In the fast-changing context of AI and other technological developments, it is becoming increasingly important for organisations to get a handle on their data management risks.
1. Overlooking the importance of data governance
If you really want to unlock the power of data, you need effective master data governance structures at the enterprise level. Otherwise you will never achieve integrated data analytics.
.png?width=1080&height=1080&name=Untitled%20design%20(2).png)
CRO, ASX-listed technology company
Risk Leadership Network member
Risk leaders agree that governance of data structures within the organisation should be a priority for large companies, if they haven't implemented a process for this already.
Here are some steps you can take to implement governance around the business' data:
- Identify your key data types (e.g., cost structures, organisational structures, locations, risk taxonomies)
- Count how many versions there currently are of each
- Establish a single source of truth for each data type (i.e., the 'master data').
|
Possible metrics:
|
For a more in-depth analysis of the approaches your peers — CROs at large non-financial organisations in Europe, Oceania and MENA — are taking to leverage data help the business make better strategic decisions, participate in our data risk benchmark.
2. Inconsistent use of data across the business
Bite the bullet and get everyone to transition to the master source. Otherwise you will end up with a whole other industry translating between sources.
Head of risk, privately-owned retail firm in MENA
Risk Leadership Network member
Identifying data types and deciding which version will be the "master" is just the beginning. The next crucial step is to drive adoption of that master source throughout the business. This will likely mean enacting changes in both technology and behaviours.
From a tech perspective, you may need to re-engineer data solutions, reporting feeds or other software to use the 'correct' data source or feed.
From a people perspective, you need to consider what data employees are using manually (and when), and get them to make the switch. This may mean updating documents like policies and processes, as well as updating training modules.
|
Possible metrics:
|
3. Focusing too much on data completeness
It can be hard to anticipate in advance which data is going to deliver the most business value. Setting 'completeness' as a metric encourages you to make a list of data points and then work towards 'checking off' that list.
However, depending on where you are in your data maturity journey, this might not be ideal. This is because it can introduce bias or force your focus onto the wrong areas.
As you're monitoring 'completeness' people aren't really thinking about whether the information is useful. Everyone is just concentrating on ticking the box.
CRO, FTSE energy company
Risk Leadership Network member
Ultimately, if you're really confident about the data you need, focusing on completeness can be an effective approach. If you have to make up a list of data points though, in order to monitor completeness, you could be approaching the problem the wrong way round.
|
Possible metrics: Metrics around quality and consistency (i.e. single source master data) may be better starting points. If considering data completeness, be sure about the value of that data. |
Your questions answered1. Where does this insight come from? 2. Why did you arrange the virtual meeting on data risk? 3. How do you ensure confidentiality in your collaborations? 4. How else are you supporting members with data risk? |
4. Too worried about high volume user adoption
Don't focus on volume for users; it only drives people who don't know what they are doing to waste their time generating inferior outcomes.
CRO, FTSE telco company
Risk Leadership Network member
Our members concur that a hundred people using data poorly is worth much less than five people doing it properly, especially if the former leaves the organisation drowning in data that has no strategic purpose.
A more important, foundational step is to encourage teams to consider how and why they want to use data. Thing about metrics that will encourage behaviours around strategic planning and longer-term learning.
|
Possible metrics:
|
5. Confining privacy metrics to focus on breaches only
Data privacy is, of course, an increasing concern for all organisations, particularly those holding vast quantities of personal information. Breaches, however, are not the only concern.
You may also want to consider a metric around your use of data analytics and how that aligns with your customers' perceptions of their privacy.
CRO, large multi-national construction company
Risk Leadership Network member
In other words, it's not just about protecting data from bad agents. Customers also have expectations and comfort levels around how a company itself uses their data.
Businesses that don't monitor for this kind of privacy risk may find themselves faced with a raft of interconnected issues, such as declining customer trust, reputational damage and regulatory scrutiny.
|
Possible metrics:
|
What's next?
A key learning shared by risk leaders in our network is that common perceptions around data management risks will be challenged in this evolving field; understanding where to focus efforts will be half the battle.
We'll continue to support risk leaders on data risk — and any other risk priorities they raise with us. To learn more about what we've got coming up, book an introductory call.
Meanwhile, to participate in our upcoming data risk benchmark, fill in this form.
Share this
Communicating the status of material risks: three common approaches and three alternatives
Reporting risks in smarter ways - our Risk Reporting Comparison Tool
