What is Data Integrity?
Data integrity is the assurance that information can only be accessed or modified by those authorized to access the system. Measures taken to ensure integrity include controlling the physical environment of networked terminals and servers, restricting access to data, and maintaining rigorous authentication practices. Data integrity can also be threatened by environmental hazards, such as heat, dust, and electrical surges.Alternatively, others define data integrity as all of the risks associated with the authorization, completeness and accuracy of business transactions as they are entered into, processed by, summarized by, and reported by the various network-enabled systems deployed by the organization.
Most businesses today are looking to improve the exchange of goods, services, information, and knowledge using network-enabled technologies. Within these business operations, proper selection and integration of hardware and software is essential to achieve the desired benefits and mitigate the associated risks. These risks pervasively apply to each and every aspect of an application system used to support a business process, and are present in multiple places and at multiple times throughout the application systems. However, they principally manifest themselves in the following application system components:
- User Interface - Risks in this area generally relate to whether or not there are adequate restrictions over which individuals in an organization are authorized to perform business or system functions based on their job need; as well as the need to enforce reasonable separation of duties. Other risks in this area relate to the adequacy of preventive or detective controls to ensure that only valid data can be entered into a system and that the data is complete.
- Processing - Risks in this area generally relate to whether or not there are adequate preventive or detective balancing and reconciliation controls to ensure that data processing has been completed and is timely. This risk also encompasses risks associated with the accuracy and integrity of reports (whether or not they are printed) used to summarize results and make business decisions.
- Error Processing - Risks in this area generally relate to whether or not there are adequate processes and other system methods to ensure that any data entry or processing exceptions that are captured are adequately corrected, and reprocessed accurately, completely and on a timely basis.
- Interface - Risks in this area generally relate to whether or not there are adequate preventive or detective controls to ensure data that has been processed and summarized is adequately and completely transmitted to and processed by another application system to which it feeds data or information.
- Change Management - Risks in this area may be generally considered to be part of Infrastructure Risk, but they significantly influence application systems. These risks are associated with inadequate change management and processes that include user involvement and training, as well as the processes by which changes to any aspect of an application system are both communicated and implemented.
- Data - Risks in this area are generally considered to be part of Infrastructure risks, but they significantly affect application systems. These risks are associated with inadequate data management controls, including both the security/integrity of processed data and the effective management of databases and data structures.
Data integrity can be lost because of programming errors (e.g., good data is processed by incorrect programs), processing errors (e.g., transactions are processed more than once against the same master file), or management/process errors (e.g., poor management of the systems maintenance process).
BUSINESS RISKS RELATED TO DATA INTEGRITY
Failure to manage data integrity risk can have the following impact:
- Authorization, completeness and accuracy of transactions may be incorrect as they are entered, processed, summarized, and reported.
- There may be inadequate management controls concerning the integrity of processed data or databases, which ultimately impacts customer transactions.
The impact on network-based technologies is that insufficient error checking at the point of transaction entry can result in incorrect transaction processing and integrity risks. Integrity can be lost when data is processed incorrectly, or when transactions are incorrectly handled due to errors or delayed processing.