Tejasvi Addagada has announced his upcoming book, Data Risk Management, highlighting digital and data risks.


You need to hear this often if you’re managing any kind of risk – risk and value go hand in hand. And it’s true, of course! It becomes apparent when we hear phrases like “data is the new oil” and “data powers the digital economy” that data needs to be actively managed with technology and people. Data and its infrastructure must be managed for its benefits and risks. Popular data areas where risk management has expanded are data quality, regulatory and compliance reporting, ethics, privacy, data-centric security, data requirements management and operations, to name a few. Tejasvi Addagada has ventured into this new book to delve deeper into this need to formalize data risk management. He is a popular thought leader in data and analytics and has worked with Fortune 500 companies to help them monetize data. Tejasvi is also the author of a bestseller, data management and governance services – simple and effective approaches .

In a standard configuration, a data management function should establish metrics for business processes that influence data quality. It can be as simple as creating a customer through an online form by collecting data on a web channel. There may be other processes like underwriting that consume the same data, resulting in less quality assets for a bank. When you identify risk scenarios in business processes where quality can be influenced, you can have metrics that can be formally declared as Key Risk Indicators (KRIs). KRIs for the Data Quality and Data Management area can detect process interruptions such as “no verification of mobile number via OTP”, “overwriting of a current email address by an old one in core systems due to improper pipelining”. Most of these changes need to be solved by adding people checks as a compensating check, like performing four-eye checks on an application form. There may be permanent resolution of data issues that may occur through IT. However, risk-based data quality indicators (KRIs) can detect the process of pauses which can be used to recover erroneous data in the interval. Similarly, other data management areas such as data definitions, metadata management, central data operations, master data management may use a similar risk and KRI assessment.

Compliance and regulation are pushing companies to embrace risk management in data management and governance. The other main driver is the need to prioritize and manage data associated with high financial or operational risk. On the other hand, the data governance function establishes guidelines in the management of data by defining policies, approval mechanisms and communication rigor to actively manage critical data. To encourage employee commitment to an effective data management culture, some organizations reward teams that themselves identify risks in their area of ​​work and come up with mitigation plans. It is true that developing a risk-aware culture costs capital; however, when you consider the costs of not managing the risks as well as the lack of business benefits, the funds spent to address the risks are worth it.

In the second chapter, the importance of formal data risk management in an organization is highlighted. In addition to other important aspects, a company’s board of directors can actively manage data risk appetites and thresholds. Some of these aspects can be data ethics, guiding the organization through policies, highlighting fiduciary responsibilities, managing legal and regulatory issues, preparing for upcoming politics and recent technology as a disruptive force for provide a competitive advantage. The technology would include data analytics, artificial intelligence, cybersecurity, and digital transformations as holistic components.

Data risk management requires focus from the top, focusing on prioritizing regulatory and operational risks presented by weaker controls in data management. An organization needs to structure a function, such as data risk management. The function will act as a data operations watchdog by managing risks on the fly and actively managing them.

Moreover, organizations are poised to grow strategically with the right transformations that will give them an edge over the competition to grab the attention of customers. Most of these transformations such as digital activities, reducing threat zones, are associated with having the right data capabilities in place such as cloud warehouses, machine learning operations (MLOps), etc. And, having to manage the risks associated with not having to realize the full benefits of these data capabilities must also be actively managed.

By properly representing data risks to the board, programs can be sponsored that will strengthen data operations and therefore the resulting benefits will be sponsored. Raghavendra (Raghu) Chinhalli, a popular thought leader in executive data management, extends his experience with these practices to the boardroom.

Tejasvi focused on focusing on data risk management, on corporate boards, and the choices available to obtain the benefits. The book further explains aspects of quantitative and qualitative approaches to risk assessment and specifically a holistic technique called capability-based risk assessment. The technique shown later can be used in data risk planning, formulating a data risk strategy while continuously assessing data risks. Additionally, a risk assessment may be less accurate when used to aid in risk measurement. However, retaining more characteristics of risky events during the data collection phase can contribute to better risk predictability in data operations. Additionally, there are various data risk management tools and techniques that can help with data risk management. Arunprakash Asokan, a security expert working with Unilever, shares his experience using popular techniques.

The book provides access to twenty data risks directly to use from the book with details such as risk statement, multiple causes, multiple impact categories if the data risk should manifest. Additionally, the next chapter focuses on using COBIT as a framework to assess and manage data risk. As a popular request for most organizations is to imbibe a data risk management culture, the book provides guidelines for creating a data risk culture through awareness and examples.

In light of recent changes in privacy and protection policies around the world in countries such as Europe and India, the final chapter puts more emphasis on providing practical guidance for organizations to manage the risks associated with confidentiality of their customers’ data. There are fifteen data privacy risk scenarios that can be easily used in any data privacy office. Tejasvi credited some of these combined experiences to Balaji Narayanan, for enriching his thoughts, a data analytics leader and influencer, working with Axis Bank.

Mr. Akhilesh Tuteja, Global Head of Cybersecurity Consulting at KPMG, provided further advice on managing privacy and data security control environments, and he also writes the foreword. This is an exciting engagement with many thought leaders that enrich Tejasvi Addagada’s practical approaches to implementing data risk management as a function in an organization.


About Author

Comments are closed.