When you think about the data topics that really sizzle, governance is not often very high on the list. It’s understandable. Artificial intelligence, big data, self-service analytics – these are the real ice cream sundaes of the data landscape. Data governance? More like the broccoli you need to eat before you get your dessert. Nonetheless, the ROI is huge when you consider the risk of ignoring proper governance.
Perhaps you’ve heard about the $60 million fine levied against Morgan Stanley by the OCC, a banking regulator, for poor oversight of data infrastructure decommissioning. Or the $400 million fine the OCC hit Citigroup with for poor risk management, including around data. The quality of data is also a concern for nearly every company, with the U.S. economy losing $3.1 trillion annually due to poor data quality.
Related Reading: The Pursuit of Data Excellence
What does data governance do that can head off these issues, and so many more? In a single word, data governance builds trust. This manifests in different ways for different stakeholders:
- For the external customer, governance increases trust that you are paying due attention to concerns around privacy and data security.
- For the internal customer – employees throughout an organization – governance builds trust in quality of data they need to do their job.
- For regulators, auditors, and compliance officers, governance means standards, processes, and policies that enable them to trust that data are handled properly in the organization.
- For decision-makers, governance increases the level of trust in the reliability of metrics they use to inform their decisions.
- For executives, data governance provides a measure of trust in how the data strategy is being executed – and in turn, how it is moving the overall business strategy forward.
Data governance helps establish trust with each of these audiences through best practices, policies, procedures, standards, documentation, and oversight. While it is often driven by a written charter, it should not remain stagnant. In fact, if the enterprise data strategy is like a roadmap, I like to envision data governance as the car that gets you from point A to point B. And just like any road trip, you may have to take some detours or stop for gas – governance, like a car driver, must be nimble enough to account for that.
Unfortunately, when people hear “data governance” they don’t always think “nimble.” Quite the opposite. Some see data governance as an environment where there are strict, authoritative controls on data use and access. Viewed this way, data governance seems incompatible with the agile methodologies adopted by modern technical teams. However, data governance approaches do not need to be invasive and can be built to fit in any environment. Governance need not slow down agile to effectively govern, and agile need not bypass governance to maintain velocity. In fact, through gains in data quality and increased understanding of how the data ecosystem operates in an organization, data governance can increase both speed and trust.
I’ve mentioned a lot of the things effective data governance can do. So how can we make sure our governance is effective? The best data governance models should answer the following questions:
- What are the vision, mission, and purpose for data governance in the organization? These can serve as guiding principles for what data governance will do – both the practices outlined and the people that will drive them.
- How are we organized around data? Where does data live in the organization? Is it an IT function? Does it fall under a particular business unit? Do different business areas have their own data personnel? Is there a data steering committee or other body that drives governance forward?
- For all data-related tasks in the organization, who is (R)esponsible, (A)ccountable, (C)onsulted, and (I)nformed (RACI)? These should be high-level responsibilities, and roles should be identified by job title rather than individuals’ names.
- What framework do we use to define data stewards? Here we’re not yet defining who ‘owns’ data, but rather figuring out how we’ll define that later. For example, take customer data. Does someone own all customer data? Or does it depend where specific data originate (CRM, marketing platform)? Is it a case where sales owns sales-related data and marketing owns marketing-related data? Is it driven by processes? There are many ways stewardship can be defined.
- Who has access to what? This should be defined by role and incorporated into onboarding/offboarding procedures.
- How are we in compliance with all appropriate state, federal, and international regulations? This includes GDPR, CCPA, HIPAA, COPPA, SOX, and countless other laws, not to mention recommendations from auditors, both internal and external.
- What steps do we take to ensure data privacy and security? This show follow the organization’s information security practices and policies.
- How do we prioritize strategic data initiatives? The data strategy is the actual prioritization. This is more of a framework, where we decide how new initiatives will be balanced against existing needs and projects.
All these components are documented in a data governance charter, which includes a definition of a governing body that meets regularly to ensure that both the data strategy and governance charter are being executed and moved forward.
Opportunities for Implementation
If your organization has not adopted data governance, the biggest question might be when is the best time to start? There are a couple of key milestones that might provide an opportunity to implement:
- When significant changes are made to the business strategy in general or the data strategy in particular. These changes will likely have some impact on the components of the governance approach anyway.
- During an organizational restructure. Part of governance is determining which roles in the organization are responsible for what when it comes to data, so data governance might fit neatly into that job analysis.
- As part of a major system change. If moving vendors for a core system or upgrading to a new data environment, you might want to conduct a data quality review as part of the transition. Quality is a critical outcome of data governance, making this a great place to start.
- Right now. Who needs an excuse? The best data governance approaches are non-invasive – they are defined by where you are now with only subtle changes to behavior where necessary. This means you can get started at any time.
Ask anyone in data and they’ll tell you they spend most of their time dealing with data quality issues. Ask them what they worry about most, and many will mention security. Ask folks on the business side what concerns them regarding data, and you’ll often hear that they aren’t doing enough with it. Ask auditors what drives them nuts, and they might mention how sloppy some companies are with their policies and procedures around data. Proper data governance starts to mitigate all of this, setting a good foundation for a truly data-driven culture. It might not be the first thing on everyone’s mind when they think of where to invest in data, but it’s critical for companies that really want to accelerate how data helps them innovate.
Whether you’re just starting out on your governance journey or ready to update your charter, I’d love to be a resource. Click here to shoot me an email.