Poor data governance impacts reputation risk by data breach, by privacy violations and by acting on poor quality data. Furthermore, there are some important differences in what data governance means for big data compared to data governance for operational data.
That poor data governance impacts reputation risk means it has considerable implications for the Board of Directors, for whom reputation risk is the number one risk according to Deloitte (2013).
This presentation targeting the Board of Directors and the C-Suite and presented at the National Data Governance and Privacy Congress in Calgary, Canada presented some reasons why data governance is critical, from the perspective of both the C-Suite and the Board of Directors.
(Also on YouTube at http://youtu.be/QR4KO3Yx0n4)
6. Reputation risk concerns threats to the good name or standing of
an entity. It is the number one risk on the board’s agenda. Deloitte
Firms are vulnerable to reputation damage because:
• Firms with good reputations are perceived as providing more
value, which results in more loyal customers buying a broader
ranges of products and services, often at a premium
• The market believes they deliver sustained earnings & growth,
resulting in higher PEs, market caps and lower costs of capital
• 70% to 80% of market cap comes from intangible assets
HBR
It takes 20 years to build a reputation and 5 minutes to ruin it. If you think about
that, you'll do things differently.
Warren Buffett
Let’s see how poor data governance
affects reputation risk
7. 3.1 trillion reasons
Why Data Governance (Quality)?
Annual dollar cost to the US economy of poor quality. Of this,
$600 billion is the cost of poor data quality to companies
8. 589 million reasons
Why Data Governance (Breach)?
The financial cost to date of the Target data breach (lost profit and corrective action)
9. Data-Stealing Malware
Stolen Credentials
Backdoor Malware
RAM Scraping
Phishing
How do data breaches happen (Access)?
10. 669 million reasons
Why Data Governance (Privacy)?
The number of private records compromised in data breaches in the US since 2005
11. Why Data Governance?
Five key big data privacy and data protection challenges
Dr Waël Hassan
12. • 97% of data breaches are avoidable
Information Systems Audit and Control Association (ISACA)
• 94% of breaches are detected by a 3rd party,
an average of 416 days after the event
How do most data breaches occur?
HP
14. Trends in Corporate Governance:
Cybersecurity
• Expect lawsuits targeting boards for data breach and
investor loss
• Expect greater risk regulation and spends for
financial service companies and non-banks
• Expect lawsuits and increasing regulation for risk
management laggards
Yes, the board is accountable
Dr R Leblanc; Associate Professor; Law, Governance & Ethics; York University.
Canadian Lawyer Magazine; Feb 3 2014
17. Poor data governance increases the likelihood of
• a negative impact on brand equity
• Specifically security, privacy and quality
• a negative impact on market capitalization
• Specifically security, compliance (regulatory fines & penalties)
• a negative impact on credit rating,
• All aspects of data governance as operating risk mitigation
all of which are the outcomes of reputation risk, which is
the top risk on the board’s agenda
Data governance is a corporate governance
imperative because it’s about reputation risk
18. • Lack of board or senior executive ERM leadership, 30%
• Competing priorities, chosen by 51% of respondents
• Perception ERM adds bureaucracy, 33%
• Lack of perceived value, 41%
• Insufficient resources, 43%
Reward must be considered in a risk-return context. Poor
alignment between strategy and risk is a reason for most
perceived barriers to effective risk management
Barriers to effective risk management
CGMA survey 2014, n=446
22. Business Process Analysis
Diagnostics directs which processes to prioritize for
BPR, and for integrated data governance
How to identify data governance weaknesses:
Step 2
23. How to identify data governance weaknesses:
Step 2
Processes improvements
generate cost savings that
can be used to improve
lifecycle management,
quality, security and privacy.
Improved processes also
reduce risk by minimizing
the number of points where
quality, security and privacy
risks can manifest
An example of risk
reduction by BPR
Example from www.gerke.com
24. • Data governance is risk management
• Poor data governance incurs reputation risk, which means
data governance has corporate governance implications
• Full scope data governance = ƒ(security, privacy, quality,
data lifecycle management)
• It is unacceptable for the Board to be ignorant of its
accountability for data risk, given its fiduciary duty of risk
oversight
• Diagnostic tools can help identify weak spots and improve
end-to-end data governance, while BPR conducted with
data governance in mind can significantly reduce risk
Conclusion