The top ten words most repeated during the Audit, Anti-Fraud and I.T. Congress 2025 were artificial intelligence, cybersecurity, governance, anti-fraud, assurance, technology, risks, ethics, regulatory and data. As with any conference focused on internal audit, these would each form the chartbuster records.
The focus for this article though will be Data Quality Management according to DAMA International. Data quality is one of the 11 core knowledge areas defined by DAMA International in the Data Management Body of Knowledge (DMBOK2). It is defined as the degree to which data is accurate, complete, timely, consistent, and fit for its intended use.
It’s interesting because the issue of data quality is not limited to one industry. We all have client management, yet most CRMs will have very poor data quality in terms of names being misspelt, address information is invalid, poor formatting, lacks the right fields, and sometimes data is just too vague. This then easily becomes one of the most expensive and persistent problems organizations face, often costing huge amounts in rework, lost opportunity, and as we have seen with clients even regulatory penalties.
During the conference, especially in a technology landscape there is a strong emphasis on being "data-neutral."
Definition and Dimensions of Data Quality
DAMA stresses that data quality is not just a technical issue rather it is a business issue that requires governance, stewardship, cultural change, and continuous improvement. In DAMA’s model, data quality is fundamentally about fitness for purpose: data that meets defined business requirements. For example, when you are evaluating an ERP solution, have you managed the access rights, are the transparency rules clear because these areas then enable companies to be compliant with GDPR requirements.
As internal auditors we review certain dimensions as cited in DAMA’s materials including Accuracy (data correctly reflects real-world values), Completeness (no required data missing), Consistency (uniform across systems), Timeliness (up-to-date), Uniqueness (no duplicate records) and Validity (conforms to defined rules). Although this may not seem as a great value add, its when large amounts of data lose sight of the third line of defense the problem can spiral.
Internal Audit is an ongoing function, it should not be seen as a one-off project, allowing for continuous monitoring, assurance and improvement.
We had lots of sessions during the conference which gave deep insights on how to navigate these overwhelming scenarios, whether it was the pandemic, or which frameworks to use, AI governance – the importance is to come out stronger.
Preparation or readiness is key- it could be you start with data classification- Critical, High, Public. This would be a key recommendation practice. We all know, that data allows analytics and this for certain industries is a huge area of control dynamics. We’ve seen with our clients in healthcare, aviation, and other tourism even really build their controls around the monitoring process of the baseline data and patterns. The takeaway of this article is not just to hum along to the Data song but to establish Data governance with clear roles, setting priorities, communication and empathy.
Related content
