DAM risk management

This article is about risks with Digital Asset Management initiatives and describes some strategies you can use to manage them.

What is Risk?

Risk can be defined as the probability of a given event occurring and the impact that it is likely to have. Uncertainty is an unavoidable feature of introducing new technology, risk management exists to help deal with that in a structured fashion.

Identifying Risks With Digital Asset Management

A practical approach to identifying potential risks with DAM is to work backwards from the benefits. For every advantage you expect to gain from DAM, there is a corresponding risk. Modifying the method used to achieve an objective can increase or decrease both the impact and probability of the risk.

Example DAM Implementation Risks

Below are some potential benefits of DAM (not all may apply to every DAM implementation)

  • DAM will solve a multitude of issues we have with our current use of digital assets
  • DAM will help us find our assets more quickly
  • Cloud DAM will allow us to avoid capital expenditure on internal IT facilities
  • DAM will allow everyone to share and re-use assets
  • We can control how assets are being used
  • We can find out what assets are in demand

From each of these, you can extrapolate some risks that may become issues. Each are described below, the order that correlates to the benefits above. This is evidently nowhere near all of the range of risks you will encounter, but you should start to see how to apply the strategy.

Commissioning multi-purpose DAM solutions that fail to address any single requirement adequately

When I talk to prospective DAM users, most acknowledge that it is a bad idea to try and build monolithic systems that try to answer multiple requirements simultaneously. However, a number frequently still end up doing it anyway and expose themselves to more risk than they needed to.

Ideally, DAM initiatives should be started with a very restricted and well defined scope. Sometimes that might mean not buying a DAM product initially, but just auditing what assets exist and analyzing what range of solutions offer the most benefit. Digital Asset Management describes a huge range of solutions with multiple options on offer. A risk management strategy for implementing DAM suggests that funds should be invested incrementally in a bottom-up manner based on proven need and regular reviews.

As you examine your needs and begin to introduce systems, different requirements and alternative ways to approach the problem will be revealed. If you handle this with risk management in mind, you can change direction and ensure that you do not waste funds introducing features or solutions that are less useful than you once thought (or were told) they might be.

Unsuitable asset findability and cataloging strategies

DAM systems provide the ability to search for assets very quickly, but they only get found if they have been cataloged using descriptive and meaningful metadata that reflects the underlying media file. The risk is that assets just get uploaded and only perfunctory cataloging metadata is added. If no one can find anything, there is a risk that users might start hoarding their assets in personally owned collections. To ensure that does not happen, a findability strategy together with cataloging procedures and training which support it are all needed.

Relying exclusively on a single asset storage hosting provider

While you can reduce internal IT expenditure if you put all your assets into a Cloud based or hosted DAM, you need a contractually watertight exit strategy and full transparency about data safety procedures. It is also prudent to consider arranging your own backups. If the provider ceases to trade and you have nothing in place, it might be very difficult to retrieve your assets. From the opposite perspective, deciding to do it all in-house might be no better (or even worse) if your internal backup procedures and off-site storage fail or were not in place to start with. There will also be a cost implication to cover increased server utilization and extra capacity etc.

A risk mitigation technique might be to not rely on one single provider but to hedge your risk with some alternative options that are completely separate from whoever hosts the servers with your DAM solution running on them. The downside is increased cost, but the benefit is like taking out a form of insurance and affords you some protection should the worst happen.

Poor training and awareness of the DAM system will reduce user volume and restrict asset re-use

Staff will only re-use assets if:

  • They have been uploaded to the system.
  • They are aware there is a DAM.
  • Training has been provided to explain how to use it.

If at least these points are not addressed, there is a significant risk that assets will not get re-used. You cannot have a 'build it and they will come' attitude. The larger the number of prospective users, the more you will have to invest into training, internal communications programmes and other change management planning.

Asset usage is too tightly controlled so users cannot access assets and abandon the DAM

Most systems have access controls and workflow features that are designed to ensure that selected assets cannot be used without prior approval or only found if the user belongs to a given permissions group. Used sparingly, they are sensible features to protect sensitive assets. What sometimes happens is that the original staff responsible for them decide that they need to see exactly who is using their assets but they lack the time to check this on a case by case basis. As such, everything gets restricted or even hidden universally. This can end up creating 'virtual silos' within the DAM system and render any re-use benefits of DAM null and void.

This is quite common for corporate DAM and it is an example of a risk management strategy that can, itself, create another risk. You may find there are consequential issues where your attempts to mitigate one risk can create alternative ones instead. Although it might not seem like it, this can be beneficial because it means you are uncovering more of the problems in advance and therefore giving yourself more time to deal with them satisfactorily.

Inadequate auditing and reporting capabilities

If you want to find what kind of assets your users are looking for so you can commission or purchase more of them, then you must have tools that allow you to get both summary and forensic level detail on what they are searching for and other patterns of behavior like downloads etc.

If your DAM reporting tools are inadequate then you cannot identify usage properly. Sometimes, you may find that any built-in reports in the DAM software might not tell you everything you need to know. For this reason, it is useful to have access to audit trails that track everything that has happened on your DAM system so there is some capacity for you to create your own custom reports where necessary.

Operational DAM Risks

The risks I have described above mainly relate to the initial set up of the system when it is first introduced. These obviously have a big impact, but the operational risks associated with using and maintaining your repository will acquire an equal or maybe even greater significance over time. They can include:

  • Technical failure of the server and/or hosting environment.
  • Supplier business failure (and/or exit from the DAM market) and loss of support for your chosen solution.
  • Fluctuations in prices for commodity items like storage.
  • Departure of key personnel combined with inadequate training and induction of new employees into the DAM.
  • Failure to review auditing and reporting data to ensure that the system continues to meet the demands of users.

These operational risks require ongoing monitoring and review to ensure that they are not becoming problematic. Also on the upside, that opportunities to reduce costs or replace older components and features are explored and taken advantage of where appropriate.

Documenting and Monitoring DAM Risks

Project management methodologies, like PRINCE2 or PMI include various documentation products to cover risk management. Not everyone wants or is able to use formal methods like those described, however. If that describes your situation, you still need to be documenting risks you identify. Below is an outline of what sort of details you should be recording:

  • The risk description
  • The risk category or type
  • Who identified it and when
  • The probability of it happening
  • The impact
  • The tolerance level beyond which the risk needs to be reviewed
  • Steps to mitigate the risk
  • Budget implications of both the risk and the mitigation method
  • Follow-up tasks
  • Review date

As described, the nature of the risks involved will change before and after your DAM initiative goes live. Post-launch, you still need to keep a log of these on an on-going basis. They should be retained with other procedure guides for using your DAM system and more general activities like metadata standards etc. The objective is that as many of the identifiable risks as possible are documented and mitigation methods considered in advance. Staff should be able to go to the documentation and it will give them advice and recommendations to resolve problems or help guide them in deciding what to do.

If you maintain this resource over the full lifetime of the system your DAM services stand a greater chance of continuing to deliver positive ROI even when key personnel leave and are replaced. Additionally, when the time comes to refresh your DAM initiative in the future you will have more tangible information about what areas need to be addressed by any replacement solution. Risk management documentation adds value to your repository of assets and needs to be viewed as an asset in its own right.


Risk management is like any other technique for controlling projects and delivering solutions that are fit for purpose. It is only as good as both the personnel involved and how diligently they are able to apply it. What it can offer, however, is a framework for managers that helps them to make decisions. With complex undertakings like Digital Asset Management, that be invaluable for both making progress and having plans in place should circumstances change in ways that were not fully anticipated.

Image courtesy of Gunnar Pippel (Shutterstock)

Editor's Note: Be sure to check out Ralph's other articles: Real World Digital Asset Management ROI and The Digital Asset Management Value Chain.