In today’s digital world, companies are going through various iterations in adopting digital technologies to become more efficient and competitive. Companies are increasingly evaluating and implementing new platforms such as CRM, ERP, analytics platforms, portals, apps, databases, compliance/risk systems, and building new interfaces with external stakeholders. All these technology enablers and platforms can be grouped together as a Company’s Information Systems (IS).
An effective IS strategy streamlines the process of decision making, simplifies the process of delivering required information, and facilitates better decision-making. A company's information system is regularly assessed for new functionality requirements and a need for upgrades. In some cases, components or modules of the system may need replacement based on factors such as lack of alignment and agility, recurring and costly technical problems, or obsolescence. It is critical to assess whether the current information system is outdated or ineffective, as such a system may impact productivity, revenue, and compliance.
Regardless of the sector (i.e., manufacturing, retail, life sciences, etc.), a data migration activity is required before moving old data from the legacy system (‘source') to the new information system (‘target'). This procedure includes not only a shift in storage location, but also changes in storage format, data formats, backend databases, renaming data values and applications. There are various risks and challenges involved in the data migration activity that one needs to be mindful of. As per Gartner:
"Analysis of data migration projects over the years has shown that they meet with mixed results. While mission-critical to the success of the business initiatives they are meant to facilitate, lack of planning structure and attention to risks causes many data migration efforts to fail.”[1]
Migrating data to a new platform may be very time-consuming, and any compromise in the data's integrity during this process has far-reaching consequences for the company, such as delayed projects, hefty compliance fines, loss of regulatory trust, or reputational harm.
A data migration may be considered successful if the data in the new information system is accurate, correctly mapped as per the business module, and accurately reflects the original data. As a result, it's critical to do an audit of all data migration operations to guarantee that all of the data was migrated whilst maintaining completeness.
What are the different types of migration activities?
Companies carry out a variety of technology migration activities that inherently require data to be migrated. Some of these migration activities are:
- Application migration involves migration of data from a legacy application to a new application such as core banking application, enterprise resource planning (ERP), web applications, compliance and risk applications, etc.
- Database migration involves migration from one database to another vendor database or consolidation of different databases into one – such as from Microsoft SQL Server database to an Oracle database (or vice versa) or to an open-source big data platform.
- Datacentre migration includes migration of existing information processing facilities to third-party data centers or consolidation of multiple data centers or migration from on-premises systems to the Cloud and vice versa.
- Hardware migration includes migration from one server to another server, consolidation of servers, migration from one storage device to another device, migration from one network device to another device.
What challenges should be expected in a Data Migration project?
Data migration may seem straightforward at first, but there are several underlying complex activities that can turn it into a challenging process. Some of such challenges include:
- Lack of data knowledge – Data is the heart of any IT system and, in many cases, it contains vital business information or intellectual property that needs to be protected. Furthermore, data can come in several formats and use different technologies for storage, which means it may require conversion before being used by a new platform. This is where a lack of data knowledge and expertise may become a challenge. A data migration project requires the team to develop new skills, which they may not already have.
- Data analysis and data cleansing – To ensure that migrated data maintains its integrity and completeness, either for reporting or feeding new business systems, extensive data analysis and cleansing activities need to be performed across all source systems. This process may require the involvement of IT or migration teams with expertise in data modelling and/or ETL model development.
- Incompatibilities of data migration between different vendors’ applications – Each vendor has its enterprise application with a complex database architecture that may not be compatible with the application of other vendors. As a result, the new application provider experiences persistent problems only the vendor of the legacy application has access to the required technical documentation to understand and map the application and database schema correctly.
- Source legacy system data quality – In our experience, the majority of legacy systems have data quality that is far from ready to be migrated. This goes unnoticed until a system failure occurs post-migration. It requires significant effort to remediate the poor data quality before migrating the data. If ignored, it can lead to a failed data migration project.
- There is no single source system – Most large organizations have several data systems that hold different pieces of information about their customers or business units. For example, an organization may use a CRM system to store customer records, but those will not include billing or shipping information that are stored in financial or ERP systems. This means that multiple data sources need to be mapped and consolidated before the migration can take place to a new system that encompasses the functionality of multiple existing systems.
- Insufficient understanding of data – Incomplete documentation of the legacy system data, its database structure, and an insufficient understanding of how the data is mapped between datasets, can cause a data migration project to fail.
- Large volume of data – The volume of the data is directly proportional to the complexity. Massive data volumes make data governance more difficult and have an impact on data quality.
- Data mapping – Data fields in a legacy system may not be in sync with the new system due to differences in application and database architecture, adding complexity to the project.
- Duplicate data – While performing a data migration, data may get duplicated in the process of creating staging or intermediate datasets. Identifying and handling such duplicate data is a crucial activity, which requires a thorough understanding of the relationships between the data fields. Data duplication can be eliminated by cautiously deleting data, as deletion of any incorrect data can lead to serious post-migration issues.
- Complex validation thresholds – Most organizations rely on their application provider to validate whether data migration has been successful or not. When difficulties arise due to a lack of validation procedures, the project is likely to suffer. This can result in downtime of systems during working hours.
- Poor documentation of the migration strategy – The strategy document defines the road map of the migration and the team responsible for developing and implementing the information system and migrating the data. Improper execution or planning can pose a high risk to the project going over budget, exceeding timelines, or even failing completely.
- Limited information for decision-makers – During the migration phase, business decision-makers receive limited information to decide whether to approve the transferred data as complete, functionally data is correct, or the new system can go live.
- Un-owned cross-functional dependencies – Projects involving multiple teams may cause several challenges due to lack of ownership, miscommunication between teams, and several other dependencies. This is a real challenge in data migration projects where there is usually a separate team for each source system that needs to be migrated. To avoid such challenges, it is important to understand all cross-functional dependencies and ensure that proper communication channels are established between teams before the project begins.
- Unplanned events – Data migrations, especially those involving multiple source systems, may not be as predictable as expected due to changes in business requirements or regulations, data quality issues, or errors made during the migration process. A strong data governance plan, including issues and SLA management, must be put in place to ensure that proper follow-up activities such as QC & compliance checks are carried out throughout the project life cycle.
How to mitigate risk through a Data Migration Audit
Like any other audit, a data migration audit can ensure the correctness and completeness of the migrated data for the new system's operating effectiveness. The objective of the auditors in the data migration audit is to ensure:
- Ensure Data Integrity – Ensure the data in the target system qualifies the integrity and reliability tests. If any faults or mistakes are discovered, appropriate countermeasures are recommended for mitigating the risk impact. Some of the data integrity checks include:
- Verification – To ensure completeness and accuracy of the data migrated, conduct value checks of the field and perform a reconciliation of each dataset to identify any data loss or error in data value.
- Validation – To ensure that the data fields of the legacy system are correctly mapped to the business module of the target system. Further, ensuring that the left-over data in the legacy system is not required for future business needs and can be archived.
- Conduct an audit of migration algorithms or tools – A thorough assessment of the algorithms/tools before the actual deployment of the migration activity can help identify any risk or gaps related to data loss.
- Control Adequacy – Assess the migration mechanism which includes project documentation, project team roles and responsibilities, backup plans, vendor support, test documentation, etc.
- Business Continuity – Ensure adequate security measures are taken during the migration project in order to avoid any disruption during the process of migration.
- Effectiveness – Review the strategy adopted for migration and the approach used to migrate data from legacy system to target system, to ensure compliance of the original budget and schedule and identify inefficiencies or deficiencies (if any).
- Ensure compliance with local and international regulatory norms – The approach adopted for the data migration must ensure data security and compliance with regulatory norms. Failure to follow the right regulatory and cybersecurity measures could lead to a data breach or fines for noncompliance. Also, depending on the industry, regulators require proof that reasonable and adequate precautions are taken while dealing with sensitive data.
Due to a variety of reasons, such as a lack of understanding of the new target information system, resource limitation, and lack of relevant skills, many organizations are completely reliant on vendors for the entire data migration process. As an organization migrates data to the target system by engaging vendors, it is important to ensure that the migration plan is holistic and there is an emphasis on proper planning, data mapping, quality control, and post migration validations.
Furthermore, data migration being a complex, time-consuming, and challenging process, it is critical that this activity receives sufficient executive focus because a failed data migration can result in significant disruption to business continuity. In order to avoid these risks, it is advisable that organizations adopt a data migration audit framework to ensure their data migration projects are successful. The audit activity has to run in parallel to the migration project from initiation to completion.
About Ankura’s Data Migration Audit Framework
Migrating critical data is a complex process and there should be additional emphasis on quality assurance. Ankura's Data Migration Audit Framework has been developed over years of assisting our clients across sectors in addressing a wide variety of technology & data platforms and the associated challenges.
[1] “Risks and Challenges in Data Migrations and Conversions.”, Gartner, 25 Feb. 2009, https://www.gartner.com/en/documents/897512/risks-and-challenges-in-data-migrations-and-conversions
© Copyright 2022. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.