CSO

If you are working at establishing a solid identity and access management program (as but one example where this could be the case), you must ensure that the data you are about to enter is clean, accurate and true. All too often we take for granted that the data that comes from various sources has been fully vetted. The data goes in, is processed and it magically comes out with significant religious connotations. 

A word of caution: Be sure if you are starting to go down the road of identity and access management that you fully understand segregation of duties. Also ensure that you do not stop there but drive fully to role-based access control. Validate the roles both automatically (which may get you at best a 50% hit but that is based upon what is there (an already GIGO example) but fully verify all roles manually. Build your swim lanes; reduce the number of roles; ensure automated add/change/delete and entitlements review processes. This is truly time intensive but the risks are too high to ignore. 

As I said before, this is but one example. Think of all the financial data being entered into your core systems; marketing data; supply chain info; architectural specs, legal information, and more. Has it been fully vetted? Does your organization even care or are the practicing another fine and well-tuned art, that being KIBO?