The steps to identify Critical Data Elements (CDEs) is a structured process designed to ensure that data critical to an organization’s operations is accurately identified, governed, and managed. While APRA provide guidelines that describe the importance of identifying your organization’s critical data elements, they do not provide any steps to identify critical data elements. Want to understand what a Critical Data Element is first? See our article here: The What and Why of Critical Data Elements (CDEs)

Here’s a step-by-step overview:

  1. Data Area Review:
  • Identify Starting Points: Begin by selecting significant areas like regulatory reporting, business dashboards, or critical business processes. For example, start with your organisation’s most important 3 reports and use the content of those reports as your starting point.
  • Prioritize: Focus first on the most crucial either compliance or business critical requirements to elevate potential CDEs.
  • Document: Capture the meeting minutes, who, what, when that drove the identification of CDEs to ensure a transparent and auditable process. Note, it is not enough for some data gurus to simply pick out some attributes and call them CDEs, auditors will want to see the process of who was involved and the rationale as to why a CDE has been nominated as such by your organisation.

 

  1. Involve Data Stewards and Owners:
  • Mapping: Map critical subject areas to their respective data domains (e.g., member data, investment data) and identify relevant Data Stewards and Data Owners.
  • Initial Meetings: Hold meetings with Data Stewards to identify candidate CDEs. The goal of this meeting is for the Data Steward or SME to identify candidate CDEs and provide a rationale for each CDE.
  • Documentation: Ensure detailed documentation of why each candidate is considered a CDE, linking it to specific business needs, regulatory requirements, or risk management considerations.

 

  1. Risk Assessment with Risk L1:
  • Risk Evaluation: for organizations with a Risk Function, conduct a risk assessment using the existing Operational Risk Management Framework to evaluate the impact of significant data quality issues on each CDE.
  • Documentation: Capture the risk assessment outcome based on the L1 risk assessor’s application of the Operational Risk Management Framework to the CDEs.

 

  1. Validation by Data Owners:
  • Review: Present the candidate CDEs and their rationale to the Data Owners for review and acceptance.
  • Feedback and Acceptance: Data Owners can suggest additional CDEs, request clarifications, or reject the criticality rationale. Document their feedback and decisions in meeting minutes.
  • Finalization: Once accepted, update the Critical Data Register, marking the CDEs as official.

By following these steps, organizations can ensure that their most essential data elements are accurately identified, well-governed, and aligned with regulatory requirements, such as those outlined by APRA. This process not only strengthens data governance but also minimizes operational and compliance risks associated with data management. To pass your next audit, take our on demand Mastering Critical Data Elements (CDEs) Training to effectively identify the best Critical Data Elements for your organisation.

Stay up-to-date with the latest from DGX!
Related articles