How to Identify Your Organisation’s Critical Data
In my last article, I tackled the topic of where you should start your data governance initiative.
For those who haven’t read it, the short answer is that you need to start with the business. A data governance strategy that is not in sync with the business is a data governance strategy that is going nowhere.
Following on from this, one of the things that you’ll need to gain an understanding of at an early stage is what data is important to the business.
Last week we talked about how asking some pertinent questions about how the organisation plans to meet its strategic aims is one way of gleaning this information.
But data is not just used strategically. There are a host of operations across an organisation that depend on data to enable them to run efficiently.
In this article, I’ll show you how you can collect this information.
Why can we not just ask the business?
I’ve seen organisations plunge straight into asking the business to identify their Critical Data Elements (CDEs).
Seems like a straightforward question.
Yet, from my observation, it frequently leads to mixed results.
It’s important to see things from the perspective of the rest of the organisation who are not familiar with the terminology that’s bread and butter to us …like CDEs.
If we take the financial services industry as an example, a typical statistical model will use hundreds of data elements obtained from all over of the organisation as well as externally.
Try capturing all those pieces of information and putting data quality rules around them!
I’ve actually seen this done and it just leads to overload.
You couldn’t tell the wood from the trees. On the plus side, though, it did make for a pretty dashboard!
Ironically, though, in this case, whilst every piece of data used within the model was listed as critical, the business failed to include the data that was part of their validation exercise.
Probably some of the most important data then!
Clearly, identifying what’s critical is vital if your data governance initiative is going to deliver real value.
But how do you do it?
Data Usage Assessment
Firstly, don’t be tempted into trying to identify CDEs straight away.
Instead, your starting point is to think first about the critical processes within your organisation.
Then you can start to think about the How, the What and the Where:
· How they use data
· What data they use
· Where they obtain this data
I call this a Data Usage Assessment.
You should be using this approach during your initial meetings with stakeholders.
This exercise is designed to help you identify:
1. The critical data used in your organisation
2. Which areas are responsible for it
Eventually, you can use it to pinpoint Critical Data Elements for ongoing monitoring.
Here is an example of a Data Usage Assessment which covers the principal operations of a reinsurance function within an insurance carrier; the policy set up and the recoveries processes.
Example Data Usage Assessment RI Function
Through the use of this approach, it becomes very apparent what the key sources of data are for this function to run its core processes and where that data comes from.
The final data product created by this function, the outwards recovery record, is dependent on the outwards reinsurance policy record and the inwards claim booking.
The outwards policy record, likewise, is dependent on the inwards policy booking and the underwriter lay-off sheets.
So you’re already starting to build your lineage for your critical data flows.
This will prove critical at a later date as you need to start to think about where the key controls need to sit and what they need to look like.
It will also be invaluable in tracing the root causes of data quality issues upstream.
But it’s more than that.
Delving into the Detail
By understanding the key processes and then how and why they rely on data, you’re now in a position to start thinking about individual data elements and which ones are key.
Now that the importance of the inwards policy record is understood within the overall flow, you can ask what data elements are used from it to populate the outwards reinsurance policy booking. Importantly, you can also ask about the consequences of this data not being correct.
Anything that breaks the process is probably a CDE.
Case in point…
In one organisation, reinsurance recoveries were missed as a result of the inception and expiry dates of the facultative reinsurance booking not matching the underlying inwards policy.
Additional checks to ensure these matched were required.
These data elements should have been identified as CDEs and appropriate controls put in place.
The Value of the Top-Down Approach
By adopting this top-down approach, you can see how it enables you to determine the criticality of data through a structured methodology. This is vital to ensuring that you accurately identify what’s important to your organisation to enable it to efficiently operate its core processes.
Not only that, but you can also take an auditor or regulator through the mechanics of the exercise to provide them with assurance on how you have tackled this key requirement.
With regulators placing an ever-greater focus on ensuring that core data is identified and managed, the ability to evidence how you have arrived at what is a CDE is becoming increasingly important.
In the next article, we’ll focus on the importance of Data Quality Metrics and how you can define meaningful checks that add value to your organisation.
Subscribe to get future articles in this series.
--
Need Data Governance help?
Book a call to discover how we can support you.