Criminal Charges to explore in Data>Information>Knowledge>Wisdom Cases

Malicious Access-illegal monitoring of communications

(Node #278356)

Unauthorized access, unauthorized recording/taping, Illegal interception of electronic

communications, illegal monitoring of communications, surveillance, eavesdropping, wiretapping, unlawful party to call

Computer and Internet Crimes

(Node #278358)

Bullying and cyberbullying

(Node #278377)

Child abuse

(Node #278378)

Confidentiality - personal and employer risk

(Node #278363)

Confidentiality violations: including laws that apply to the agency the perpetrator works for

Consumer protection laws

(Node #278367)

Criminal Trespassing

(Node #278366)

Burglary, criminal trespass, reckless endangerment, disorderly conduct, mischief, obstruction of justice,

possession of a device for unlawful purposes

Defamatory libel

(Node #278365)

Defamatory libel, slander, economic or reputation harms, privacy torts

Felony Menacing via electronic surveillance - Special circumstances

(Node #278373)

Stalking and cyberstalking (felony menacing by, via electronic surveillance, etc.)

Fraud - network intrusion

(Node #278359)

Computer and Internet crimes: fraud, network intrusion

Harrassment and Assault

(Node #278374)

Harassment, threats, assault

Identity theft

(Node #278360)

Identity theft, impersonation, pretexting

No Contact or Mutual Separation Agreements

(Node #278369)

Violation of no contact, protection and restraining orders

Agreements between employee and employer in agreement to separate without termination action.

Hold harmless and agreement not to speak negative about the company or employee.

Mobility Innovation - Debunked (halfbaked)

Innovation in Mobility 

First of all, mobile devices are simply a wireless version of a personal computer.  No cords connected beyond charging or synchronization.  

Imagine you are an average citizen and you are like more than half the world, you own a mobile device. 

To an average person, the screen is smaller and you are unlikely to expect any different behaviors than you have on your home computer. 

I expect the device is a personal asset and choice I make to use and control the use personally.  

• A human right - Self determination
• A personal responsibility - to ensure my device is not used for anything illegal or fraudulent.  

A person expects to use a social media application or platform stores like iTunes, Play Store and Microsoft stores as a feature or type of offer supplied by the media platform.  


However, the legal position from all these application platforms implies they are held harmless from any wrong doing based on their legal terms and conditions.  

These platforms enable anyone without regard for their intent and without monitoring of the behaviors showing up from the use of the software development features.  

If most game developers are located in Russia and we are at risk of war with the Russian government, how safe are our citizens?   

An application is used when I'm in Facebook, or a reasonable person accesses the application from their Facebook profile.  It is unreasonable to expect a person to search all stores to understand if the application is not just Facebook or a stand alone business.   

If you force me to become a member or registered user;
The fact we now have forced relationships with Google accounts on many cell phone plans, is not a release of my rights.  

• a gmail address is required to use your new phone.  

The fact we have for some time forced the same on an Apple device is well known and with the Apple devices, we know we cannot download without our account details.  

• I cannot download ala carte or if I can, I may not be aware of the ability.  
• I expect my security settings to be consistent with the marked choices in Facebook
• I don't read the terms and conditions as I'm not a lawyer and all the language is saying the same things differently.  
• My privacy is protected
• Yet, Facebook own anything I post in the application.
• If private, then it implies I own.  
• If my rights under laws where I live, as a citizen are not enforced I am not aware of the lawless behaviors of organizations or agencies and their employees.  

Wireless - Bring your own device 

I am not walking into any office therefore my device should not be searched or scanned or downloaded to any company network or stored on the business systems.  

If I use a wireless hotspot, I am not expecting to give up my rights to the provider of the hotspot.  

I am only expecting a loss of rights if I make a choice to access your network and its resources.  

• Logging in is the normal behavior I perform and should be authenticated by my actions.     
• When I specifically take an action on my device a physical process must be initiated or by my choice.  
• Not an API in the background.  
• I must physically type in the account access identifiable information
• Not an image of my fingerprint collected by others, with or without my knowledge
• An act performed by an API does not qualify as my physical behavior. 
• I am not releasing nor accountable for behaviors beyond my control.    
• Even if I learn to code, I am not going to search the way applications are coded.

Lets look at the device behaviors which mislead me in the case of mobile applications.  True beyond any single carrier and any single social media or other provider. 

Billing data plans - you are told you are using your data on certain days or with certain carriers.  

• Carriers for mobile devices have a known overbilling rate at 30% error or over bill their users as high as 30% beyond the usage. 

We know about the existing messes and have made them wicked problems with messes and systems of messes.  

Running Applications in the Background

Step 1 Check that all applications are closed-the photo shows applications are in use despite the fact these are not showing in the device view. 

Step 2 Verify all applications are closed exit and re-enter application window

Step 3 Verify Running application settings from settings rather than expect the device to show an application if its running.  

The results are disturbing but consistent with the application "do not allow device to sleep" setting in each applications code (API).

Now, if I don't know the application is open.  It isn't showing on my phone screen.  Then I'm not responsible.  Or at least that would be how any reasonable person would see the situation.  
 
Wait! What does this notice suggest? An ethical hacker. Using a chrome style window that will be replaced with the factory version to hide the evidence of any violating my wireless device.

I am a WICKED Problem solver, other average users are not going to know about these anomalies.   

My expertise allows me to go from paper and pen into technology and reverse engineer the same from technology to bits and bytes in Big Data. 

Sustainable Strategy

 Sustainability

A) Person Centered Designed - A per cloud by Marco F, in Italy. 
B) Labor and Economic equality with a system of record for human rights and meaningful transition from poverty to economically sustainable lives. 

• Financial transactions are not in the develop plans for the per cloud at this time.   
• A widget or application can be accessed through any social media store for the purpose of transaction processing. 
• Free software in open data stores doesn't make the best place for financial exchanges.

I've added the co-op option which is out of scope for Marco's Per Cloud, but an easy enough thing to add on quickly. 

A media and advertising social media business development use case

For parents who want to get their kids on something fun, GromSocial.com for kids and parent approvals.  Just to name two options we might enable rather quickly.

Education audience K-8th grade students - middle income class or highest income class - same approach to solve problems focused on the parts.  

Ocean and Human Ecology 

Target segments or cohorts K-5th and 6th-8th grade students 

The option you may want to promote in order to overcome the major collection of customer or contact records your organization has managed to become the keeper of all records.  Think about the legal threats in this regard.  The Dun and Bradstreet service is one that is considered useful in performing due diligence for a customer.  The policies and procedures in most companies includes a series of task that must be performed to create a new customer in your accounting system.  Do a sanity check.   Run a list of customer locations for a major customer.

• Then check how many rows you have with the same customer name and different addresses. 
• Then check how many rows are missing the zip code, state or country. 

How many people are showing in a county based on census or the reported link showing on the Whitehouse.gov site?

• Then how many people do your systems show for the same?  
• What value is there in retention of false information?
• What value is there in retention of low quality or misleading information? 

Do the people in your organization understand the relationship between your applications>which may be presented in a content view>knowledge library>records management>data visualization which requires physical tables modeled in a logical model or integrated in work flow templates (ETL/ELT) to connect data stored for reference, as master records in different applications?  in the database tables stored on a storage device which may be a virtual machine on a larger appliance?

B) Sustainable Development within a global architecture framework, a generic and simple way to discreetly or indiscreetly manage the financial or economic health of an organization at the operational level.

Mapping Business Process to an enterprise or business architecture

• Knowing people aren't all fans of the same experts I've mapped to TQM, and a VSM that I am working on getting confirmed therefore I will keep this for a future date. 

I've done this work in open source tools, which means the donation to the tool teams are based on your usage and considered a donation.

A per-cloud with a small business add on

Per Cloud

How I envision a per cloud for any user. 

Taking a concept from highly technical to visual for ensuring an open standard for users like you and me.   In this model, we as users have a main page with mobile and computer access, the left side of the photo below.  

The right side of the page would be the types of services pushed to a user "based" on a users request.  The service provider maintains the encryption and integrity between the user and the service, only removes the burden from the user once connected to their per-cloud.  

This model works for a Per-Cloud

Managing household expenses and benefits from the expenses.  

Great for young adults 

Helps to identify the cost to benefit concepts
While the bottom three lanes would have another indicator with the same moving from left to right. 

A small business cloud 

A sustainable business model adopts best practices from an open data format with consistent presentation of a small business model in the following diagram we present an example of such an example.  

People-A person as an Agent 

Any business of any size anywhere in the world has a series of common requirements.  

A) Employees - even in a 1 man/woman business
B) Suppliers - a source of your offer 
C) Customers - a consumer of the offer 

Each of these will be given one of three levels of maturity, or complexity or risk.  

The theme you can build will enable you to acquire or assign the right type resource from your team, outsourced or understand the gap you have in meeting the offer for your customer.  

Assume we have not identified any constraints around "Who" by default we have identified 3 types of "Who" and segmented these three into 3 types of complexity models.  

Highway Analogy

Expenses or Cost

During the build of your offer you and these resources from your employees or supplier will use three lanes on a highway to travel from right to left or southbound or going east on a highway. 

Revenue or Benefits

Once the expenses and cost have been incurred or to initiate the build of an offer in a Just in Time model;

Budget - the person who's an agent of customer has a budget to spend
Authority - has the authority or has agreement from a person with authority to spend
Need - a need your solution can meet
Timeline - your solution can be delivered in time as required.  

When this criteria has been met, a sales person must change their opportunity to a forecast whether directly or by an indicator in the opportunity management system.  

Just In Time

Expense - identify the lane 
In a just in time system, the build of an item or offer would show in one of the top 3 lanes moving from right to left.  
Revenue - defaults to the lane in the opposite direction below

3rd party solutions - Physical Tables with Sudo Access

Buying a 3rd party solution

Software out of the box

Understand the purpose of a software purchase.  People have a business need that a software solution was designed to perform in a logical manner. 

Every software purchase must know the following questions;

• Is the software by design in compliance with GAAP/GARP?
• Security Exchange Filings 

• How does the software support ISO 9000 and ISO 14001? 
• Quality and Environmental Systems

Example; In any 3rd party solution we build the software to run without any other software and this can only be done if we allow the creation of a customer.  

• The sole purpose of a customer record in any company; to generate revenue.  
• Every revenue item on the quarterly financials includes a transaction with a customer.  

GAAP/GARP - regulatory reporting requires a series of key controls be verified before reporting to the SEC each filing period. 

Every company must control the "create, update and archive" process for any customer which includes as many as twelve (12) unique individual types of key controls.

Perhaps you elected to answer the question or the sales representative was not well informed about the software.

Any software with an ability to create a customer, has either negative impacts when not part of the "Corporate Policy and Desk Procedures for Customer create, read, and update".
Any software with an ability to create a customer, has either negative impacts or positive impacts when the feature is turned off and the required for the software to function associated by a service call to the system of record for ERP Master records.  If not authorized, this series will go into solutions that we might have as alternatives to the challenge which protects the customers privacy.  

Segregation of Duties

A key control on both IT and Business roles who are authorized to create, update or archive a master record in ERP.

Physical Tables - db user name and table user name

Database "sudo access" controls breaks this effective control - "ineffective" design control and an inability to do batch transaction processing in the expense (cost) or revenue (benefits) workflows is a key indicator measure of the integrity of a companies resources and leadership competencies. 

Physical Tables - Reference Data Dissemination

Reference Data is dependent upon a physical table to many systems and the connection between Management and Transaction capabilities.

Key controls are designed into the process and considered either "effective" or "ineffective" during an audit.
















Performance of the organization is report externally taking the expenses and comparing them against the revenues in private or cost against benefits in public sector reporting, both report to the Security Exchange Commission. 

Every company or agency in both public and private sectors has a correlation with internal processes related to "accounting close" procedures.  While the formal report is a quarterly activity all actions during the period and in the activities which introduce a change in the ERP system and associated systems into ERP or acquiring from ERP.  

Basically the report monitoring must be designed to logically summarize the expense transactions as the cost are incurred in the life of either operational overhead or build of the offers.  

Why do I strongly urge people work on change, transformation or innovation to use common sense first?

If you are migrating business people from manual or a legacy system to a new 3rd party solution.
If you are changing a 3rd party solution before rolling out the foundation of the solution.

• You are being asked to perform task that the vendor may not support and may cause the 3rd party solution not to work as designed.  

Privacy for Dummies and for all the smart people too!

Privacy and Innovation - unintended adversaries

Let's consider something with tremendous opportunities to execute beginning the process with critical thinking skills.

Step 1.  We will review a diagram with pictures showing many subjects we would find in an Enterprise Data Warehouse or Business Analytical service.
Step 2.  We will identify the problem from the stakeholder or clients perspective.  

The following translates the many laws in place today in the US which protect the privacy of each of the subjects, based on thematic subjects a person associates various topics as private in the mind of the users.   If we measure the way many companies have not considered or perhaps we never validate the way our teams are delivering.  If we had done so, I'd be surprised to know our corporate or national leaders would allow such things to continue.    

US Domestic Laws

We call these practices cookies in our current conversations or targeted attacks. 

Title I ECPA (18 USC 2511)(Node #278371)

Title I of the U.S. Electronic Communications Privacy Act (ECPA) (18 USC §2511) prohibits interception and disclosure of wired, oral or electronic communication while in transit. This law may apply when a perpetrator wiretaps a phone line, does physical bugging, or puts a keylogger on someone’s computer.

Title II ECPA (18 USC 2701-12)(Node #278372)

Title II of ECPA, The Stored Communications Act (18 USC §§2701‐12) makes it unlawful to intentionally access stored communications without authorization or by exceeding authorized access. This law may apply when a perpetrator accesses someone else’s email, voicemail, online social networking account or information stored on a computer or with a cloud provider. See also, NNEDV’s tipsheet on Cloud Computing.

Imagine every device owned and using any application from any of the stores online in our social media favorites.  What if every device was now a machine to machine access tool.  One that people who bought the device are unknowingly walking around ignorant to the way the device is being used. 

Ethical Hackers 

We have lost our morals to the point where many people are allowed to stalk a person under the premise of Ethical Hacking.   The same behaviors are called social engineering attacks. 

The laws are openly ignored and lawlessness promoted as if these American's were given full immunity from any criminal charges.  Well, they are given immunity.  There is no process in place and the ones in place are a waste of time, no one ever finds a way to take a complaint and it falls under no-ones actual jurisdiction.  

Again!

We have countless laws and no way to enforce the law. This diagram helps us to visualize the requirements in a way that must be understood as describing in Text has yet to enable the law.  

UN Women's Law Work Group Thematic topics adopted for the visual

In the diagram above, we have two people one female and one male with a globe to the right of the images.  The visuals show us that the issue is both a female and a male problem across the globe.  

Now each block surrounding identifies various thematic topics from the UN Law work group last report after the March 2013 meeting.  

The STOP signs indicate laws protecting the subjects within the topic.  

• Privacy laws need to be enforced 

The Triangle with an exclamation 

•  A person would need to make a personal choice

The blue arrow indicates this information may be offered without much resistance from the end users, consumers and citizens.

• Public information 

Many companies have a moral obligation and a leadership decision.  Your company brand or risk your companies reputation, financial and legal risk.

• The actions have a negative impact on people's family, economic and social lives.

Healthcare Privacy Laws

http://peoplecentereddesign.blogspot.com/2013/09/national-country-laws.html
Domestic - Tech Laws see attached "NNEDV-Finding Tech laws to charge for technology abuse"
Identify if the perpetrator violated laws in multiple jurisdictions, including state and federal levels: In addition to local/state laws, there are a range of U.S. federal laws that might be relevant. For example, the U.S. Electronic Communications Privacy Act (ECPA) addresses access, use, disclosure, interception and privacy protections of electronic communications.
 Title I of the U.S. Electronic Communications Privacy Act (ECPA) (18 USC §2511) prohibits interception and disclosure of wired, oral or electronic communication while in transit. This law may apply when a perpetrator wiretaps a phone line, does physical bugging, or puts a keylogger on someone’s computer.
 Title II of ECPA, The Stored Communications Act (18 USC §§2701‐12) makes it unlawful to intentionally access stored communications without authorization or by exceeding authorized access. This law may apply when a perpetrator accesses someone else’s email, voicemail, online social networking account or information stored on a computer or with a cloud provider. See also, NNEDV’s tipsheet on Cloud Computing.
_________________________________________________________________________________________________________
Domestic - Fourth Amendment
___________________________________________________________________________________________________________________________________________________
Medical Privacy Guide Laws related to medical records and children with parental relationship

Many of the laws related to children and consumers are not cited in the use case "current or future issues".
None of the laws which would exclude indigenous people, who have escalated their sovereignty to the united nations human rights justice process and we have not a single use case noted to exclude the tribal populations. In the use case for diabetes research, it is highly probable that the tribal population and fact that men with tribal heritage in Lakota Nations expect the males to not exceed 42.9 years of age due to diabetes related illnesses.


Rights protecting health record of children

1. See 45 C.F.R. Parts 160 and 164, available at http://www.hhs.gov/ocr/hipaa.
2. 45 C.F.R. § 164.501.
3. 45 C.F.R. § 164.502(g); see also 65 Fed. Reg. 82,500 (Dec. 28, 2000).
4. The regulations do not define “unemancipated minor” but defer to state law definitions of the term.
5.See note at the bottom of the Alan Guttmacher Institute’s chart of relevant state laws, attached to this guide.
6. Again, the regulations do not define these terms but rely on state law definitions.
7. 45 C.F.R. § 160.103.
8. 45 C.F.R. §§ 160.103, 164.504(e)(1).
9. 45 C.F.R. § 160.103.
10. 45 C.F.R. §§ 160.103, 164.501.
11. 45 C.F.R. § 164.524.
12. 45 C.F.R. §§ 164.502, 164.506, 164.508, 164.512, 164.514.
13. 45 C.F.R. §§ 164.510, 164.512.
14. 45 C.F.R. § 164.522(b).
15. 45 C.F.R. § 164.522(a).
16. 45 C.F.R. § 164.520.
17. 45 C.F.R. § 164.526.
18. 45 C.F.R. § 164.528.
19. 45 C.F.R. § 164.502(g)(3)(i).
20 See also A. English et al., State Minor Consent Laws: A Summary, 2nd ed. Chapel Hill, NC: Center for Adolescent Health & the Law, April 2003. This 200 page monograph summarizes each state's minor consent statutes, including the confidentiality and disclosure provisions of those statutes. Ordering information is available from info@cahl.org.
21. 45 C.F.R. § 164.502(g)(3)(i)(A).
22. But be aware that even a minor who is legally entitled to consent to most health care on her own may have to comply with a law that requires parental or judicial involvement in her abortion decision.
23. 45 C.F.R. § 164.502(g)(3)(i)(B).
24. 45 C.F.R. § 164.502(g)(3)(i)(C).
25. 45 C.F.R. § 164.502(g)(3)(ii)(A).
26. 45 C.F.R. § 164.502(g)(3)(ii)(B).
27. 45 C.F.R. § 164.502(g)(3)(ii)(C); see also 67 Fed. Reg. 53,200-53,2001 (Aug. 14, 2002).
28. 45 C.F.R. § 164.502(g)(5).
29. 45 C.F.R. § 164.512(b)(1)(ii); see also 45 C.F.R. § 164.512(c).
30. 45 C.F.R. § 164.524(a)(3)(iii).
31. 45 C.F.R. § 164.524(d)(2).
32. 45 C.F.R. § 164.522(b).
33. 45 C.F.R. § 164.522(a).
34. 45 C.F.R. § 164.512(j)(1)(i).
35. 45 C.F.R. § 164.520
_____________________________________________________________
Domestic Security Clearance - See attached "governmentclearancefordata_formD2254.doc"
I had a file or form DD254 (see attached Government clearance form for data) from the federal contracting award where it clearly states classified information and the process which tells me that from a standard perspective "big data" isn't the place for security intelligence information. The purpose in itself cannot afford to be subject to the definition of big data. Technology strained by the size of data, isn't valuable for security intelligence purposes. The information must be raw, without modifications, traceable, audit-able and without any question about integrity or validity.

This form clearly states the requirements a person must have and conditions of releasing the person for access to the information.

In addition, to the fact that a person intending to do harm to our nation would have access to and the ability to move or erase their activities making it much more difficult to manage.
One part of the form identifies the requirement that the user must be a US citizen. For this reason and based on the severity in any situation or deployment of Big Data, the ability to manage the standard in this regard tells me, the security intelligence information MUST be an exclusion from big data.

a) DD254 form - This document clearly states the contracting organization must first be a US Citizen, the source which might allow us to ensure this requirement was met is not a practice in place today.
a.1.) The NIST standard should read big data for public sector agencies must manage data regionally and the intent of Big Data intends to acquire population data for many person's to use in various ways for niche purposes. In the case of women, the violence against women act of 2006 file is located here at this link. The file shows a clear association with regard to Native American's and Indian Health centers particularly. For the use case, which I plan to prepare. Applicable references during our call about the countless laws and FACT that the rights of tribal people continue to be ignored.
a.2.) The subjective purposes are a threat to the security intelligence agency and expose citizen's to targeted attacks see Microsoft Security Report
a.3.) The current quality of information acquired and processed is subjective when intelligence information clearly must be factual (objective) and segregated away from untrained stakeholders.
a.4.) The purpose for any intelligence information would justify the exclusion when the definition of big data implies many things to many people and has the intent to reveal information when intelligence information intends to be restricted and only involve a very limited number of persons.

Example; Mobility Innovation
(fictional-cause)
Cause-people going around the policies as the product groups were not moving fast enough so a brilliant data person comes up with a way to provide mobile services ahead of the product group.
(Fictional story actual effects)
Effect-a host of images and video formatted files show in the data stores with telecom sensor information.

As a follow up, resilience and security validations need to be performed on the situation.  The IT expert responds with, yes those are streaming video and images. 

"I've seen way more bathrooms than I ever wanted to see"

Images from people's bathrooms was funny to this IT person.  

People the human in the role of a citizen

A retail company may consider these people as consumers, the fact would only be true if the person had an interest and CHOSE to be part of your companies advertising audience.

A consumer or customer of a wireless service provider, expects certain protections and has been using mobile devices without threat of the types of violations being promoted in "Not So Smart phones".

One blogger wrote and highlighted the fact that people are generally hopeful in the right things being done before they would want to accept such an awful reality.

People believe in a higher power and expect corporations to be out for profit but even then these companies have boundaries.  Those boundaries are laws and freedoms or liberties.  

Applications on Mobile Devices 

A person has no indication that the device they purchased and who's contract with their service provider can violate the privacy or norms they've become familiar with. 

• Whether you are a woman or a man, the issue is far from being a gender issue.  
• IF we learn that our phones are being used to capture us in the restroom 
• The patriot act is not covering this type of monitoring.  

If you are saying so what, not a big deal.

If that isn't enough to make you uncomfortable...

• It's capturing your wife in the restroom...
• It's capturing your daughter in the restroom...
• It's capturing your mother in the restroom...
• It's capturing your sister in the restroom...

Let's consider the minutes and who's paying for the data transfer?  Noticing your data usage running out quickly?  Maybe your battery doesn't keep a charge and you aren't using the phone.  You may not be using it but someone is, these applications you download are "prevent device from going to sleep".

With any problem, I am rarely going public with such wicked problems unless I have a solution to solve them.

Governance By Design Segregation of Duties A management capability

An audit nightmare

Or could it be time to enable governance by design?

Here's the challenge we must address, with regard to the integrity of the organizations financials or processing the transactions which are used for the reporting to the external stakeholders these are outside the span of control for all users.

• Only the CEO has end to end accountability and few can answer the questions to be helpful to IT. 

The five capability model enables an organization to very clearly distinguish between 3 management, which includes the controlled create, update and archive of all three of the master data categories.

The majority of the organization and agency will be creating either expense or revenue transaction capabilities.

There are only a minimal set of users who have the authority to create a customer, supplier, employee, offer, item, component and financial account codes.

The biggest and most recognizable error, the I didn't know there was a difference between master and transaction processes.

Myth

Data experts are not accurate in the assumption that data is unrelated and not dependent upon process. 

Meeting the Sarbanes Oxley 404 assurance-be a hero for an executive

• When I measure cost savings from waste, I measure the columns with information from the ERP master records by the number of rows returned in the profiling or daily batch report. 
• When I am performing a security architecture role as the person who qualifies the projects and guides the application threat assessment during the SDLC;
• A threat assessment must be done on any create or get process introduced 
• The business intelligence process should not create, while it may present information by joining two data sets, the use of in memory or a physical table writes to a new table with both parts of the information.   
• Any mis-match between the source application - in the master data records we must assume any values created, updated and archived MUST be done with the MANAGEMENT CAPABILITY user group.  
• These management capability users are a team of people who must associate and document a series of steps in due diligence and retain the records for audit purposes.  
• generally legal, corporate finance and an operations person performing the action with both legal and finance validating the action.   

An event driven storage strategy with governance by design

Getting from chaos to high performing and mature. 

Governance by Design it honestly can be done. 

A record management strategy from the business and enterprise architecture perspective. 

The following graphic suggest a way to acquire and publish for record management purposes. 

• The structure and storage strategy will mirror the APQC business process framework. 

Record Retention and Information Strategy from Right to Left with APQC Process Framework

The table in the lowest part of the graphic above and the header row in the table below reflect the business process at the highest level and the stakeholder who has the decision making authority in the identified processes for the level of quality coming into an organizations functional workflow and the consuming applications and systems your people's work feeds into.  

Often people confuse the annual planning process where a sequence actually does exist, but on the outside it appears to be a completely collaborative process.  No sequence in the minds of those who are not in the discussion.

APQC business process framework headers and stakeholders in the sequence of who supplies the inputs and what roles they are working in.  Notice the first process is creating master records, while 2 through 5 are creating transaction records from master records.

 

1 Design Vision and Strategy	2. Develop products and services	3. Market and Sell Products and Services	4. Deliver Products and Services	5. Manage Products and Services
Executives, Management, HR and Corporate Finance	Engineering and Corporate Marketing	Field Marketing and Sales	Operations, Sales Finance and Supply Chain	Technical Services
Creates master records	Creates transaction records from master records	Creates transaction records from master records	Creates transaction records from master records	Creates transaction records from master records
Updates, Reads and Archives - Never deletes.	Expense Transaction Capability	Expense Transaction and Begins the Revenue Transaction Capability	Expense Transaction Plus Revenue Transaction	Expense Transaction Plus Revenue Transaction
Corporate Sub-Acct 10 Corporate Sub-Acct 20 Corporate Sub-Acct 30	Core Advanced Innovation	Small and Medium Service Providers and Alliances Global Accounts	Resale Bill to 3rd party finance or Federal Enterprise Direct	Partner Supported-Break Fix Service Provider BOT Advanced Service-Prevent

How do I get beyond the challenge where people do not agree and insist they own the data? 

• I get beyond the who owns the data by capturing what each stakeholder wants to call the information.  

What do the corporate policies say and who is listed in the procedures? 

• The corporate policies are rarely changed as they follow industry practices.  
• The industry isn't going to change the spirit of the laws or standards - rather the terms may be updated from time to time.  

 Who creates, enriches and updates or who ends the life cycle in a transaction workflow?

• Most of these questions are shown in the table above

Where do the records begin and where do they need to be validated for audit purposes? 

• Each organization has at least one record resulting from the inputs from an earlier group in the process life cycle.  
• Finance validates the records at each close or before.  

Consider the assurances made to record managers all over the world. 

• The record is an image, then digital records turn an image into data again.

Example; Market Research done a few months ago

A) Failures in Record Management attributed to the disconnect between Data experts and records management roles. 

Internal Customers - IT's Record Retention Strategy

The data experts are not going to engage with records management owners and do not acknowledge the internal customer.  In fact, the complete disregard for the requirement despite every project having a review which is marked no.

The problem remains, with any real intention shown by data experts that would suggest the intent to retain in original format, all records for the organization or agency.  

Just to show you how serious of a challenge this has become.  Working through a few use cases on the subject of Big Data Privacy and Security, a topic about a user acquiring information then writing back to the source.  I asked for an example when this would be important?

The national archives and library of congress was the response.  I nearly fell off my chair.  Before having an anxiety attack, I asked the very sharp leader to help me understand his position.

1. He gave several examples of where this was going ot happen in the NAAR, like changing from one system to another.  
1. How often do we estimate this occurs?  
2. I re-affirmed my understanding of what he was saying, basically we are moving records out of the records management tools into an EDW Appliance, 
1. we are not suggesting the movement of the indexes, 
2. we intend to move the records.  
1. Yes, I was hearing this to be true.  
2. My understanding of records management was not related to an EDW or Analytical Business Intelligence platform.  
1. In the past, these are two different solutions.  
2. If we move everything into EDW and BI tools - we will certainly not have the results we could in the technology designed to manage records.  
1. It is best to perform Return on Investment and Risk Assessments knowing the warehouse operations and architecture roles are not going to honor the record retention requirements.   

The records management owners are unlikely to understand when data people want to talk about changes to information in a database, as the business people are of the understanding that a digital record is as good as a physical record and a physical record CANNOT BE altered. 

Enabling the customer experience - Business models for scalable and high performing companies

FACT 
When I worked at Sony Corporation of American, I held a role and I was the only customer operations person who supported the direct business models for the company in the Western Region.

• Western Region - Highest sales region with Northern western region generally higher than Southern due to the number of Global accounts headquartered in Silicon Valley.  
• Biggest customers - No two customers are the same
• Most demanding - forming relationships gets a team beyond this high touch part of direct business. 
• Customer negotiated terms-No two legal agreements are the same.  YOU CANNOT AND MUST NOT try to force a standard contract on these customers.  
• You will violate the terms of the master agreement or not be working in good faith
• Use a transformation to a service work order model 

When I went to work for the smallest reseller who had just won the sole source contract for all of the Western region as a system integrator for Sony's Video Conference line, I supported the highest selling team with the hardest to please customers.

As time moved on, I was asked to manage all Video Conference deals to ensure the smooth internal process which the other women were not willing to adjust to support.  

The same challenges were faced that we had while working as the assigned product manager  for the roll out in the Western Region rather than from New Jersey, as me and the new Director for our region were an awesome team.

Later when I made my way through a number of smaller or startups, the rule remained true  in each case, a large account is in all parts of the world.  We know where these customers are located.  A few people in the company have access and make decisions on these accounts.

If you segment your organization first by the large accounts, again Sub-Account 30 in this example.

The segment 30 is the slow lane, high dollars but slow to travel.  

The best way to manage the 30 business model is in their own applications, feeding to ERP at the time of the opportunity being validated.

• Customer commits-push 14 data fields to all downstream forms in ERP as the header and constraint people must remain in to meet the customer expectations.   
• On the use case where 7 entries were made-you just reduced the cost by 6 contractors and removed the need to re-key.  
• We know re-key is waste-imagine the savings you have from holding all stakeholders in the process accountable to their roles based on the date of push.   
• You have enabled the customers experience
• you reduced the inbound data collection 
• only new values enriched by the process will update the original table in a different physical table associated with the opportunity.  
• You enabled commission crediting 
• You enables supply chain
• You enabled customer service
• You enabled manufacturing or strategic alliances
• You improved data quality 
• You've met the SOX requirements
• You've met the ISO requirements
•  You are agile and ready to grow in all circumstances.  
• You are governing the organization and have excellent operational efficiency
•  Now, big data isn't so big anymore is it? 

If it is still big, let's dive into the following; 
a large number of temp tables

Physical Database Design Deliverable Template

MIKE 2.0 Content submission 

Physical Database Design Deliverable Template

How to leverage and govern the big data elephant in the room or take the elephant back to the wild?

You can choose, do you want to run your operations well or allow chaos and confusion?  

I personally, want to fix anything broken when it causes WICKED problems. 

Fixing a data quality problem, it's only a problem when its breaking the law or unethical.

Be a hero for the CEO and Shareholders

Personally, I always want to make my boss look good.  Some managers are gonna say this is political suicide.  Those managers are probably the cause of the problem.   

Can you imagine working for someone who's slogan was "the truth doesn't matter"?  I've heard horror stories.  I would rather starve then work for a manager with such low standards.  

I have built my career on doing the right things even if they are harder.  If your one of the best, you want people working for you who do their best before what's best for them.   of my managers have loved me for it.  They know, I am able to fix anything and I get it done within the law and the auditors will love it.  

So let me take you through the tricks behind a data quality problem.  How it effects a record and what to do about it.  

 Identify the issues in ERP master records

• Party

• Offer

• Account

  
  All tables with these master records are in scope and you will not find anyone volunteering the information.  Go straight to the person managing the physical tables.
  Do not read standards, do not trust word of mouth.  Get this person and their management chain to understand your scope.  
  
  The accuracy of the persons response will make your project successful or marginal.
  Using the returned information, begin the profiling of these tables in the database

When I want to profile a data quality problem?

• Step 1 understand the problem from the stakeholders perspective
• Step 2 assess the stakeholders role in the data and the process step the stakeholder work within.  
• Step 3 identify the stakeholder group with the role of creating, when the data can be enriched and how the data is enriched?  
• Step 4 assess the variance between the process owner, the stakeholders who would re-use the information and how the information get's to the stakeholders with the quality failure.  
• Step 5 profile the data starting with the application where the data is "created" a physical table should be found with a 1:1 match of the entry points.  
• If not found, a record retention process may be broken.
• Inputs must be captured and written, then validated during the close (more often usually)
• Each validation results in a record, when financial it must be retained in it's original format.  
• Changes must be enriched never replacing the original records.  
• Many restatements are forced and changing the source information

Meeting the Sarbanes Oxley 404 assurance-be a hero for an executive

• When I measure cost savings from waste, I measure the columns with information from the ERP master records by the number of rows returned in the profiling or daily batch report. 
• When I am performing a security architecture role as the person who qualifies the projects and guides the application threat assessment during the SDLC;
• A threat assessment must be done on any create or get process introduced 
• The business intelligence process should not create, while it may present information by joining two data sets, the use of in memory or a physical table writes to a new table with both parts of the information.   
• Any mis-match between the source application - in the master data records we must assume any values created, updated and archived MUST be done with the MANAGEMENT CAPABILITY user group.  
• These management capability users are a team of people who must associate and document a series of steps in due diligence and retain the records for audit purposes.  
• generally legal, corporate finance and an operations person performing the action with both legal and finance validating the action.   

How your customer or organization can lean the mission critical data?

Summary

First this blog post will highlight the symptoms we might hear about in Big Data, or any EDW of any size.  A performance problem, sure we can let the issue fall into performance maintenance.  Although the source of the problem is a symptom or a clue.

A physical table duplicate implies a shadow process in place

• A non-standard or non-authorized person using the data outside the sanctioned process.  

A physical table enables the represented data to be collected or acquired and written to a custom report or presented in a custom (in house) transactional application. 

• We might even hear about these problems on the network with burst or high congestion during batch processing and a denial of service attack.

Yes, the physical table is the center of the data processing or curation world.  The box "processing" and the way vertical and horizontal processes work within or across technology stacks.

In many database engines, the natural processing power leverages a few concepts which most business people would simply assume are common sense. 

For example duplicate indexes in a parallel processing appliance for example. 

• The duplicate tables forces the appliance to work harder, confusing the even distribution across many nodes to balance the workload.  
• The failure will be in too many CPU's, spikes in the IO and may fail fault tolerance.  
• A perfect place for a DDOS attack to make it's way into your organization.  

The entire technology stack becomes far less reliable and fails to meet the specifications promised by the vendor.  

a symptom of shadow IT

• Duplicate indices - high power and degraded performance

• a problem with the duplication of physical tables 
• the table may be renamed and data structured in the same way as the source physical table
• the table may be named slightly different yet structured in the same way
• a symptom of an offline data algorithm writing back to an operational application 
• I've seen this most often in CRM or marketing application

Person Centered Design

In the case of duplicate indices we must be concerned as the quality into an operational process may force re-work and has the highest probability of impacting the customer and external stakeholders.

"why would I use this application, the information isn't used by anyone else"
"why bother, have you seen how many customer records I'd have to go through, it's faster to just enter my customer and information"  

• Employees may re-key rather than try to find things in an application when each day the application is flushed with backend data algorithms.  
• Especially when the application is controlled and uncontrolled obviously. 
• Worst case I've seen, users entered the information 7 times between the acceptance of the customer or win of an opportunity to commission crediting. 

What may be threatening your customer experience?

• Common issues requiring maintenance 

• a large amount of null values 
• a large amount of data type changes which never get changed
• column decimal format error
• data format error
•  a table with zero values

Worst Case Scenario

• By the time the order booked, 7 different contractors entered into another application at different times for a different stakeholder within the company. 
• Only when I was allowed to sit in a bull pen with the other roles within the company did I learn of the way we speak, and frequency of the events we process will either prompt fight to get it in or flight push it back to get it away.  
• "the purpose and the motivations for each audience are highly dependent on access to the information and frequency of transactions processed."
• Assignment of specialized resources who only deal with the larger slower transactions significantly improves the situation.  
• The systems are not setup to support the larger slower deals.    
• A high transaction process will be the types most people are comfortable with the volume makes them the stakeholder to please.  
• everything else must work around the volume stakeholders
• The low transaction high dollar deals are immediately non-standard and avoidance is the favored response.  
• Null values
• Very few applications designed to support the customer experience allow a user to enter a null in the process workflow (sanctioned)
• A backend alogorithm isn't subject to the rule
• trust is lost by all stakeholders internally as Sales must be doing something wrong.
• Sales - not all sales and many times only a subset of sales is doing this.  
• A null on the country forces a touch by all stakeholders in every process
• A null on the state or zip code - same effect
• A decimal error forces manual touches on pricing or cost which are both illegal unless you hide them in adjustments.  
• A date error is typically a back door to trick a rebate or commission or performance on a business unit during any given period.  
• in many cases, the forced date error will prompt a static date to be applied indicating no change when the actions in fact are performing a change showing another field to allow the illegal behavior.
• Many large temp files are another indicator of the same bad behaviors. 

FACT 
When my career shifted from accounting or implementing ERP systems working with finance;  I held a role supporting direct business models for our foreign headquartered companies business and professional group in the Western Region.

• Western Region - Highest sales region with Northern western region generally higher than Southern due to the number of Global accounts headquartered in Silicon Valley.  
• Biggest customers - No two customers are the same
• Most demanding - forming relationships gets a team beyond this high touch part of direct business. 
• Customer negotiated terms-No two legal agreements are the same.  YOU CANNOT AND MUST NOT try to force a standard contract on these customers.  
• You will violate the terms of the master agreement or not be working in good faith
• Use a transformation to a service work order model 

When I went to work for the smallest reseller who had just won the sole source contract for all of the Western region as a system integrator for an innovative technology "Video Conferencing". I supported the highest selling team with the hardest to please customers.

As time moved on, I was asked to manage all Video Conference deals to ensure the smooth internal process which the other women were not willing to adjust to support.  

The same challenges were faced that we had while working as the assigned product manager  for the roll out in the Western Region rather than from New Jersey, as me and the new Director for our region were an awesome team.

Later when I made my way through a number of smaller or startups, the rule remained true  in each case, a large account is in all parts of the world.  We know where these customers are located.  A few people in the company have access and make decisions on these accounts.

If you segment your organization first by the large accounts, again Sub-Account 30 in this example.

The segment 30 is the slow lane, high dollars but slow to travel.  

The best way to manage the 30 business model is in their own applications, feeding to ERP at the time of the opportunity being validated.

• Customer commits-push 14 data fields to all downstream forms in ERP as the header and constraint people must remain in to meet the customer expectations.   
• On the use case where 7 entries were made-you just reduced the cost by 6 contractors and removed the need to re-key.  
• We know re-key is waste-imagine the savings you have from holding all stakeholders in the process accountable to their roles based on the date of push.   
• You have enabled the customers experience
• you reduced the inbound data collection 
• only new values enriched by the process will update the original table in a different physical table associated with the opportunity.  
• You enabled commission crediting 
• You enables supply chain
• You enabled customer service
• You enabled manufacturing or strategic alliances
• You improved data quality 
• You've met the SOX requirements
• You've met the ISO requirements
•  You are agile and ready to grow in all circumstances.  
• You are governing the organization and have excellent operational efficiency
•  Now, big data isn't so big anymore is it? 

Physical tables Defined from how these unimportant things are really important

Important 

WE HAVE DIFFERENT MOTIVATIONS and in all my career, this audience by far was the least likely to work towards the solution.   and the facts are far more difficult to acquire in this domain. 
Tables are common in Data experts conversations, while some will object to the term as supporters of a NoSQL environment, this position will only harm the critical conversations which need to occur across technology and stakeholder groups. 

If we perform data modeling the logical model and physical model will be a 1:1 or perfect match.

Most things are either tied to or altered by the physical table which makes the process most effective when controlled by this component. 

Truth

While most modeling tools intend to control the two models, the ability to alter the physical table has become widely used.

 

Myth

Physical tables are a SQL requirement and not in the new technology used in Big Data.

Truth

The structure of data when acquired regardless of source and irrespective of the technology will require a column definition and sequence of the columns, rows to capture each line of detail. 

• When I measure waste, I begin with the physical tables.  
• When I measure threats I begin with the physical tables 

How to use the physical tables?  

• Each column represents a header or data entry field in a source application.  
• Source database and source application are two completely different things
• A source application has a user group and an associated process or procedure being followed.
• Business rules are designed into the application to guide the users actions
• Action the users must follow
• A source database has few rules and no constraints nor even if the logical model was defined to have them.  
• A physical table DOES tell you what is ACTUALLY happening with the data. 

When I want to profile a data quality problem?

• Step 1 understand the problem from the stakeholders perspective
• Step 2 assess the stakeholders role in the data and the process step the stakeholder work within.  
• Step 3 identify the stakeholder group with the role of creating, when the data can be enriched and how the data is enriched?  
• Step 4 assess the variance between the process owner, the stakeholders who would re-use the information and how the information get's to the stakeholders with the quality failure.  
• Step 5 profile the data starting with the application where the data is "created" a physical table should be found with a 1:1 match of the entry points.  
• If not found, a record retention process may be broken.
• Inputs must be captured and written, then validated during the close (more often usually)
• Each validation results in a record, when financial it must be retained in it's original format.  
• Changes must be enriched never replacing the original records.  
• Many restatements are forced and changing the source information

Meeting the Sarbanes Oxley 404 assurance-be a hero for an executive

• When I measure cost savings from waste, I measure the columns with information from the ERP master records by the number of rows returned in the profiling or daily batch report. 
• When I am performing a security architecture role as the person who qualifies the projects and guides the application threat assessment during the SDLC;
• A threat assessment must be done on any create or get process introduced 
• The business intelligence process should not create, while it may present information by joining two data sets, the use of in memory or a physical table writes to a new table with both parts of the information.   
• Any mis-match between the source application - in the master data records we must assume any values created, updated and archived MUST be done with the MANAGEMENT CAPABILITY user group.  
• These management capability users are a team of people who must associate and document a series of steps in due diligence and retain the records for audit purposes.  
• generally legal, corporate finance and an operations person performing the action with both legal and finance validating the action.    

a symptom of shadow IT

• Duplicate indices - high power and degraded performance

• a problem with duplicate physical tables 
• the table may be renamed and data structured in the same way as the source physical table
• the table may be named slightly different yet structured in the same way
• a symptom of an offline data algorithm writing back to an operational application 
• I've seen this most often in CRM or marketing application

Person Centered Design

In the case of duplicate indices we must be concerned as the quality into an operational process may force re-work and has the highest probability of impacting the customer and external stakeholders.

"why would I use this application, the information isn't used by anyone else"
"why bother, have you seen how many customer records I'd have to go through, it's faster to just enter my customer and information"  

• Employees may re-key rather than try to find things in an application when each day the application is flushed with backend data algorithms.  
• Especially when the application is controlled and uncontrolled obviously. 
• Worst case I've seen, users entered the information 7 times between the acceptance of the customer or win of an opportunity to commission crediting. 

What may be threatening your customer experience?

• Common issues requiring maintenance 

• a large amount of null values 
• a large amount of data type changes which never get changed
• column decimal format error
• data format error
•  a table with zero values

Worst Case Scenario

• By the time the order booked, 7 different contractors entered into another application at different times for a different stakeholder within the company. 
• Only when I was allowed to sit in a bull pen with the other roles within the company did I learn of the way we speak, and frequency of the events we process will either prompt fight to get it in or flight push it back to get it away.  
• "the purpose and the motivations for each audience are highly dependent on access to the information and frequency of transactions processed."
• Assignment of specialized resources who only deal with the larger slower transactions significantly improves the situation.  
• The systems are not setup to support the larger slower deals.    
• A high transaction process will be the types most people are comfortable with the volume makes them the stakeholder to please.  
• everything else must work around the volume stakeholders
• The low transaction high dollar deals are immediately non-standard and avoidance is the favored response.  
• Null values
• Very few applications designed to support the customer experience allow a user to enter a null in the process workflow (sanctioned)
• A backend alogorithm isn't subject to the rule
• trust is lost by all stakeholders internally as Sales must be doing something wrong.
• Sales - not all sales and many times only a subset of sales is doing this.  
• A null on the country forces a touch by all stakeholders in every process
• A null on the state or zip code - same effect
• A decimal error forces manual touches on pricing or cost which are both illegal unless you hide them in adjustments.  
• A date error is typically a back door to trick a rebate or commission or performance on a business unit during any given period.  
• in many cases, the forced date error will prompt a static date to be applied indicating no change when the actions in fact are performing a change showing another field to allow the illegal behavior.
• Many large temp files are another indicator of the same bad behaviors. 

FACT 
When I worked at Sony Corporation of American, I held a role and I was the only customer operations person who supported the direct business models for the company in the Western Region.

• Western Region - Highest sales region with Northern western region generally higher than Southern due to the number of Global accounts headquartered in Silicon Valley.  
• Biggest customers - No two customers are the same
• Most demanding - forming relationships gets a team beyond this high touch part of direct business. 
• Customer negotiated terms-No two legal agreements are the same.  YOU CANNOT AND MUST NOT try to force a standard contract on these customers.  
• You will violate the terms of the master agreement or not be working in good faith
• Use a transformation to a service work order model 

When I went to work for the smallest reseller who had just won the sole source contract for all of the Western region as a system integrator for Sony's Video Conference line, I supported the highest selling team with the hardest to please customers.

As time moved on, I was asked to manage all Video Conference deals to ensure the smooth internal process which the other women were not willing to adjust to support.  

The same challenges were faced that we had while working as the assigned product manager  for the roll out in the Western Region rather than from New Jersey, as me and the new Director for our region were an awesome team.

Later when I made my way through a number of smaller or startups, the rule remained true  in each case, a large account is in all parts of the world.  We know where these customers are located.  A few people in the company have access and make decisions on these accounts.

If you segment your organization first by the large accounts, again Sub-Account 30 in this example.

The segment 30 is the slow lane, high dollars but slow to travel.  

The best way to manage the 30 business model is in their own applications, feeding to ERP at the time of the opportunity being validated.

• Customer commits-push 14 data fields to all downstream forms in ERP as the header and constraint people must remain in to meet the customer expectations.   
• On the use case where 7 entries were made-you just reduced the cost by 6 contractors and removed the need to re-key.  
• We know re-key is waste-imagine the savings you have from holding all stakeholders in the process accountable to their roles based on the date of push.   
• You have enabled the customers experience
• you reduced the inbound data collection 
• only new values enriched by the process will update the original table in a different physical table associated with the opportunity.  
• You enabled commission crediting 
• You enables supply chain
• You enabled customer service
• You enabled manufacturing or strategic alliances
• You improved data quality 
• You've met the SOX requirements
• You've met the ISO requirements
•  You are agile and ready to grow in all circumstances.  
• You are governing the organization and have excellent operational efficiency
•  Now, big data isn't so big anymore is it? 

If it is still big, let's dive into the following; 

• a large number of temp tables

foundation for any inbound data acquired from another database, another technology during transformation or a workflow execution and the structure which defines the outbound information dissemination.  The Physical database table represents the source for any transition from traditional SQL or ETL integration to a SOA processing.  The physical table in XML format will enable the transition to SOA components. 

A physical db table would enable the best source for any data quality project, to understand the number of places the data is being used across the organization.  Basically, a sponsor of a data quality project CANNOT tell you where others have acquired or duplicated data which intends to be and needs to be governed. 

If ERP creates a customer, supplier, employee, item, component, offer or Accounting code in the master tables, any physical table with the same attributes has the potential to break the key control outside the system of record. 

As a source structure in ETL workflow processing; the "Integration" or "ETL"  processing will program an algorithm (typically in SQL) in any application the algorithm MUST be considered an offline or back-end transformation outside the system of record. The Sarbane's Oxley Act of 2002 was crafted to PREVENT these practices as an audit record no longer retains the original format as required for record retention purposes. 

The problem with the requirement, most people who own the process have no visibility nor would they be able to comprehend the FACT that what they are accountable for the organization can be acquired outside the source application.  The operational applications such as a CRM, an ATS or Supply Chain system are the source and only place data can be created to populate the reference and master tables in an ERP system. 

Competing Motivations-culture
We have in one direction claimed governance and controls around the customer facing processes in response to Sarbane's Oxley increasingly complex regulations.  The unfortunate dilemma was in the understanding of the law and it's intent or we failed to understand the "spirit of the law".  Many companies increased operational support which allowed an entirely new layer of contract workers at every point of entry into an ERP system.  The person entering the information into the workstream must be aware of the threats of jail or criminal charges one may face in any transactions which fail to meet the GAAP accounting principles.  The result of this new layer of workers, significantly reduces the quality of information being entered. 

Effect of the culture - 3rd party applications
How many projects have you heard where a company bought a nice 3rd party application and after it went live the company was in a worse situation?  Well, let's think about the issue. 

Was the purchase of a new application bad and the vendor product useless? 
You must first determine if you used the features as designed.
Did you customize any parts or avoid using any fields? 
Understanding that a 3rd party solution is designed for the needs of the industry, not any single company. 
If you elect to or allow your staff to "elect" what they use and where in the application these choices were made will be evident in the offline reporting or business intelligence (EDW is a process within the BI Stack).  The Physical table will define the information collected or acquired and in Big Data we call this PROCESSING OR CURATION. 

Did the vendor product get implemented in the appropriate manner?
Verify the vendor manual to the physical table columns represent the actions or decisions made in a source and rows the events details or transaction inputs to the decision. 

Physical Tables and Integrity Checks
Can you use the new 3rd party application canned reports?
Select a basic report in the 3rd party application. 
For example; daily transaction report or all transaction detail reports. 

Step 1.
Run daily transaction detail report
If the report is void of data in any place you have not setup the application correctly. 

Step 2.
Verify the report against the physical table.

Step 3.
How many physical tables are there with the information from your application? 
3NF
How many times is the table re-used? 
Ideally, a 3NF physical table or the contents upon acquisition of the information will populate many views. 
A single view for in memory, the same view segmented by region (column) such customer country or location code from the six segments in ERP. 
The least level of security will be far easier to execute in a model where the rule is as described then further segmented by 3 segments (sub-account in erp) 10, 20, or 30 enables resources for resale and distribution in account code 10, assign all resellers to country and account code 10.  dimensions then multi-byte processing against the region only.   



Does the report have any missing information?  My first lesson in the failure between the chair and the keyboard, began when I printed a canned report out of the newly implemented accounting system. 

It was the year 2000, we were integrating 4 acquisitions and transitioning from 5 accounting systems (4 as 1 was a complex spreadsheet managing 70% of the revenue). 

My consultant rushed in a crystal reports expert who designed these custom reports to address the situation.  The problem, we used so many user defined fields that our system was not being used to perform the work we bought it to do for us.  Therefore nothing was going to work.  I was still unaware but skeptical.  I was ready to tie the consultants to a stake when the 3rd party project accounting system turned out to have bad code and I learned any corrections were proprietary and would cost me x more than the negotiated maintenance contract. 

When a person outside the data architecture, data operations and MDM space inquire into anything related to BI, EDW or operational use of Enterprise Business Data the response will always be limited, never inclusive and without regard for business governance and quality expectations. 

In fact, it is a widely know fact that data people will not recognize the process owners or the dilemma a process owner faces.
In fact, it is beginning to surface that data people will not recognize the requirements from a records management stakeholder. 

In both cases, we can imagine the best place to begin in restoring the right visibility for both process and records management owners.

never given any indication of the way data is used by the "self-proclaimed" owners of all data. 

 Extracts using a workflow template which defines the physical table structure which host the data being transformed.  The ETL workflow Extracts from and places into a work table where any algorithm will be performed as the workflow transforms before placing the work table into a target table. 

Profiling in comparison from the source application, source database table and or the best indicator of unique offline applications. 

A physical db table IS NOT limited to the process of modeling.
although most tools begin with a logical model, transforms into a physical table and intends to conform the two in delivery of any usage.  The logical and physical tables when not matched may be identified on an exception report or a some refer to this as a Swiss Cheese report.  When physical tables are replicated in a 3NF and databases require structured physical tables to perform any business intelligence, custom analytical and transactional applications for "data at rest" and during operational activities begins to collect from a specific table or in 3NF acquires from many tables based on the type of Business Intelligence or EDW event processing during the batch or a workflow between data stores.  We refer to the processing as data "in flight". 

re-use and a snapshot of the "actual" activity in any data warehouse operation. An ideal state ensures the consistency between the logical model and physical model as a way to govern the data as defined by the modeler.  The modeler has been tasked with ensuring the request is defined well and performs a series of qualifying questions to ensure the information meets the needs and is understood by the requesting sponsor of a project.