data_quality_management_system:data_quality_risk

Data quality risk analysis

Definition

A data quality risk analysis is a risk analysis with regards to data quality.

Note

Objective of a DQMS is that the data quality requirements are met. A risk analysis shows which situations or events could lead to these objectives not being met and which measures should be taken to reduce the risk to an acceptable level.

Purpose

Purpose of a risk analysis is to determine actions that prevent data issues.

Life cycle

Phase	Activity
Plan	* Plan risk analysis
Do	* Compose a risk analysis * Use the risk analysis
Check	* Review/Evaluate risk analysis * Audit risk analysis
Act	* Update risk analysis

Characteristics

Characteristic	Requirement
Completeness	The risk analysis contains the most important situations and events.
Effectiveness	The risk analysis leads to preventive actions that produce results.

Relations

Data quality risk analysis	is an element of a	data quality management system
Data quality risk analysis	is aimed at meeting	data quality requirements
Data quality risk analysis	prevents	data issues
Data quality risk analysis	is assessed in a	internal audit
Data quality risk analysis	is discussed in the	management review
Data quality risk analysis	leads to	preventive action

Method

A risk analysis consists of the next elements:

Asset that has effect on the objectives, e.g., supplier, input file, producer, applications, infra structure, communication, procedures, metadata, etc.
Situation with regard to the asset that can cause an event
Event that can take place that has a negative effect on the objectives
Measures already taken to prevent or correct the situation or event
Exposure: frequency that the situation can occur
Probability: chance that the event will take place
Severity: gravety of the effect on the objectives
Risk-index: Exposure x Likelyhood x Severity
Additional measures needed to decrease the risk-index if the risk index is too high (preventive actions).

The Fine and Kinney method shows which values should be assigned to exposure, probability and severity.

Exposure (E)

The factor exposure indicates the duration that a risk can occur. The scale varies from 0.5 to 10.

0,5 Very rarely (less than once a year)
1 Rarely (yearly)
2 Sometimes (monthly)
3 Occasionally (weekly)
6 Frequently (daily)
10 Constantly (multiple times a day)

Probability (P)

The probability or (mathematical) chance an incident will occur. The expectation is represented by ascribing a value from 0.1 to 10.

0,1 Next to impossible / unthinkable
0,2 Almost unimaginable
0,5 Highly unlikely, but conceivable
1 Unlikely, but possible in the long term
3 Unusual (but possible)
6 Possible
10 To be expected

Severity (S)

The factor severity indicates the possible damage, effects and consequences linked to a hazard. The scale reaches from 1 to 40.

1 Slight effect
3 Important effect
7 Severe effect
15 Very severe effect
40 Disaster

Risk-index (R)

The result of multiplying the parameters defines the risk-index: R = S x E x P.

Classification Risk-index

R < 21 Slight risk; acceptable
21 < R = 71 Little risk; attention required
71 < R = 201 Moderate risk; apply simple measures
20 < R = 401 High risk; apply large measures immediately
R > 401 Risk is too high; stop activities / operations

Example

Objective: Timely reporting to an external party.

Asset	Situation	Event	Measures taken	Exposure	Probability	Severity	Risk-index	Additional measures
Data supplier	Unreliable	Delayed delivery	SLA	3	6	7	126 (high)	Meet supplier monthly
Application	Unavailble	Delayed processing	Incident procedure	3	0,5	1	1,5 (slight)	None

Reference

Euronorm. Fine and Kinney Method.

All, DQMS