SIDEBAR: Housecleaning
Rules of thumb for a data quality initiative
Recall is a global organisation which stores vast amounts of information for client organisations in both physical and digital form. Global president and CEO Al Trujilio says the company has ample global experience in helping companies to clean up data, particularly where the problem lies in the integrity between various sources of data.
He says the company has learned numerous lessons about the ways to maintain data quality since its formation. First, that there has to be an ongoing and regular review or inventory of that data which is critical to the organisation, and that the program has to be actively maintained and actively managed, and not just by the IT department. At a minimum, that means at least on an annual basis the organisation should conduct a comprehensive audit or inventory of the data it needs and deems to be critical, and ensure that there is a plan in place to address the maintenance of that information. Failure to do so is at the heart of many data quality failures, Trujilio says.
"Organisations discover that the IT department believes that it is complying with what it has been asked to do, but the business side of an organisation has to have awareness of those sets of data in the organisation which are critical. That data has to be managed in an active manner, [and] it has to be tested on a frequent basis to ensure that the integrity and the quality of that data is good."
Next, the organisation needs a written, formal plan, reviewed by senior management as well as IT, acknowledging that all parties understand where that information is and resources have been allocated to ensure that information is indeed maintained. "In certain jurisdictions around the world this is no longer an option, but is now the law," Trujilio points out. "In particular the United States, where as a result of the post-Enron and post-corporate scandal environment, you have laws that in fact now require CEOs and CFOs of companies to sign off every year with their annual reports that they in fact know and understand where those critical data sets are." While no such legislation applies in Australia yet, Trujilio says Australian managers in organisations that are global by nature are likely to find themselves being asked to sign off on behalf of Australia.
Finally, he says, once the plan is in place it must be tested. "You need to prove affirmatively that the systems and the safeguards in place needed to protect the data are there. That again requires a dedicated resource, a dedicated commitment to have that testing done on a regular basis. That's where many of these plans fail," he says.Trujilio cites the example of Arthur Andersen, which did an audit, had a plan and then failed to execute it. "It was ultimately one of their failures relative to the management of their data and their e-mail systems and everything else: there wasn't the execution of the testing of these plans.
"So these are really the three main elements that we remind our clients. First, know what you've got. And part of knowing what you've got is knowing who has access to it, to ensure that the data is not somehow contaminated either deliberately or by accident. Second, have the plan in place in terms of a formal plan to maintain the information. And third, test the plan. Assure yourselves in an affirmative manner that as a matter of fact the information has been protected and maintained according to the standards that have been described."
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.