Institutional Data Stewardship: Proactive Measures for Addressing Risks and Creating Value
Institutional data can be one of a college or university’s greatest assets. Institutions with a focused commitment to the integrity and maintenance of their data—and a strategy for efficiently communicating it to external stakeholders--can enhance their reputations, drive fundraising, increase student recruitment and retention, and diminish operational risks.
What Qualifies as Institutional Data?
Institutional data includes any data created, collected, or maintained within an institution’s systems, and may include information regarding faculty, students and staff; research and clinical activities; financial information; or other academic or operational records. This data may be used to meet regulatory, legal, audit, or reporting requirements or as input into management decision making. While colleges and universities face a number of regulatory requirements and recommended practices regarding data protection and privacy, broader data governance considerations are necessary for the effective use of institutional data in all instances.
The Relationship Between Institutional Data, College Rankings, Reputation, and Risk
Recent news has shown that potential mismanagement and manipulation of institutional data can have detrimental impacts to a college or university’s revenues and reputation. Just within the past few years, multiple colleges and universities have faced severe consequences for their roles in misreporting of institutional data to national college rankings. Whether intentional or not, consequences of misreporting in recent news have ranged from significant drops in the college or university’s rankings or complete removal until the next reporting cycle and/or substantial penalties by government agencies.
Colleges and universities may often see a correlation between their rankings, reputation, and revenues whether concerning student enrollment, research, or other financially advantageous opportunities. While not all penalties carry a direct financial impact, every drop in rankings and the associated news cycle that comes from violations presents a reputational hit that can have significant impact on recruitment, enrollment, and retention. As such, it is critical that colleges and universities have proper processes and controls in place to help protect the integrity of their institutional data.
Considerations Around Institutional Data Processes
It is highly important that colleges and universities have a clear understanding of their current processes and controls for institutional data reporting. The below are some questions college and university leadership and administration should ask themselves to help identify potential gaps and risks:
- What policies and procedures are currently in place? Recognize the documented policies, procedures, and other guidelines the college or university may already have campus-wide or within individual schools and/or programs.
- Where is institutional data reported? Institutional data can be reported to a number of external organizations for various purposes, such as college rankings and accreditations. This question also addresses use by college and university staff in admissions and other materials that are marketed externally. As various reporting purposes and recipients have different institutional data needs, it is important to consider the specific nature and characteristics of each request and to understand the requested data points, definitions, etc.
- Is the process centralized or decentralized? Consider who is reporting out this information, such as the institution as a whole or an individual school and/or program.
- What is the source of the institutional data? The original source of the institutional data should be clear. This may include institutional surveys, individual campus offices, specific applications or systems, and more.
- Who owns and maintains the data? This role may be formally or informally assigned to a single or multiple individuals. Consider where such individual(s) is located within the institution and their other roles and responsibilities. Also, factor in potential incentives to falsify data and how such activity would be discovered.
- Where is the data stored? Consider the security of the data, whether it is stored in a centralized and protected system or on an individual staff’s desktop. Many elements of institutional data may be subject to privacy laws and source data should be appropriately protected.
- How is the data reviewed for accuracy and completeness? Consider separation of duties in terms of who reviews for accuracy and completeness and who owns and maintains the data. Look at the review processes and how inaccuracies may be identified, addressed, and resolved.
Take Proactive Measures as a Data Steward
Once the above questions are answered, there are a number of proactive steps colleges and universities can take to act as data stewards for their institution and related stakeholders. Steps to help to mitigate potential scandals and reputational risks include but are not limited to the following measures:
- Develop documented policies and procedures: If not already in place, colleges and universities should develop and publish documented policies and procedures concerning institutional data processes, including information around but not limited to defining institutional data, applicability, standard procedures, and allowable uses.
- Create an inventory of organizations to which data is reported: Colleges and universities should maintain an inventory of all organizations to which institutional data is reported. This should include any organizations applicable to the institution as a whole and at individual school and/or program levels. Such an inventory can increase awareness of all the organizations to which data is reported and help determine whether the necessary oversight is in place over applicable processes.
- Perform an audit or detailed analysis of institutional data: Focusing on identified areas of high risk, complexity, and criticality based on the above questions, colleges and universities may consider performing formal audits or detailed analyses of select institutional data. Such reviews may be one time or ongoing depending on the level of calculated risk and review outcomes.
- Automate institutional data processes where possible: To help minimize the potential for error, consider automating highly manual or repeatable processes, such as those related to the collection, maintenance, or analysis of institutional data.
- Establish a campus network of data partners: Identify appropriate individuals in offices across the institution that may serve as data partners to be formally trained and responsible for specific tasks as it relates to institutional data. This may include the collection, review, and maintenance of – or access to – institutional data.
- Require training(s) as necessary: Set up training requirements and provide training to applicable staff and others as necessary around collecting, accessing, and using available institutional data.
- Establish a central institutional data office: Establish or assign a central campus office with the responsibility of protecting the integrity of institutional data.
- Publish Common Data Set online: Colleges and universities often publish their Common Data Set on their institution’s website. Doing so helps promote transparency of the data that is reported by the institution.
Colleges and universities must actively protect the integrity of their data management, review, and reporting processes in today's data-driven world. While complete and accurate institutional data is a necessary and valuable resource, recent news has demonstrated that any institution’s data could be at risk for falsification or misrepresentation regardless of the data's perceived criticality. If not properly and timely addressed, existing process gaps and control deficiencies can put the institution's reputation at significant risk with potential consequences to its financial health.
Copyright © 2022 BDO USA, LLP. All rights reserved. www.bdo.com