The Whats and Hows of Data audit — Technology Components
Expectation setting:
This article might be more suited for you if you’re a data practitioner who does or wants to conduct a data audit. To illustrate a potential structure for the audit, I’ll look into Leavitt’s Diamond and the PPT model. Then, we’ll take a look at three technical frameworks as a way to approach a gap analysis.
Overall Approach
Everyone’s either applied or at least heard about a gap analysis — where you try to understand:
> Where you are now (Current State)
> Where you want to be (Future State)
> What needs to change or improve to bridge the difference (Gap Analysis)
The big question, though, is how do you assess the current state?
I’m a big fan of doing a structured review, following a specific methodology — because with that, you can benchmark improvements over multiple assessment cycles, make sure you don’t overlook key components (assuming your framework is based on solid research and review), and help readers follow your line of reasoning — how you got to your final results.
When deciding on the overall approach, I thought of two models that can be used as the first level to structure the funding: Leavitt’s Diamon and People, Process, Technology (PPT).
Leavitt’s Diamond was first introduced by Harold J. Leavitt in the paper “Applied Organization Change in Industry. Originally developed to assess the impact of change strategies, the model has since been used for aligning different organizational elements to create balanced, integrated systems and, more importantly for me, for diagnosing organizational problems.
Leavitt outlined four interdependent components and emphasized that achieving integrated change requires an understanding of these components — and how they interact:
> Tasks or actual activities performed within the organization
> People or skills, attitudes, behaviors, etc. of individuals in the organization
> Structure or the hierarchy, roles, and responsibilities
> Technology or tools, equipment, software, systems, etc. used to get things done
All four components impact each other, for example:
Task <> Technology. Technology supports task execution, but tasks also define what tech is needed.
Structure <> Tasks. Structure determines how tasks are organized; tasks might shape structure over time.
Structure <> Technology: Structure influences how (or whether) tech is adopted; tasks might have an impact on structure in order to improve efficiency
Structure <> People: Structure shapes roles and responsibilities.
People <> Technology: People’s skills impact whether and how tech is adopted and used
People <> Structure: People influence structure through culture and behavior.
People, Process, and Technology (PPT) model emerged as the the simplified version of Leavitt’s Diamond as a way to guide improvement or change by harmonizing three components:
> People or organization culture, skills, capabilities, etc.
> Process or methods, workflows, business processes, etc.
> Technology or tools, infrastructure, software, hardware, data systems, etc.
And just like Leavitt’s Diamond, all three interact:
People <> Process. People define, execute, and refine processes. At the same time, processes shape roles and skills
Process <> Technology. Technology supports and automates processes byt processes inform technology decisions
People <> Technology. People’s skills and capabilities affect technology adoption but technology impacts the required skills required to do the work done, job roles, etc.
Although both models can be used for a technical assessment, the angle we’re taking here is to focus specifically on evaluating the infrastructure and tech stack that supports data management — not the maturity of data processes or non-technical components, for which you might be more interested in using, for example, Data Management Capability Model (DCAM) or DAMA but we’ll talk about those another time.
PPT is usually preferred for technical assessment, because unlike Leavit’s Diamond — which evenly covers tasks, structure, and people — PPT places technology as the primary component making it ideal for the pure technical audit/assessment. And because we are interested in the technical assessment, rather than assessing non-technical organizational and process-oriented aspects of data management practices, we would use PPT in this article and going forward. Now what — we decided on the high level. Let’s review some of the frameworks that can be used to structure your data audit.
Technical Assessment
When talking about technical frameworks, the most commonly used frameworks are Well-Architected Framework; Azure Well-Architectured Framework; Google Cloud Architecture Framework.
AWS Well-Architected Framework was introduced with Amazon Web Services (AWS) in 2012 to help practitioners design, operate, and optimize cloud infrastructure. The main pillars of the framework are:
> Operational excellence or automation and continuous improvement
> Security or protecting confidentiality, integrity, availability
> Reliability or keeping systems alive and resilient
> Performance efficiency or using compute resources wisely
> Cost optimization or minimizing unnecessary spend
> Sustainability or reducing environmental impact
Azure Well-Architectured Framework was realized by Microsoft in 2020 to help customers balance performance, cost, reliability, and security. Like the AWS Well-Architectured Framework, the Azure’s Well-Architecture Framework is based on:
> Operational excellence or monitoring, automation, and management of Azure infrastructure
> Security or protecting confidentiality, integrity, and availability of cloud workloads
> Reliability or ensuring resilience and recoverability of workloads
> Performance efficiency or meeting performance goals and optimizing resources
> Cost optimization or ensuring cost-effective operations.
The Google Cloud Architecture Framework was introduced by Google Cloud Platform (GCP) around 2020 following existing Google Site Reliability Engineering (SRE) practices to help teams run reliable and scalable systems. The main components are:
> Operational excellence to deploy, operate, monitor, and manage cloud workloads
> Security, privacy, and compliance to design and operate workloads securely to meet regulatory requirements
> Reliability to ensure resilience and availability of systems
> Performance optimization to ensure efficiency and scalability of systems, optimized to meet user needs
> Cost optimization to avoid waste and manage spending
Data Assessment
As we’ve already mentioned, these frameworks are used to evaluate cloud infrastructure. But what if we adapt them to access your data practices — see gist below or access .xls file at https://github.com/eponkratova/articles/tree/master/data_audit/assets?
You’ve Completed the Assessment… Now What? There are several ways to go after that. You cah priortize areas for improvement based on risk and the impact each area would have on the organization; build a roadmap for improvements, and create a practical action plan.
Coming Full Circle: Gap Analysis in Actions
Remember the gap analysis we started with? Here’s how to close the loop.
If you use a gap analysis, you usually start with a target state but… the architecture defined by the above-mentioned frameworks already defines target architecture or a desired state.
The current state is identified during assessment where you list the state of the infrastrcuture.
The difference between the two is your gap. You can even quantify the gap but subtracting your actual alignment points from the desired one per pillar or acroll all pillars. The bigger the gap, the greated the misalignment-and the higer the risk.
In the next articles we would review data audit when it comes to People and Processes.
If you think we could work on assessing the state of your organization, feel free to ping me at https://www.linkedin.com/in/eponkratova/
