Wednesday, April 04, 2018

What we Mean by Information Integrity

With the growing focus on data for purposes of decision making, whether it be big data or regular internal data, there is a growing need for a focus on information integrity. However, what exactly is meant by information integrity is not widely understood.

In 2013, the AICPA Assurance Services Executive Committee’s Trust Information Integrity Task
Force in conjunction with the Canadian Institute of Chartered Accountants published a paper on this topic. The paper provides a full explanation of the meaning of information integrity.

In that paper, "information integrity is defined as the representational faithfulness of the information to the underlying subject of that information and the fitness of the information for its intended use."

These two concepts - representational faithfulness and fitness for intended use - form the core of information integrity.

Representational faithfulness is determined by how well the information "represents the subject that it purports to represent. For example, a weather report is the representation of the weather. Therefore, the integrity of the weather report depends on how well it represents the weather."

The other concept - fitness for use, is clearly related to the concept of representational faithfulness since if the information does not fairly represent the subject, it will be of little use.  But fitness for use goes well beyond this idea. The paper points out that "information is prepared for a specified purpose and includes: (1) the observations about the characteristics of the specific events or instances to which it pertains, (2) information about the environment in which the events occurred or the instances existed and (3) other information necessary for the observations to be used for their intended purpose."

This additional information is often referred to as meta-information. "Information integrity is determined based on both the information’s consistency with its meta-information and its representational faithfulness. Therefore, information integrity includes the accuracy, relevance, precision, timeliness and completeness of the information and its meta-information. Information that is accurate, relevant, precise, timely and complete for a particular purpose can be termed to be “fit for purpose.”

That's quite a handful to deal with. It requires some dedicated effort by management to assess the integrity of the information it is using, but this effort is crucial to making sound decisions.

The paper has some ideas for how management can obtain the assurance they need, ranging from making sure they understand the context of the information to obtaining an independent report from an information assurance professional. It's an area that deserves a lot of attention. A copy of the ASEC report can be obtained on the AICPA site.

No comments: