Audit Serve, Inc.
 |
Technical Articles |
|
|
Conferences |
|
|
Audit Programs |
|
|
Audit Serve Seminars |
|
|
Consulting Services |
|
|
Audit Vision Email Newsletter Free! |
|
|
What's New |
|
|
Contact Us |
The Premier Audit, Security and Sarbanes-Oxley Consulting Company
Performing a Data Warehouse Audit
By: Mitchell H. Levine, CISA
Audit Serve, Inc.
Low Cost &
Highly Skilled
IT Audit and SOX Consulting Resources Available Immediately
Call Mitch Levine at (203) 972-3567 or
email levinemh@auditserve.com
for additional information
A data warehouse is defined as a central database which allows for user access. Data warehouses are
established in a manner which allow easy extraction of data using tools supported by the data warehouse.
The data itself is commonly needed information which is used by multiple areas within an organization to
support different business processes.
Users of the data warehouse share a common goal which is to ensure that the data is accurate, current, and
accessible. These three goals serve as the basis for establishing the methods to perform an audit of a data
warehouse.
The first preparation step in order to perform a data warehouse audit is to identify the auditable entities.
A system could be named as a data warehouse but in many cases systems function as a data warehouse but do not
carry the name and therefore would go undetected by an audit. Therefore, a definition of a system which carries
the characteristics needs to be defined and distributed to all system owners to allow the proper identification
of data warehouse systems.
The next step is to identify the risk level of these data warehouses. Since these data warehouses are used
by a wide variety of departments for different purpose, using a survey to measure the risk would be the best
course of action.
Accuracy of Data
The first goal is to ensure that the data is accurate. The first control objective is to determine whether the
system owners of the data warehouse have established roles and responsibilities with respect to how data should be
extracted from the originating system and transported to the data warehouse system. The management of how data is
received by the data warehouse is necessary to maintain the integrity of the data.
The second control objective is to ensure that security is established within the data warehouse. All users accessing
the data warehouse must only have read access. Ensuring that the data warehouse is structured as read-only files
is the most critical control objective of the entire data warehouse review. To ensure compliance with this control
objective the typical data security review of the platform, operating system, and data warehouse application should be
performed.
Data is Current
Since the users of the data warehouse files will be using it to support predefined business processes, it is critical
that data is current. The method in which data is stored in the data warehouse needs to be reviewed by the auditor. This
is to determine whether it provides for a structured approach for storing and retrieving data where the end user is aware of
the time period that the data represents.
Data is Accessible
Data Mining tools are typically used to query the data warehouse's. The audit should determine whether an
adequate set of tools has been provided to users for extracting data from the data warehouse. Determining
the accessibility of data also requires the audit of backup and recovery procedures.
When performing an audit of the data warehouse, most of the time will be spent auditing the infrastructure
group which supports the data warehouse. However, in order to ensure the accuracy of the data, it may be
necessary to review all of the system areas which provide data to the data warehouse.
For a free proposal to perform an audit of your organization or provide SOX support & testing services, contact Mitchell Levine of Audit Serve at (203) 972-3567 or via e-mail at Levinemh@auditserve.com.
Copyright 2006, Audit Serve, Inc. All rights reserved. Reproduction, which includes links from other Web sites, is prohibited except by permission in writing.
This article appeared in a past issue of the Audit Vision E-Mail Newsletter.
Technical Articles | Conferences | Audit Programs | Audit Serve Seminars | Consulting Services | Audit Vision Newsletter | What's New | Contact US
This website has been optimized for Netscape and Internet Explorer 4.0
and above. Your comments and suggestions are always welcome, please email webmaster@auditserve.com.
Copyright © 2000 All rights reserved. 27 Pine Street, Suite 700, New Canaan,
CT 06840 USA.