Part of the historic challenge is that data risk has never been adequately defined. Perhaps it can be most easily understood as the risk of loss arising from the inability of the firm to manage, protect or create value from its data assets.
Part of the historic challenge is that data risk has never been adequately defined. Perhaps it can be most easily understood as the risk of loss arising from the inability of the firm to manage, protect or create value from its data assets. While businesses are quick to recognize “downside” risks, they need to shift their focus from simply mitigating risk to fully embracing new upside opportunities to create value with data culture as a foundation.
However it is defined, it has never been seen historically as part of the wider enterprise risk framework, when it should (see diagram below for illustrative example). Neither has it been seen, holistically at least, as an opportunity rather than a threat. The emphasis has always been on the penalties, rather than the rewards.
Improving the quality of data, for example, and how it is managed drives better decision making and leads to better customer outcomes. Understanding how data can be used appropriately (i.e., understanding its original purpose and whether it can be used for other purposes) supports not only innovation and new product development, but also ensures customers are offered the right products at the right time, according to their need and profile.
In all cases, certainly, failing to manage these risks correctly will do harm, but a much greater harm can be inflicted on a business by failing to recognize the potential value to be realized from the data it owns. Incorporating data culture risk in the enterprise risk framework acknowledges the importance of culture, behavior and mindset for the success of becoming a data-driven business.
According to Gartner, establishing a data-driven culture is ranked priority number one among surveyed CDOs. The CDO needs to act as the ultimate “connector” to “join up” the relevant teams, skills and knowledge. Businesses already have codes of conduct to promote desirable attitudes and behaviors; what is crucial is that similar attitudes and behaviors are embedded to increase data awareness and data literacy which in turn enables an organization to gain value from the data assets they hold.
So on the one side organizations should work on the integration of data risk in the enterprise risk management framework. Existing risks and mitigations need to be updated and new risks and data-driven mitigations, such as smart rules should be added to the framework to include all relevant data risks. The CDO needs total visibility of the risks and their status and needs to be in control of all risks related to data. The CDO also needs to be fully aligned with his/her C-suite colleagues to manage the risk and maximize the opportunity for the data they hold.
On the other side, they need to foster a data culture – a culture driven by a “collective conversation” that leads to positive behavioral change. This new culture and mindset will be key to driving the acceptance and adoption of all data-related solutions in an ethical manner within their organization, enabling them to break through the roadblocks that are preventing them from achieving real value.
To be successful, organizations must build a true data culture and upgrade their enterprise risk management framework to mitigate all data risks.