Data Capability Risks Level 1 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 Characteristic Risk of poor decisions, focus on wrong objectives. Fines from regulators. Poor decisions due to poor data quality. System and process change estimates are very inaccurate. Loss of insurance due to inability to verify assets. Data is not included in Business continuity planning. Data is insecure and unknown. Potential to be breaching data protection. Loss of data either digitally or physically. Breach of data protection. Inability to respond to FOI requests. No control or ownership of data management processes. Poor Decision making on unknown data quality. We don't know what we don't know. Paralysed - not able to change because we don't know where we are. Scared - don't dare to change in case something catastrophic breaks. Data Management process is out of control/unmanageable. Wrong/inappropriate use of data outputs. Lack of oversight of how we process our data. Data Management Development doesn't happen. No CI initiatives. Staff motivation is likely to be low, staff turnover is very high. Data issues cannot be easily responded to. Key organisation metrics cannot be delivered on time or at a required level of quality. Type Financial Financial Financial Financial Financial Financial Information Security Information Security Information Security Information Security Information Security Operations Operations Operations Operations Operations Operations Operations Operations Operations Operations Operations Operations Owner Chief financial officer Chief financial officer Chief operating officer Chief financial officer Chief financial officer Chief technology/systems officer Chief financial officer Chief operating officer Operational/data leader Chief technology/systems officer Chief financial officer Chief operating officer Operational/data leader Operational/data leader Chief operating officer Chief operating officer Chief operating officer Chief operating officer Chief operating officer Data and information analysis Chief operating officer Chief operating officer Chief operating officer 24 25 26 27 28 29 30 31 Characteristic Potential legal breach - known and unknown. Potential Regulatory breach - known and unknown. Financial loss due to data related issues. Lack of student trust when examples of poor data management exposed. Lack of true understanding of how org is operating -> no early warning of problems. Risk of Complaints and appeals due to lack of data integrity. Reputational/customer experience issues are likely. Loss of face within sector. Type Reputation Reputation Reputation Reputation Reputation Owner Head of institution Head of institution Chief financial officer Head of institution Chief operating officer Reputation Reputation Reputation Head of academic area Head of institution Head of institution Page 2 of 2