The 4-Rs of building your RDM business case
Updated: Jun 13, 2018
Analysts have found that accurate and consistent reference data plays an important role in the data architecture for enterprise systems. They have recognized that all systems-MDM, reporting systems and enterprise applications-require a common set of reference data to interoperate.
However a business case for reference data management (RDM) requires more than a general recognition of reference data's importance. Business cases demand specificity. Where does effective management of reference data add value to the business?
In this post we outline, what we call the 4-Rs of reference data management. Or, four specific areas to investigate as you begin to build your RDM business case. The 4-Rs are:
Regulatory Compliance, and
Reconciliation - What's the direct cost of poorly managed reference data?
In organizations that have not implemented RDM, each group and application maintains its own set of reference data and reference data hierarchies. With one to four groups or applications, keeping all the copies synchronized isn't much of a problem. But with more applications and groups or if the rate of change is high (especially true during M&A), keeping everything in sync becomes a costly challenge.
Complicating matters is the fact that for many global organizations, there are many "correct" versions of reference data and reference data hierarchies. In most organizations, there are reference data differences along organizational, regulatory, or political requirements-to wit, Google represents Crimea differently depending on what country you're visiting from. To avoid enterprise-wide confusion, all these adaptations and how they intersect must be cataloged somewhere.
Out-of-sync reference data is a problem because if your teams and systems are using slightly mismatched data sets-regions/countries, product lines, financial accounts or counterparties-you create errors that require after-the-fact reconciliation. These costs can be quite high. One of our customers, a multi-national financial services organization, uncovered that they had a large number of staff spending a significant amount of time reconciling errors caused by mismatches in reference data.
Reporting - What are the indirect costs of poorly managed reference data?
Poor reference data management impacts reporting. The enterprise dimensions (regions, products, business units) that are used to aggregate results are all reference data. If each system, or source of reporting data, has its own set of dimensions and those versions are all slightly out of sync, someone needs to sort out the mismatches before reporting. Otherwise you run the risk of aggregating unlike elements.
Consider Salesforce.com's recent admission to the US Security and Exchange Commission that they cannot tell you where their revenues come from. While we're not privy to the specifics in this case, we have seen many similar problems among our customers. One of our customers, a large engineering and construction company, sought out RDM after finding that their financial reports, including public financial statements, blended data that relied upon different versions of charts of accounts, organizational structures and cost centers.
Thus far, we've described reporting, the formal process of aggregating results for internal or external consumption. However, the lack of consistent enterprise reference data also affects ad-hoc reporting and analysis. The analysis which is often performed in Excel.
While errors with spreadsheets are well known for affecting the measurement of VaR at JPMC, the policy recommendations of Reinhart and Rogoff, and the Barclays/Lehman purchase, out-of-date sources of reference data can create a cascade of errors in the organization.
Here's an example of how poorly managed reference data created issues for one of our customers. Without a common repository of reference data their business analysts-in marketing, sales, operations-all maintained local repositories of Excel spreadsheets. These spreadsheets recorded anything that was necessary to slice and dice information from current operations-regional hierarchies, organizational codes, product categories, and customer segments.
Local copies aren't a problem if the reference data never changes. However, this data did change and the result was out-of-date assumptions that affected the relevancy of the analysis and conclusions drawn from the Excel models. That said, the out-of-date reference data might not have been an issue if the underlying Excel models had been distributed as part of the analysis.
Upon review, others who may have had more up-to-date knowledge of the current hierarchies would have caught some of the errors in aggregation. But at our customer, like in many organizations, the underlying models were not shared. The data was aggregated into pivot tables, or pasted into documents and powerpoints. The aggregation hid the errors introduced by out-of-date reference data. None of this would have come to light if it hadn't been for a couple of financial analysts that reviewed the model for an upcoming reorganization.
While the cost of these kinds of errors are hard to measure, there is value in ensuring that the assumptions used to drive analysis (and decisions) are both accurate and consistently applied throughout the organization.
Regulatory Compliance - What are the organizational ramifications of poorly managed reference data?
In our reporting examples above, poor reference data management led to problems with regulatory filings. While this kind of compliance issue affects all sorts of publicly held organizations, most regulatory compliance issue are industry specific. Some examples that our customers and prospects are talking to us are:
In healthcare, the migration from ICD-9 to ICD-10 (delayed again to 2015) is, at its heart, an upgrade of the underlying reference data used to record procedures and diseases in patient records, report claims, and supports comparative effectiveness research. This upgrade affects not just providers (doctors and hospitals), but also anyone who might pay a claim or use health claims data for actuarial purposes: health, life, disability and P&C carriers (notably those underwriting workman's comp).
In pharmaceuticals, the US Food and Drug Administration's track-and-trace system, which will create a system for tracking individual packages of drugs in the supply chain, will require a harmonized set of reference data that is common/shared across all groups in the pharmaceutical supply chain — including manufacturers, wholesale distributors, repackagers and pharmacies.
In financial services, quite a bit of the analysis that followed the financial crisis highlighted poor reference data, especially with regard to counterparties and other legal entities, as a source of operational risk. This has led to a host of new requirements from regulators/SROs, laws and regulations mandating improvements to the internal components used for risk aggregation across counterparties and finance data. Check out the recommendations from the Bank of International Settlements (organization responsible for Basel II) and the Financial Stability Board.
And for organizations involved with international transactions, the changing geopolitical landscape (literally new countries) alters the underlying reference data for all entities previously from that area. To wit, the US still has export controls on the Sudan, but BIS has loosened restrictions on South Sudan.
Regulatory compliance is often one of the best ways to push reference data initiatives. Often there are requirements that require actions take place by a specific deadline. Bear in mind that while most regulatory compliance is tied to governmental bodies, compliance demands can sometimes come from key customers, distributors (and even suppliers) depending on the nature of your business.
Risk Management - Organizational ramifications of poorly managed reference data, part II
In the case of financial services, accurate and consistent reference data, especially for counterparties and legal entity hierarchies is important for risk aggregation and risk management in a couple of ways.
At one of our customers, counterparty data was managed and stored in many different and unsynchronized operational systems. Without a common process for creating, validating and managing counterparties across functions and countries, on occasion duplicates were created making it challenging to assess total risk against a single name. In addition, relationships between counterparties were not always preserved (their legal entity hierarchy and relationships between counterparties affiliates, parents and ultimate parents). This lack of this relationship data made it challenging to aggregate risk to a parent, let alone ultimate parent. However, with this data at hand to aggregate risk, the institution was able to petition their regulator to reduce their capital requirements.
While these examples have been financial services specific, keep in mind, you don't need to be in financial services to counterparty risk. Counterparty risk arises anytime you're dealing with another organization or its affiliates and there is a risk of financial loss due to the creditworthiness of your trading partner.
Operational risk is a different kind of risk that emerges from having poor RDM. Operational risk is often defined as the risk of loss due to inadequate or failed internal processes, people or systems. Reconciliation (and inaccurate reporting) are symptoms of operational risk because reference data accounts for a large percentage of the data used in a transaction.
Some questions to consider as you develop your business case
Does my organization care?
Some organizations do not view reference data reconciliation as a problem-some perceive this as an inevitable cost of doing business. Or that the relative cost of manual reconciliation is lower than a solution. It's important to understand your organization's attitude when building your business case as it can illustrate how much selling you'll need to do organizationally.
Who (which executive) is at risk if we have have bad reference data? What team(s) does bad reference data create the most work for? The answers to these questions may provide some insight into the teams that ought to be responsible and accountable for the RDM program. If you know who's job is at risk, that individual could be the executive sponsor for the program.
Estimating direct costs: How many people are involved with reconciliation? How much time do these individuals spend on reconciliation issues? What percentage of breaks is due to bad reference data? What's the average fully-loaded costs for the individuals? Multiplying all these figures together ballparks the direct cost. Realize that it's much tougher to estimate the cost of restatements, regulatory compliance issues and faulty reporting.
Are there any public reference data standards the organization must support? How is this data managed today?
What reference data is commonly used in reporting? How are we maintaining this information today? Examples might include public (geographies, industry codes) and private (accounts, legal entities) sources reference data. Are your analysts keeping these sources in spreadsheets?
Do our teams need both "global" and "local" versions of reference data for enterprise and business unit/divisional reporting? How are these local adaptations of reference data (and their relationships or connections back to global reference data) maintained today?
Does my organization need to report using prior versions of reference data (eg. financial hierarchies)? How much effort does it require for us to produce these reports?
Are our regulators concerned with operational risk issues? Do they need to review our policies and governance processes? Are there any penalties associated with poorly managed programs?
Can we easily share reference data and hierarchies with our auditors? In studies of restatements, one of the most common causes was internal errors due to misclassification. Sharing the enterprise repository of reference data aids the audit team when they are verifying the financials. And if errors are found, the RDM can assist in diagnosing the underlying issues.