Get 70% off 
QuickBooks for 3 months.* 

Ends July 8th.
Running a business

Data auditing for small businesses: 5 questions to help you protect your profits

Data is money in the Information Age.

Unfortunately, poorly managed data can become a costly liability. As much as we might not think of it in these kinds of terms, protecting your profits starts with identifying your data.

What type of data does your company create, collect, and store? Where does that data reside in your organization? Who can access the data? Finally, how do you—and how should you—protect your business data?

The answers to these questions reside within a data audit.

What is a data auditing?

A data audit examines your business’ IT and physical resources to evaluate where data is created, stored, and accessed. Once the resources are identified, you can classify your various data types and better organize, utilize, and protect them.

No single recipe exists. However, most should be guided five by questions.

1. What type of data do you have?

Start by brainstorming, talking with your employees, and making lists. Try to identify all the data types your business creates, collects, and stores.

Not only does data balloon and compound as your business matures, new data types frequently arise. For example, no one tracked IP-address hits to their websites in the late 90s. Now, such tracking is built into most websites by default.

The data types within your business may seem endless. Don’t let this overwhelm you.

Accept the fact that you might miss something, and do your best. Use the following list to get you started identifying your data types:

  • Customer data: contact information, sales information, invoices, quotes, CRM data, etc.
  • Employee data: employee files, I-9s, W-2s, employment applications, background checks, performance reviews, performance metrics, etc.
  • Supplier data: purchase orders, design specifications, quotes, etc.
  • Logistics data: carrier documents, freight forwarder documents, shipping label creation, etc.
  • Financial data: balance sheets, income statements, purchase orders, invoices, etc.
  • Communication systems: phone, email, chat, video conference, etc.
  • Performance metrics: sales growth, customer outreach, marketing campaigns, sales promotions, etc.
  • Product development: roadmaps, CAD drawings, prototypes, customer feedback, testing, etc.

Naturally, you will uncover data types that don’t have immediate value to your business. That’s ok. You need to record them anyway. It may have value in the future, in conjunction with other data types, or you may be legally required to keep and protect it.

Next, interview employees and service providers that represent all of the departments across your business. Department representatives work with a more nuanced dataset than you do as a business owner. Accordingly, they can help you build a more comprehensive list.

Below is a list of departments, both internal and external, that may help you build a better list of data types:

  • IT
  • Legal
  • Facilities
  • Inventory
  • Supply chain
  • Administration
  • Human resources
  • Sales and marketing
  • Finance or accounting
  • Logistics and warehousing
  • Product development and merchandising

Don’t complete this exercise in isolation. Part of being a great manager and leader is bringing together your team to help you through the process. You are bound to miss a data type if you don’t involve the stakeholders across your business.

2. Where is the data?

Once you identify your data types, determine where your data is stored.

Your IT department can help you automate a large portion of this exercise. IT can typically scan your entire network with different tools and search capabilities. Create a map of your IT resources along with the data types stored and accessed through those resources.

Start with IT, but don’t forget about physical storage. Identify filing cabinets and the data kept in them as well.

If certain data exists in multiple forms and places, make a note.

For example, many businesses store customer purchase orders in multiple places: sales rep emails (digital), sales rep filing cabinets (physical), ordering systems (digital and physical), network drive for contracts and administrative documents (digital), and more. Identifying data redundancy is a valuable outcome.

Redundant data costs money in storage space (both digital and physical). Uncovering redundancy will help your business manage against it after data auditing is complete.

3. How is your business data used?

It’s not uncommon for business data to sit idle in IT systems and filing cabinets. This is one of the most common mistakes companies make with their analytics. If you don’t use the data you store, it can’t work to your business’ benefit.

Consider your quarterly business reviews. You likely review sales numbers during a quarterly review, but could the quality of the review increase if you supplemented sales numbers with additional data?

What if you reviewed sales data alongside outbound sales calls? Do sales increase as proactive calls increase? Do customers buy more when their sales rep consistently follow up? What about sales in relation to sales promotions?

Your business data use generally falls into one of three buckets:

  • Data stored but ignored (data that is saved/filed and forgotten)
  • Data actively reviewed and acted upon (sales data at a quarterly review)
  • Data not actively used but with the potential to drive business action (outbound sales calls)

It helps to place your data into one of these three groups. After you complete the audit, you can determine what data you can move into another bucket that helps better your business.

4. Who has access to your data?

With a map of your data types and location, you need to know who in your business has access to the data.

Data is becoming more and more valuable in the modern world, but it is also easily transferable. That means unrestricted access to your business data can leave your business exposed to serious harm.

You can’t prevent access to your data unless you understand who has access to the data. Once you understand access, you can build policies restricting and controlling access. Employees don’t need access to all of your business data.

For instance, does finance need access to employee files? Likely not. Does human resources need access to customer sales data? Likely not.

Data is an asset, but it can become a liability if not properly controlled. Control starts with understanding access.

5. How is your data protected?

Securing your data includes protection from outside your business and segmenting data within your business.

If your employees don’t need access to certain business data, block their access.

First and foremost, password protect access to customer-related data that exists in your CRM, ERP, and other company systems. Your sales reps and executives need access. But, human resources and facilities do not. Segment accordingly.

Internal controls are one level of protection, but you need to protect all of your data assets from external sources. Basic firewall protection is a must. For extra sensitive data, you may need more than a firewall. Consider encryption and higher levels of security for such data.

The biggest data-related legal news in the past few years has been the GDPR in Europe, with all signs pointing to similar privacy laws being enacted through the rest of the world as well.

GDPR put new burdens on businesses regarding data privacy in the EU. Many businesses were forced to take dramatic measures to change the way they were protecting and sharing customer data and employee data.

While GDPR made headlines, data-related legal compliance stretches beyond Europe. In the US, certain states have followed GDPR’s guidance and have passed their own data privacy laws; namely, California and Massachusetts

To understand the legal landscape, consult an expert and add a privacy element to your data auditing.

Take action now, your profits will thank you later

A data audit will identify areas where you can make better use of your business data. You may be forced to make some changes to stay compliant with the changing legal landscape. Commit to making a plan and executing the plan based on the results.

Orient yourself around five questions:

  • What data types do you have?
  • Where is that data stored?
  • How is the data used?
  • Who has access to the data?
  • How do you protect the data?

With these questions answered, you can proactively manage your data to better protect your business and your profits.

Mail icon
Get the latest to your inbox
No Thanks

Get the latest to your inbox

Relevant resources to help start, run, and grow your business.

By clicking “Submit,” you agree to permit Intuit to contact you regarding QuickBooks and have read and acknowledge our Privacy Statement.

Thanks for subscribing.

Fresh business resources are headed your way!

Looking for something else?


From big jobs to small tasks, we've got your business covered.

Firm of the Future

Topical articles and news from top pros and Intuit product experts.

QuickBooks Support

Get help with QuickBooks. Find articles, video tutorials, and more.