=====Data quality risk analysis===== ===Definition=== A data quality risk analysis is a [[[general_term/risk_analysis|risk analysis]] with regards to [[data_quality_general:data quality|data quality]]. ===Note=== Objective of a DQMS is that the [[data_quality_management_system/data_quality_requirement|data quality requirements]] are met. A risk analysis shows which situations or events could lead to these objectives not being met and which measures should be taken to reduce the risk to an acceptable level. ===Purpose=== Purpose of a risk analysis is to determine actions that prevent [[data_quality_management_system:data_quality_issue|data issues]]. ===Life cycle=== ^ Phase ^ Activity ^ | Plan | * Plan risk analysis | | Do | * Compose a risk analysis\\ * Use the risk analysis | | Check | * Review/Evaluate risk analysis\\ * Audit risk analysis | | Act | * Update risk analysis | ===Characteristics=== ^ Characteristic ^ Requirement ^ | Completeness | The risk analysis contains the most important situations and events. | | Effectiveness | The risk analysis leads to preventive actions that produce results. | ===Relations=== | Data quality risk analysis | is an element of a | [[data_quality_general/data_quality_management_system|data quality management system]] | | Data quality risk analysis | is aimed at meeting | [[data_quality_management_system/data_quality_requirement|data quality requirements]] | | Data quality risk analysis | prevents | [[data_quality_management_system:data_quality_issue|data issues]] | | Data quality risk analysis | is assessed in a | [[data_quality_management_system/internal audit|internal audit]] | | Data quality risk analysis | is discussed in the | [[data_quality_management_system/management review|management review]] | | Data quality risk analysis | leads to | [[data_quality_general/preventive_action|preventive action]] | ===Method=== A risk analysis consists of the next elements: - Asset that has effect on the objectives, e.g., supplier, input file, producer, applications, infra structure, communication, procedures, metadata, etc. - Situation with regard to the asset that can cause an event - Event that can take place that has a negative effect on the objectives - [[general_term/measure|Measures]] already taken to prevent or correct the situation or event - Exposure: frequency that the situation can occur - Probability: chance that the event will take place - Severity: gravety of the effect on the objectives - Risk-index: Exposure x Likelyhood x Severity - Additional [[general_term/measure|measures]] needed to decrease the risk-index if the risk index is too high (preventive actions). The Fine and Kinney method shows which values should be assigned to exposure, probability and severity. ==Exposure (E)== The factor exposure indicates the duration that a risk can occur. The scale varies from 0.5 to 10.\\ * 0,5 Very rarely (less than once a year) * 1 Rarely (yearly) * 2 Sometimes (monthly) * 3 Occasionally (weekly) * 6 Frequently (daily) * 10 Constantly (multiple times a day) ==Probability (P)== The probability or (mathematical) chance an incident will occur. The expectation is represented by ascribing a value from 0.1 to 10. * 0,1 Next to impossible / unthinkable * 0,2 Almost unimaginable * 0,5 Highly unlikely, but conceivable * 1 Unlikely, but possible in the long term * 3 Unusual (but possible) * 6 Possible * 10 To be expected ==Severity (S)== The factor severity indicates the possible damage, effects and consequences linked to a hazard. The scale reaches from 1 to 40. * 1 Slight effect * 3 Important effect * 7 Severe effect * 15 Very severe effect * 40 Disaster ==Risk-index (R)== The result of multiplying the parameters defines the risk-index: R = S x E x P. ==Classification Risk-index== * R < 21 Slight risk; acceptable * 21 < R = 71 Little risk; attention required * 71 < R = 201 Moderate risk; apply simple measures * 20 < R = 401 High risk; apply large measures immediately * R > 401 Risk is too high; stop activities / operations ===Example=== Objective: Timely reporting to an external party. ^ Asset ^ Situation ^ Event ^ Measures taken ^ Exposure ^ Probability ^ Severity ^ Risk-index ^ Additional measures ^ | Data supplier | Unreliable | Delayed delivery | SLA | 3 | 6 | 7 | 126 (high) | Meet supplier monthly | | Application | Unavailble | Delayed processing | Incident procedure | 3 | 0,5 | 1 | 1,5 (slight) | None | ===Reference=== Euronorm. [[https://www.euronorm.net/content/ce-marking/category/risk-analysis/fine-and-kinney-method.php|Fine and Kinney Method]]. {{tag>All DQMS}}