Presentation is loading. Please wait.

Presentation is loading. Please wait.

Resource Management, Data Integrity, and the Computing Environment Sandra Featherson Office of the Controller Doug Drury Information Systems & Computing.

Published byKerry Shields Modified over 9 years ago

Similar presentations

Presentation on theme: "Resource Management, Data Integrity, and the Computing Environment Sandra Featherson Office of the Controller Doug Drury Information Systems & Computing."— Presentation transcript:

1 Resource Management, Data Integrity, and the Computing Environment Sandra Featherson Office of the Controller Doug Drury Information Systems & Computing September 15, 2011

2 Agenda Computing Environment Computing Environment Resource Management Resource Management Data Integrity Data Integrity

3 Computing Environment Maintaining a reliable computing environment: Why is this important? Why is this important?

4 Computing Environment Physical Security Equipment is properly secured Equipment is properly secured Equipment is maintained Equipment is maintained

5 Computing Environment Systems Development IS-10 – UC Policy IS-10 – UC Policy Establish a plan Establish a plan Well trained technical professionals Well trained technical professionals Identify projects Identify projects Define scope, benefits, risks, priorities, timing, and implementation method Define scope, benefits, risks, priorities, timing, and implementation method

6 Computing Environment Systems Development What is ‘System Development’? What is ‘System Development’? Impact of the project Impact of the project Determine staffing, equipment, and other needs Determine staffing, equipment, and other needs Funding requirements and sources Funding requirements and sources Documentation of system Documentation of system UC Policy – IS-2, IS-3, IS-10, IS-11 http://www.ucop.edu/ucophome/policies/bfb/bfbis.html UC Policy – IS-2, IS-3, IS-10, IS-11 http://www.ucop.edu/ucophome/policies/bfb/bfbis.html

7 Computing Environment Other Things to Think About: Systems Management Systems Management Password Maintenance Password Maintenance Disaster Recovery Disaster Recovery Separating Employees Separating Employees

8 Electronic Personal Information: What Is It? ● SB1386 designed to address identity theft – took effect July 1 st, 2003 – added §1798.29, §1798.82 to State Civil Code (Information Practices Act) – created disclosure requirements upon a security breach of systems containing “unencrypted” personal information  An individual’s first name or initial and last name in combination with one or more of the following:  Social Security Number  Driver’s License Number  Financial account or credit card number in combination with any password that would permit access to the individual's account See for more information See http://www.oit.ucsb.edu/committees/itpg/sb1386.asp for more information

9 Electronic Personal Information UCSB Campus Roles Data Proprietor - A personal information data store proprietor is the department director or senior manager who is the functional owner of the application that is the primary source of the personal information. It is the responsibility of the data store proprietor to ensure that the inventory of personal information data stores is kept current for the data stores for which the proprietor is responsible. Data Proprietor - A personal information data store proprietor is the department director or senior manager who is the functional owner of the application that is the primary source of the personal information. It is the responsibility of the data store proprietor to ensure that the inventory of personal information data stores is kept current for the data stores for which the proprietor is responsible.

10 Electronic Personal Information UCSB Campus Roles Data Custodian - A personal information data store custodian is an individual or organization that is responsible for providing technical or system administration support for the data store. It is the responsibility of the personal information data store custodian to ensure that the implementation and administration of the personal information data store conforms to IS-3 requirements, as a minimum, and to campus and industry best practices for system security where appropriate. Data Custodian - A personal information data store custodian is an individual or organization that is responsible for providing technical or system administration support for the data store. It is the responsibility of the personal information data store custodian to ensure that the implementation and administration of the personal information data store conforms to IS-3 requirements, as a minimum, and to campus and industry best practices for system security where appropriate. Campus Sensitive Data Incident Coordinators - Doug Drury doug.drury@asit.ucsb.edu Campus Sensitive Data Incident Coordinators - Doug Drury doug.drury@asit.ucsb.edudoug.drury@asit.ucsb.edu Karl Heins karl.heins@oist.ucsb.edu Karl Heins karl.heins@oist.ucsb.edukarl.heins@oist.ucsb.edu

11 Electronic Personal Information Policy & Guidelines UC Policy IS-3 and IS-11 define policy regarding management of Electronic Personal Information (as well as other information system issues) UC Policy IS-3 and IS-11 define policy regarding management of Electronic Personal Information (as well as other information system issues) http://www.ucop.edu/ucophome/policies/bfb/bfbis.html UCSB Guideline provides process for handling exposure of personal information UCSB Guideline provides process for handling exposure of personal information http://www.oit.ucsb.edu/committees/ITPG/sb1386.asp

12 Electronic Personal Information Best Practices Don’t Store It Unless Absolutely Necessary Don’t Store It Unless Absolutely Necessary If You Do Store It If You Do Store It Follow IS-3 Policy Follow IS-3 Policy Retain contact information for stored individuals Retain contact information for stored individuals Submit Inventory Data To Campus Coordinators ( Submit Inventory Data To Campus Coordinators (doug.drury@asit.ucsb.edu) and / ordoug.drury@asit.ucsb.edu ) (karl.heins@oist.ucsb.edu)karl.heins@oist.ucsb.edu Follow Industry Best Practices For System Security Follow Industry Best Practices For System Security UC Electronic Communication Policy allows UC campuses to encrypt personal information data stores – ENCRYPT IF POSSIBLE UC Electronic Communication Policy allows UC campuses to encrypt personal information data stores – ENCRYPT IF POSSIBLE http://www.ucop.edu/ucophome/policies/ec/

13 Electronic Personal Information Incident Process Incident Detection Incident Detection Requires active monitoring of data store Requires active monitoring of data store Requires extensive analysis to determine if a breach as occurred Requires extensive analysis to determine if a breach as occurred UCSB Guideline provides assessment guidance UCSB Guideline provides assessment guidance http://www.oit.ucsb.edu/committees/ITPG/sb1386.asp Incident Handling Process Incident Handling Process Follow the UCSB Guideline closely Follow the UCSB Guideline closely Allow appointed UCSB/UC officials to handle any communication Allow appointed UCSB/UC officials to handle any communication

14 Electronic Personal Information Information Sources UC Policy: UC Policy: http://www.ucop.edu/ucophome/policies/bfb/is3.pdf http://www.ucop.edu/ucophome/policies/bfb/is3.pdf UCSB Guideline: UCSB Guideline: http://www.oit.ucsb.edu/committees/ITPG/sb1386.asp http://www.oit.ucsb.edu/committees/ITPG/sb1386.asp California Law: California Law: http://www.oit.ucsb.edu/committees/itpg/sb1386.asp Finally – The UC/UCSB definition of Personal Data is evolving. You will be kept up to date if the definition changes Finally – The UC/UCSB definition of Personal Data is evolving. You will be kept up to date if the definition changes

15 Resource Management Financial Data Financial Data Value of Budgets Value of Budgets Analyze Costs, Benefits, and Risks Analyze Costs, Benefits, and Risks Asset Management Asset Management

16 Resource Management: Financial Data Verify data is accurate and complete Verify data is accurate and complete Compare GLO60 to any Shadow System Compare GLO60 to any Shadow System Review significant deviations Review significant deviations Document corrective action Document corrective action

17 Resource Management: Value of Budgets Represents your financial plan for future periods Represents your financial plan for future periods Decisions based on data Decisions based on data Proper use of resources Proper use of resources Valuable control Valuable control Evaluate resource opportunities Evaluate resource opportunities

18 Resource Management: Value of Budgets Budget for: Departmental Operations Departmental Operations Events Events Projects Projects

19 Resource Management and SAS 112 Department Key Controls GL Reconciliation GL Reconciliation Review of Budget Reports Review of Budget Reports Equipment Inventory Equipment Inventory

20 Scenario #1 Your department is hosting an international conference. The expected number of participants is 250. Pre-registration is required. The PI, who is the host, believes $500 is the going rate for conferences. In Groups: List the steps you would take to develop the budget and track expenditures for the conference.

21 Resource Management: Analyze Costs, Benefits, and Risks Something sounds like a good idea, but is it?

22 Resource Management: Analyze Costs, Benefits, and Risks Components of Analysis Statement of Purpose Statement of Purpose Statement of Benefits Statement of Benefits Assumptions Assumptions Impact on administrative support Impact on administrative support

23 Resource Management: Analyze Costs, Benefits, and Risks Components of Analysis Quantify costs (one time vs. on-going), space needs, and capital outlay Quantify costs (one time vs. on-going), space needs, and capital outlay Funding sources Funding sources Potential risks/problems Potential risks/problems

24 Resource Management: Analyze Costs, Benefits, and Risks Components of Analysis Performance follow-up Performance follow-up Did cost projections come in on target? Did cost projections come in on target? Did the benefits outweigh the costs? Did the benefits outweigh the costs? Did the results meet expectations? Did the results meet expectations?

25 Scenario #2 Your department wants to purchase new desktops for the office. In Groups: Do a cost-benefit-risk analysis and make a recommendation to your department about the purchase of new desktop machines.

26 Resource Management: Asset Management Cash Cash Receivables Receivables University Resources/Equipment University Resources/Equipment People People

27 Resource Management: Asset Management Cash Proper receiving and storing Proper receiving and storing Proper depositing and recording Proper depositing and recording Reconcile the deposits Reconcile the deposits

28 Resource Management: Asset Management Cash Management: Short Term Investment Pool (STIP) Depository bank accounts Depository bank accounts Disbursement bank accounts Disbursement bank accounts Vendor Vendor Payroll Payroll Balances are invested in STIP daily Balances are invested in STIP daily

29 Resource Management: Asset Management Cash Management: Short Term Investment Pool (STIP) Earnings are credited back to the funds which generated the interest Earnings are credited back to the funds which generated the interest The interest for “campus owned” funds is distributed back to the campus The interest for “campus owned” funds is distributed back to the campus

30 Resource Management: Asset Management Receivables Do you have any? Do you have any? Collections Collections Monitor status Monitor status Collection Agencies Collection Agencies Write Off Write Off If you have receivables, you should be using the BA/RC process If you have receivables, you should be using the BA/RC process

31 Discussion Item #1 Do you have any cash management issues?

32 Resource Management: Asset Management University Resources Use of the University Seal Use of the University Seal Use of the University Name/Logo Use of the University Name/Logo

33 Resource Management: Asset Management Use of the University Name/Logo Use of the University Name/Logo Policy 5010: Policy 5010: “Use of the University’s Name” Use of the University Seal Use of the University Seal Policy 5015: Policy 5015: “Use of the Unofficial Seal”

34 Resource Management: Asset Management Campus designees to authorize use of the Campus designees to authorize use of the seal/name/logo are: Meta Clow Meta Clow Mark Beisecker (for commercial products) Mark Beisecker (for commercial products)

35 Resource Management: Asset Management Equipment Proper purchasing Proper purchasing Proper tracking Proper tracking Physical assets are compared to recorded assets and discrepancies are resolved Physical assets are compared to recorded assets and discrepancies are resolved Proper disposing Proper disposing

36 Resource Management: Asset Management People - This is our most important asset! Proper training Proper training Formal delegations Formal delegations Current job descriptions Current job descriptions Timely evaluations Timely evaluations Consistent and fair treatment Consistent and fair treatment

37 Data Integrity Why do we care? What could go wrong?

38 Data Integrity How do you maintain data integrity? Separation of duties Separation of duties Small departments might need to partner with other departments Small departments might need to partner with other departments Adequate documentation and description Adequate documentation and description Well trained employees Well trained employees

39 Data Integrity How do you maintain data integrity? Compliance with policies and procedures Compliance with policies and procedures Coding Transactions Correctly Coding Transactions Correctly Reconcile departmental reports to the GLO60 Reconcile departmental reports to the GLO60 Reconcile the GLO60 on a timely basis Reconcile the GLO60 on a timely basis Record retention Record retention

40 Data Integrity Coding Transactions Correctly Types of Costs Direct Direct Indirect Indirect Unallowable Unallowable Function of Cost Teaching Teaching Research Research Public Service Public Service Purpose of Costs Travel Travel Office Supplies Office Supplies Services Services Consistency in treatment of costs is a critical policy for the federal government.

41 Discussion Item #2 You are given a list of transactions for today’s activity. Identify the correct coding for each transaction.

42 Data Integrity: Record Retention Why is this important? The institution needs to consistently apply a records management program The institution needs to consistently apply a records management program If your practice is to keep everything, you will be expected to produce what is requested If your practice is to keep everything, you will be expected to produce what is requested If you can show that you consistently follow the record management program, the court will accept your inability to produce the record If you can show that you consistently follow the record management program, the court will accept your inability to produce the record

43 Data Integrity: Record Retention How long do we have to keep records? The UC Records Disposition Schedules Manual specifies the length of time records must be maintained by the office of record and others: The UC Records Disposition Schedules Manual specifies the length of time records must be maintained by the office of record and others:http://www.policies.uci.edu/adm/records/721-11a.html

44 Data Integrity: Record Retention Who is the office of record? The office of record is the office responsible for retaining the original record, and for producing a requested record The office of record is the office responsible for retaining the original record, and for producing a requested record

45 Data Integrity: Record Retention Who do you call if you have questions? Meta Clow, the Campus Policy and Records Management Coordinator: Meta Clow, the Campus Policy and Records Management Coordinator: x4212 x4212 meta.clow@vcadmin.ucsb.edu meta.clow@vcadmin.ucsb.edu meta.clow@vcadmin.ucsb.edu

46 Questions?

Download ppt "Resource Management, Data Integrity, and the Computing Environment Sandra Featherson Office of the Controller Doug Drury Information Systems & Computing."

Similar presentations

INTERNAL CONTROLS.

INTERNAL CONTROLS.
Lessons Learned from Financial Management Reviews May 15, 2008 Bruce Robinson FTA Office of Research, Demonstration and Innovation.

Lessons Learned from Financial Management Reviews May 15, 2008 Bruce Robinson FTA Office of Research, Demonstration and Innovation.
Cash Collection and Deposit Training Financial Services.

Cash Collection and Deposit Training Financial Services.
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
4/28/2015 Presented by David McQuay, Jr., CPA 1 Non-Profit Financial Management Florida Non-profit Housing, Inc. Self-help Housing Conference.

4/28/2015 Presented by David McQuay, Jr., CPA 1 Non-Profit Financial Management Florida Non-profit Housing, Inc. Self-help Housing Conference.
Internal Controls Becoming Compliant. Design & Implementation of Internal Controls. Design: Need to show that a framework is in place to establish internal.

Internal Controls Becoming Compliant. Design & Implementation of Internal Controls. Design: Need to show that a framework is in place to establish internal.
PCard Program Roles and Responsibilities Review Karen Brookbanks, C.P.M., CPPB.

PCard Program Roles and Responsibilities Review Karen Brookbanks, C.P.M., CPPB.
Petty Cash/Change Fund Policies & Procedures

Petty Cash/Change Fund Policies & Procedures
Data Ownership Responsibilities & Procedures

Data Ownership Responsibilities & Procedures
Departmental Cash Handling By: Maria De Jesus Sussy Palomo Accounting Group Supervisor 3-31-2015 1.

Departmental Cash Handling By: Maria De Jesus Sussy Palomo Accounting Group Supervisor
BACK TO BASICS Indiana Prosecuting Attorneys Council May 2013.

BACK TO BASICS Indiana Prosecuting Attorneys Council May 2013.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
The Islamic University of Gaza

The Islamic University of Gaza
Audits: How to Prepare and What to Expect Council of Senior Business Administrators Focus Session April 21, 2004 James Laird Assistant Dean for Finance.

Audits: How to Prepare and What to Expect Council of Senior Business Administrators Focus Session April 21, 2004 James Laird Assistant Dean for Finance.
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
Laboratory Personnel Dr/Ehsan Moahmen Rizk.

Laboratory Personnel Dr/Ehsan Moahmen Rizk.
Managing the Information Technology Resource Jerry N. Luftman

Managing the Information Technology Resource Jerry N. Luftman
Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.

Internal Control Concepts A Guide for Deans, Directors, and Department Chairs.
Departmental Cash Handling By: Maria Sussy Palomo.

Departmental Cash Handling By: Maria Sussy Palomo.
Purpose of the Standards

Purpose of the Standards

Similar presentations

Ads by Google