Reference and Master Data Management

Date

Client Name
Protiviti Team:
(Insert Team Member Name)
(Insert Team Member Name)
 Big Data Work Program – Reference & Master Data
Management

Process Overview

Managing golden versions and replicas. Planning, implementation and control activities that ensure consistency with a "golden
version" of contextual data values.

Table of Contents
1. Understand Reference and Master Data Integration Needs....................................................................................2
2. Identify Master and Reference Data Sources and Contributors.............................................................................2
3. Define and Maintain the Data Integration Architecture...........................................................................................3
4. Implement Reference and Master Data Management Solutions.............................................................................3
5. Define and Maintain Match Rules.............................................................................................................................. 3
6. Establish "Golden" Records...................................................................................................................................... 4
7. Define and Maintain Hierarchies and Affiliations.....................................................................................................5
8. Plan and Implement Integration of New Data Sources............................................................................................5
9. Replicate and Distribute Reference and Master Data..............................................................................................6
10. Manage Changes to Reference and Master Data.....................................................................................................6

** CONFIDENTIAL ** For internal use only Page of

 Big Data Work Program – Reference & Master Data
Management

Ref Control Objectives Testing Procedures Test Results

1. Understand Reference and Master Data Integration Needs

Related Risk: Reference and Master Data integration needs are not understood, resulting in inconsistent, duplicate, or low quality data being
used across the organization.
1.1 Master data requirements are determined Test results should be detailed here and work paper
across all relevant applications of the references should be included at the end of each
organization. sentence as follows [WPXX]. Once fieldwork is
complete, each work paper should be assigned a
unique number (e.g., WP01, WP02, WP03, etc.).
Exception related text should be in red font and
summarized in the “Observations” section.

Observations:
Section to be populated with any exceptions or “No
exceptions noted”.

Work Papers:
WPXX – Work Paper File Name.doc
1.2 Master data standards are defined and
applied to enable the effective
standardization, sharing, and distribution of
reference and master data.
1.3 Reference and master data is categorized
to identify data that needs to be protected,
including customer records, financial data,
product and business plans and similar
information that can impact the market
position of the organization.
2. Identify Master and Reference Data Sources and Contributors
Related Risk: Upstream data sources and downstream data needs are not considered, resulting in duplicate or inconsistent data being used.
2.1 An enterprise data model of the business
exists that identifies the sources and users
of master data.

** CONFIDENTIAL ** For internal use only Page of

 Big Data Work Program – Reference & Master Data
Management

Ref Control Objectives Testing Procedures Test Results

2.2 Redundancy in data is eliminated to make
sure the uniqueness of data flowing from
multiple business processes is maintained.

2.3 A structured process exists to track the

input and output data to mitigate business
risk associated with disclosing private,
confidential information about the company
and its customers.
3. Define and Maintain the Data Integration Architecture
Related Risk: Local reference and master data management occurs in application silos, resulting in redundant and inconsistent data.
3.1 A single, unique system of record is
established for each master data subject
area.

3.2 Data quality checks are performed on

externally acquired reference and master
data.

4. Implement Reference and Master Data Management Solutions

Related Risk: Reference and master data management solutions are not implemented correctly resulting in ineffective data management.
4.1 Reference and master data management
solutions are implemented using a defined,
iterative, incremental approach.

4.2 Organizational architecture and business

priorities are considered when developing
an implementation program roadmap.

5. Define and Maintain Match Rules

Related Risk: Data matching rules are not appropriately defined, resulting in incorrect and inconsistent data.

** CONFIDENTIAL ** For internal use only Page of

 Big Data Work Program – Reference & Master Data
Management

Ref Control Objectives Testing Procedures Test Results

5.1 Match-merge rules and/or match-link rules
are applied to master data to remove data
redundancy.

5.2 Data matching history is maintained to allow

incorrect data matches and merges to be
undone.

5.3 Data match-merge and match-link rules are

periodically reviewed to confirm that rules
still apply.

6. Establish "Golden" Records

Related Risk: Half-hearted maintenance of reference data degrades quality of business data and results in misleading reports. Since each reference
data sets are value domains with distinct values, there is a high risk of inability to maintain those different values.
6.1 Data standardization rules are established
and enforced across the organization.

6.2 Data quality measurements are established

to set expectations, measure
improvements, and help identify root
causes of data
quality problems.
6.3 Applications are configured to enforce data
quality rules through edit checks, search-
before-creation automations, and user
prompts for data that does not meet
accuracy expectations.
6.4 A single set of data quality rules is utilized
in the integration environment to ensure
that all data sources leverage one set of
standardization and validation rules.

** CONFIDENTIAL ** For internal use only Page of

 Big Data Work Program – Reference & Master Data
Management

Ref Control Objectives Testing Procedures Test Results

7. Define and Maintain Hierarchies and Affiliations

Related Risk: Important hierarchy and affiliation data may be overlooked if proper vocabularies and their associated data sets are not properly
established and maintained between master data records. This may also lead to unauthorized vendors having access to data that they
should otherwise not have access to.
7.1 There is proper establishment and
maintenance of relationships between
master data records.

7.2 An inventory list of each vendor relationship

and its purpose has been created and is
maintained.

7.3 Prioritization of the risk of each relationship

consistent with the types of customer
information the vendor can access.

7.4 Execution of written contracts that outline

duties, obligations, and responsibilities of all
parties.

8. Plan and Implement Integration of New Data Sources

Related Risk: New data sources might get lost accidentally or if re-used can lose its data quality and degrade.
8.1 There should be integration of new data
sources that enables organizations to
improve efficiency and provide strong data
governance, security, audit & process
controls and change management.
8.2 Processes to avoid delays related to data
issues when delivering new products and
services to market have been developed
and implemented.
8.3 A process exists to identify, measure,
monitor and establish controls to manage
the risks

** CONFIDENTIAL ** For internal use only Page of

 Big Data Work Program – Reference & Master Data
Management

Ref Control Objectives Testing Procedures Test Results

associated with third-party relationships.

9. Replicate and Distribute Reference and Master Data

Related Risk: Data is not properly replicated, resulting in the degradation of referential integrity.
9.1 Data integration procedures ensure timely
replication and distribution of reference and
master data to application databases.

10. Manage Changes to Reference and Master Data

Related Risk: Unauthorized or incorrect changes are made to reference and master data.
10.1 Roles and responsibilities are defined and
assigned responsibilities to control changes
to reference and master data.

10.2 Changes to reference and master data

follow a defined change management
process.

10.3 Changes to reference and master data are

reviewed and approved by appropriate data
stakeholders.

10.4 Only designated data stewards have the

authority to make changes to reference and
master data.

** CONFIDENTIAL ** For internal use only Page of