Management Questions

Feb 26th 2010 Information (Data) Inventory Questions

What information are we collecting?
Where and how are we collecting it?
Who owns it?
Who has access to it?
What are we doing with it?
What would be the impact to the organization if it got into the wrong hands?
What controls are in place?
Are efforts to safeguard the information commensurate with its worth?
Are we gathering unnecessary information that represents potential risk without opportunity for reward?
Are we maximizing the value of what we collect?
Could information have more value if we loosened restrictions on it?

Source: Lock It Up or Set It Free? by Ted DeZabala | Deloitte Review, Issue 6

Are the complexity of the extended enterprise and major earnings drivers across it transparent?
Are interdependencies understood and interdependence risks identified?
What programs are in place to ensure the viability of earnings drivers?
Are these programs fully aligned with corporate strategy and objectives, and do we understand the trade-offs within these programs?
Do we know what we spend on resilience?
How good is our situational awareness — that is, do we have enough business intelligence, internal and external, and is it directed to the appropriate parties?
Do we distill such intelligence properly and in a timely enough fashion to react to it?
Who is accountable for resilience, and how do we make decisions and measure progress?

Source:
Enterprise Resilience: Managing Risk in the Networked Economy
by Randy Starr
strategy+business, Spring 2003

How good is my company at understanding risk? i.e., what risks do we face and how does that risk impact on my organization?
What control procedures does my company have in place to mitigate these risks?
How does my company achieve recognition for the effort we have put into implementing control measures and managing risk?

Source:
An explicit item for the main board
by John Bromfield
European Business Forum, Issue 13