It is the responsibility of the data store proprietor to ensure that the inventory of personal information data stores is kept current for the data stores for which the proprietor is responsible.

10 September 2, 2015 10 Resource Management, Data Integrity, and the Computing Environment Electronic Personal Information UCSB Campus Roles Data Custodian - Data Custodian - A personal information data store custodian is an individual or organization that is responsible for providing technical or system administration support for the data store. It is the responsibility of the personal information data store custodian to ensure that the implementation and administration of the personal information data store conforms to IS- 3 requirements, as a minimum, and to campus and industry best practices for system security where appropriate. Campus Sensitive Data Incident Coordinators - Campus Sensitive Data Incident Coordinators - Doug Drury doug.drury@ucsb.edudoug.drury@ucsb.edu

11 September 2, 2015 11 Resource Management, Data Integrity, and the Computing Environment Electronic Personal Information Policy & Guidelines UC Policy IS-3 and IS-11 define policy regarding management of Electronic Personal Information (as well as other information system issues) http://www.ucop.edu/ucophome/policies/bfb/bfbis.html http://www.ucop.edu/ucophome/policies/bfb/bfbis.html UCSB Guideline provides process for handling exposure of personal information http://www.oit.ucsb.edu/committees/ITPG/sb1386.asp

12 September 2, 2015 12 Resource Management, Data Integrity, and the Computing Environment Electronic Personal Information Best Practices Don’t Store It Unless Absolutely Necessary If You Do Store It  Follow IS-3 Policy  Retain contact information for stored individuals  Submit Inventory Data To Campus Coordinators (doug.drury@ucsb.edu)doug.drury@ucsb.edu  Follow Industry Best Practices For System Security  UC Electronic Communication Policy allows UC campuses to encrypt personal information data stores – ENCRYPT IF POSSIBLE http://www.ucop.edu/ucophome/policies/ec/

13 September 2, 2015 13 Resource Management, Data Integrity, and the Computing Environment Electronic Personal Information Incident Process Incident Detection  Requires active monitoring of data store  Requires extensive analysis to determine if a breach as occurred  UCSB Guideline provides assessment guidance http://www.oit.ucsb.edu/committees/ITPG/sb1386.asp Incident Handling Process  Follow the UCSB Guideline closely  Allow appointed UCSB/UC officials to handle any communication

14 September 2, 2015 14 Resource Management, Data Integrity, and the Computing Environment Electronic Personal Information Sources UC Policy: http://www.ucop.edu/ucophome/policies/bfb/is3.pdf http://www.ucop.edu/ucophome/policies/bfb/is3.pdf UCSB Guideline: http://www.oit.ucsb.edu/committees/ITPG/sb1386.asp http://www.oit.ucsb.edu/committees/ITPG/sb1386.asp California Law: http://www.oit.ucsb.edu/committees/itpg/sb1386.asp http://www.oit.ucsb.edu/committees/itpg/sb1386.asp Finally – The UC/UCSB definition of Personal Data is evolving. You will be kept up to date if the definition changes

15 September 2, 2015 15 Resource Management, Data Integrity, and the Computing Environment Resource Management Financial Data Value of Budgets Analyze Costs, Benefits, and Risks Asset Management

16 September 2, 2015 16 Resource Management, Data Integrity, and the Computing Environment Resource Management: Financial Data Verify data is accurate and complete Compare GLO60 to any Shadow System Review significant deviations Document corrective action

17 September 2, 2015 17 Resource Management, Data Integrity, and the Computing Environment Resource Management: Value of Budgets Represents your financial plan for future periods Decisions based on data Proper use of resources Valuable control Evaluate resource opportunities

18 September 2, 2015 18 Resource Management, Data Integrity, and the Computing Environment Resource Management: Value of Budgets Budget for: Departmental Operations Events Projects

19 September 2, 2015 19 Resource Management, Data Integrity, and the Computing Environment Resource Management and SAS 115 Department Key Controls GL Reconciliation Review of Budget Reports Equipment Inventory

20 September 2, 2015 20 Resource Management, Data Integrity, and the Computing Environment Scenario #1 Your department is hosting an international conference. The expected number of participants is 250. Pre-registration is required. The PI, who is the host, believes $500 is the going rate for conferences. In Groups: List the steps you would take to develop the budget and track expenditures for the conference.

21 September 2, 2015 21 Resource Management, Data Integrity, and the Computing Environment Resource Management: Analyze Costs, Benefits, and Risks Something sounds like a good idea, but is it?

22 September 2, 2015 22 Resource Management, Data Integrity, and the Computing Environment Resource Management: Analyze Costs, Benefits, and Risks Components of Analysis Statement of Purpose Statement of Benefits Assumptions Impact on administrative support

23 September 2, 2015 23 Resource Management, Data Integrity, and the Computing Environment Resource Management: Analyze Costs, Benefits, and Risks Components of Analysis Quantify costs (one time vs. on-going), space needs, and capital outlay Funding sources Potential risks/problems

24 September 2, 2015 24 Resource Management, Data Integrity, and the Computing Environment Resource Management: Analyze Costs, Benefits, and Risks Components of Analysis Performance follow-up  Did cost projections come in on target?  Did the benefits outweigh the costs?  Did the results meet expectations?

25 September 2, 2015 25 Resource Management, Data Integrity, and the Computing Environment Resource Management: Asset Management Cash Receivables University Resources/Equipment People

26 September 2, 2015 26 Resource Management, Data Integrity, and the Computing Environment Resource Management: Asset Management Cash Proper receiving and storing Proper depositing and recording Reconcile the deposits

27 September 2, 2015 27 Resource Management, Data Integrity, and the Computing Environment Resource Management: Asset Management Cash Management: Short Term Investment Pool (STIP) Depository bank accounts Disbursement bank accounts  Vendor  Payroll Balances are invested in STIP daily

28 September 2, 2015 28 Resource Management, Data Integrity, and the Computing Environment Resource Management: Asset Management Cash Management: Short Term Investment Pool (STIP) Earnings are credited back to the funds which generated the interest The interest for “campus owned” funds is distributed back to the campus

29 September 2, 2015 29 Resource Management, Data Integrity, and the Computing Environment Resource Management: Asset Management Receivables Do you have any?  Collections  Monitor status  Collection Agencies  Write Off If you have receivables, you should be using the BA/RC process

30 September 2, 2015 30 Resource Management, Data Integrity, and the Computing Environment Discussion Item #1 Do you have any cash management issues?

31 September 2, 2015 31 Resource Management, Data Integrity, and the Computing Environment Resource Management: Asset Management University Resources Use of the University Seal Use of the University Name/Logo

32 September 2, 2015 32 Resource Management, Data Integrity, and the Computing Environment Resource Management: Asset Management Use of the University Name/Logo  Policy 5010: “Use of the University’s Name” Use of the University Seal  Policy 5015: “Use of the Unofficial Seal”

33 September 2, 2015 33 Resource Management, Data Integrity, and the Computing Environment Resource Management: Asset Management Campus designees to authorize use of the seal/name/logo are:  Tessa Mendez  Mark Beisecker (for commercial products)

34 September 2, 2015 34 Resource Management, Data Integrity, and the Computing Environment Resource Management: Asset Management Equipment Proper purchasing Proper tracking  Physical assets are compared to recorded assets and discrepancies are resolved Proper disposing

35 September 2, 2015 35 Resource Management, Data Integrity, and the Computing Environment Resource Management: Asset Management People - This is our most important asset! Proper training Formal delegations Current job descriptions Timely evaluations Consistent and fair treatment

36 September 2, 2015 36 Resource Management, Data Integrity, and the Computing Environment Data Integrity Why do we care? What could go wrong?

37 September 2, 2015 37 Resource Management, Data Integrity, and the Computing Environment Data Integrity How do you maintain data integrity? Separation of duties  Small departments might need to partner with other departments Adequate documentation and description Well trained employees

38 September 2, 2015 38 Resource Management, Data Integrity, and the Computing Environment Data Integrity How do you maintain data integrity? Compliance with policies and procedures Coding Transactions Correctly Reconcile departmental reports to the GLO60 Reconcile the GLO60 on a timely basis Record retention

39 September 2, 2015 39 Resource Management, Data Integrity, and the Computing Environment Data Integrity Coding Transactions Correctly Types of Costs  Direct  Indirect  Unallowable Function of Cost  Teaching  Research  Public Service Purpose of Costs  Travel  Office Supplies  Services Consistency in treatment of costs is a critical policy for the federal government.

40 September 2, 2015 40 Resource Management, Data Integrity, and the Computing Environment Discussion Item #2 You are given a list of transactions for today’s activity. Identify the correct coding for each transaction.

41 September 2, 2015 41 Resource Management, Data Integrity, and the Computing Environment Data Integrity: Record Retention Why is this important? The institution needs to consistently apply a records management program If your practice is to keep everything, you will be expected to produce what is requested If you can show that you consistently follow the record management program, the court will accept your inability to produce the record

42 September 2, 2015 42 Resource Management, Data Integrity, and the Computing Environment Data Integrity: Record Retention How long do we have to keep records? The UC Records Disposition Schedules Manual specifies the length of time records must be maintained by the office of record and others: http://www.policies.uci.edu/adm/records/721-11a.html

43 September 2, 2015 43 Resource Management, Data Integrity, and the Computing Environment Data Integrity: Record Retention Who is the office of record? The office of record is the office responsible for retaining the original record, and for producing a requested record

44 September 2, 2015 44 Resource Management, Data Integrity, and the Computing Environment Data Integrity: Record Retention Who do you call if you have questions? Tessa Mendez, the Campus Policy and Records Management Coordinator:  x4212  Tessa.Mendez@vcadmin.ucsb.edu Tessa.Mendez@vcadmin.ucsb.edu

45 September 2, 2015 45 Resource Management, Data Integrity, and the Computing Environment Questions?

Download ppt "1 Resource Management, Data Integrity, and the Computing Environment September 2, 2015 Resource Management, Data Integrity, and the Computing Environment."

Similar presentations

INTERNAL CONTROLS.

INTERNAL CONTROLS.
Lessons Learned from Financial Management Reviews May 15, 2008 Bruce Robinson FTA Office of Research, Demonstration and Innovation.

Lessons Learned from Financial Management Reviews May 15, 2008 Bruce Robinson FTA Office of Research, Demonstration and Innovation.
Cash Collection and Deposit Training Financial Services.

Cash Collection and Deposit Training Financial Services.
Office of the Controller and Internal Controls Sandra Featherson Associate Director of Controls Office of the Controller February 2010.

Office of the Controller and Internal Controls Sandra Featherson Associate Director of Controls Office of the Controller February 2010.
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Internal Controls Becoming Compliant. Design & Implementation of Internal Controls. Design: Need to show that a framework is in place to establish internal.

Internal Controls Becoming Compliant. Design & Implementation of Internal Controls. Design: Need to show that a framework is in place to establish internal.
PCard Program Roles and Responsibilities Review Karen Brookbanks, C.P.M., CPPB.

PCard Program Roles and Responsibilities Review Karen Brookbanks, C.P.M., CPPB.
Resource Management, Data Integrity, and the Computing Environment Sandra Featherson Office of the Controller Doug Drury Information Systems & Computing.

Resource Management, Data Integrity, and the Computing Environment Sandra Featherson Office of the Controller Doug Drury Information Systems & Computing.
Petty Cash/Change Fund Policies & Procedures

Petty Cash/Change Fund Policies & Procedures
Data Ownership Responsibilities & Procedures

Data Ownership Responsibilities & Procedures
Departmental Cash Handling By: Maria De Jesus Sussy Palomo Accounting Group Supervisor 3-31-2015 1.

Departmental Cash Handling By: Maria De Jesus Sussy Palomo Accounting Group Supervisor
BACK TO BASICS Indiana Prosecuting Attorneys Council May 2013.

BACK TO BASICS Indiana Prosecuting Attorneys Council May 2013.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
The Islamic University of Gaza

The Islamic University of Gaza
Audits: How to Prepare and What to Expect Council of Senior Business Administrators Focus Session April 21, 2004 James Laird Assistant Dean for Finance.

Audits: How to Prepare and What to Expect Council of Senior Business Administrators Focus Session April 21, 2004 James Laird Assistant Dean for Finance.
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.

OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
Information Security Policies Larry Conrad September 29, 2009.

Information Security Policies Larry Conrad September 29, 2009.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
Laboratory Personnel Dr/Ehsan Moahmen Rizk.

Laboratory Personnel Dr/Ehsan Moahmen Rizk.
Managing the Information Technology Resource Jerry N. Luftman

Managing the Information Technology Resource Jerry N. Luftman

Similar presentations

Ads by Google