Providing Assurance on Data Quality

Many organizations are putting data governance on their strategic agenda, primarily because of the amount of data that is available to, generated by and utilized by the organization. Professionals who provide assurance services are now faced with the task of providing advice on the data quality issues, which if not addressed can lead to a number of adverse effects, including:

• Lack of compliance with statutory requirements
• Losing a competitive edge
• Dissatisfied clients
• A delay or scrapping of a new information system implementation
• Failure to meet a significant contractual requirement or service level agreement

To address data quality, the organization must agree to and document data quality metrics that are relevant to the kind of data in use by the organization. Philip Nousak and Rob Phelps propose a score-based approach with predefined metrics. In general, data quality metrics may include:

• Accuracy: Data reflects reality
• Integrity: There is a possibility to uniquely identify data records
• Consistency: There are no contradictions in the data
• Completeness: All the necessary data is present
• Validity: Data values are acceptable and fall within defined ranges
• Timeliness: Data values represent the most current information for the specific use
• Accessibility: Data can be obtained with ease, is comprehensible and usable
• Granularity: Data is available at a sufficient level of detail

The data quality metrics in themselves are not sufficient for an assurance professional to provide an opinion on data quality. Other factors that should be considered can be categorized in the following three groups:

• Technical:
  • What is the underlying database structure that is used for data storage?
  • What application is being used to process or manipulate the data?
  • While the original data may be of good quality, errors may be introduced as a result for poor database structures or bugs in the applications being used to process the data (e.g., a data value that is required to be unique by its nature)
• Operational:
  • What business processes create or use the data?
  • What business rules are in place to provide validation of data captured or produced?
• Governance:
  • Are the data roles and responsibilities clearly defined in the organization?
  • What monitoring and reporting requirements are in place?

In conclusion, investigating data quality practices to provide assurance, or as part of an IS audit, will add value to the organization. Assurance professionals should consider regular checks on data quality in the process of carrying out their work.

Carina K. Wangwe
Social Security Regulatory Authority, Tanzania

[ISACA]