In my book, Enterprise Knowledge Management: The Data Quality Approach, one of the main issues I discuss is building a business case for data quality improvement based on determining a return on the investment made in the infrastructure and affiliated ongoing costs related to improved data quality. In a simplistic way, this approach is appealing in a commercial environment driven by profits because we are more likely to be able to find opportunities for increased revenues by improving data quality.

An interesting question arises when confronted with developing a return on investment argument for organizations not primarily concerned with profits, including nonprofit organizations and state and federal government organizations. In this case, our goal is to identify different kinds of business impacts to which we can link poor data quality; and this is a more thought-provoking challenge because it forces us to think about quantifying the value of business aspects that are not typically reviewed.

In my experience, we can characterize these impacts in a number of classifications, including: risk reduction, cost reduction and client interaction improvement.

In this month's column, we will focus on quantifying the value related to risk as a result of poor data quality. describes risk as "the possibility of suffering harm or loss." While a discussion of the concept of risk cannot be contained within a one-page column, we can look at three specific kinds of risk that are impacted by poor data quality:

Investment Risk: In this case, I am referring to the situation where an investment has been made that is in jeopardy as a result of poor data quality. This investment is likely to be in either infrastructure or effort.

An example from a recent client was the integration of a new operational system into their organization. This new system's data tables were being fed information extracted from some source system whose information quality was suspect. The result of these suspicions caused a delay in the movement of that system into production. The subsequent impact was twofold. First, the investment in the new system (hardware, software and effort) was seen as a loss to the organization until the system could be made operational. Second, the benefits expected from the new system could not be effected within the organization, which had additional ramifications that propagated throughout the enterprise. By identifying specific data quality issues and determining opportunities for improvement, there is an expectation that the new system can be brought online at some point in the future.

Legal and Regulatory Risk: This refers to a situation where an external legal or regulatory board exercises some control over products developed or processes executed within the organization. Consider the recent auditing scandals associated with large companies such as Enron and Adelphia. It is likely that even if a company is not deliberately involved in corporate fraud, it is scrambling to recheck data to ensure that the company is compliant with the Sarbanes-Oxley Act with respect to certifying the appropriateness of its financial statements, which, of course, are derived from the company's data.

In a more related example, in some areas, the prices charged by energy companies are regulated by external regional boards. If a company is audited by the board and found to have overcharged customers, that company may be subject to regulatory findings, fines and even penalties that affect future compliance. Bad data can result in noncompliance with defined laws and regulations and lead to a serious risk.

Professional Risk: The failure of a project often rubs off on those associated with the project. The risk described here is more a personal risk, where one's job may be compromised as a result of project failure, which can be caused by poor data quality.

In each of these cases, the corresponding value of the risk can be quantified. In the first case, the value of the risk is related to the cost of the investment plus the costs associated with the delay of operationalizing the investment. In the second, the costs can be determined as a function of the costs of potential fines and penalties that can be assessed plus the public relations costs associated with negative publicity. While the third case involves a more personal risk to those working on a project, there is a delicate balance at times between the interests of an organization and the interest of the people who work for that organization. When we can quantify these costs associated with risk, we are provided with valuable information that can help in building the ROI justification for data quality improvement.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access