Data Governance Strategies: Helping Your Organization Comply, Transform, and Integrate
By Philip Russom
Definitions of Data Governance
Data governance is hard to define because it’s still new and evolving. Each organization tailors data governance to its needs and abilities, and DG is practiced both in isolated pockets as well as on an enterprise scale. Furthermore, DG is inherently a cross-functional program that involves a mix of technology and business people—plus their IT systems and business processes—and the mix varies greatly.
Even so, here’s a definition that covers almost all the components and goals of data governance:
- Data governance (DG) is usually manifested as an executive-level data governance board, committee, or other organizational structure that creates and enforces policies and procedures for the business use and technical management of data across the entire organization. Common goals of data governance are to improve data’s quality; remediate its inconsistencies; share it broadly; leverage its aggregate for competitive advantage; manage change relative to data usage; and comply with internal and external regulations and standards for data usage. In a nutshell, data governance is an organizational structure that oversees the broad use and usability of data as an enterprise asset.
That’s a mouthful. So, here’s a rule of thumb that’s easy to remember:
- DG usually boils down to some form of control for data and its usage.
The catch is that “control” has multiple meanings that are somewhat at odds:
- DG may tighten control to limit data access. This is true when data governance is driven mostly by compliance goals, especially data security and privacy.
- DG may ease control to expand data integration. Most DG boards provide procedures through which a team can request access to data owned by another team. Ironically, this eases the control of data to assist initiatives that rely on broadly integrated data, like business intelligence (BI) and customer relationship management (CRM).
- DG may define controls that improve the content of data or dictate its structure. For example, data flows through many IT systems and departments, so improving the quality of data (whether physical or semantic) is a cross-departmental affair that DG can manage. Likewise, enterprise data architecture seeks to tweak the structure of multiple databases for the sake of easier database management or data integration. DG can define standards that dictate consistency for data structures and data definitions.
- The level of control can vary. For example, strict governance is typical of federally mandated compliance, whereas loose guidance is typical of data architecture standards. Or, a multi-divisional corporation may demand strict governance for data at the headquarters level so data yields a unified view of total corporate performance, yet merely provide loose guidance for individual implementations so local organizations can satisfy local requirements.
Figure 1: The data governance process consists of people, procedures, and policies.
“In our consulting practice, we have participated in data governance initiatives that evolved from either grass-roots data management or executive fiat,” said David Loshin, president of consultancy Knowledge Integrity, Inc. “In one situation, the need for standardizing shared data representations drove the ‘bottom-up’ development of a governance infrastructure, leading to a federated data standards governance framework. In another situation, the introduction of a consolidated enterprise application suite was expected to be accompanied by data governance as directed ‘top-down’ by senior management. Whether bottom-up or top-down, both cases posed common challenges in communication, standardization of concepts, and establishing operational processes for governance. On the technology side, data quality, metadata, and policy management were success factors.”
Critical Attributes of Data Governance
These definitions help us understand the goals and actions of most data governance programs. To fill out the rest of the picture, here are other attributes of successful programs. Note that all are core assumptions of this report, and all are discussed in detail later:
- Data governance is mostly about the “four Ps.” These are seen most clearly in the DG board, where people work together to establish and enforce policies (or rules) defining which data is subject to governance, as well as the allowable access and usage of such data. Procedures provide a structure for reviewing and acting on requests for data access, data improvement, and other changes. People, policies, and procedures all combine to enable a larger DG process (see Figure 1). The four Ps explicitly remind us that DG is mostly about people collaborating to establish a DG process that accommodates the needs of all their business units (and external entities, when appropriate), but with priority to enterprise goals.
- Data governance must coordinate with other forms of governance. Don’t forget that data governance is but one form of governance. TDWI Research has interviewed people who’ve made DG work in isolation (say, just for BI or data quality). But, in the long run, DG should coordinate with other forms, especially IT governance and corporate governance.
- Data governance doesn’t govern data directly. The term “data governance” leads us to believe that we are governing data directly. But the truth is that we’re governing how data is accessed and used via business initiatives, as well as defined and managed via data management infrastructure. This explains why DG is increasingly a component of these initiatives and infrastructures.
- Data governance intersects with business initiatives. An assumption of this report is that data governance touches many different business initiatives, especially those that are data-driven, like compliance, BI, CRM, and business transformations. DG is often a subset of these initiatives, and is increasingly a critical success factor for them.
- Data governance intersects with data management practices. When executed broadly, DG influences almost all data management practices, including data quality, integration, warehousing, standards, administration, architecture, and lifecycle management. DG typically requires that adjustments be made in these practices, in support of the policies developed by the DG board. While tools dedicated to DG are rare today, some data management tools can automate some actions of DG.
- A successful DG program strikes a pragmatic balance among competing goals. For example, there’s a prominent need for balance between compliance goals that limit data access and business integration goals that expand data access. Other opposing goals include business versus technology, data content versus data usage, strict governance versus loose guidance, and departmental versus enterprise data ownership. Most DG programs start in one carefully bounded area that serves a single goal (like DG just for BI, compliance, or master data management [MDM]), so the balancing act is not immediately apparent. Striking an appropriate balance becomes a critical success factor as the program expands to govern more data sets, data usage scenarios, and data management practices. Such balances are difficult to attain and maintain without the executive mandate, central policy making, change management procedures, and cross-functional collaboration of data governance.
Why Data Governance Now?
There are many reasons why organizations should initiate or expand DG programs now:
- The current “age of accountability” demands compliance. And punishments for non-compliance are severe, ranging from customer flight and revenue loss to fines and jail terms. Firms are under unprecedented pressure to control data usage according to internal policies for data security and privacy, as well as external regulations like Basel II, HIPAA, and SOX. Assuring compliance is an early-phase goal of most DG programs.
- Compliance and business intelligence demand high-quality, auditable data. Organizations need to improve the quality of data that goes into public documents, especially regulatory reports. Furthermore, report auditability—i.e., recording the lineage of report data—is crucial to surviving an audit, regardless of who the auditors are. And one of the most common questions asked by report consumers internally is: “Where did this data come from?” Today, the quality of report data is a high priority for most DG programs, whereas auditability is a lesser priority.
- Improving data quality is a cross-functional imperative. Since a DG board is cross-functional by nature, it’s an ideal organizational structure to effect improvements that span multiple business units. Although data quality focuses mostly on physical data, master data and metadata need improvement, too. This is why many data quality and master data management initiatives are supported by a crossfunctional DG board.
- Data integration (DI) implementations cast an ever-widening net. This is true whether DI is analytic (feeding a data warehouse), operational (consolidating database instances) or cross-business (sharing data with partners). DG can both limit these implementations to assure compliance and liberate them to reach more data sources and targets. DG can also assist by providing data exchange standards and procedures for data access and improvement requests.
- Data governance reduces the risk incurred during business transformations. DG is imperative in firms that experience regular transformations such as reorganizations, mergers and acquisitions, and initiatives that involve data as an enterprise asset (typically linked to CRM or sometimes BI). These transformations require extensive changes in data ownership and data structure. DG can manage the changes while assuring compliance.
Philip Russom is the senior manager of TDWI Research at TheData Warehousing Institute, where he oversees many of TDWI’sresearch-oriented publications, services, and events.
This article was excerpted from the full, 30-page report by the same name.
The report was sponsored by Business Objects, an SAP company, Collaborative Consulting, DataFlux, Exeros, Informatica Corporation, SAP, SAS, and Trillium Software.