Executives are well aware that business analytics and big data can lead to exciting financial returns, but many companies remain on the sidelines. There are numerous long-standing reasons for this, including a lack of precious data science skills and the absence of enabling digital platforms, but an emergent obstacle is senior executives and board members who are highly sensitive to data-related risks (e.g., cyber attacks, privacy violations). MIT CISR research has identified an approach—which we term Data Value Assessment—to help companies treat data as an enterprise asset and move ahead with business analytics and big data in impactful ways.
Data Value Assessment: Recognizing Data as an Enterprise Asset
Abstract
In order to maximize the value from data, companies must develop approaches to generate value amidst fear and concern related to security breaches, privacy violations, mounting costs, and regulatory constraints. We believe that companies can kick-start or further develop such approaches by conducting a Data Value Assessment (DVA), which we define as a holistic, enterprise-level analysis of data’s costs, benefits, and risks. This briefing describes an approach to DVA at a data asset company from our research, and identifies lessons that other organizations seeking to treat data as an enterprise asset can draw upon.
Performing a Data Value Assessment (DVA) will help an organization to generate value from data while confronting challenges associated with data security and costs.
In 2014, MIT CISR explored the topic of data monetization to understand how organizations are developing new sources of revenue from their data assets. As part of that research, business leaders shared exciting ways that their firms were selling information products and services, as well as wrapping information offerings to enhance the value of core products and services[foot]For more information on the 2014 MIT CISR research on data monetization, see B.H. Wixom, “Cashing In on Your Data,” MIT Sloan CISR Research Briefing, Vol. XIV, No. 8, August 2014, https://cisr-mit-edu.ezproxy.canberra.edu.au/publication/2014_0801_DataMonetization_Wixom[/foot]
During these conversations, however, 65% of the companies cited significant constraints and challenges associated with data security and costs, which hampered their monetization efforts in some way.
In a digital economy, data and the information it produces is one of a company’s most important assets. In order to maximize the value from data, companies must develop approaches to generate value amidst fear and concern related to security breaches, privacy violations, mounting costs, and regulatory constraints. We believe that companies can kick-start or further develop such approaches by conducting a Data Value Assessment (DVA), which we define as a holistic, enterprise-level analysis of data’s costs, benefits, and risks. Organizations can conduct a DVA either as a one-time diagnostic or as part of a comprehensive ongoing process of data governance.
A holistic evaluation of data can be quite difficult for large organizations. Spokespersons for data’s benefits, risks, and costs often come from disparate parts of the organization, such as:
- Data benefits advocacy: analytics, marketing, or finance
- Data risks awareness: privacy, security, or risk management
- Data costs insight: IT, data management, or operations
A 2014 MIT CISR poll[foot]174 executives responded to an MIT CISR poll in Q4 2014 regarding the manner in which their organizations manage data value, security, control, and privacy.[/foot]revealed that nearly half of organizations (49%) manage different areas of data out of multiple business functions (see figure 1). Although such specialization effectively builds deep and important data capabilities for firms, it may inhibit an organization’s ability to discover the answers to questions like:
- As an enterprise, are we investing the right amount of money in our data asset?
- Are we generating the maximum value from our data?
- In our data-based initiatives, are we taking the right number of risks of a prudent degree across all areas of the organization?
An organization from our research, referred to in this briefing as DataAssetCo,[foot]DataAssetCo represents a composite of organizations that we studied during the MIT CISR 2014 data monetization research project.[/foot], was asking these questions. During its journey to ascertain meaningful answers, the company created a fairly straightforward yet effective approach for DVA. This briefing describes highlights of DataAssetCo’s approach, and identifies lessons that other organizations seeking to treat data as an enterprise asset can draw upon.
DataAssetCo’s Data Value Assessment
DataAssetCo is an information-rich publicly traded company that serves businesses through direct and indirect relationships and that consistently achieves above industry average performance. The firm operates in a diversified manner: its core businesses operate autonomously with few standardized processes and minimal data sharing. In 2013, senior management was transitioning the company from a product-centric to customer-centric orientation.
DataAssetCo management recognized that data would play a significant role in enabling future strategies, and was excited about new opportunities to leverage data for innovation and improved business processes. However, management wanted to seamlessly incorporate costs and risks into discussions.
DVA gives companies a greater understanding of what it means to view and govern data as a strategic asset.
In the summer of 2013, an executive in Risk Management invited peers in Analytics to help her advance the concept of data as a strategic enterprise asset.
We were well versed in the kind of information we needed operationally to make good risk decisions and to provide high-quality customer service. We needed to better understand how to amass new kinds of data and use it novel and greater ways.
Risk Management executive
The triumvirate leadership team wanted to create a holistic understanding of data. To do this, the team conducted assessments of the benefits and risks/costs of its data—what it referred to as data’s “upside” and “downside,” respectively.
For the upside analysis, the team pulled together leaders from Analytics, IT, and a data-savvy functional business unit to associate a monetary value with past data analytics projects. Initially, the team divided projects into four categories based upon the kind of data that was used: basic transaction data, operational data, competitive information, and predictive analysis and models. Next the team selected a few representative projects from the competitive information category and determined their bottom-line value to the company. For example, a project to strengthen a key indirect business channel used analytics to identify the company’s most loyal intermediaries and arm them with tools to help sell the company’s products. The team conservatively attributed several million dollars in lift to the project.
Concurrently, leaders from Risk Management and Legal, with input from several functional areas of the firm, performed a downside analysis that evaluated several scenarios. These scenarios represented different levels of data compromise based on complexity and impact. The team drew on external research (e.g., published losses from data breaches) and internal prior experience (e.g., cyber risk policy costs, internal investigatory costs) to ensure that the estimated costs and risks would be realistic, given the size and scale of DataAssetCo’s business. Work was validated with a software tool.
The downside work allows us to have a much better picture about what’s at stake in making decisions about data.
Business Unit executive
DataAssetCo’s upside and downside analyses led to important management discussions.
Our project laid the foundation for internal dialogue. We built out a common language to have the right discussions around what risk we are willing to accept, what risks we are willing to fund, and how we are using data to propel us to where we need to be.
Security executive
Lessons Learned
During MIT CISR’s 2014 data monetization interviews, one executive predicted that in a few years companies would witness a tug-of-war between the business value and business liability of data. DataAssetCo’s executives preempted such tension by collaborating to explore the upside and downside of better data asset management with the intent to view data in a balanced fashion, as depicted in figure 2. The company’s approach to conducting DVA offers five best practices that may help other companies overcome structural or cultural challenges that exist in regards to an enterprise view of data.
Take an enterprise view of data, even if your organization doesn’t manage data that way. For years, MIT CISR has communicated the value of managing the organization in a way that is consistent with its operating model.[foot]Research briefings, working papers, and videos on operating models are available from the Publication Search on MIT CISR website (http://cisr.mit.edu.ezproxy.canberra.edu.au/), including J.W. Ross, “Forget Strategy: Focus IT on Your Operating Model,” Vol. V, No. 3C, December 2005, https://cisr-mit-edu.ezproxy.canberra.edu.au/publication/2005_12_3C_OperatingModels[/foot] We still believe this. However, most organizations should understand and govern data as a corporate asset, even when data management remains distributed.
Cross-functional teams can help ensure that data is evaluated in an enterprise manner. DVA should include participants who can speak to benefits, risks, and costs of data. For many companies, such participants are located in silos across the organization, such as IT, Risk Management, Analytics, and other functional areas of the firm. Drawing participation from across key organizational areas will result in a more complete view of data, which is required for DVA.
Don’t do DVA for its own sake; focus where it counts. It’s more important for DVA to create an enterprise-wide understanding of data than to offer a comprehensive analysis of it. DataAssetCo experienced major payoffs from a one-time analysis that focused on a few select analytics projects and risk scenarios. Every company culture is unique; we suggest that each company’s DVA focus on what matters to that organization. Further, DVA does not have to be an ongoing process like enterprise architecture planning, though revisiting the assessment on occasion can help ensure that your company remains on track.
DVA can be an upward-focused initiative. DVA can help get data as an enterprise asset on the corporate agenda. At DataAssetCo, a triumvirate leadership team spearheaded an effort that helped elevate data to an enterprise view. Communicating the DVA upward was a major step toward capturing widespread management attention and eliciting commitment for change management. In organizations where top executives are not already data savvy, a briefing based on your DVA may help convince execs to invest more in—or devote more attention to—analytics and data governance.
Keep the assessment real. Many board members and executive committees are terrified of data breaches, for good reason. However, they may have unrealistic ideas about the costs of breaches and of data protection. Relying on numbers from dissimilar companies can stoke fears and paralyze rather than catalyze action. Personalizing the numbers to the size and scale of your organization can increase believability and convince leaders to take appropriate action.
Based on DataAssetCo’s experience, MIT CISR believes that DVA can be a powerful tool for companies as they work to generate value from their data assets. Whether it's a focused one-time view or the start of a more systematic and comprehensive data management discipline, DVA can encourage conversations and prompt movement toward improved enterprise data governance. DVA gives companies a greater understanding of what it means to view and govern data as a strategic asset. In the process, companies become savvier about the resource considerations, accountability requirements, and buy-in and cultural changes that their data strategies warrant.
© 2015 MIT Sloan CISR, Wixom and Markus. CISR Research Briefings are published monthly to update MIT CISR patrons and sponsors on current research projects.
About the Authors
MIT CENTER FOR INFORMATION SYSTEMS RESEARCH (CISR)
Founded in 1974 and grounded in MIT's tradition of combining academic knowledge and practical purpose, MIT CISR helps executives meet the challenge of leading increasingly digital and data-driven organizations. We work directly with digital leaders, executives, and boards to develop our insights. Our consortium forms a global community that comprises more than seventy-five organizations.
MIT CISR Associate Members
MIT CISR wishes to thank all of our associate members for their support and contributions.