Data quality risk analysis

Definition

A data quality risk analysis is a risk analysis with regards to data quality.

Note

Objective of a DQMS is that the data quality requirements are met. A risk analysis shows which situations or events could lead to these objectives not being met and which measures should be taken to reduce the risk to an acceptable level.

Purpose

Purpose of a risk analysis is to determine actions that prevent data issues.

Life cycle

Phase Activity
Plan * Plan risk analysis
Do * Compose a risk analysis
* Use the risk analysis
Check * Review/Evaluate risk analysis
* Audit risk analysis
Act * Update risk analysis

Characteristics

Characteristic Requirement
Completeness The risk analysis contains the most important situations and events.
Effectiveness The risk analysis leads to preventive actions that produce results.

Relations

Data quality risk analysis is an element of a data quality management system
Data quality risk analysis is aimed at meeting data quality requirements
Data quality risk analysis prevents data issues
Data quality risk analysis is assessed in a internal audit
Data quality risk analysis is discussed in the management review
Data quality risk analysis leads to preventive action

Method

A risk analysis consists of the next elements:

  1. Asset that has effect on the objectives, e.g., supplier, input file, producer, applications, infra structure, communication, procedures, metadata, etc.
  2. Situation with regard to the asset that can cause an event
  3. Event that can take place that has a negative effect on the objectives
  4. Measures already taken to prevent or correct the situation or event
  5. Exposure: frequency that the situation can occur
  6. Probability: chance that the event will take place
  7. Severity: gravety of the effect on the objectives
  8. Risk-index: Exposure x Likelyhood x Severity
  9. Additional measures needed to decrease the risk-index if the risk index is too high (preventive actions).

The Fine and Kinney method shows which values should be assigned to exposure, probability and severity.

Exposure (E)

The factor exposure indicates the duration that a risk can occur. The scale varies from 0.5 to 10.

Probability (P)

The probability or (mathematical) chance an incident will occur. The expectation is represented by ascribing a value from 0.1 to 10.

Severity (S)

The factor severity indicates the possible damage, effects and consequences linked to a hazard. The scale reaches from 1 to 40.

Risk-index (R)

The result of multiplying the parameters defines the risk-index: R = S x E x P.

Classification Risk-index

Example

Objective: Timely reporting to an external party.

Asset Situation Event Measures taken Exposure Probability Severity Risk-index Additional measures
Data supplier Unreliable Delayed delivery SLA 3 6 7 126 (high) Meet supplier monthly
Application Unavailble Delayed processing Incident procedure 3 0,5 1 1,5 (slight) None

Reference

Euronorm. Fine and Kinney Method.