Data integrity is the assurance that information can only be accessed or modified by those authorized to access the system. Measures taken to ensure integrity include controlling the physical environment of networked terminals and servers, restricting access to data, and maintaining rigorous authentication practices. Data integrity can also be threatened by environmental hazards, such as heat, dust and electrical surges.
Alternatively, others define data integrity as all of the risks associated with the authorization, completeness and accuracy of business transactions as they are entered into, processed by, summarized by and reported by the various network-enabled systems deployed by the organization.
Most organizations today are looking to improve the exchange of goods, services, information and knowledge using network-enabled technologies. Within these business operations, the proper selection and integration of hardware and software are essential to achieve the desired benefits and mitigate the associated risks. These risks pervasively apply to each and every aspect of an application system used to support a business process and are present in multiple places and at multiple times throughout the application systems. However, they principally manifest themselves in the following application system components:
- User Interface: Risks in this area generally relate to whether there are adequate restrictions over which individuals in an organization are authorized to perform business or system functions based on their job needs, as well as the need to enforce reasonable separation of duties. Other risks in this area relate to the adequacy of preventive or detective controls to ensure that only valid data can be entered into a system and that the data is complete.
- Processing: Risks in this area generally relate to whether there are adequate preventive or detective balancing and reconciliation controls to ensure that data processing has been completed and is timely. This risk also encompasses risks associated with the accuracy and integrity of reports used to summarize results and make business decisions.
- Error Processing: Risks in this area generally relate to whether there are adequate processes and other system methods to ensure that any data entry or processing exceptions that are captured are adequately corrected and reprocessed accurately, completely and on a timely basis.
- Interface: Risks in this area generally relate to whether there are adequate preventive or detective controls to ensure that data that has been processed and summarized and is adequately and completely transmitted to and processed by another application system to which it feeds data or information.
- Change Management: Risks in this area may be generally considered to be part of infrastructure risk, but they significantly influence application systems. These risks are associated with inadequate change management and processes that include user involvement and training, as well as the processes by which changes to any aspect of an application system are both communicated and implemented.
- Data: Risks in this area are generally considered to be part of infrastructure risks, but they significantly affect application systems. These risks are associated with inadequate data management controls, including both the security/integrity of processed data and the effective management of databases and data structures.
Data integrity can be lost because of programming errors (e.g., good data is processed by incorrect programs), processing errors (e.g., transactions are processed more than once against the same master file) or management/process errors (e.g., poor management of the systems maintenance process).
BUSINESS RISKS RELATED TO DATA INTEGRITY
Failure to manage data integrity risk can have the following impact:
- The authorization, completeness and accuracy of transactions may be incorrect as they are entered, processed, summarized and reported.
- Management controls concerning the integrity of processed data or databases may be inadequate, which ultimately impacts customer transactions.
The impact on network-based technologies is that insufficient error checking at the point of transaction entry can result in incorrect transaction processing and integrity risks. Integrity can be lost when data is processed incorrectly or when transactions are incorrectly handled due to errors or delayed processing.
Learn more about this topic by exploring these related tools on KnowledgeLeader: