Continue in 2 seconds

The Burden of Trusted Information

By
  • Timo Elliott, Darren Cunningham
Published
  • June 01 2005, 1:00am EDT

Information Accountability

Governance. Accountability. Credibility. Integrity. Trusted information is a hot topic: Business people today are under increasing pressure to make the right decisions, fast - or else face increasingly dramatic consequences. Unfortunately, they often lack confidence in the information provided to them by their corporate information systems. To remedy this, IT organizations need to implement a trusted information framework that combines a unified approach to data integration and business intelligence (BI).

A number of trends focused on corporate data continue to distract today's IT departments. Shareholders are clamoring for more transparency as a result of the financial scandals that have shaken confidence in corporate governance around the world. Compliance legislation such as the U.S. Sarbanes-Oxley Act (whose impact is reaching far beyond the U.S.) can result in jail sentences for executives who - even unintentionally - report erroneous information. New privacy laws around the world restrict the use of customer information. Increasing global competition has put pressure on organizations to use their expensive information assets more strategically.

All these issues can be summed up in a single concept: trusted information. Simply accessing data is no longer enough. Today's CEOs, CFOs and knowledge-workers must be able to reliably track the information they use for decisions back to the original source systems in order to ensure its timeliness, accuracy and credibility.

Over the last decade, organizations have invested millions of dollars in systems to collect, store and distribute information more effectively. Despite this, information users at all levels of the organization are often uncomfortable with the quality, reliability and transparency of the information they receive.

Today's organizations rarely have a "single view of the truth." Executives waste time in meetings debating whose figures are correct, rather than what to do about the company's issues. Additionally, they worry about the consequences of making strategic decisions using the wrong information, directly impacting the long-term survival of the organization.

A recent study carried out by Business Week showed that more than half of business users said they found it "difficult" or "very difficult" to get the information they need.1 Even when information was available, 43 percent of business users indicated they didn't trust their internal systems. Thus, it's perhaps no surprise that 77 percent of them said bad decisions had been made because of a lack of information.

To address these issues, organizations need to put in place a trusted information framework that relies on three different sets of processes:

  • Information quality: The processes that ensure that information is filtered, aggregated and entered into the system without errors.
  • Information controls: The processes that determine that the right people access the right information, that legal and privacy restrictions are respected and that changes are correctly propagated through the system.
  • Information interpretation: The processes that ensure information can be used for decision making, that terms are consistent across the organization and that users of information can track how and when the data was collected or calculated.

Information Quality

Information quality is the foundation layer of any information accountability framework - one bad piece of data can call into question the whole decision process.

Many organizations are unaware - or in denial about - the magnitude of the data quality problem facing them. They can't begin to calculate the tremendous labor costs and lost productivity that result from time spent reconciling inaccurate and inconsistent reports throughout the organization, yet these directly impact the bottom line of the business.

In addition, strategic initiatives of the organization such as customer relationship management often fail to achieve expected benefits due to poor quality of the underlying data.

Whose job is it to fix this? In some organizations, the information technology department is tasked with ensuring data quality, but often without the resources necessary to do so successfully.

The most effective approach to data quality is to ensure that poor quality data never makes it into the corporate systems. A key notion is to establish a "data quality firewall," controlled by a team of "data stewards" who are formally charged with the task of ensuring good data quality.

The data stewards manage the sources of data flowing into the data warehouse, introduce standard definitions and calculations, conduct data-quality audits and develop data-retention criteria. And just like Internet firewalls, the role of the data quality firewall is to block inappropriate data flows - in this case, by using data profiling and filtering to prevent poor quality data from entering the corporate data warehouse.

Data quality can also be extended to include the notion of the timeliness of information - the consequences of decisions made on out-of-date information will be similar to those made on incorrect numbers. Business interest in "real-time" and "right-time" information has been increasing as organizations want to be able to act quickly on new data. For example, it is far more valuable to receive information indicating customers may be moving to a competitor while there is still time to address their concerns, instead of after they have left.

Automated data integration tools can pass alerts of unusual business events directly to business users' dashboards and help ensure that data warehouse information is loaded quickly and efficiently as it is updated.

Finally, data quality depends on consistency throughout the enterprise. Today's complex information flows mean that any change to the underlying operational systems or the data warehouse can have a direct impact on reports and dashboards used across the organization.

In most organizations, finding which users and reports have been impacted by a change is a time-consuming, manual process. These processes are typically slow and costly to implement, and are difficult to update as new information flows are required. Automated data integration tools should be able to propagate changes through the entire business intelligence system and provide alerts if manual updates are required.

Information Controls

The ability to control and track access to corporate information is an increasingly important requirement to satisfy corporate compliance regulations and develop a world-class corporate information system.

Most organizations are able to reliably implement basic information controls, such as ensuring that employees can no longer access corporate systems once they have left the company. However, more advanced information controls are typically implemented on a project-by-project basis, and often haphazardly.

The result is a tangled, overlapping network of different user rights, which results in administrative overhead and the possibility that users will be able to access unauthorized information.

In addition, much of the information used for corporate decision making is not stored in the official corporate systems. Faced with the difficulties of manipulating and combining information across multiple systems, many users have turned to their trusted desktop spreadsheets. Information is swapped and exported, combined with outside figures and manipulated within the spreadsheet to match the users' needs. The result is that important data is distributed throughout the organization with little or no control over security or accuracy.

Faced with this, organizations are increasingly taking a "zero tolerance" approach to information, forcing updates to the official systems each time there is a disagreement rather than accepting the users' so called "improved" figures.

The data stored in an organization's systems is a valuable corporate asset that needs to be secured - without imposing an intolerable administration burden on the IT organization. Today's business applications typically need more detailed control than is possible at the database level alone. For example, an HR executive may need to be able to view an analytic dashboard covering all salary information at any time, but may not need the ability to create new detailed reports. A business unit payroll manager may have access only to the salaries of the business unit employees during normal working hours, but may be able to create new reports and charts.

The ability to audit who is accessing what information is also important to meet compliance requirements such as those laid out in the U.S. Sarbanes-Oxley Act, to check that security controls have been effective, to comply with privacy restrictions and to track any suspicious behavior. In addition, auditing systems help administrators to tune the system - for example, by identifying little-used reports that serve only to clutter up listings and confuse users, or by spotting users that are potentially abusing the system.

Information Interpretation

Even correct data can be incorrectly interpreted. The business users' notion of data quality typically encompasses not only the need for the correct figures, but also the appropriateness, or relevance, of the figures for the analysis at hand.

Errors in interpreting data have the same serious results as erroneous data and may be even more insidious because they can be more difficult to detect and rectify.

Interpreting information is necessarily a very human activity. Even where powerful automatic techniques such as data mining can bring value - such as fraud and risk analysis - the ultimate determination of what is relevant to the organization has to be carried out by businesspeople.

Technology cannot eliminate problems of integrity and interpretation, but it can help ensure that any assumptions made during information collection and calculations are made explicit to the users in order to eliminate misunderstandings.

Accurate and consistent interpretation of data depends on clear definition of terms. Even standard business measures, such as revenue, profit and growth, can have multiple different definitions according to the way they are used. Even a term as seemingly straightforward as "head count" can depend heavily on how part-time employees are counted, whether long-term contractors are included and other factors.

Organizations should implement business intelligence systems that allow the creation of standard terms and definitions that are shared across the organization so that "revenue" in one business unit is comparable to "revenue" in the others. In addition, a detailed definition of the business measure, and how it is calculated, should be readily available to any user of the system.

Trusted Information Framework

To remedy these problems, organizations should implement a trusted information framework that ties together the different elements of the corporate information systems (see Figure 1).


Figure 1: Trusted Information Framework

Given the complexity of today's corporate information systems and the diversity of organizational structures, there is not one single way to do this. However, one key step is to establish a group focused on ensuring that the organization is getting a return on its information assets. There has been strong growth in recent years in BI (business intelligence) competency centers staffed with data, IT and business experts, and such a center is ideally oriented to carry out the role of coordinating between the different teams involved in data manipulation and use. Many organizations find that a less formal "virtual BI competency center," with regular meetings between members of the different teams (data warehousing team, data stewards, BI and business users), is a good first step toward a more strategic solution.

Key elements that the BI competency center should consider when implementing an information accountability framework include:

Data profiling and data integration. Seen as the backbone of an integrated data platform, a robust extract, transform and load (ETL) tool acts as a funnel to pull together and blend heterogeneous data into a consistent format and meaning, and populate target systems optimized for business intelligence (such as data warehouses, data marts or operational data stores). In recent years, ETL tools have broadened to incorporate built-in support for real-time data movement as well as integrating or including data cleansing and profiling capabilities. Data profiling allows developers to analyze source data to verify quality and accuracy and identify data and meta data inconsistencies or redundancies. Data cleansing allows developers to correct names and addresses, and consolidate records to create accurate data.

Impact analysis reporting. The data stewards or owners of data quality must be able to determine in advance the effect of changes to one of the data sources under their control. For example, if there is an update to a field in the sales force automation system, what impact will it have on the data warehouse and on the reports currently being accessed by the sales management? To provide a coherent overview, these impact analysis reports must be able to combine technical meta data from the ETL tools (which source systems were accessed?), as well as the business meta data from the BI system (the definition of "sales revenue," or the contents of the monthly sales report).

Information management, administration and auditing. Data warehouse and business intelligence managers must be able to determine which users have been accessing which reports and data - which, in some cases, may be a legal requirement. An ideal system allows managers to efficiently manage change in the environment by visually monitoring and tracking processes such as update performance, job execution status and duration, data flow execution time and duration, and the reconciliation of updates.

Business naming standards. Standard terms must be used to mean the same thing throughout the organization. One key technology ally in this process is the use of a "semantic layer" that translates business concepts into the technical language used to query databases. A well-designed semantic layer can hide the real-life complexity of the data sources and present a consistent, coherent view of the available information.

Fine-grained security. It must be possible to restrict access to information in a flexible, detailed, easy-to-maintain way. This means not only controlling who can access what data, but also controlling how reports or snapshots of the data are shared and who can perform further analysis using these reports.

Data lineage. From within their reporting or dashboard environment, business users must be able to determine how information was calculated, from which data sources it was obtained, and when it was last refreshed. Often seen as a "chain of evidence" for business users who need to trust their data, transparency into data lineage requires an open meta data strategy that exposes the "numbers behind the numbers" while ensuring the reporting and dashboarding tools remain easy to use.

Don't Delay

Today's business users are often unhappy with the quality and integrity of the information they receive from corporate systems. The competing forces of growing data volumes and infrastructure complexity with the need to deliver accurate and credible data drives the requirement for a trusted information framework.

It is imperative to work with solution providers that offer not only the right technology, but also the right strategic implementation approach. Examine your current approach, review the capabilities summarized in the framework provided, and seek to implement an information accountability framework that is based on a coherent approach to data integration and a tightly integrated business intelligence platform and tools. Doing this today is an important step to improving business user satisfaction with your corporate information systems.

Reference:

  1. Business Week and Business Objects, 2003.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access