Energy Credit Best Practices – Chapter: Information Technology http://ccro.org © Copyright 2022, CCRO. All rights reserved. 9 The design and selection of specific controls for an IT credit system should be targeted at ensuring that data inputs and calculations are: Error-free and robust and Independent from the front office (commercial) or credit analysts Coordination and transparency on the credit operation’s control environment performance will expose any gaps or redundancies of controls across the entire Credit Information Ecosystem. With independence from the commercial function(s), the desired transparency can be achieved and appropriate actions to close gaps can be more readily taken. 1.4.3 Data Integrity To ensure the Integrity of the Credit Group’s data, it should have the following characteristic: 1.Credit and counterparty data is integrated into a single system of record, 2.All external and internal data needed to value and manage the credit portfolio is consolidated, 3.Credit Exposure is reliably calculated and stored to support prompt reporting Data Integrity is one of the essential elements of a robust Credit Information Ecosystem. Without it, data immediately becomes invalidated, impacting end-user confidence at best, and at worst, could lead to material financial and reputational consequences. Ensuring data Integrity requires an “always-on” mindset, including continuous and periodic monitoring by assigned and accountable data owners. As discussed below in greater detail, these best practices build confidence among the business functions and support critical processes dependent on this mission-critical data. They also facilitate the Credit Information Ecosystem's ongoing transformation as the industry moves toward real-time monitoring and reporting. 1.4.4 Secure & Reliable To ensure data integrity, the entire credit IT system should be secure from unauthorized access use, disruption, modification, or destruction. Additionally, redundancy of data and critical IT systems should be put into place to ensure reliability. While the endorsement of particular industry frameworks is generally beyond this paper's scope, the National Institute of Standards and Technologies (NIST) Cybersecurity Framework aligns with the CCRO’s recommended principles.