1. Info-Tech Research Group1 Info-Tech Research Group, Inc. Is a global leader in providing IT research and advice. Info-Tech’s products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns. © 1997-2013 Info-Tech Research Group Inc. Integrate a Data Audit into the Data Management Plan Data audits are not just about security: quality matters! Info-Tech's products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns.© 1997 - 2013 Info-Tech Research Group

2. Info-Tech Research Group2 Any organization that is educated about its data assets can maximize those assets to their fullest extent. Introduction Leaders such as CIOs, Senior Executives, IT Managers, Data Owners, Data Stewards, Data Integration (DI) Specialists, Business Analysts, and Process Owners Business Subject Matter Experts and Business Professionals with data quality and integrity responsibilities. Provide an overview of data audits, and why they are important to your organization. Identify concepts/items to review and decide prior to performing a data audit. Provide an audit framework to follow for successful data audit results. Assist in maintaining the momentum of your data audit results by the implementation of data hygiene techniques and on-going quality checks. This Research Will Not Help You: Develop a data architecture. This Research Is Designed For:This Research Will: For more information on data architecture, refer to the upcoming Info-Tech Research Group solution set: Develop a 5-Year Data Architecture Plan. Develop a 5-Year Data Architecture Plan

3. Info-Tech Research Group3 Executive Summary Use a Data Audit Framework for Best Results Step 1 – Audit Preparation: Prepare in advance to make the audit process smoother and less time-intensive. Step 2 - Identify and create an inventory of all data sources and resources that end users require and are using to effectively do their jobs. Step 3 - Data Management: Determine who, if anyone, is responsible and accountable for data sources. Step 4 - Audit Results and Recommendations: Summarize audit findings and make recommendations to key stakeholders from IT, the business, and management. Develop an communication plan to create advance awareness of the audit and to prepare people for potential changes in data management. Fix the Issues Resulting from the Audit and Implement Processes to Maintain Data Cleanliness Consider using techniques such as data cleansing, synchronization, validation, and profiling to maintain data quality and integrity within systems, and alleviate data debt. Develop a data governance program that will benefit all data driven business units within the organization and increase data audit success across the board. Understand Data Audits and Why your Organization Should Perform Them on a Regular Basis A data audit profiles organizational data located in various data repositories, such as databases, data warehouses, excel spreadsheets, and cloud applications, and assesses the level of data quality and integrity. Data audits highlight data flaws that when corrected, help improve the overall quality of data used by various departments and lines-of-business within the organization. Data audits also uncover gaps in the areas of security and regulatory compliance, assist in identifying rogue data and phantom data sources, and promote a tighter data lifecycle, which creates higher levels of data trust.

4. Info-Tech Research Group4 Data is one of the organization’s largest assets. In order for organizations to utilize their data effectively and benefit from it, performing regular data audits is essential. A data audit profiles organizational data located in various data repositories, such as databases, data warehouses, excel spreadsheets, and cloud applications, and assesses the level of data quality and integrity. What is a data audit? Data audits will highlight: Data flaws such as incomplete, inaccurate, or inconsistent data. Areas where data sets may not be in compliance with privacy and regulatory laws. Gaps in data security levels or processes. The location of all data sources within the organization. Extraneous data sources (rogue data) that internal departments or lines-of-business may be using without IT’s knowledge. Organizations that perform audits will have a better understanding of what data issues exist, and the steps required to create a higher level of data quality. Results of a data audit usually recommend data cleansing processes that organizations can use to promote the health of their data on an on-going, long-term basis. Data audits document gaps in data responsibility, and identify areas where data owner and steward roles are required. Data audits may also bring about changes to processes, highlight revisions required to existing policies, or document areas where new policies are required.

5. Info-Tech Research Group5 Looking for research on Data Architecture and Integration? Your search starts and ends here Follow the Info-Tech Research Group information highway to the systems integration and data architecture neighborhoods. B A C You Are Here Develop a 5- Year Data Architecture Plan Down the Road Info-Tech Research Group Best Practices Research Applications Systems Integration Application Integration Workflow and Forms Automation Data Integration Data Audit 5-Year Data Architecture Plan Big Data and Analytics C Data Architectureand IntegrationThemed Research N Business Process Management Information Highway A B

6. Info-Tech Research Group6 Data Audit Thought Model Audit Preparation: This is the planning step. The auditor will plan out the audit and solicit staff participation for interviews and background information. 1. 2. 3. 4. Identification and Inventory of Data Sources: This step establishes what data sources exist, and where, within the organization. Their importance to the organization is also determined in this step. Determining Data Management: This step documents data source owners, and documents any areas of data management concern, for example, data quality issues, data security risks etc. Audit Results and Recommendations: This is the final audit step. It provides an overview of data issues discovered during the audit, and provides recommendations to improve data management processes and policies. Please note that the above graphic was derived from the on the Data Audit Framework Methodology, Jones, Ross, Ruusalepp, University of Glasgow. Data Audit Framework Methodology, Jones, Ross, Ruusalepp, University of Glasgow

7. Info-Tech Research Group7 While one third of organizations perform audits on an annual basis, close to one half aren’t doing them with any regularity Almost half of organizations either aren’t performing data audits at all, or are only performing them when issues arise. Audits highlight flawed data, problems with process, and any security or compliance issues, and are an integral part of a data management strategy. For best results, they should be performed semi-annually. Frequency of Data Audits within Organizations Source: Info-Tech Research Group; N =43 Percent of Respondents Kudos to that one-third of organizations that are performing audits on an annual basis. However, Info-Tech client responses indicate that performing data audits on a semi-annual basis produces the best success rates.

8. Info-Tech Research Group8 How to use this blueprint We recommend that you supplement the Best Practices Blueprint with a Guided Implementation. For most Info-Tech members, these Guided Implementations are included in your membership plan.* Our expert analysts will provide telephone assistance to you and your team at key project milestones to review your materials, answer your questions, and explain our methodology. Info-Tech Research Group’s expert analysts will come onsite to help you work through our project methodology in a 2-5 day project accelerator workshop. We take you through every phase of the project and ensure that you have a road map in place to complete your project successfully. In some cases, we can even complete the project while we are onsite. Do-It-Yourself Implementation Use this Best Practice Blueprint to help you complete your project. The slides in this Blueprint will walk you step-by-step through every phase of your project with supporting tools and templates ready for you to use. Project Accelerator Workshop You can also use this Best Practice Blueprint to facilitate your own project accelerator workshop within your organization using the workshop slides and facilitation instructions provided in the Appendix. Book your workshop now by emailing: WorkshopBooking@InfoTech.com WorkshopBooking@InfoTech.com Best Practice Blueprint Free Guided ImplementationOnsiteWorkshops * Gold and Silver level subscribers only Or calling: 1-888-670-8889 Ext. 3001 There are multiple ways you can use this Info-Tech Best Practice Blueprint in your organization. Choose the option that best fits your needs:

9. Info-Tech Research Group9 What’s in this Section:Sections: Data Audit Overview Pre-Audit Considerations Internal Data Audit Framework Data Management Policies Post-Audit Maintenance Why data audits are important. How data audits improve data quality. Additional benefits of audits above and beyond data quality.

10. Info-Tech Research Group10 Don’t suffer the dire consequences of not performing regular audits You can’t continue to ignore bad data warning signs. “The problem is, we can say who owns the databases, but we don’t know who uses them. Internal support areas have created their own version of the data, they’ve done their own cleansing, they’ve figured out the way they want to see that data, and they’ve created their own data rules. So they’ve cleansed the data in their own systems, but have not gone back to the source and cleaned it up there.” - Systems Development Coordinator, Insurance Services Organizations don't really know how bad their data quality really is. Although huge amounts of data are being generated within organizations, few have formal strategies in place to effectively manage that data. There is a general lack of awareness of what types of data exist, where it’s housed, who uses it, and for what purposes. Data replication is present across the organization. Individual departments and lines-of-business are generating similar data within their own internal data sets and sources, resulting in data silos. Phantom data sources and rogue data such as excel spreadsheets, access databases, cloud usage, are being used by various departments and lines-of-business without IT’s knowledge. These data sets aren’t easily detected when organizations don’t have an accurate accounting of data sources and repositories. Data loss or compromise due to poor data security levels, or worse, sensitive data breaches may require invocation of data breach notification requirements. Non-compliance to geographic or jurisdictional data laws and regulations can result in fines, jail time, and industry embarrassment, which is damaging to the organization’s image.

11. Info-Tech Research Group11 Prevent data concerns from occurring by auditing your data regularly Common Issues that Arise from not Performing Regular Data Audits Source: Info-Tech Research Group; N =35 Percent of Respondents By not performing data audits on a regular basis, organizations run the risk of compounding their data debt with widespread data quality issues and a lack of knowledge of who is using the data and for what purposes which can lead to the misuse of data and potential security and compliance issues.

12. Info-Tech Research Group12 Info-Tech Research Group Helps IT Professionals To: Sign up for free trial membership to get practical solutions for your IT challenges www.infotech.com Quickly get up to speed with new technologies Make the right technology purchasing decisions – fast Deliver critical IT projects, on time and within budget Manage business expectations Justify IT spending and prove the value of IT Train IT staff and effectively manage an IT department “Info-Tech helps me to be proactive instead of reactive – a cardinal rule in a stable and leading edge IT environment. - ARCS Commercial Mortgage Co., LP Toll Free: 1-888-670-8889