User Tools

Site Tools


Data quality risk analysis


A data quality risk analysis is a risk analysis with regards to data quality.


Objective of a DQMS is that the data quality requirements are met. A risk analysis shows which situations or events could lead to these objectives not being met and which measures should be taken to reduce the risk to an acceptable level.


Purpose of a risk analysis is to determine actions that prevent data issues.

Life cycle

Phase Activity
Plan * Plan risk analysis
Do * Compose a risk analysis
* Use the risk analysis
Check * Review/Evaluate risk analysis
* Audit risk analysis
Act * Update risk analysis


Characteristic Requirement
Completeness The risk analysis contains the most important situations and events.
Effectiveness The risk analysis leads to preventive actions that produce results.


Data quality risk analysis is an element of a data quality management system
Data quality risk analysis is aimed at meeting data quality requirements
Data quality risk analysis prevents data issues
Data quality risk analysis is assessed in a internal audit
Data quality risk analysis is discussed in the management review
Data quality risk analysis leads to preventive action


A risk analysis consists of the next elements:

  1. Asset that has effect on the objectives, e.g., supplier, input file, producer, applications, infra structure, communication, procedures, metadata, etc.
  2. Situation with regard to the asset that can cause an event
  3. Event that can take place that has a negative effect on the objectives
  4. Measures already taken to prevent or correct the situation or event
  5. Exposure: frequency that the situation can occur
  6. Probability: chance that the event will take place
  7. Severity: gravety of the effect on the objectives
  8. Risk-index: Exposure x Likelyhood x Severity
  9. Additional measures needed to decrease the risk-index if the risk index is too high (preventive actions).

The Fine and Kinney method shows which values should be assigned to exposure, probability and severity.

Exposure (E)

The factor exposure indicates the duration that a risk can occur. The scale varies from 0.5 to 10.

  • 0,5 Very rarely (less than once a year)
  • 1 Rarely (yearly)
  • 2 Sometimes (monthly)
  • 3 Occasionally (weekly)
  • 6 Frequently (daily)
  • 10 Constantly (multiple times a day)
Probability (P)

The probability or (mathematical) chance an incident will occur. The expectation is represented by ascribing a value from 0.1 to 10.

  • 0,1 Next to impossible / unthinkable
  • 0,2 Almost unimaginable
  • 0,5 Highly unlikely, but conceivable
  • 1 Unlikely, but possible in the long term
  • 3 Unusual (but possible)
  • 6 Possible
  • 10 To be expected
Severity (S)

The factor severity indicates the possible damage, effects and consequences linked to a hazard. The scale reaches from 1 to 40.

  • 1 Slight effect
  • 3 Important effect
  • 7 Severe effect
  • 15 Very severe effect
  • 40 Disaster
Risk-index (R)

The result of multiplying the parameters defines the risk-index: R = S x E x P.

Classification Risk-index
  • R < 21 Slight risk; acceptable
  • 21 < R = 71 Little risk; attention required
  • 71 < R = 201 Moderate risk; apply simple measures
  • 20 < R = 401 High risk; apply large measures immediately
  • R > 401 Risk is too high; stop activities / operations


Objective: Timely reporting to an external party.

Asset Situation Event Measures taken Exposure Probability Severity Risk-index Additional measures
Data supplier Unreliable Delayed delivery SLA 3 6 7 126 (high) Meet supplier monthly
Application Unavailble Delayed processing Incident procedure 3 0,5 1 1,5 (slight) None


data_quality_management_system/data_quality_risk_analysis.txt · Last modified: 2024/03/08 13:33 (external edit)