Can You Trust Your Data?

By Wanda R. Black

Organizations today face many challenges. The global economy is knocking on every corporate boardroom door; each day, corporations are faced with mergers, acquisitions, expansion, and spinoffs. It's no wonder that companies find that one of their greatest challenges is managing the accuracy of their data. Inaccurate data leads to misinformed business decisions, resulting in poor judgment and bad business outcomes. It is important for organizations to embrace best practices in managing their data quality.

One way for corporations to manage their data quality is by implementing the total data quality solution life-cycle model, which has eight steps (see the chart below):

1. Identify the data integrity risk level for the enterprise
2. Develop enterprise data integrity policies and processes for managing data risks
3. Assign data stewards and data owners who are responsible and accountable
4. Implement enterprise data integrity policies and processes
5. Conduct data audits and publish metrics
6. Provide metrics as a measure in personal performance feedback
7. Conduct ongoing training, education, and awareness sessions
8. Continue to improve/enhance the enterprise data integrity policies and process management to minimize data risks

Let's look at each of these steps in more detail.

1. Identify data integrity risk level for the enterprise.
To identify your organization’s risk levels, you must gain a baseline understanding of how the enterprise interprets data integrity and quality by creating a survey. You will use the survey results as baseline statistics to develop necessary training. You must also inventory your master source data by creating a matrix of mission-critical data across your systems. This matrix will identify the source data, as well as the risk to the organization if this data is found to be suspect, inaccurate, or lost. As you identify the source data and the risk, you may also identify the owners of this data.

2. Develop enterprise data integrity policies and processes for managing data risks.
Teaming with selected business partners across the enterprise (fewer than 10 people), develop data integrity policies and process maps for data auditing procedures and best practices. Determine the training curriculum and the communication plan for roll-out. Interface with human resources to explain the implications of introducing the roles of a) data steward and b) data owner, and share with human resources how personal performance will affect the yearly bonuses of individuals who are assigned to these roles. (Competencies should be reflected in their individual job descriptions.)

3. Assign data stewards and data owners who are responsible and accountable.
Step 1 allowed you to identify potential owners of the data. Use this matrix to finalize ownership and determine the leaders who will be responsible for making sure that unannounced, periodic data audits are conducted against the data they oversee. Use the training course to train the data owners (also called data custodians) and the data stewards on their responsibilities and accountabilities in caring for the enterprise data. Share with them how metrics will be assigned via data policies and how the results of the data audits will affect their personal yearly performance. Communicate how continuous data quality improvements will minimize the data risks to the enterprise, and how their role as a data owner or data steward is important to the well-being of data across the organization.

4. Implement enterprise data integrity policies and processes.
After the initial training is completed and the policies explained, implement the data policies, processes, and procedures across the enterprise and monitor them for adherence. Embrace these best practices and enforce them as written. (There should be no room for personal interpretation of data policies and/or processes.)

5. Conduct data audits and publish metrics.
Perform periodic, unannounced data audits on a percentage of the data that has been entered into systems. Reports should be designed to reflect the data that has been touched. Through these discoveries you can determine the percent of data that must be audited (a rule of thumb is 10 percent). Audits should be performed by a person other than the individuals who entered the data (this could be external to the department, or assigned to a person within the department as a check and balance over the data quality). Results from the data audits should be made public and published on an intranet portal for the enterprise to view. Lessons learned from the data audits should be conducted so that data quality problems will not be repeated. (This best practice supports the total data quality solution life-cycle model).

6. Provide metrics as a measure in personal performance feedback.
Individuals identified as data owners and data stewards need to understand the importance of adhering to data policies and processes. You must share with them after each audit by discussing the audit results, the improvements they need to make (if any), and their individual average accumulated year-to-date. At the end of the year, the average of all data audits will be reflected in their overall personal yearly performance profile.

7. Conduct ongoing training, education, and data awareness sessions.
Throughout the year, provide data awareness programs designed to train staff across the enterprise on the importance of quality data and continuous data quality improvements. Share with staff that it is everyone’s accountability to maintain timely, accurate and concise data—regardless of whether they are identified as a data owner or data steward.

8. Continue to improve/enhance the enterprise data integrity policies and processes to manage data accuracy and to minimize data risks across the enterprise.
Like total quality improvement, data quality and integrity must consistently improve. Revisit and revise as necessary the data policies, processes, guidelines, and pro formas. The ultimate vision is to continue to strive for quality data within an enterprise that has zero defects.

Remember, if you can’t trust your data, you can’t use your data!

Data Quality and Data Auditing

Corporations must deal with many data issues that include, but are not limited to: regulatory compliance risk management (Sarbanes-Oxley), helping to prevent acts of terrorism (USA PATRIOT Act), electronic access to patient information (HIPAA), the protection of consumer information (Gramm Leach-Bliley), and the management of records (FDA Title 21 CFR Part 11), just to name a few. It is no wonder that companies must place data integrity, process, and metrics high on their agenda in order to minimize their data risk. Noncompliance can result in hefty fines, costly rework, or worse yet, prison terms for executive staff.

Remember the acronym CRUD? It stands for create, read, update, and delete. Organizations must monitor and review which employee accessed, altered, updated, deleted, or simply viewed company data. Instill and embrace new data policies, procedures, guidelines, and best practices. Unannounced data audits need to be conducted, and statistics published so the enterprise understands how data compliance is being measured. Adherence to data quality metrics should be mandatory. Not conforming to baseline data standards should affect yearly personal performance. Roles should be identified where responsibility and accountability for data integrity and accuracy are part of competencies and expectations.

In a 2004 white paper, "Audit the Data—or Else," Baroudi Bloor¹ crystallized the need to audit data by writing:

Today's competition is fierce. The common differentiator between one business and another is the extent to which it places importance on its enterprise data.

Data becomes information, which transforms into actionable knowledge. Information is a valuable intellectual resource and a corporate asset. It must be managed, maintained, and audited properly by adopting and embracing sound data integrity processes, metrics, and best practices.

If your company is new to data auditing, it may view this as an arduous process. However, it is a task that must be designed, developed, implemented, and monitored. The data auditing framework must be manageable, complete, and provide business value. Think of it as a critical business process that, when implemented, will provide invaluable information about the state of your enterprise data. It will be a process that will provide a snapshot of the data's integrity at a point in time. Should data inaccuracies be uncovered, they will be identified and rectified. Should your systems ever undergo an audit by an outside agency, you will already be one step ahead, since you have embraced best practices to support compliance. This accomplishment and satisfaction in itself should provide comfort, knowing that your organization invested the time and resources to minimize data risks.

Can you trust the accuracy of data within your enterprise?

Wanda R. Black has been in the IT field for more than 38 years. She specializes in business/data/technology strategic planning, data warehousing, information resource management, and Web development. She can be reached at wblack7990@sbcglobal.net to inquire about expert consulting services and support.

¹_{The white paper was written by Robin Bloor and Carol Baroudi of Baroudi Bloor International Inc., a research, analysis, and strategic advisory company serving high-technology vendors and users. The company recently merged with Hurwitz & Associates of Waltham, MA. (Back to article)}