In this three-part series of articles, we’ve been discussing how the entire world now runs on data, including nonprofit organizations, and this discussion has led us to a deep dive into the topic of data audits–what they are, why you should conduct one, and some pointers on how to do it.

In the first part, we defined the data audit and discussed its emergence as a standard business practice. In the second part, we talked about why your nonprofit should conduct a data audit and how to get one started. Now, in the third part, we’ll talk about where your data audit should lead you and your nonprofit organization.

What Comes Next?

Now that your organization has assigned a person or persons to launch the data audit, more people will likely get involved. Consider again, for instance, the first three and most-basic questions you are asking about your data: (1) is the data being used?, (2) how is the data being used?, and (3) what other data is needed? Most of your findings will result from the answers you receive to these questions. And unless your organization is very small or has a very small staff, these questions cannot be answered by just one person–you’ll be checking in with everyone from yourself to your board of directors to the person who answers the phones. Your collection of data-audit questions must be put to anyone who might be involved in your organization’s data collection process and anyone who might utilize the data to do their jobs.

Compile Your Findings

If your data audit has been conducted carefully and sincerely, you should be able to compile your findings by identifying at least the following three kinds of data within your organization:

1. Good data. Your organization’s good data is the data which (1) you are currently collecting effectively and efficiently, (2) is needed and is being used regularly, and (3) is stored securely and safely. Aside from a few minor adjustments to address inefficiencies, plug security holes, or increase the data’s richness, this data can be patted on the head and left alone.
2. Bad data. The bad data in your organization is the data that has some form of the following problems: (1) you’re spending time collecting this data but you don’t need or use it; (2) you need the data but are not currently using it; (3) you need the data and would use it but you can’t easily find or access it; (4) you’re collecting the data and maybe even using it but the data is not secure and/or is not safe. As is the case with other kinds of audits, “bad” results aren’t pleasant to uncover, and they represent unwelcome tasks and efforts that your organization must undertake. However, bad results are in fact one of the most important purposes of the auditing process–to root out problems, errors, and inefficiencies, and then fix them, reduce risk and waste, and thereby improve the organization overall.
3. Missing data. The missing data is that which your organization needs but is not currently being collected, sometimes called a “data gap.”

Implement Your Solutions

In most cases, your findings will suggest their own solutions.

Bad data solutions: (1) Data that is being collected but is not needed or in use should no longer be collected. You may consider disposing of such data, especially if it’s costly to store and manage, but this step should be very carefully considered. Once you dispose of data, it’s difficult or impossible to get it back. (2) Data that is useful but unused should be put into use, especially if there is an efficiency to be gained. (3) Similar to the previous item, data that is inaccessible because of its location or format should be converted, ported, or moved so that it can be utilized, especially if there is something to be gained. (4) Useful data that is improperly stored in terms of security, stability, or integrity should be immediately moved, secured, verified, protected, etc.

The solution to missing data, of course, is to begin to collect and use it.

Big Moves

A data audit might actually be somewhat painful to the organization which has never conducted one, because it will likely expose all kinds of problems, risks, and data gaps that must be addressed. Some of these will require big moves, purchases, or changes in policy. Resources for storing a protecting data might have to be placed on the organization’s wishlist, for example. Personnel may be needed to keep a better grip on the organization’s data profile. Procedures that have been in place for years may need to be altered or completely overhauled.

The good news is that after the first data audit, they’ll get progressively easier and will eventually center mostly on slight course corrections and steady improvements.

‍