Nimble Risk Management (NRM)

What is Nimble Data Risk Management?

What is Nimble Data Risk Management?

Rob Bowman

GRC stands for Governance, Risk, and Compliance, a new acronym being heard much more frequently lately. A GRC framework is a model for managing all compliance and governance risks in a company. Too often GRC and corporate governance in general have been unwieldy high overhead activities. Nimble Data Risk Management (NDRM) has evolved to bring agility to planning and investments in GRC (including Data Governance).

As explained earlier in the Nimble Risk Management Consulting ‘Crossroads of Business Efficiency & Risk & Data Governance’ articles:

  • Today all companies are software companies. This is because today’s software is used in almost all aspects of running a company no matter what type of business, even if a company doesn’t produce software as a product. More data is produced every month by companies today than existed in total just over a decade ago.  The huge increases in the volume of business data and data sources have brought increased complexity, new challenges, and increased business risk”.
  • “Almost all companies are producing and adopting AI tools at a feverish pace. Most AI tools are cloud-based and have EULA or SLA user agreements. These user agreements state that any data entered into the AI tool by a user can be stored and used by the company producing the AI tools. Many companies are only partially aware of the AI tools their employees are using and what company IP is being leaked and captured by the AI tools if they are even aware.
  • “Data governance is immature or poorly implemented in many companies”. “Many employees lack awareness about what happens to their data once it is shared with many tools, especially AI tools. This can lead to unintentional security violations.  Businesses should deploy all tools and especially AI tools used in an enterprise in a controlled and risk-conscious manner when striving to find efficiency gains or add new business capabilities”.

Data Governance Frameworks
Data governance is a set of principles and practices that ensure high quality through the complete lifecycle of a company’s data. According to the Data Governance Institute (DGI), “Data governance is a practical and actionable framework to help a variety of data stakeholders across any organization identify and meet their information needs. The DGI maintains that businesses don’t just need systems for managing data. They need a whole system of rules, with processes and procedures to make sure those rules are followed, consistently, every working day”.

Data governance frameworks have evolved to help companies structure and guide their investments in data governance. Some frameworks that are popular today include:

  • DMBOK
  • COBIT
  • SAS DATA GOVERNANCE
  • BCH Data Governance
  • Data Governance Institute (DGI) Framework
  • PwC Enterprise Data Governance Framework
  • Eckerson Data Governance Framework
  • WTDA AI-STR-03

The Data Governance landscape is quickly changing and will continue to change rapidly as new options emerge or existing ones evolve.

New Regulatory Compliance Laws and Regulations are Emerging Quickly
New risk management needs are constantly arising as regulatory compliance laws and regulations continue to evolve. To be successful businesses need to integrate responsible risk management practices into everyday operations, especially for emerging disruptive technologies such as AI. As these laws and regulations evolve businesses must be aware of them and adapt to them to be successful. 

The evolution of data governance is driven by business needs including the need to adhere to compliance laws and regulations. In turn, the rapid rollout of new compliance laws and regulations is being driven largely by privacy needs, by the huge growth in data being generated and used, and by emerging technologies.  Examples of new compliance laws and regulations impacting how companies are required to manage data and privacy are:

  • GDPR – (General Data Protection Regulations)
  • DMA – (European Union’s Digital Markets Act)
  • DPF – (EU-U.S. Data Privacy Framework, which replaces the EU-U.S. Privacy Shield)
  • Executive Order – E.O. 14086(Enhancing Safeguards for United States Signals Intelligence Activities)
  • CPRA/CCPA – (California Privacy Rights Act which amends the California Consumer Privacy Act)
  • EU AI Act 2024 – (European Artificial Intelligence Act 2024)

Data Governance is Intrinsically Linked with Business Risk Management
Data governance and business risk management are intrinsically linked due to their shared focus on ensuring the integrity, security, and compliance of data within organizations. They are closely linked and intertwined because they both involve:

1. Establishing Clear Policies and Standards

2. Enhancing Data Quality and Integrity

3. Regulatory Compliance

4. Risk Identification and Management

5. Facilitating Informed Decision-Making

6. Promoting a Risk-Aware Culture

A term that better conveys how data governance and risk management are intrinsically linked and intertwined is ‘data risk management’. Effective data governance is essential for managing risks associated with data quality, security, and compliance. By establishing a strong data governance framework, organizations can enhance their risk management strategies, ensuring that they protect their data assets while maximizing their value for informed decision-making.

GRC Frameworks for Governance, Risk and Compliance
GRC framework is a model for managing all compliance and governance risks in a company. The framework has been named GRC because many business risks have been found to originate with how regulatory compliance is being managed or how data is being governed (or not governed). Business Rules guide the everyday decision-making within a business by outlining the relationships between objects, such as customer names and their corresponding orders. Internal Controls are accounting and auditing processes used to ensure the integrity of financial reporting and regulatory compliance.

Startups and small companies often have few or no Internal Controls (accounting and auditing processes used to ensure the integrity of financial reporting and regulatory compliance) or standardized and formalized Business Rules. A lack of or incomplete GRC, Internal Controls, and formalized Business Rules can result in inconsistent disjointed processes and communications within a company. This opens companies up to risk due to possible liabilities and profit loss on many fronts, including decreased business efficiency and undesirable outcomes. 

Definition of Nimble Data Risk Management (NRDM)
NDRM has evolved to bring agility to planning and investments in GRC (including Data Governance). Too often GRC and corporate governance in general have been an unwieldy high overhead activity. NDRM addresses these issues by utilizing new lightweight methods to allow companies to get started, guide, and get traction immediately on investments in GRC (including Data Governance).

  • NDRM leverages Flow Engineering to visualize, analyze, and guide investments in improving business processes.  Flow Engineering integrates concepts from value stream mapping, systems thinking, and organizational design, offering practical applications aimed at improving workflow efficiency and fostering collaboration across teams. It emphasizes the importance of creating shared understanding and alignment within organizations to drive performance improvements.
  • NDRM incorporates data-driven continuous improvement via a more frequent planning and prioritization process. It utilizes company-wide Objectives and Key Results (OKRs) and North Star Metrics (NSMs) which guide the prioritization and decision-making processes. It includes driving the creation of robust data infrastructures, including data collection, storage, and quality control to create systems that freely share data and achieve a continuous flow of information.
  • NDRM also involves surfacing, visualizing, prioritizing, and paying down Technical Debt on an ongoing basis.
    (Technical debt, also known as tech debt or code debt, refers to the implied cost of future rework that arises when development teams prioritize speed over optimal design and implementation. Technical debt occurs when developers take shortcuts—such as writing less maintainable code or skipping documentation—to meet tight deadlines or deliver functionality quickly. While this approach can yield immediate benefits, it often results in a codebase that is harder to maintain and more expensive to modify in the future).

Book a consultation

References:

  • Data Governance – Definition, Tools, Framework [Updated 2024] Link Here
  • Data Governance: How Can It Be a Crucial Enabler for Managing Data Risks? Link Here
  • Understanding Data Governance Risk Link Here
  • How Data Governance is Essential to Managing Data Risk Link Here
  • Data Governance – managing the risk of human interactions Link Here
  • DataOps for business: A comprehensive introduction Link Here
  • Popular Data Governance Frameworks  Link Here

BusinessAgility #BusinessRisk #Compliance #ContinuousImprovement #DataGovernance #FlowEngineering #Governance #NimbleRiskManagement #RiskManagement #ROI #TechnicalDebt

Discover more from Nimble Risk Management (NRM) | Reducing business risk through optimized value delivery.

Subscribe now to keep reading and get access to the full archive.

Continue reading