Data Governance, Databases, and Advanced Analytics

Data governance, database structure, integration, analytics, and process improvement.

This part focuses on how data is created, stored, governed, integrated, and analyzed. The exam value here comes from understanding what makes data trustworthy enough for reporting, control evaluation, and assurance use.

Data-management questions should trace reliability across the data lifecycle. A dataset can fail because ownership is unclear, the database is poorly controlled, integration changes the data, analytics are misinterpreted, or process improvement lacks governance.

In This Part

Chapter 11: Data Life Cycle and Governance explains ownership, stewardship, retention, and control over data through time.
Chapter 12: Database Structures and Administration introduces how data is organized and maintained.
Chapter 13: Data Warehousing and Big Data Environments covers broader data environments and their control implications.
Chapter 14: Data Integration and Analytics connects data movement to analysis and decision support.
Chapter 15: Business Process Modeling and Improvement shows how process review and redesign affect system quality and control effectiveness.

Data Reliability Lens

Data area	What to verify first	Common ISC trap
Data lifecycle and governance	Who owns, defines, protects, retains, and disposes of the data?	Assuming data is reliable because it exists in a system.
Database structures	How is the data organized, constrained, backed up, and administered?	Ignoring database controls while evaluating analytics output.
Warehousing and big data	How are large or combined datasets sourced, transformed, and monitored?	Treating volume as a substitute for quality.
Integration and analytics	Were transformations, dashboards, models, and conclusions controlled?	Trusting analytical output without validating the pipeline.
Process improvement	Does redesign preserve controls, evidence, and accountability?	Improving efficiency while weakening auditability.

Data Reliability Evaluation Sequence

Step	What to do	Why it matters on ISC
1. Identify data ownership	Determine who defines, approves, protects, retains, and disposes of the data.	Data governance starts with accountability.
2. Trace data lineage	Follow the data from source system through extraction, transformation, storage, and reporting.	Reliability can fail at any handoff in the pipeline.
3. Evaluate database and access controls	Review constraints, change controls, backups, privileged access, and administration.	Analytics cannot be reliable if the underlying database is poorly controlled.
4. Validate analytical output	Check model logic, dashboard definitions, completeness, accuracy, and exception handling.	A polished report can still be based on incomplete or transformed data.
5. Preserve auditability during improvement	Ensure process redesign retains controls, evidence, ownership, and review trails.	Efficiency gains should not weaken assurance or accountability.

Data Trust Checkpoints

Checkpoint	Exam use	What to avoid
Ownership	Identify the data owner, steward, approver, and user responsible for definitions and use.	Assuming IT ownership alone proves business meaning or reporting reliability.
Lineage	Trace source, extraction, transformation, loading, storage, and reporting paths.	Trusting a dashboard without knowing how the data moved and changed.
Completeness and accuracy	Verify reconciliations, validation rules, exception reports, and source-system controls.	Treating large datasets as reliable because they are comprehensive-looking.
Access and change control	Review who can create, modify, delete, transform, or approve data and database changes.	Evaluating analytics while ignoring privileged access and uncontrolled changes.
Decision use	Connect the data output to reporting, control testing, assurance, or process improvement purpose.	Producing analysis that is technically interesting but not decision-useful.

How to Use This Part

Read this part after Part II so the architecture context is already established.
Focus on integrity, completeness, governance, and auditability, not just technical terminology.
Return here when an ISC question turns on whether data can be trusted or used appropriately.

In this section

Data Governance Across the Data Life Cycle
Data life cycle governance, classification, metadata, retention, and destruction.
- Data Creation, Active Use, Archival, and Final Disposition Controls
  Data creation, active use, archival, and final disposition controls.
- Data Classification Levels, Sensitivity Tiers, and Metadata Management
  Data classification tiers and metadata management.
- Data Retention Schedules, Destruction Policies, and Compliance
  Data retention schedules, destruction policies, and compliance.
Database Structures, Query Logic, and Security Administration
Database structures, query logic, integrity controls, and security.
- Relational Databases, Schemas, Normalization, and Redundancy Control
  Relational databases, schemas, normalization, and redundancy control.
- SQL Queries, Clauses, Joins, and Common Operators
  SQL queries, clauses, joins, and common operators.
- Data Dictionaries, Referential Integrity, and Validation Controls
  Data dictionaries, referential integrity, and validation controls.
- Database Security, Encryption, Privileges, and User Access
  Database security, encryption, privileges, and user access.
Data Warehouses, ETL, and Big Data Governance
Data warehouses, ETL, diverse data types, and big-data governance.
- Data Warehouses, Data Lakes, Data Marts, and Their Use Cases
  Data warehouses, data lakes, data marts, and their use cases.
- ETL Processes, Transformation Risk, and Related Controls
  ETL processes, transformation risk, and related controls.
- Managing Structured, Semi-Structured, and Unstructured Data
  Managing structured, semi-structured, and unstructured data.
- Big Data Governance Challenges, Privacy, and Accountability
  Big data governance challenges, privacy, and accountability.
Data Integration, Visualization, and Analytical Control Risk
Data integration, dashboards, predictive models, and analytics risk.
- Combining Disparate Data Sources for Reliable Analysis
  Combining disparate data sources for reliable analysis.
- Visualization Tools, Reporting Dashboards, and Insight Communication
  Visualization tools, dashboards, and insight communication.
- Predictive Analytics, Machine Learning, and AI Fundamentals for CPAs
  Predictive analytics, machine learning, and AI fundamentals for CPAs.
- Control Risks in Data Analytics and Continuous Monitoring
  Control risks in data analytics and continuous monitoring.
Process Modeling, Bottleneck Analysis, and Automation
Process modeling, bottleneck analysis, control gaps, and automation.
- BPMN Use Cases for Process Documentation and Analysis
  BPMN use cases for process documentation and analysis.
- Process Bottlenecks, Control Gaps, and Improvement Opportunities
  Process bottlenecks, control gaps, and improvement opportunities.
- Process Automation, Efficiency Gains, and Implementation Metrics
  Process automation, efficiency gains, and implementation metrics.

Revised on Monday, June 15, 2026

2. Systems & Controls

4. Security, Confidentiality & Privacy

Browse Information Systems and Controls (ISC)