Accelerate data governance planning and launch with three basic steps

A recent major survey of a wide variety of businesses reported that nearly four out of five are in either planning or launch phases of establishing new data governance capabilities. This is not too surprising since reliable information is the lifeblood of good business decisions, and critical data is a main ingredient. Like any other important asset, critical data must be well maintained, be kept secure and trustworthy. Data governance is rapidly becoming a recognized dimension of enterprise governance and, for many businesses, the next logical investment for maturing information delivery.

Put simply, data governance defines and verifies that appropriate internal controls are placed over the management of important data. To be most effective, these controls should be aligned with your business goals and objectives. Since controls cost time and money to deploy and operate, efficient data governance should assure that just enough is put in place; not too much and certainly not too little.

Companies practicing data governance effectively have improved ROI on technology investments alone by as much as 40 percent. Of course, the opposite effect is also possible, so getting the balance right will determine whether data governance produces a lift or a drag to your business. Since most of us are probably doing this for the first time, the challenge is to move forward with confidence in our outcomes while mitigating the risks of the unknown. Fortunately, there are three steps you can take immediately to greatly improve your odds for success over the long haul:

1. Begin defining an approach and roadmap that fits your culture, can be gracefully evolved over time, put into daily use and clearly communicated. Let’s call this the Framework and Roadmap.
2. Create a flexible organization of people and internal controls that you can adapt over time while delivering results early and often. Let’s call this Stewardship and Controls.
3. Establish the common ground for moving toward a consistent business language that gets everyone speaking from the same page. Let call this Common Business Language.

These three basic elements will buy you time and increase the certainty of a good outcome. In addition, they establish the basis for some immediate and surprising benefits. But first, let’s define data governance a bit more clearly and then look at each of the three steps more closely.

Data Governance Overview

Managers assuming responsibility for data governance soon realize that controlling ‘data at rest’ in a file or database is only part of the challenge. You must also establish points of control over processes, both technical and human, that can negatively impact critical data.

Governing data requires organizing people, policies, processes, practices and principles for specifying how critical data will be managed. Once these controls are put in place they must be monitored against clearly defined measures indicating when issues arise.

Technical processes requiring governance typically include data entry systems capturing records of transactions, where all necessary data must be captured accurately and completely. Another example could be a back office process moving data from one system to another, assuring that any changes to the data while in transit can be clearly understood. In such cases, controls can often be automated.

Human processes are just as important. Developers creating new functionality such as a data warehouse or business intelligence deployment must demonstrate that they have considered impacts their work might have on existing systems. They might document this in a standard template that states the precautions taken. Similarly, you might have a process for requesting user access to critical data, with some means of determining that the user has a legitimate need to do so.

Most of us are probably doing this for the first time. Proven success models are in short supply, as are experts who have sufficient background to help. You may feel you are faced with a choice of pushing forward relatively on your own, hoping to work out the details as you go. Alternatively, you can put everything on hold until you have it all figured out. Neither choice offers a very attractive prospect.

Despite these challenges, you can begin delivering results early and often, while minimizing the risks of the unknown. You can develop momentum that results in recognition, adoption and continued funding required for your success.

Perhaps most important, you will understand why each control you establish aligns to your business goals and policies. In short, you will start by being in control and staying in control. To do this, you should carefully consider establishing the following three elements as early as possible:

1. Framework and roadmap
2. Stewardship and controls
3. Common business language

These three basic steps will increase the certainty of a good outcome. And remember, there are some surprising benefits in store for you once they are taken.

Framework and roadmap

Frameworks provide a broad organizing structure for the essential knowledge and skills in a data governance program. Your framework can include a charter and principles to guide decisions. It can also capture your program goals and explain how they align to business goals overall. You can publish your sponsorship and stakeholder model, lending a sense of buy-in and common purpose. In addition, you can define practices and guidelines by which governance will be conducted.

Roadmaps establish a program indicating what data governance capabilities will be developed and when they will be deployed. This allows levels of realistic expectations to be communicated early to sponsors, stakeholders and practitioners. It also establishes a high-level set of key performance indicators against which your program can be measured.

Creating an effective framework and roadmap declares the how and when of your data governance program, creating an increased confidence and consensus in the value which can be expected.

You can roll this out in increments, allowing your growing understanding to be reflected in an evolving statement of direction and means by which you will travel. But perhaps most important, your framework should be appropriate in terms of the cultural and political environment of your business.

In her Data Governance Manifesto, Jill Dyche points out that your framework should reflect your business culture, that “there are far too many organizational, cultural, ownership, definitional, and policy factors involved in data governance to rely on a template of cross-the-board best practices.”

You have at least four options for creating your data governance framework:

• Create your own unique framework with assistance
• Adopt an industry standard framework such as ISO or ANSI
• Subscribe to an adaptable framework offered by an industry expert
• Capture your framework through knowledge transfer from an existing consulting engagement

Whatever approach you choose, the tools you choose to manage your framework and roadmap should ensure that your framework lives on in the day-to-day activities of data governance. One approach is to embed your framework directly into your tools. This ensures that your practitioners are able to constantly leverage the principles, policies, practices and processes that you have defined within your framework.

And of course you should continually leverage your roadmap to communicate progress and any changes in plan. Again, this becomes much more meaningful when it is directly integrated with your framework as a cross-check to ensure your stated approach matches your intended end-goals.

Stewardship and control specifications

Stewardship describes the careful and responsible management of something entrusted to one's care. This term has been adopted broadly within the information management community to describe activities in both data management and governance. You will benefit by either using this term directly or creating a synonymous term that works within your culture.

Control specifications form the basic mechanism of governance, providing the means to direct or determine how management or critical processes or assets should be done. Effective internal controls have been identified as one of “four key corporate governance issues that underpinned both success and failure” of enterprise governance. By extension, this applies equally to data governance.

Launching data governance stewardship largely involves specifying internal controls for data management, identifying where they should be placed, and then working with data management teams to implement and deploy the controls. If this remains well organized, then the day-to-day role of stewards become very simple. They monitor the status of each control and address any issues that arise. An escalation process should be defined for issues that cannot be solved directly, and the current status of all active escalations should be readily available to those overseeing governance, including senior management.

Tools used to organize stewardship and control specifications should not require technical expertise to use. Stewards “will generally come from the Business side of operations. They set policy that IT and Data groups will follow as they establish their architectures, implement their own best practices, and address requirements.”

Data governance determines the specification for how controls should work and what measures or indicators a control should report as status. This provides the ability to judge whether a process or asset is being managed correctly.

Controls are not always highly technical or automated. For example, a control specification could support an information management policy requiring that managers of databases containing sensitive customer data should be required to perform periodic reviews of user accounts. The control specification indicated how often the reviews should be conducted, what basic steps should be followed, and how the control will be measured for success. Specifically, this might call for authorization of each account once a month by an immediate supervisor. The specification would define measures for success, such as completion of all reviews within a certain timeframe. The control specification could also require that any reviews not completed within that timeframe be listed and reported back to the governing steward. This information could be tracked over time and reported to audit and compliance teams as needed.

Segregation of duties becomes a critical concept at this point. A mature governance program should be able to demonstrate the ability to apportion tasks between different members of your working staff in order to reduce the scope for error and fraud. In other words, the person managing a critical process or asset should not be the same person that is responsible for governing that management. Few businesses will be able to justify dedicated full-time stewards. Most will have a range and mix of duties, including managing critical systems. As you organize your governance stewardship, it is vital that you are able to identify any lapses and correct them. This task becomes more challenging as the size of your organization grows.

Tools used to manage where controls will be placed should make it easy to understand the specification for each, as well as which steward has been assigned and what information is being captured to understand the current status.

Common Business Language

A common business language promotes communication and understanding both within and without our business organizations. This often takes the shape of a business dictionary or glossary that captures the various divisional ‘dialects’ and then maps them to a single, unified set of terms. We can then understand why, for example, sales people might interpret something quite differently than people in financial reporting when they refer to ‘customer’ records.

In the words of one team of noted data management experts, “As government-mandated regulatory requirements and the need for enterprise-wide data analysis continue to grow, many companies and large government entities are looking to attain standard definitions for their common data.”

Establishing common terminology becomes especially crucial when mapping technology to business processes. Clearly understood and agreed upon terms and definitions must be in place to correctly align automated processes to the human experience they are intended to support, especially those where interpretation of meaning could determine the accuracy and dependability of vital information.

Tools supporting creation of a common business language should help identify and resolve differences in meaning in a way that permits specialized use to continue in harmony with the more general requirements of the overall enterprise. Tools should also allow your progress to be gradual, if necessary. Achieving consensus and adoption for common terms can prove difficult and controversial. But steady progress can be increasingly leveraged to reduce confusion and enhance operations between groups.

And you will also enjoy benefits that extend beyond your internal business processes. Christopher Cox, the chairman of the Securities and Exchange Commission (SEC), recently underscored the important role that common business language will play in the convergence of global markets. He noted that the SEC is considering mandating adoption of new standards that “improve the usability of financial reports, increase data quality, as well as speed the time to publishing.”

And Now for the Surprise

Each of these three elements of data governance provides specific benefits and potential lift for your business. You can describe your approach and a roadmap for rolling out your program. You can also show exactly where each control has been established, which steward is assigned to each, and what status is being reported back by each.

Surprise, this is most of what you need to begin delivering business value in two essential areas.

First, you can use the metrics reporting back by controls to create a dynamic and comprehensive understanding of the quality of your critical data. You can determine which data has higher or lower priority, and unique criteria that you established by which to judge priority. You can track exactly which steward is assigned to each control, and you have the means to address issues as they arise. For many organizations, this will be the first time that data quality is given clear visibility. It allows you to communicate progress to users and stakeholders across the enterprise.

Second, you have most of the information you need to respond quickly and accurately to audit and compliance requests. You might even consider allowing auditors to access reports themselves as needed, greatly reducing the tendency for response to turn into time consuming fire drills. In addition, by demonstrating your progress toward establishing increasingly mature governance capability, you could easily discover opportunities to forge alliances with auditors as critical stakeholders and advocates of your data governance mission.

Regardless of how new to data governance you may be, starting with the three elements we have reviewed here will ensure that you create a solid foundation upon which to build. And you will be able to deliver concrete business value from very early on.

References:

Russom, Philip, Data Governance Strategies: Helping your Organization Comply, Transform and Integrate. The Data Warehouse Institute, 2008.

Weill, Peter and Jeanne Ross, IT Governance: How Top Performers Manage IT Decision Rights for Superior

Results. Boston: Harvard Business School Press, 2004.

Dyche, Jill, A Data Governance Manifesto: Designing and Deploying Sustainable Data Governance, Baseline Consulting, 2007.

International Federation of Accountants (IFAC), Enterprise Governance: Getting the Balance Right, 2004

Thomas, Gwen, The DGI Data Governance Framework, The Data Governance Institute, 2006.

Marco, David and Anne Marie Smith, Understanding Data Governance and Stewardship, DM Review Magazine, September 2006.

SEC's Cox seeks common business language, Reuters, June 8, 2008.