Contributed February 20, 2001 by Ian Pratley (ian.pratley@cis.co.
uk )
Audit Title: Data Warehouse (consider in conjunction with MI BRAM)
Audit Ref:
Gross risk
Business Objectives Key Risks
(V,H,M,L)
Sufficient information to meet xref MI BRAM
organisations MI requirements.
Information utilised. Data and information within
warehouse and/or marts cannot be
understood.
Response times too great
Enquiry equipment in use not
effective
Insufficient enquiry equipment in
use
Accurate, consistent and up to date Data within the source systems is
data. in error
Risks relating to transfer of
information from source systems:
time dependencies of transactions,
incomplete or corrupted transfers
Data structure changes within
source systems not reflected within
data warehouse/data marts
06/23/2009
Impact Causes of Risk
Poor design methodology of data
warehouse and/or marts
Lack of understanding in design
methodology
Poor documentation.
Out of date documentation
Excessive use of data warehouse
rather than data marts for running
queries
Poor design methodology of data
marts
Performance not monitored
Lack of understanding in running
queries and creating reports
xref MI BRAM
xref MI BRAM
Inaccuracies, omissions and
inconsistencies in the source data
not identified during the
extract/transform process
Errors identified during the
extract/transform process not
corrected within the source systems
Prepared by: Ian Pratley Date: WP Ref:
Reviewed by: Date:
Controls Net Risk Net Risk
Possible Controls to Mitigate Test
Audit Tests Effective? Impact Likelihood Recommendation Commentary
Risk ref. (Y/N) (V,H,M,L) (V,H,M,L)
Standard documented design
methodology adopted, for example
approach towards normalisation
Training given to designers of the
data warehouse and/or data mart.
Accurate and up to date
documentation of data models
- should use automated
documentation tools
Meaningful documentation of data
definitions and data descriptions
Procedures for maintenance of
documentation in line with changes
to the source systems
Consideration given to replication
of data marts.
xref above, but consideration given
to indexes, aggregation, de-
normalisaton
Training issue - xref MI BRAM
Extractions/transforms designed to
report errors within source data
where this is practicable.
Aged reports of outstanding errors
Responsibilities allocated for
correcting errors within source
systems.
Agreed approach for treatment of
errors reported, with regard to the
action to be taken for the specific
extract/transform run
Specific consideration of impact on
data warehouse/marts within
source system change control
procedures
Source system changes reflected
in data warehouse and data mart
documentation
xref above
Source system changes tested
through to data warehouse
Page 1

Information can be extended, for
example to include additional
products
Ongoing availability of the
information.
06/23/2009
Errors arise in the data within the
data warehouse and/or data marts
Design methodology does not
facilitate future additions to the
data warehouse and/or data mart
Poor or out of date documentation
Capacity of data warehouse
exceeded
Capacity of data warehouse
exceeded
Data warehouse and/or marts
unreliable
Unauthorised update of data
warehouse and/or data mart
Poor design methodology of data
warehouse and/or marts
xref above
Poor design methodology of data
warehouse
Capacity of data warehouse not
monitored
xref above
Reliability of data warehouse and
marts not monitored
Database integrity checks such as
referential integrity, and data model
integrity checks such as
reconciliation of aggregates.
Controls over data edits
Discuss approach adopted for the
addition of new areas
xref above
Use of data normalisaton to
minimise data redundancy.
Could indicate need for replication
Page 2