470 likes | 619 Vues
Resource Management, Data Integrity, and the Computing Environment. Sandra Featherson Office of the Controller. Doug Drury Information Systems & Computing. September 15, 2011. Agenda. Computing Environment Resource Management Data Integrity. Computing Environment.
E N D
Resource Management, Data Integrity, and the Computing Environment Sandra Featherson Office of the Controller Doug Drury Information Systems & Computing September 15, 2011
Agenda • Computing Environment • Resource Management • Data Integrity
Computing Environment Maintaining a reliable computing environment: • Why is this important?
Computing Environment Physical Security • Equipment is properly secured • Equipment is maintained
Computing Environment Systems Development • IS-10 – UC Policy • Establish a plan • Well trained technical professionals • Identify projects • Define scope, benefits, risks, priorities, timing, and implementation method
Computing Environment Systems Development • What is ‘System Development’? • Impact of the project • Determine staffing, equipment, and other needs • Funding requirements and sources • Documentation of system • UC Policy – IS-2, IS-3, IS-10, IS-11 http://www.ucop.edu/ucophome/policies/bfb/bfbis.html
Computing Environment Other Things to Think About: • Systems Management • Password Maintenance • Disaster Recovery • Separating Employees
Electronic Personal Information: What Is It? • SB1386 designed to address identity theft • took effect July 1st, 2003 • added §1798.29, §1798.82 to State Civil Code (Information Practices Act) • created disclosure requirements upon a security breach of systems containing “unencrypted” personal information • An individual’s first name or initial and last name in combination with one or more of the following: • Social Security Number • Driver’s License Number • Financial account or credit card number in combination with any password that would permit access to the individual's account • See http://www.oit.ucsb.edu/committees/itpg/sb1386.aspfor more information
Electronic Personal InformationUCSB Campus Roles • Data Proprietor - A personal information data store proprietor is the department director or senior manager who is the functional owner of the application that is the primary source of the personal information. It is the responsibility of the data store proprietor to ensure that the inventory of personal information data stores is kept current for the data stores for which the proprietor is responsible.
Electronic Personal InformationUCSB Campus Roles • Data Custodian - A personal information data store custodian is an individual or organization that is responsible for providing technical or system administration support for the data store. It is the responsibility of the personal information data store custodian to ensure that the implementation and administration of the personal information data store conforms to IS-3 requirements, as a minimum, and to campus and industry best practices for system security where appropriate. • Campus Sensitive Data Incident Coordinators - Doug Drury doug.drury@asit.ucsb.edu • Karl Heins karl.heins@oist.ucsb.edu
Electronic Personal Information Policy & Guidelines • UC Policy IS-3 and IS-11 define policy regarding management of Electronic Personal Information (as well as other information system issues) http://www.ucop.edu/ucophome/policies/bfb/bfbis.html • UCSB Guideline provides process for handling exposure of personal information http://www.oit.ucsb.edu/committees/ITPG/sb1386.asp
Electronic Personal Information Best Practices • Don’t Store It Unless Absolutely Necessary • If You Do Store It • Follow IS-3 Policy • Retain contact information for stored individuals • Submit Inventory Data To Campus Coordinators (doug.drury@asit.ucsb.edu) and / or (karl.heins@oist.ucsb.edu) • Follow Industry Best Practices For System Security • UC Electronic Communication Policy allows UC campuses to encrypt personal information data stores – ENCRYPT IF POSSIBLE http://www.ucop.edu/ucophome/policies/ec/
Electronic Personal InformationIncident Process • Incident Detection • Requires active monitoring of data store • Requires extensive analysis to determine if a breach as occurred • UCSB Guideline provides assessment guidancehttp://www.oit.ucsb.edu/committees/ITPG/sb1386.asp • Incident Handling Process • Follow the UCSB Guideline closely • Allow appointed UCSB/UC officials to handle any communication
Electronic Personal Information Information Sources • UC Policy: http://www.ucop.edu/ucophome/policies/bfb/is3.pdf • UCSB Guideline: http://www.oit.ucsb.edu/committees/ITPG/sb1386.asp • California Law: http://www.oit.ucsb.edu/committees/itpg/sb1386.asp • Finally – The UC/UCSB definition of Personal Data is evolving. You will be kept up to date if the definition changes
Resource Management • Financial Data • Value of Budgets • Analyze Costs, Benefits, and Risks • Asset Management
Resource Management:Financial Data • Verify data is accurate and complete • Compare GLO60 to any Shadow System • Review significant deviations • Document corrective action
Resource Management:Value of Budgets • Represents your financial plan for future periods • Decisions based on data • Proper use of resources • Valuable control • Evaluate resource opportunities
Resource Management:Value of Budgets Budget for: • Departmental Operations • Events • Projects
Resource Management andSAS 112 Department Key Controls • GL Reconciliation • Review of Budget Reports • Equipment Inventory
Scenario #1 Your department is hosting an international conference. The expected number of participants is 250. Pre-registration is required. The PI, who is the host, believes $500 is the going rate for conferences. In Groups: List the steps you would take to develop the budget and track expenditures for the conference.
Resource Management:Analyze Costs, Benefits, and Risks Something sounds like a good idea, but is it?
Resource Management:Analyze Costs, Benefits, and Risks Components of Analysis • Statement of Purpose • Statement of Benefits • Assumptions • Impact on administrative support
Resource Management:Analyze Costs, Benefits, and Risks Components of Analysis • Quantify costs (one time vs. on-going), space needs, and capital outlay • Funding sources • Potential risks/problems
Resource Management:Analyze Costs, Benefits, and Risks Components of Analysis • Performance follow-up • Did cost projections come in on target? • Did the benefits outweigh the costs? • Did the results meet expectations?
Scenario #2 Your department wants to purchase new desktops for the office. In Groups: Do a cost-benefit-risk analysis and make a recommendation to your department about the purchase of new desktop machines.
Resource Management:Asset Management • Cash • Receivables • University Resources/Equipment • People
Resource Management:Asset Management Cash • Proper receiving and storing • Proper depositing and recording • Reconcile the deposits
Resource Management:Asset Management Cash Management: Short Term Investment Pool (STIP) • Depository bank accounts • Disbursement bank accounts • Vendor • Payroll • Balances are invested in STIP daily
Resource Management:Asset Management Cash Management: Short Term Investment Pool (STIP) • Earnings are credited back to the funds which generated the interest • The interest for “campus owned” funds is distributed back to the campus
Resource Management:Asset Management Receivables • Do you have any? • Collections • Monitor status • Collection Agencies • Write Off • If you have receivables, you should be using the BA/RC process
Discussion Item #1 Do you have any cash management issues?
Resource Management:Asset Management University Resources • Use of the University Seal • Use of the University Name/Logo
Resource Management:Asset Management • Use of the University Name/Logo • Policy 5010: “Use of the University’s Name” • Use of the University Seal • Policy 5015: “Use of the Unofficial Seal”
Resource Management:Asset Management • Campus designees to authorize use of the seal/name/logo are: • Meta Clow • Mark Beisecker (for commercial products)
Resource Management:Asset Management Equipment • Proper purchasing • Proper tracking • Physical assets are compared to recorded assets and discrepancies are resolved • Proper disposing
Resource Management:Asset Management People - This is our most important asset! • Proper training • Formal delegations • Current job descriptions • Timely evaluations • Consistent and fair treatment
Data Integrity Why do we care? What could go wrong?
Data Integrity How do you maintain data integrity? • Separation of duties • Small departments might need to partner with other departments • Adequate documentation and description • Well trained employees
Data Integrity How do you maintain data integrity? • Compliance with policies and procedures • Coding Transactions Correctly • Reconcile departmental reports to the GLO60 • Reconcile the GLO60 on a timely basis • Record retention
Data IntegrityCoding Transactions Correctly Types of Costs • Direct • Indirect • Unallowable Function of Cost • Teaching • Research • Public Service • Purpose of Costs • Travel • Office Supplies • Services • Consistency in treatment of costs is a critical policy for the federal government.
Discussion Item #2 You are given a list of transactions for today’s activity. Identify the correct coding for each transaction.
Data Integrity:Record Retention Why is this important? • The institution needs to consistently apply a records management program • If your practice is to keep everything, you will be expected to produce what is requested • If you can show that you consistently follow the record management program, the court will accept your inability to produce the record
Data Integrity:Record Retention How long do we have to keep records? • The UC Records Disposition Schedules Manual specifies the length of time records must be maintained by the office of record and others: http://www.policies.uci.edu/adm/records/721-11a.html
Data Integrity:Record Retention Who is the office of record? • The office of record is the office responsible for retaining the original record, and for producing a requested record
Data Integrity:Record Retention Who do you call if you have questions? • Meta Clow, the Campus Policy and Records Management Coordinator: • x4212 • meta.clow@vcadmin.ucsb.edu