Transcription
E-BookThe secrets of highly effective datagovernance programsGood data governance is a key to ensuring that data is accurate andconsistent across an enterprise and that internal standards foraccessing, using and securing data are followed. But many ITprofessionals and business managers still don’t fully understand whatdata governance is or how to set up a successful data governanceprogram. This eBook will provide an explanation of data governanceconcepts and techniques as well as expert advice on how to develop aneffective governance plan.Sponsored By:
SearchDataManagement.com E-BookThe secrets to highly effective data governance programsE-BookThe secrets to highly effective datagovernance programsTable of ContentsBuilding a data governance framework: governance processes and issuesData governance best practices: setting up a governance programCommon challenges in creating a data governance model and programData governance roles and responsibilities call for diverse skill setsResources from Pitney Bowes Business InsightSponsored By:Page 2 of 21
SearchDataManagement.com E-BookThe secrets to highly effective data governance programsBuilding a data governance framework: governanceprocesses and issuesBy Gwen Thomas, SearchDataManagement.com ContributorThe ultimate goal of all data governance programs is the same: ensuring that your dataconforms to user and organizational expectations.Such data exists when it’s needed, can be accessed by those who need it and means whatusers think it means. Properly governed data also can be combined with other pieces ofinformation to build useful data sets or filtered and sorted to meet the information needs ofindividual users. In addition, it conforms to data quality and other fit-for-use criteria, and ithas been protected – as best is possible – from misuse and the introduction of data errors.A host of information management functions and roles are in place to manage data basedon those expectations as it works its way through internal systems and business processesand is used in new IT projects. Along the way, hundreds of points of risk occur: conditionsthat could result in one or more of the expectations not being met for one or more users ofthe data.Where every point of risk exists, someone has (hopefully!) made a decision about how bestto manage the risk. A control has been specified and implemented according to a policy,standard, rule or guideline. The data has thus been governed. Sets of coordinated activitiesand controls that lead to routinely governed data comprise what the Data GovernanceInstitute calls "little g governance."Whether you know it or not, a "little g" data governance framework is already present inyour organization; it has to be. Controls necessarily have been embedded in your systems,business processes, operating procedures, data stores and data flows. When these datacontrols are operating efficiently and effectively – and when their underlying objectives alignwith the user's objectives – "little g governance" tends to be invisible to much of thebusiness.Sponsored By:Page 3 of 21
SearchDataManagement.com E-BookThe secrets to highly effective data governance programsOf course, sometimes a "little g governance" control point becomes visible to users. Inmany cases, they appreciate the fact that it is keeping them from making a data-relatedmistake or introducing a data error. An example is when an application control preventsusers from entering text characters in a field where numbers are expected. Sometimescontrols are irritatingly visible but still clearly valuable, such as requirements to enterpasswords or to click "OK" as a confirmation before taking an action on data.What a formal data governance framework is designed to addressBut sometimes "little g governance" controls become irritating to the point where it's not OKwith users. They can't get what they want: they don't have permission to access the datathey need, or a data field that they’d prefer not to fill out is required, or the daily data theywant to see has instead been aggregated into monthly totals. At that point, users ofinformation might start to question specific controls and disagree with the policies behindthem – or at least ask for the controls to be refined and better aligned with their needs.They also might ask who made the decisions that led to the controls being implemented andhow they can change those decisions."Big G Governance" is designed to address these issues. It enables and informs "little ggovernance" operational data controls in the following areas:How business objectives and data-control objectives are aligned and prioritized.How the control objectives are translated into policies and standards.How high-level policies are then translated into more detailed data governance rules.Which data stakeholders' perspectives are considered during those processes.How “decision rights” are allocated among participants (i.e., the process for makingdecisions).How accountability is set for putting data controls into effect.How data-control issues and exceptions are addressed.When organizations say that they’re implementing a data governance framework andgovernance processes, they usually mean that they’re formalizing the rules of engagementfor addressing those "Big G" activities.Sponsored By:Page 4 of 21
SearchDataManagement.com E-BookThe secrets to highly effective data governance programsSo what do data governance programs look like?Interestingly, "little g governance" – which is dispersed across an organization's business,information management and IT operations – tends to look much the same in everyorganization. Invoking "little g governance" follows a typical pattern:1. A data risk is identified.2. A manager, team or subject-matter expert makes a decision on how to manage therisk, based on pre-defined empowerment levels. The decision maker is expected tospecify a data control that meets the needs of stakeholders while conforming to thedata architecture, standards and accepted best practices of the specific operatingunit and the enterprise as a whole.3. Once a decision is made, an operational team develops, implements, manages andmonitors the new control.Ideally, these "little g governance" activities become embedded in routine datamanagement activities. In contrast, "Big G Governance" models and processes tend to bedifferent in every organization. Yes, they all exist to create data governance policies thatcan be translated into operational rules and specific data controls. Yes, they all addresssimilar gaps in an organization's ability to crystallize data problems, activate problemsolving efforts and engage the appropriate executives in supporting data governance andsetting governance policies, and then to communicate the policies to all employees andmonitor and enforce compliance with them.Designing a “Big G” data governance framework: questions to considerBut what makes every “Big G” data governance framework unique is a combination of threefactors:The problem (or problems) resulting from inadequate data governance. Is it poordata quality? A lack of access to required information? Reference data that hasn’t beenstandardized? Data integration challenges? Non-compliance with regulatory or data privacyrequirements? Or a combination of the above?Sponsored By:Page 5 of 21
SearchDataManagement.com E-BookThe secrets to highly effective data governance programsThe types of gaps or weaknesses in the existing data management andgovernance processes. Is there a “tone-from-the-top” gap that discourages compliancewith data governance policies and rules by business units and employees? Are potentialdecision makers not ready, willing or able to work together? Do current managementpractices encourage private deals on data governance between different stakeholder groupsinstead of open, transparent negotiations?The state of the existing information environment. Are data governance problemscentralized or dispersed? Is the challenge in analyzing the potential impact of datagovernance policies, developing operational rules and definitions or enforcing compliance?How many workers will be affected in business functions, information management teamsand technology groups?The Data Governance Institute recognizes six very different focus areas for data governanceprograms:Policy, standards and strategyData qualityData privacy, compliance and securityArchitectural integration and analysisData warehousing and business intelligenceManagement alignmentMost organizations design a data governance framework that concentrates on the focus areamost important to them, while also supporting other concerns. The result usually is a datagovernance program with bottom and top layers that look much like those of every otherprogram but a middle layer that is unique to the individual organization.That in-between layer is where things get interesting. Many activities take place there:administration, analysis, decision making, policy and expectation setting, and lots ofcommunication. The most common organizational model is a data governance officecombined with a data governance council or a roundtable of data stewards. But that basicpattern can have numerous variations. And the mix of roles, responsibilities and capabilitiesthat an organization puts in place will ultimately make the difference between effective andSponsored By:Page 6 of 21
SearchDataManagement.com E-BookThe secrets to highly effective data governance programsineffective translation of high-level data governance policy into operational rules andcontrols.About the author: Gwen Thomas is the president and founder of the Data GovernanceInstitute, which offers consulting and training services in the areas of data governance anddata stewardship as well as a variety of information resources on those topics. As aconsultant, Thomas has helped companies such as American Express, Sallie Mae, WachoviaBank and Disney to build or upgrade their data governance and stewardship programs. Shealso is a frequent speaker at industry events, a regular contributor to IT and businesspublications, and the author of the book Alpha Males and Data Disasters: The Case for DataGovernance.Sponsored By:Page 7 of 21
SearchDataManagement.com E-BookThe secrets to highly effective data governance programsData governance best practices: setting up agovernance programBy Gwen Thomas, SearchDataManagement.com ContributorThe most common organizational model for data governance programs includes threelayers. At the top is a group of executives who typically are three to five levels above thepoints where operational data controls need to be implemented; they prioritize datagovernance efforts and provide “tone-from-the-top” guidance and support, and they mayresolve issues that are escalated up the chain of command.The middle layer usually includes at least two groups: one to set and administer high-leveldata governance policies, and another to decide how to translate those policies into specificrules and controls. The people in these groups are likely to be one to three levels above theworkers who will be acting on their decisions.That third layer identifies potential points of risk for data in operational processes, systemsand data flows and then embeds data controls based on the decisions made higher up thechain.The activities of the top two layers constitute what the Data Governance Institute calls "BigG Governance," while the work done by the operational layer constitutes "little ggovernance." The latter is essentially a science, but designing an effective "Big G" programis more like an art. The people tasked with structuring such a program must balance manyorganizational, cultural and environmental factors to develop a set of roles, responsibilitiesand procedures that can effectively address the organization's needs and will be acceptablewithin the existing data management and governance ecosystem.That starts with the work required to facilitate the decision-making process and ensure thatdata governance best practices are followed. It might be possible to give the responsibilityfor tasks such as identifying affected stakeholders, gathering information, scheduling andrunning meetings, and drafting policies and recommendations to existing groups or datagovernance participants themselves.Sponsored By:Page 8 of 21
SearchDataManagement.com E-BookThe secrets to highly effective data governance programsSome organizations, though, decide to set up a data governance office to manage thoseactivities. That creates additional choices: the data governance office could be an actual orvirtual group, and the number of workers assigned to it and their roles will depend on thetype and amount of work to be done.Even more choices follow. Consider these very different data-related problems and thecorresponding data governance organizational models that were used to address them:Problem #1: Access management disputes need to be resolved.Business users can't get permission to access the information they need, even though anaccess management program is in place. Why? There's no mechanism for resolving thecompeting concerns of "maintaining confidentiality" and "using information." In addition,there's no official process for appealing a denial of access.Adopted action plan:A task force will be formed to collect high-level policies, guidance and requirementsfrom legal, compliance, contracting and other relevant departments. This effort issponsored by business executives, and a leadership group will be designated toresolve escalated issues.A data governance council with representatives from affected operations willtranslate the requirements into rules that can be embedded in access managementprocesses. In addition, an administrative group will facilitate the ongoing work,manage meetings, document the rules and act as a liaison with system accessmanagers.Controls based on the new rules will be embedded within access managementprocesses, and compliance expectations will be communicated to business users.Problem #2: Business intelligence (BI) data needs to be better cleansed.Senior management is concerned about the quality of the data in the company’s datawarehouse. It tasks the data warehouse management team with cleansing the data andimplementing controls to keep dirty data from entering the warehouse.Sponsored By:Page 9 of 21
SearchDataManagement.com E-BookThe secrets to highly effective data governance programsAdopted action plan:The top layer is already taken care of, as support among senior executives forimproving the quality of the data is strong.A data governance office that has been set up negotiates rules of engagement. Forexample, a data quality team will do the data cleansing and work with a datagovernance team to identify the types of data problems that are present and controlsthat could detect, correct and prevent them. Those two teams will also work withmanagement to designate responsibilities for implementing the new controls andaddressing future data quality issues.Some of the IT workers involved in the process of feeding information into the datawarehouse will receive formal data stewardship assignments, making themaccountable for alerting the middle-layer groups to any issues and participating inworkshops to review and refine the data controls.Problem #3: Data integration puzzles need to be solved.An organization typically encounters delays on systems integration and BI projects becausethe data in one system can’t easily be integrated with data in other systems.Adopted action plan:Senior management calls for a “data roundtable” charged with solving data-relatedproblems that have a significant impact on multiple systems or business processes.It allocates funding and sets expectations for IT and business-unit management toprovide resources with appropriate skills, knowledge and power to be part of theroundtable group.The roundtable participants will meet on a regular basis to address the problems,with support from a data governance office. Once decisions are made, workers fromthe data governance office will communicate them to data stakeholders and endusers.Sponsored By:Page 10 of 21
SearchDataManagement.com E-BookThe secrets to highly effective data governance programs"Little g governance" resources may be called upon to provide input to the datagovernance office and the data roundtable group, and then will take part inimplementing the fixes and data controls.As you can see, these three situations called for significantly different flavors of datagovernance. None of them followed a cookie-cutter approach, although they all resulted in adata governance framework that addressed both "Big G" and "little g" data governance rolesand responsibilities in three interlocking layers.To help you figure out what model to follow in your organization, the Data GovernanceInstitute recommends the following 10-step process:1. Start with the end in mind. Ask and answer this question: what data problems needto be removed or reduced, and why? Be specific about the business objectives andcompliance/control objectives that are being negatively affected by the problems.2. Identify stakeholders and potential value propositions for achieving the desiredresult. What is it worth to Group A to solve the data problems? What is it worth toGroup B? To Group C?3. Establish a clear vision, succinct value statements and rallying cries for establishingproper data governance processes.4. Identify what it will take to satisfy your key stakeholders. Will they respond toanecdotal evidence of results? Testimonials? Facts? Dollars?5. Document examples of "little g governance" objectives and the work that needs tobe done to meet them.6. Develop a list of "Big G Governance" activities that will be required to remove theobstacles to the "little g" work.7. Determine whether your data governance efforts will be one-time, as needed orongoing.8. Distinguish between proactive or reactive governance activities and their potentialimpact on different stakeholder groups.Sponsored By:Page 11 of 21
SearchDataManagement.com E-BookThe secrets to highly effective data governance programs9. Identify other governance and management groups that will need to be involved inthe decision-making process.10. Gain an understanding of the maturity and complexity of the business process,information management and IT environments that will be included in the datagovernance initiative.If you follow these steps, it should be clear what needs to be done, what you already haveto work with and what resources you might need to add. You’ll be well on your way todesigning a data governance program that can be successful in your unique organizationalculture.Sponsored By:Page 12 of 21
SearchDataManagement.com E-BookThe secrets to highly effective data governance programsCommon challenges in creating a data governancemodel and programBy Gwen Thomas, SearchDataManagement.com ContributorThe most common hurdle that IT and data management professionals within organizationsface when trying to implement a new data governance program or expand an existing one ismanagement indecision about whether to take action on the request for approval andfunding.That indecision is usually based upon a correctable situation: The program's proponentsaren’t being clear about what they're proposing. In many cases, they don't distinguishbetween "little g governance" – policies and controls that are embedded in processes,systems, data stores and data flows to ensure that data meets user expectations – and "BigG Governance" – the highly political negotiations, decision making and policy setting thatinforms and supports "little g” data governance.It's rare for senior executives to argue against routine, low-level, nonthreatening changes tohow data is managed and governed. But "Big G" activities by their very nature are a threatto the decision-making status quo. Most corporate leaders won’t support that level ofchange without fully understanding its potential impact on an organization.Another obstacle to adopting a data governance strategy and starting a governanceprogram comes in the form of potentially valid reasons to not modify current informationmanagement practices: "That data is subject to Sarbanes-Oxley controls!" "Only the chiefprivacy officer can make that change!" "We can't move forward until the projectmanagement office agrees!"Such objections may require you to re-examine your proposed data governance model. Forexample, if your organization’s Sarbanes-Oxley control environment includes a piece of thedata architecture that you're considering for new "little g governance" controls, you can'tmove forward unless it's done via an aligned effort with the individuals or group responsiblefor Sarbanes-Oxley compliance.Sponsored By:Page 13 of 21
SearchDataManagement.com E-BookThe secrets to highly effective data governance programsOn the other hand, chief privacy officers tend to specify high-level data control objectives.Usually, they're OK with operational controls designed by others, as long as the controlsmap to the appropriate objectives. However, you may need to amend your proposed rulesof engagement so no "Big G Governance" decisions that affect data privacy processes canbe made without the CPO’s approval.When the data governance model works – then doesn’tSome data governance programs are approved and get off to a successful start but thendwindle over time. It's very common, for example, for a “data roundtable,” or datagovernance council, to begin its work by addressing high-profile data problems and issuesthat are of great interest to the members. They attend meetings enthusiastically, knowingthey're making a difference – one that comes with bragging rights they can exercise withtheir business peers, constituents and superiors.But as time goes on, the problems put before the data governance council may becomemore routine, and some of the members may start to feel that they could be delegating thework or attending fewer meetings. They still support the data governance strategy andprogram in principle but are personally less engaged in the governance process.That might be a problem of perception – for example, if the staff of a data governance officeisn’t presenting the data problems and governance issues in a way that highlights the valueof addressing them and provides a clear win for the roundtable participants. Or it might betime to evolve your data governance framework and organizational model now that thegovernance processes have become more mature and entrenched. Perhaps some issuescould be addressed by working groups, and the data governance council could be approversin those cases instead of frontline deciders.Of course, that can lead to a different kind of problem, in which the people asked to makedata governance decisions aren't up to the job. Maybe they don't have the requiredbackground, knowledge or insight to successfully carry out their assigned data governanceroles and responsibilities. As a result, their decisions and judgment may be challenged, tothe detriment of the data governance program (and potentially their own careers).Sponsored By:Page 14 of 21
SearchDataManagement.com E-BookThe secrets to highly effective data governance programsOther times, the members of a data governance council or working group are ready, willingand able to participate, but they aren’t empowered to make decisions. Instead, eachmeeting ends with one or more participants having to check in with a superior for guidance.Decisions take so long to make that corporate management loses faith in the datagovernance model and process.Perhaps the most dangerous situations are those in which the data governance programmanager or workers in a data governance office don't fully understand the organization'spolitical and management culture. For example, they might not know the answer to basicquestions such as, "Can this data problem be introduced for the first time to a dataroundtable in a conference room, or will the members require individual briefings and timeto consider their stakeholders' positions and needs?"A data governance model with too little support?Another obstacle to success typically presents itself after the data governance program is inmotion. All of the conditions appear to be right: You have clear and well-documented dataproblems to address. You have appropriate “tone-from-the-top” support from seniormanagement. You have middle-layer decision makers with the knowledge, skills and powerto make "Big G Governance" decisions. It’s understood where the data governance points ofcontact will be within your organization’s business, information management and IToperations, as well as the data privacy office and other decision-making groups. And youhave a single data governance manager with no support staff.The problem is that all of the various resources want to get involved in making datagovernance policy decisions, aligning the policies with organizational objectives andtranslating policies into operational data controls. They want to attack big problems andlittle problems, new problems and persistent problems. They want to make a difference –which is good, right?But they've never worked together in this way, and they're expecting the data governancemanager to show them how to do that. They also want this one person to provide“concierge support” to a host of participants at different levels; to take the lead inidentifying data problems, developing recommendations and finding the resources requiredSponsored By:Page 15 of 21
SearchDataManagement.com E-BookThe secrets to highly effective data governance programsto implement fixes; to put in place and execute an internal communications plan; and onand on.Clearly, this could be too much work for a single person. If so, the data governanceprogram might collapse under the weight of its own aspirations – and the lone managermight collapse from overwork. The solution to this problem is obvious: Corporateexecutives approving a data governance plan must be realistic in their expectations, supportand funding.For organizations that are looking to address a broad set of data-related problems andissues, successfully designing a data governance model and program will require sufficientresources – perhaps including a full-fledged data governance office – to address all of the"soft work" involved in managing the process. Senior management must recognize thatneed and not depend on heroic efforts.Sponsored By:Page 16 of 21
SearchDataManagement.com E-BookThe secrets to highly effective data governance programsData governance roles and responsibilities call fordiverse skill setsBy Gwen Thomas, SearchDataManagement.com ContributorData governance is rarely only a "spot solution" imposed upon specific data control pointswithin an organization. When people say they’re embarking on a data governance strategyand program, they typically mean that they intend to improve existing operational controlsembedded in systems across the enterprise while simultaneously implementing high-leveldata governance policies.These two sets of activities – “little g governance” on the one hand, “Big G Governance” onthe other – require very different skill sets, organizational knowledge and levels ofauthority. That’s because data governance roles and responsibilities are also very different:The people involved in "Big G" efforts set governance policies and translate them intoobjectives and rules of engagement for "little g" teams to follow as they build, manage andmonitor individual data controls."Big G" participants must have excellent analytical and communication skills. They musthave the organizational power to negotiate on behalf of the departments or business unitsthey represent. They must have the respect, support and trust of their constituents – theusers in those operations.Not all contributors to a "Big G" initiative need to be data experts, but they do have to beable to understand the root causes of data errors and issues. They also need to know – orbe able to learn – basic concepts about how data flows through systems and businessprocesses. And they must be able to express the data governance needs, requirements,priorities and constraints of their stakeholder units.If decisions or recommendations made by a data governance council or other type of “BigG” group will have a significant impact on operations within an organization, the datagovernance program also requires resources who can work with affected business managersto explain governance policies and their rationale, set expectations for compliance, detailSponsored By:Page 17 of 21
SearchDataManagement.com E-BookThe secrets to highly effective data governance programsthe process for escalating and resolving issues, and monitor the status of data controlsbased on the policies.Different options on key data governance roles and responsibilitiesSometimes those activities are performed by the members of a data governance council,data roundtable or data stewardship committee. In other cases, the outreach duties will bea function of a formal data governance office staffed by workers responsible forimplementing an aligned approach to governance logistics, administration andcommunications.Often, however, other groups that can be leveraged for such "soft skills" work already exist.For example, perhaps an organizational change management group can help with theinternal changes that come with a data governance program. In addition, many CIOs havecreated a communications arm within IT that can be invoked to support the datagovernance office.The work that goes into "little g governance" tends to be more routine, and more hands-on.It depends on specific skills for designing, analyzing, maintaining and monitoring the datacontrols that have been inserted into systems, applications, data stores an
data governance is or how to set up a successful data governance program. This eBook will provide an explanation of data governance concepts and techniques as well as expert advice on how to develop an effective governance plan. Sponsored By: . communication. The most common organizational model is a data governance office
