Home > Risk > The Power of Information

The Power of Information

November 15, 2010 Leave a comment Go to comments

Some years ago, the CFO of my company asked me to put my best people on our Oracle implementation project. It’s not that he was worried about system security, or that his team would fail to establish appropriate controls. It’s because the project was critical to him and he wanted every possible thing done to ensure success.

He said something to me that made a lasting impression: “I don’t want to keep managing the company through the rear view mirror.”

He was referring to the fact that the information he and the rest of the executive leadership team used to run the company was always old news. The financial information was ‘as of’ the last reporting period, and anyway it took the financial team a week or more to finalize the journal entries and release the numbers. Operational information was also old, and because it came from a different source than the financial results was often inconsistent.

In fact, the inconsistencies in the data meant that the executives were managing through a broken rear view mirror.

I believe that unless you have information that meets the following criteria (and I am sure there are more), it is not possible to optimize performance, understand and manage risks, and remain in compliance:

  • Current
  • Reliable
  • Consistent
  • Risk-adjusted
  • Forward-looking, providing insight into what is likely to happen
  • Usable: information that can be analyzed and easily understood rather than a mass of data
  • What you need: focused on what you need to manage the business, with trivia removed

An article on the critical nature of business analytics to support decision-making was recently published by MITSloan Management Review (subscription required). One paragraph stood out for me:

“I did a study of 57 companies that had improved their decision making in one way or another, and I asked them what they used to make those decisions better. The number one intervention tool they cited was analytics – about 85% said analytics. But right after that was change in culture or leadership, followed by better data, followed by change in business processes, then the education levels of the people doing the decision making.”


  1. Is your organization making decisions while looking through a broken rear-view mirror?
  2. Do you agree with the criteria I listed for the information needed?
  3. Have your internal auditors identified deficiencies in this area as major? If not, why not?
  1. November 15, 2010 at 6:38 PM

    Points well taken. Similar to what I discuss in my book “Information Security Management Metrics – Auerbach ’09. Good to see some validation and clarity emerging on this topic – now just have to make the point to another few million managers and infosec folks. I would add “accurate” to your criteria – gas gauge that says full when empty not so good. I use the term “predictive” but same notion. I also include “Actionable” – many cases where folks get information and they don’t know what to do with it – as opposed to say, a compass, where it’s pretty obvious what to do if it shows off course. Anyway, good stuff – keep at it.

  2. Donn Parker
    November 15, 2010 at 7:00 PM

    Isn’t the key item in your list: “•Forward-looking, providing insight into what is likely to happen,”? And isn’t determining what is likely to happen the role of the executives and what they get paid big bucks for? Insights into the future supplied by underlings even in the form of multiple alternative futures puts the underlings at great risk if they are wrong and makes them seem wishy washy. Maybe your definition of insights would fall short of actual predictions and maybe means just identifying key data for predicting the future for the executives attention. In any case smart underlings are going to be very conservative and cautious about providing predictions. Too many wrong predictions and out they go even if they are good at all the other bulleted items you identify.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: