solving data publication challenges for even better rsa archer reporting
Post on 07-Apr-2017
379 Views
Preview:
TRANSCRIPT
#RSACharge © Copyright 2016 EMC Corporation.
Solving Data Publication Challenges for Even Better Archer Reporting Phil Aldrich, Dell David Pearson, Iceberg
© Copyright 2016 EMC Corporation.
Agenda
• Reporting requirements
• Key Technical Challenges
• Datamart / ETL / BI solution
• EMC “Proof of Concept” (Archer/Tableau integration)
• Next Steps
© Copyright 2016 EMC Corporation.
Challenge
• Archer is a powerful tool for aggregating risk and compliance data
• More mature organizations often have reporting/dashboard requirements that go beyond Archer out-of-box capabilities
• Example: Audit committee + board-level reporting requirements + risk metrics
“How can we drive more meaningful / actionable /
valuable reports from Archer?”
© Copyright 2016 EMC Corporation.
Typical business requirements
Functionality
• Advanced visualizations (heat maps, bowtie charts, cause-effect trees)
• Manipulate / customize dashboards
• More control over exports to Excel, PowerPoint, etc.
• Metric and Trend analysis
• Easier integration with other BI tools
© Copyright 2016 EMC Corporation.
Capability RSA Archer BI tool
• “On the fly” report creation/edits
• Ability to export reports into multiple formats
• Variety of report display options (bar, line, heat, pie, etc.)
• Ability to create reports with separate data sources
• Multi-dimensional reports (3 or more)
• Ability to implement analysis algorithms (monte carlo, etc.)
• Ability to add report description with export/display
• Metric Trending & Analysis
• Forecast projected results within report
Reporting Capabilities
© Copyright 2016 EMC Corporation.
Reporting Requirements
Source: COSO.org, Developing Key Risk Indicators to Strengthen Enterprise Risk Management
“Understand the Full Picture”
© Copyright 2016 EMC Corporation.
Reporting Requirements
Source: COSO.org, Risk Assessment in Practice
© Copyright 2016 EMC Corporation.
Reporting Requirements
Source: COSO.org, Risk Assessment in Practice
© Copyright 2016 EMC Corporation.
Current solution: Archer Data Publication Service (DPS)
• Use Archer’s DPS (Data Publication Service), and import data
into a BI tool like Tableau
But DPS has its problems…
o Process is difficult to support/maintain
o How do we maintain Archer’s security/permissions in the BI
tool?
o DPS produces “unfriendly field names”
o How do we cross reference data from multiple Archer modules?
o Can we capture trending?
© Copyright 2016 EMC Corporation.
Risk Intelligence Data Mart
Datamart / ETL / BI solution
DPS
Meta Data
Archer Application
Data
Xform Reporting Datastore
SQL/API
Data Access
© Copyright 2016 EMC Corporation.
DPS Raw Data Model Risk Intelligence Data Mart
Meta Data
Xform Reporting Datastore
Data Access
Archer Application
Data
© Copyright 2016 EMC Corporation.
Additional Queries - Example Risk Intelligence Data Mart
Archer Application
Data
Xform Reporting Datastore
Data Access
Meta Data
© Copyright 2016 EMC Corporation.
Post Transformation Data Model Risk Intelligence Data Mart
Meta Data
Archer Application
Data
Xform
Data Access
Reporting Datastore
© Copyright 2016 EMC Corporation.
1. Datamart: all Archer data for an application is available from a single view within a database
2. Maintains Archer’s security and access controls: Includes row-level permissions, automatically mirroring Archer’s security model
3. A simplified data model: Data is combined from dozens or hundreds of tables, and includes enumerated field “meanings”, for reporting ease and performance
4. Reports/Dashboards: Easier configuration of enriched executive reports and dashboards within a BI tool.
© Copyright 2016 EMC Corporation.
EMC “Proof of Concept”
• Use a subset of information on proof of concept (Risk Register)
• Build “solid” integration b/w Archer and Tableau
• Showcase reporting capabilities not available in Archer
• Maintain Archer access control permissions
• Ensure integration process is “easy” to support
© Copyright 2016 EMC Corporation.
POC Phases LEADER 2016
July Aug Sept Oct Nov Dec
Requirements Gathering EMC
Technical Setup EMC/Iceberg
/AHA
Report Creation Iceberg/AHA
ETL Redesign (6.1) Iceberg/AHA
ETL Deploy/Test (6.1) EMC/Dell
Metrics Development Dell/AHA
EMC “Proof of Concept” timeline
© Copyright 2016 EMC Corporation.
• Ability to provide a full “snapshot” to executives with supporting context
• Ability to add report data into PowerPoint presentations or summary audit reports
• Provide “actionable” reporting files/interfaces to allow real-time analysis (ie. Tableau)
© Copyright 2016 EMC Corporation.
Risk Action chart
• “Actionable” report for easy executive consumption
• Provides another “axis” of information
• Overlay of Risk Summary Report
© Copyright 2016 EMC Corporation.
Challenges / Opportunities
• 5.5 version vs. 6.1 ETL – Required a redesign
– Commitment from RSA to inform on future changes
• Maintain Archer access control capability
– Key requirement to ensure data confidentiality
• Ensure “ease of use” for future “lights on” support
– Archer Support team can easily manage integration and updates
• Continue to build a “Risk Intelligence” story
– Add metrics, risk costs vs. impacts
top related