How have you integrated your organization’s risk appetite into your data and analytics risk management framework? Who is responsible for assessing if a given data/analytics initiative falls within the organization’s risk appetite?
Sort By:
Oldest
Head of Data & Analytics3 months ago
Reflecting on the different approaches discussed, it's evident that there is a spectrum of risk management maturity across organizations. Some are in the early stages, where processes might still be informal and reactive, while others have established sophisticated risk councils and technical review processes. The key is the partnership between data leaders and other organizational units like CSIO teams, legal departments, and information security. These collaborations are crucial in developing and refining risk management processes. Even if an organization isn't perfect, as a data leader, you need to have a clear goal and work towards it collaboratively. This ongoing dialogue about risk mitigation and management maturity is vital for continuous improvement in data governance.Chief Technology Officer in Software3 months ago
Our approach is somewhat different. While we do not have a formal framework like Jason described, we maintain a master document that outlines our data and analytics practices. This document is transparent and accessible to all stakeholders, ensuring that everyone is informed of potential changes and the rationale behind them. We review this document periodically and make incremental adjustments in response to new situations and use cases. This evolving document serves as a foundational tool in managing our data-related risks, albeit in a more rudimentary way.
For example, initiatives involving healthcare information and outcomes are considered high-risk due to their potential impact on patient care. These require extensive due diligence to ensure they align with our mission of improving healthcare outcomes. On the other hand, projects focused on operational efficiencies, which do not involve sensitive healthcare information, allow for a more tolerant approach towards data risks. These distinctions help us categorize projects into appropriate “swim lanes,” allowing us to manage them at a pace suited to their risk profile.