Book contents
- Frontmatter
- Dedication
- Contents
- Figures and Tables
- About the Authors
- Acknowledgements
- Introduction
- 1 Who Owns the Definitions and Terms about Data?
- 2 What is Metadata?
- 3 Other Ideas of Data Value and Monetisation
- 4 Value from a Different Source
- 5 Hello Halo Data
- 6 Getting to Know Halo Data
- 7 Early Examples of Halo Data Approaches
- 8 Halo Data and Data Ethics
- 9 Halo Data Framework
- 10 Halo Data Applied Risk Assessment, Regulation, Customer, the Citizen
- 11 Halo Data and Storytelling
- Conclusion
- Index
10 - Halo Data Applied Risk Assessment, Regulation, Customer, the Citizen
Published online by Cambridge University Press: 17 December 2023
- Frontmatter
- Dedication
- Contents
- Figures and Tables
- About the Authors
- Acknowledgements
- Introduction
- 1 Who Owns the Definitions and Terms about Data?
- 2 What is Metadata?
- 3 Other Ideas of Data Value and Monetisation
- 4 Value from a Different Source
- 5 Hello Halo Data
- 6 Getting to Know Halo Data
- 7 Early Examples of Halo Data Approaches
- 8 Halo Data and Data Ethics
- 9 Halo Data Framework
- 10 Halo Data Applied Risk Assessment, Regulation, Customer, the Citizen
- 11 Halo Data and Storytelling
- Conclusion
- Index
Summary
Risk frameworks
In our book Data Driven Business Transformation we emphasised the importance of managing risk. Data has to be part of the overall risk process, and you need to think beyond the limits of just regulatory and legislative risk. There are a number of elements to truly understanding data risk.
• Definition of information risk: This should be a clear, concise description that explains the risk so that anybody reading it can understand it. Avoid jargon and acronyms. Would somebody outside your organisation be able to understand the risk as you have defined it?
• Early-warning indicators: What metrics will you put in place to indicate that you’re moving into a danger zone? Assign indicative tolerance levels to your early-warning indicators, and monitor them to ensure that they are doing the job right, and modify them if necessary.
• Causes: Look at both internal and external factors, remembering to include competitive elements, any change in demand force, better use of technology, human risk, changes in both internal and external control and the potential for mismanagement.
• Risk assessment: Safety, performance, finance and reputation (political) overall. Your organisation should have a numbering system for assigning assessed risk levels. Tie in with the corporate risk assessment, using the same system for your data information risk assessment.
• Risk assessment rationale: This is the ‘why’ section. Document the rationale for your assessment of the impact or probability of each risk. This will help to communicate the significance of each risk and place it into context with other organisational risks, so that the organisation can appropriately tailor their assets and resources relative to the likelihood of each risk happening.
• RACI (responsible, accountable, consulted and informed) around risk: For each different risk area you should understand who is responsible versus who is accountable. Whose opinion do you need to ask and who do you just need to keep up to date with what is happening?
• Existing controls, causes and consequences: Look for current controls within the organisation that you can use to monitor each risk. Are other processes already happening that the organisation needs to complete that will impact on the risk? Be honest.
• Improvement actions: This covers two areas: (1) try to stop the risk happening in the first place and (2) try to minimise the impact of the risk if it does happen and there is no way of stopping it.
- Type
- Chapter
- Information
- Halo DataUnderstanding and Leveraging the Value of your Data, pp. 131 - 142Publisher: FacetPrint publication year: 2023