Data quality and information governance - Controls over data...

Learning Outcomes

After reading this article, you will be able to explain why reliable data is essential for effective performance management and how weaknesses in data collection, processing, and reporting can reduce the quality of management information. You will recognise and describe key controls and best practices for ensuring data quality and compliance. You will also be aware of common risks associated with poor information governance and apply suitable control solutions relevant to scenario-based ACCA APM questions.

ACCA Advanced Performance Management (APM) Syllabus

For ACCA Advanced Performance Management (APM), you are required to understand controls that ensure reliable management information. This article addresses:

• The necessity for accurate, complete, and relevant data in performance management systems
• Controls over data collection, recording, processing, and reporting
• Risks arising from poor data quality and governance in management accounting
• The role of internal controls and good governance practices in preventing errors, fraud, and data breaches
• Legal, regulatory, and ethical aspects relevant to information management
• Effective reporting controls to reduce information overload and ensure usefulness

Test Your Knowledge

Attempt these questions before reading this article. If you find some difficult or cannot remember the answers, remember to look more closely at that area during your revision.

1. Which control is most likely to prevent errors at the data entry stage?
   1. Monthly management review
   2. Input validation checks
   3. Data visualization dashboards
   4. Report formatting standards
2. A performance report contains several material omissions and is produced from outdated raw data. Which is the most significant risk?
   1. External audit failure
   2. Incorrect management decisions
   3. Violation of GDPR
   4. Increased system maintenance costs

3. True or false? Automated reconciliation routines are a control to detect processing errors in transactional data.

4. List three specific risks to data quality when operational staff manually input performance data without adequate procedures.

Introduction

High quality data is essential for informed planning, control, and decision-making. Inaccurate, incomplete, or untimely data poses a significant threat to effective performance management. For the ACCA APM exam, you must be able to explain and apply key controls over the entire information lifecycle—from initial data collection, through processing, to reporting and dissemination. Weaknesses at any stage can result in poor management decisions, regulatory breaches, or reputational harm.

This article outlines essential principles of data quality, explains types of errors and risks, and sets out practical control procedures for each step of information handling. It also highlights information governance obligations, including legal and ethical considerations.

Key Term: data quality
The extent to which data is accurate, complete, timely, consistent, and relevant for its intended use.

DATA QUALITY: PRINCIPLES AND RISKS

Data Quality Characteristics

To support effective performance management, information must meet these key criteria:

• Accuracy: Free from errors or misstatements
• Completeness: Containing all necessary elements
• Timeliness: Available when required for decision-making
• Consistency: Uniform formatting and meaning across systems/reports
• Relevance: Directly supporting the needs of management tasks

Key Term: information governance
The frameworks, policies, and controls for managing information to ensure compliance, security, and quality throughout its lifecycle.

Common Causes of Poor Data Quality

Errors and omissions may occur due to:

• Manual data entry with insufficient verification
• Unauthorised amendments
• Lack of standardised procedures or definitions
• Failure to validate data against external or reference sources
• Inadequate segregation of duties
• System interfacing issues and data silos

Main Risks

Poor data control can lead to:

• Misleading performance measures or inaccurate KPIs
• Incorrect strategic or operational decisions
• Failure to meet regulatory or legal reporting requirements
• Loss of stakeholder trust and reputational damage
• Data breaches or unauthorised disclosure

Key Term: data control
Procedures and mechanisms designed to ensure the ongoing accuracy, consistency, and security of data during collection, processing, storage, and reporting.

CONTROLS OVER DATA COLLECTION

The initial capture of information is a critical risk point for data error or manipulation.

Essential Controls

• Standardised Input Forms and Templates: Mandate required fields and reduce ambiguity.
• Input Validation Checks: Automated controls verify format and acceptable ranges (e.g., numeric limits, mandatory fields).
• Authorisation Procedures: Only approved personnel may input or modify sensitive data.
• Segregation of Duties: Separation between data entry and subsequent approval or processing tasks.
• Clear Data Definitions and Guidelines: Documentation to ensure all staff capture data using common standards.

Worked Example 1.1

A sales manager is responsible for entering weekly sales figures into the performance system. Some fields allow free-text entry without restriction, and there are no automatic checks for unreasonable values. Last quarter, some figures were mistyped (e.g., omissions, decimal point errors) but not identified before reporting.

Question: Identify two appropriate controls to reduce the risk of data entry errors in this scenario.

Answer:
(1) Implement automated input validation with range and format checks to flag improbable entries immediately. (2) Use standardised data entry forms with mandatory fields and dropdown lists where practical, reducing input error and subjectivity.

CONTROLS OVER DATA PROCESSING

Once captured, data is processed into information for management use. Weaknesses here affect reliability.

Practical Processing Controls

• Automated Calculation and Reconciliation: Use algorithms or routines to aggregate data, perform cross-checks, and highlight discrepancies.
• System Access Restrictions: Ensure only authorised users can edit or process records.
• Change Logs/Audit Trails: Record all alterations, with time stamps and user identification, to enable review and investigation.
• Batch Control Totals: Reconcile inputs and outputs of processes, detecting missing or duplicated transactions.
• Exception Reporting: Automatically generate alerts for missing data or anomalies.

Worked Example 1.2

A finance team downloads data from a production system, manipulates it in spreadsheets, and then uploads it to the management reporting system. Occasionally, data is lost or duplicated during manual steps, but this is only discovered at month-end review.

Question: What controls could help prevent data loss or duplication during processing?

Answer:
Batch control totals can be used at each transfer stage to ensure the number and value of records are consistent. Automated reconciliation routines and change logs provide further assurance over completeness and integrity.

CONTROLS OVER DATA REPORTING

Even with accurate and processed data, information can be distorted or misunderstood at the reporting stage.

Reporting Controls

• Access and Security: Limit report generation and amendment to approved individuals.
• Standard Reporting Templates: Ensure consistent presentation and interpretation.
• Version Control: Archive approved report versions to prevent confusion or unauthorised changes.
• Review and Approval: Implement structured review procedures, including sign-off by responsible managers.
• Information Filtering: Design reports to focus on key results and prevent information overload; summarise detail as appropriate.

Key Term: information overload
The state in which the volume or complexity of information exceeds users’ capacity to interpret or act upon it effectively.

Worked Example 1.3

A management report is distributed with several pages of detailed raw data and complex tables. Senior managers miss a significant error in the KPI summary, since it is buried among excessive data.

Question: Which reporting controls can reduce such risks and improve effectiveness?

Answer:
Use standard report templates that highlight key metrics and trends, and apply information filtering or summarisation. Require managerial review and explicit approval of critical reports before dissemination.

INFORMATION GOVERNANCE: LEGAL AND ETHICAL CONSIDERATIONS

Effective data quality is only sustainable with appropriate governance structures.

Governance Mechanisms

• Clear Policy Frameworks: Written policies for data handling, security, and retention.
• Regulatory Compliance: Adherence to laws such as GDPR, which require accuracy, privacy, and data subject rights.
• Ethical Use: Ensure personal or sensitive information is used only for legitimate, declared purposes.
• Training: All staff must understand their duties regarding data quality and protection.
• Continuous Monitoring: Regular internal audits and control reviews.

Exam Warning

In scenario-based questions, always evaluate the adequacy of management’s information governance policies and whether controls are enforced in practice. Weak governance or “tick box” compliance, without active review or enforcement, is a common cause of poor data quality.

Summary

Reliable performance management requires robust controls over data collection, processing, and reporting—not just IT solutions but clear procedures and active management oversight. Poor data quality or lack of information governance exposes organisations to financial, operational, and reputational risks. Awareness of both control design and governance principles is essential for ACCA APM candidates.

Key Point Checklist

This article has covered the following key knowledge points:

• Explain why data quality is critical for effective performance management
• Identify core risks arising from weaknesses in data handling
• Describe essential controls for data collection, processing, and reporting
• Recognise the governance and compliance requirements for secure and ethical information management
• Apply practical examples of controls to scenario-based exam questions

Key Terms and Concepts

• data quality
• information governance
• data control
• information overload