Here is a risk management model, from which you can see it should identify a GxP process needing DI assessment at first. Then, determine data criticality, map data vulnerability 9-Box, and determine the current level of data controls. Level of control in place ensures inadvertent data integrity issues are unlikely to occur - but may not prevent intentional falsification. Learn more details from this model, and try to make yours with ease.