She has known the data work was overdue for eighteen months. Customer records live in three places that do not quite agree. Onboarding runs differently depending on who picks it up. Last week she spent twenty minutes hunting for a contract amendment a client had asked about, and eventually found it in an email thread on her phone. She does not want a six-week consulting engagement to begin fixing this. She has half a day a week for the next month, and a quiet suspicion the work would not take much more than that if she could see where to start.
This post is the assessment that gets her to the start line. Five short sessions, five hours of focused time, one page at the end. No consultant, no software, no formal methodology. The point is not to fix the data layer, it is to see it clearly enough to know which three things to fix first.
The case for doing a structured baseline beats indefinite postponement on cost alone. The 1-10-100 rule from quality management captures it directly: the cost to prevent a data problem at source is 1 unit, to correct it once detected is 10, to deal with the failure after it reaches customers is 100. Without a baseline, the firm only ever meets its data problems at cost 100, after a client complaint or a botched report. Research on data governance is consistent that firms which establish foundational governance within a three to six month window report meaningful reductions in remediation and audit cleanup cost. Almost no SME has done the baseline yet, which is a visibility problem, not a willpower one.
Session one: what state are your customer and business records in?
The first session maps the data foundation that drives revenue, compliance, and the decisions that matter. You are not auditing everything. You are answering three questions for each of your three priority datasets: what is it, where does it live, and how clean is it at the level of your next AI use case. An hour of focused work, one page of notes, no fixes yet.
For a typical services firm the three datasets are customer master records, transaction or order history, and resource or employee records. For each, write down the system it lives in and rate it against four dimensions in the UK Government Data Quality Framework: accuracy, completeness, consistency, validity. Then run a fifteen-minute spot check. Pull twenty to thirty recent customer records and read them. The pattern shows up immediately, the routinely empty fields, the drifted formatting, the duplicates that should have been merged. Write it down and stop. The discovery is the deliverable.
Session two: where does the operational knowledge actually live?
Operational knowledge carries the most acute risk in a small firm. The risk is the single point of failure: when one person understands a critical process, client relationship, or legacy system, and that person leaves or is unavailable, the work grinds. For a ten-person business this is existential, and it is rarely well mapped. An hour of session two surfaces where the exposure sits and what to document first.
Use the three-types taxonomy. Explicit knowledge is documented and portable, the SOPs and client handbooks. Implicit knowledge is how those documents get applied in your context. Tacit knowledge is the experiential expertise that lives in individuals, the senior person who spots a difficult client early. List your five priority repeating processes and place each one against the taxonomy. Then ask the disappearance question for each: if the primary owner of this process was off for a month, could it run? If the honest answer is no or maybe, that is a single point of failure and it gets logged.
Session three: can you find the work you have already done?
Findability is a direct test, not a discussion. The work of the last decade is either retrievable when you need it or it is not, and the only way to know is to try. Three concrete tests, ten to fifteen minutes each, against a real example pulled from the last six months. Time each one, write down where you found it and how long it took, and a clear pattern emerges within forty-five minutes.
Test one is compliance retrieval. Pick evidence of a specific decision or transaction from six months ago, a contract amendment, a sign-off, a health-and-safety record. Without asking anyone for help, locate the documentation and time it. The ICO guidance for small businesses is explicit that inability to retrieve efficiently is itself a governance failure. Test two is client knowledge retrieval. Pick a client of more than a year and locate everything a new team member would need: emails, notes, contracts, project files, feedback. How many locations, and is the information consistent? Test three is operational knowledge retrieval. Pick a tricky problem your team has just seen and try to locate whether you have dealt with similar before. The honest answer surfaces the gap between the stated knowledge base and the actual one.
Session four: does your team share the same language?
Shared language is the gap that hides behind reports that look identical and rest on different foundations. When operations uses “prospect” differently from sales, when finance calculates revenue differently from board reporting, or when customer status is recorded inconsistently across systems, the firm cannot trust its own analytics. This sounds like an enterprise problem and it is equally acute in a small team, because informal communication masks the inconsistency until something breaks.
Three short checks. The glossary check: write down ten to fifteen terms central to how the business runs, then ask three people on your team to define each one independently. Where definitions diverge, you have a glossary gap. The SOP check: identify your three priority repeating processes and answer three questions for each. Does a written SOP exist? Is it current? Do team members follow it, or adapt it each time? The naming-convention check: look at how files, records, and documents are named across your three main systems. Are names descriptive and ordered logically, or cryptic and inconsistent? A simple agreed pattern fixes this in a single afternoon.
Session five: what does the one-page summary actually say?
Session five turns the previous four hours of notes into a single page. Three sections, no more. The structure is deliberately simple because the artefact is the point: a page the owner can pin above her desk, share with the team, and revisit in ninety days. It is not a report, it is the operating note that drives the next quarter of work.
Section A is current state in three or four sentences: “Customer data lives in Salesforce as the master and in scattered email threads for transaction context. Email accuracy is roughly 75 per cent and duplicates are common. Onboarding runs differently for each client. Documents are split across the shared drive, email, and Slack with inconsistent naming.” Section B is the three highest-value moves, each with effort estimate and expected impact. A typical set looks like one round of customer-data cleanup, three documented SOPs for the highest-volume processes, and an agreed file-naming convention applied to active client folders. Section C is the ninety-day target with success criteria. For each move, name what “done” looks like, then print the page and share it with the team.
The five sessions are five hours of focused work spread over a month. The output is one page. It tells you what you have, where the risks sit, and which three moves will create the most value in the next ninety days. That is enough to act on, and enough to decide whether external support is worth paying for. If the assessment surfaces a regulated-data problem, a likely M&A event, or a migration that depends on data integrity, that is the point at which a consulting engagement earns its fee. Until then, the one-page version is the right tool for the size of the firm and the size of the question. If you want a second pair of eyes on the output, book a conversation.
