It is often said that data are the new oil. This adage signifies not only how vital and valuable data are, but also the implications of data for an organization or an individual. One of the most important objectives of data strategy is to aid in achieving an organization’s goals and long-term vision while providing a path in its journey to achieve those goals. Therefore, a basic prerequisite of any data strategy is that it correlates to business objectives.
Data form the premise of many actions that have an impact on the daily organizational operations and activities, whether those actions are strategic or routine. Since data tend to drive decision-making and have a significant impact on how an organization functions, it is imperative that data should be reliable, consistent and timely (figure 1).
Master data and transactional data are the cornerstones of any organizational data. Any data strategy, therefore, should evolve from and revolve around these two types of data. Master data refers to core data units that are essential for the operation of business. These core units tend to vary based on the business nature of an organization. Transactional data are information emanating from transactions. These are repetitive compared to master data. Figure 2 provides an insight into master data and transactional data and shows the types of data that fall into those categories based on the nature of the organization. Figure 3 shows what a data strategy should factor.
Centralized Data Management
One of the most important requirements that a data strategy should focus on is maintenance of centralized master data, which should serve as one source of truth across the organization. Centralization not only brings accuracy, but efficiency, which, in turn, helps generate consistent and reliable management information systems (MIS) for reporting purposes.
Some of the primary benefits of centralized data include, but are not limited to:
- Avoid duplication of records across the organization
- Drive control and compliance in the creation and updating of records
- Lead to standardization of processes and uniformity in reports
- Facilitate audit and control
Regardless of enterprise resource planning (ERP) or the operating systems used by an organization, the centralization of data can be achieved through maintenance of a central repository, such as a database, in a way that allows the data to be used seamlessly by all within the organization. The process of creating, editing or deleting a record should follow approval processes that are in sync with corporate governance and controls established, such as changes to any vendor data to be approved by the supply chain managers, employee records owned by human resources (HR) or banking details overseen by finance.
One example considers how an organization with 10 branches across a state deals with one of its vendors, ABC Inc. If each branch were to create a vendor record for this same vendor, the organization would end up with 10 vendor accounts for ABC Inc. At times, changes to one branch’s record for this same vendor will occur, for example, a bank account may be accessed by one branch while the other nine have the historical records. This not only leads to inconsistency in data and duplication of efforts, but also in the MIS that is being generated.
Centralized data management aids in weeding out duplication and promoting consistency, wherein one record for ABC Inc. is created, accessible to all branches, and any updates or modifications to that record can to be approved by the supply chain manager. Centralization also aids in compliance audits relating to changes to master data based on periodically generated logs. Figure 4 shows the duplication to be avoided. In figure 4, the same vendor data are extended to all branches as part of attributes rather than a new record.
Data Sharing and Flexibility
While the centralization of data focuses on the creation and maintenance of data in a central location, various functions within an organization need to use that centralized information, for example figure 5 depicts how the supply chain, logistics, finance and tax functions require relevant information relating to vendors. Similarly, data related to clients are required by sales, operations, finance and tax. Hence, the data structure should facilitate access by multiple functions, while the repository of data should be accessed on a need-to-know basis. This optimizes data availability, minimizes duplication and facilitates using the same set of information across the organization.
Significant value can be added by customizing reports from a central repository of transactional data that are required by various functions. Customized reports facilitate sorting of information such as:
- Monthly sales report by client, value, branch
- Top 10 vendors for a specified period of time
- Top 10 suppliers for a specified period of time
- Cash outflow during the month
- Volume of weight handled during a specified period of time by clients and vendors
Real Time
A key requirement of today’s data strategy is real-time availability of business and marketing intelligence to drive informed decision-making. Business intelligence (BI) and market intelligence (MI) are key elements of data strategy, and they need to be aligned with organizational goals. Embedding these two elements as part of a data strategy can help organizations make informed decisions to guide the strategic vision of an organization.
BI refers to the process of collecting, storing and analyzing the data produced by business activities. Hence, most BI is based on transactional data. The by-product of BI results in data analytics.
MI refers to external data collected by an organization in areas where it intends to participate, whether that be product, geography or a combination of both.
The role of data has also undergone a radical transition from being an element of reactive decision-making to becoming a proactive decision driver. To illustrate this transition, figure 6 shows quarterly results of an organization engaged in the manufacturing of vehicles.
Timely availability of these data for management review is vital to evaluate why the Tractors division has been losing money over a period of time. Many organizations would look at the Tractors division, which appears to be in the red in terms of successive quarterly results, as a loss-making unit and would consider shutting down the unit and focusing on the divisions delivering positive returns. This decision, however, could be based on reactive interpretation of data without considering factors such as:
- Causes of higher cost of operation for tractors
- Factors affecting higher cost of goods sold due to higher lead times of inventories
- Seasonal demand of tractors
In such cases, a data strategy should focus on collecting and analyzing data that can help to reduce the cost of goods sold by:
- Taking action to reduce the lead time for procuring inventories
- Triggering reorder levels to factor in such lead times to avoid overstock or out-of-stock situations
More important, the data strategy can help to provide insight on the future demand for tractors in a specific region or country. It is possible that the overall market for tractors is expected to grow, and a reactive decision made on current results alone could be erroneous.
While the data strategy is required to be aligned to corporate strategy, at times it is possible that a product may not be profitable, but the enterprise’s current objective could be to gain market share and widen its footprint. In such cases, the data strategy should include reports that provide visibility of the overall market and an organization’s share of the overall market as shown in figure 7.
Figure 7 shows that the organization manufacturing Phone H is currently third in terms of its market share. Based on the strategic objective of the organization, it can further decide to keep its margin low, but increase its market share to number 2 in the next two quarters. This would drive promotional activities of the organization in the right direction by focusing on factors such as heavy advertisement, promotional offers.
Security
Because data are critically important to every enterprise and great attention is paid to how they are managed, the security of data cannot be overlooked.
As people’s lives have become interconnected, so have the devices with which they interact. The amount of personal data of individuals that is available today on social media platforms such as Facebook, Twitter and Instagram is enormous, and there is an urgent need for such data to be safe before they can be harnessed for any purpose. Hence, data require enhanced capabilities in the field of data security, data mining, data visualization and analysis.
The pace at which organizations are moving toward getting their data digital also poses a bigger challenge to securing data than ever before. While enterprises need data to make informed decisions, protection and the availability of such data to those who should have access to them is one of the biggest concerns. Imagine if data related to pricing in client contracts, which are confidential and sensitive, were accessible to people outside of sales or if patient health information stored digitally by a healthcare system or an insurance company were available in the public domain.
The spectrum of data security is very large, and the risk to data can emanate from internal and external sources. To protect data from internal risk and threat, there are some basic considerations:
- Physical access—One elementary aspect of mitigating risk is controlling unauthorized access. This can be done through badges that help to recognize and allow access to offices, especially those housing sensitive data such as sales, finance and treasury.
- Passwords—Password criteria implemented by an organization can have a significant impact on the safety of data. Many organizations enforce criteria such as:
- Passwords must be changed every three months.
- Passwords cannot be repeated.
- Passwords must include a special character, lowercase letter and uppercase letter.
- Additional forms of authentication such as biometrics or secondary password tokens should be included.
- Training and awareness—Building awareness among staff to identify emails that could be potential threats is one of the most common preventive measures. Employees can be trained not only to recognize, but also report phishing emails simply by clicking an icon as shown in figure 8.
To manage external threats to data, firewalls and the timely update of security patches are other common measures. Additionally, data strategies need to include various dimensions of security, such as mobile, cyber and cloud security.
Automation
Automation brings integrity to the quality of data captured at the source. Manual intervention can make data vulnerable to human errors, thereby compromising the overall quality of data. A strategy that focuses on channeling data through automation is not only reliable, but also meets audit prerequisites on control parameters. Moreover, automation helps to leverage preventive controls rather than relying on detective controls.
One example of the benefits of automation is a department store where a cashier enters the purchased product information manually. Human error in such situations can lead to the entering of incorrect item information, which can impact the inventory of the store. Automation removes human error by recognizing and entering product information through a bar code on the product or through optical character recognition (OCR).
Structure and Accessibility
BI, which can aid in performance management, predictive modeling, analytics and data mining, depends heavily on the way data are structured and accessed for reporting. For example, consider the data related to a grocery store where a person shops. The ease of navigating data provides prompt analyses of sales targets, actual production, actual sales, department overhead and more. Additionally, it can help to analyze customer behavior such as brand loyalty, eating preferences, frequency of shopping, and provide a means for offering customer-specific targeted discounts and offers. Retailers such as Amazon, Target and Kroger effectively use these methodologies to enhance customer satisfaction and retention.
Artificial Intelligence
Integrating artificial intelligence (AI) into the data stream to interpret and make predictive analysis can go a long way in developing new marketing strategies. How to do this could be industry specific; for example, many tech-led fitness start-ups are using AI systems to provide warnings about potential lifestyle conditions early enough for accurate and timely diagnosis of health conditions. Such proactive and predictive analysis could lead the way for preventing illnesses. Also, AI can be used to mimic the human intelligence of fitness coaches and dietitians through product offerings.
One of the biggest advantages that AI systems provide is that they are easily scalable. Their reach can multiply several times without much human intervention.
Regulatory Requirements
An organization that is the custodian of the data that it owns also continues to have the responsibility to maintain privacy and avoid any misuse of such data. In fact, such requirements are strictly enforced through regulatory requirements such as the EU General Data Protection Regulation (GDPR). Any lapse can have far-reaching effects on organizations, subjecting them not only to heavy penalties, but also loss of reputation.
This becomes challenging specifically in today’s environment, where third-party service providers are part of the critical organizational ecosystem. Where a third party is involved in executing and processing of transactions and having access to the enterprise’s master and transactional data, it is important to assess those processes and systems to ensure that they meet the guidelines and requirements of data integrity and protection, e.g., in accounts payable outsourcing wherein the service provider has access to a vendor database, or banking or insurance organizations outsourcing their transactional processing.
Backup and Recovery
Data are the lifeline of any business. Organizations rely extensively on data availability for their operations. Hence, any discussion on data strategy without reference to backup and recovery would be incomplete. While the magnitude of this issue can vary from industry to industry or enterprise to enterprise, any organization that does not plan on backup and recovery as part of its contingency planning could risk its very survival.
Consider a bank with its system down. The loss of transactions in such cases and lengthy downtime could cost it millions of US dollars. The airline industry is another example, where downtime on ticketing system and longer recovery times can result in huge financial losses.
A detailed recovery plan should include:
- What actions to follow
- Whom to contact
- Order of restoration of functions, from most-critical to least-critical requirements
Backup and recovery plans can be further based on types of emergencies, such as fires, floods and earthquakes, and should include alternative sites for storage servers.
Conclusion
Data on their own have gone through a revolutionary change in their role from being a backseat passenger in decision-making based on results to a front-seat driver based on data analytics facilitating predictive modeling. The guiding point of data strategy, hence, must be to embrace real-time availability and data sharing while meeting the conventional requirements of compliance, security and integrity. Organizations that adapt these elements (based on their needs and scopes) and develop a robust data strategy will thrive.
Rajul Kambli, CISA, CMA
Is a business process manager with Schlumberger and has more than 15 years of experience in global accounting, planning, budgeting, project management, financial and systems audit. Currently, he is part of the global transformation team based in Houston, Texas, USA, and has participated in review and gap analysis, optimization, process improvements, and readiness assessment. Prior to this, he was a finance controller for various verticals, driving compliance, liquidity generation and advising on effective cost management to business partners.