3 Data Governance

Data Governance is the core function of the Data Management Framework shown in Figures 1.3. and 1.4. It interacts with and influences each of the surrounding ten data management functions. Chapter 3 defines the data governance function and explains the concepts and activities involved in data governance.

3.1 Introduction

Data governance is the exercise of authority and control (planning, monitoring, and enforcement) over the management of data assets. The data governance function guides how all other data management functions are performed. Data governance is high-level, executive data stewardship.

The context diagram for the data governance function is shown in Figure 3.1.

Figure 3.1 Data Governance Context Diagram

3.2 Concepts and Activities

Chapters 1 and 2 state that data management is a shared responsibility between business data stewards, representing stakeholders across the organization, and data professionals, who work on their behalf. Business data stewards are the trustees of enterprise data assets; data management professionals are the expert custodians of these assets. Effective data management depends on an effective partnership between business data stewards and data management professionals, especially in data governance.

Shared decision making is the hallmark of data governance, as shown in Figure 3.2. Effective data management requires working across organizational and system boundaries. Data Governance enables shared responsibility for selected decisions, crossing these boundaries and supporting an integrated view of data. Some decisions are primarily business decisions made with input and guidance from IT, others are primarily technical decisions made with input and guidance from business data stewards at all levels.

Figure 3.2 Data Governance Decision Spectrum

3.2.1 Data Governance

Data governance is accomplished most effectively as an on-going program and a continual improvement process.

Every effective data governance program is unique, taking into account distinctive organizational and cultural issues, and the immediate data management challenges and opportunities. Data governance is a relatively new term, and many organizations continue to pioneer new approaches. Nevertheless, effective data governance programs share many common characteristics, based on basic concepts and principles.

Data governance is not the same thing as IT governance. IT governance makes decisions about IT investments, the IT application portfolio, and the IT project portfolio. IT governance aligns the IT strategies and investments with enterprise goals and strategies. CobiT (Control Objectives for Information and related Technology) provides standards for IT governance, but only a small portion of the CobiT framework addresses managing information. Some critical issues, such as Sarbanes-Oxley compliance, span the concerns of corporate governance, IT governance, and data governance. Data governance is focused exclusively on the management of data assets.

Data governance is at the heart of managing data assets. In the circular depiction of the ten data management functions introduced in Chapter One, data governance is shown in the center.

Another way of depicting the controlling position of data governance is as “the management roof” over other data management functions, as shown in Figure 3.3.

Figure 3.3 Data Governance, Stewardship, and Services

3.2.2 Data Stewardship

Data stewardship is the formal accountability for business responsibilities ensuring effective control and use of data assets. Some of these responsibilities are data governance responsibilities, but there are also significant data stewardship responsibilities within each of the other major data management functions.

A data steward is a business leader and / or recognized subject matter expert designated as accountable for these responsibilities. As in other endeavors, a good steward carefully protects, manages, and leverages the resources for which he / she is entrusted.

The best data stewards are found, not made. Many of these activities are performed by business professionals even before a formal data stewardship program is implemented. To that extent, data stewardship responsibilities are not new and additional responsibilities for these people. Whenever possible, appoint the people already interested and involved. Their appointment to a data stewardship role is a recognition and confirmation of the work they are already performing. Appointing data stewards formalizes their accountability.

Data stewards manage data assets on behalf of others and in the best interests of the organization. Data stewards are appointed to represent the data interests of all stakeholders, including but not limited to, the interests of their own functional departments and divisions. Data stewards must take an enterprise perspective to ensure the quality and effective use of enterprise data.

Organizations often differentiate between executive, coordinating, and business data stewards:

• Executive data stewards are senior managers who serve on a Data Governance Council.
• Coordinating data stewards lead and represent teams of business data stewards in discussions across teams and with executive data stewards. Coordinating data stewards are particularly important in large organizations.
• Business data stewards are recognized subject matter experts working with data management professionals on an ongoing basis to define and control data.

Data governance is high-level, executive data stewardship. In other words, data governance is the making of high-level data stewardship decisions, primarily by executive and coordinating data stewards.

Data stewardship responsibilities exist in data management functions beyond data governance:

• Data Architecture Management: Data stewards review, validate, approve, and refine data architecture. Business data stewards define data requirements specifications that data architects organize into the enterprise’s data architecture. Coordinating data stewards help data architects integrate these specifications, resolving differences in names and meanings. Executive data stewards review and approve the enterprise data architecture. Data stewards of all levels and data architects collaborate to maintain data architecture.
• Data Development: Business data stewards define data requirements and the specifications that data analysts and architects organize into logical data models. Data stewards also validate physical data models and database designs, participate in database testing and conversion, and ensure consistent use of terms in user documentation and training. Data stewards identify data issues as they arise and escalate when necessary.
• Data Operations Management: Business data stewards define requirements for data recovery, retention and performance, and help negotiate service levels in these areas. Business data stewards also help identify, acquire, and control externally sourced data.
• Data Security Management: Business data stewards provide security, privacy and confidentiality requirements, identify and resolve data security issues, assist in data security audits, and classify the confidentiality of information in documents and other information products.
• Reference and Master Data Management: Business data stewards control the creation, update, and retirement of code values and other reference data, define master data management requirements, identify and help resolve master data management issues.
• Data Warehousing and Business Intelligence Management: Business data stewards provide business intelligence requirements and management metrics, and they identify and help resolve business intelligence issues.
• Document and Content Management: Business data stewards help define enterprise taxonomies and resolve content management issues.
• Meta-data Management: Data stewards at all levels create and maintain business meta-data (names, meanings, business rules), define meta-data access and integration needs, and use meta-data to make effective data stewardship and governance decisions. Defining and maintaining business meta-data is at the heart of data stewardship.
• Data Quality Management: Improving data quality is an essential part of data stewardship. Business data stewards define data quality requirements and business rules, test application edits and validations, assist in the analysis, certification, and auditing of data quality, lead data clean-up efforts, identify proactive ways to solve root causes of poor data quality, promote data quality awareness, and ensure data quality requirements are met. Data stewards actively profile and analyze data quality in partnership with data professionals.

3.2.3 Data Governance and Stewardship Organizations

Data governance guides each of the other data management functions. Every data governance program has a slightly different scope, but that scope may include:

• Data Strategy and Policies: Defining, communicating, monitoring.
• Data Standards and Architecture: Reviewing, approving, monitoring.
• Regulatory Compliance: Communicating, monitoring, enforcing.
• Issue Management: Identifying, defining, escalating, resolving.
• Data Management Projects: Sponsoring, overseeing.
• Data Asset Valuation: Estimating, approving, monitoring.
• Communication: Promoting, building awareness and appreciation.

Data governance is essentially “the government of data” within the enterprise. Like other governments, there are many different models of data governance – anarchy, dictatorship, and everything in between. Some decisions can be made without risk by individual managers. But the need for shared decision making and risk control drives most organizations to a representative form of data governance, so that all stakeholders and constituencies can be heard.

Data management professionals have responsibility for administering data policies, standards, and procedures, for managing and implementing data architecture, for protecting data assets and stakeholder interests, and for providing data management services.

In particular, three principles can be drawn from the representative government analogy:

1. Data governance includes responsibility for legislative functions (policies and standards), judicial functions (issue management) and executive functions (administration, services, and compliance).
   • Data stewardship and governance organizations have responsibility for setting policies, standards, architecture, and procedures, and for resolving data related issues.
   • Data management professional organizations have responsibility for administering data policies, standards, and procedures, for managing and implementing data architecture, for protecting data assets and stakeholder interests, and for providing data management services.
2. Data governance typically operates at both enterprise and local levels. In large organizations, data governance may also be required at levels in between, depending on the size of the enterprise.
3. Separation of duties between Data Stewardship (Legislative and Judicial) and Data Management Services (Executive) provides a degree of checks and balances for the management of data.

Typically, three cross-functional data stewardship and governance organizations have legislative and judicial responsibilities:

• The Data Governance Council has enterprise-wide authority over data management. Executive data stewards sitting on the council are senior managers representing both departmental and enterprise perspectives.
• The Data Stewardship Program Steering Committees support the Data Governance Council, much like congressional committees, drafting policies and standards for review and approval by the Data Governance Council regarding specific initiatives, and overseeing these sponsored initiatives.
• Data stewardship teams are focused groups of business data stewards collaborating on data stewardship activities within a defined subject area. Data stewardship teams bring together subject matter experts from across the enterprise to determine which data names, definitions, data quality requirements, and business rules should be consistent and what must remain locally unique. Data stewardship teams should be standing, permanent groups that meet regularly, working closely with data architects.

The rules defined by data governance organizations include the overall data strategy, data policies, data standards, data management procedures, data management metrics, the business data names, business definitions and business rules found in the enterprise data model, additional data requirement specifications, and data quality business rules.

The issues adjudicated by data governance organizations include data security issues, data access issues, data quality issues, regulatory compliance issues, policy and standards conformance issues, name and definition conflicts, and data governance procedural issues.

Data management professionals perform executive branch responsibilities much like governmental departments and agencies. They administer, monitor and enforce data policies, standards, and procedures. They coordinate, maintain, and implement data architecture. Data management professionals gather and review requirements, facilitate data modeling to serve stakeholder interests, and enable data delivery by implementing databases and applications. They acquire and protect data assets, monitor data quality, and audit data quality and security.

In addition to their other professional duties, some data management professionals provide staff support for data governance organizations. Business data stewards are business professionals and managers with part-time stewardship responsibilities. Data management professionals must respect their time and coordinate data governance activity—scheduling meetings, planning and publishing agendas, providing documents for review prior to each meeting, facilitating the meetings, tracking issues, following up on decisions, and publishing meeting minutes. Data architects facilitate each data stewardship team. The Data Management Executive and / or the enterprise data architect may staff Data Stewardship Program Steering Committees. The Data Management Executive and the Chief Information Officer (CIO) guide the Data Governance Council, often with assistance from a Data Governance Office (see 3.2.6 below).

At the same time, each organization should be chaired by a business representative. Coordinating data stewards chair their data stewardship teams. An executive data steward from the Data Governance Council should chair each Data Stewardship Coordinating Committee. A Chief Data Steward, selected from among the executive data stewards, chairs the Data Governance Council.

Large organizations may have divisional or departmental data governance councils working under the auspices of the Enterprise Data Governance Council. Smaller organizations should try to avoid such complexity.

3.2.4 Data Management Services Organizations

Data management professionals within the IT department report to one or more Data Management Services (DMS) organizations. In many enterprises, there may be a centralized DMS organization, while in others there are multiple decentralized groups. Some enterprises have both local DMS organizations as well as a centralized organization. A centralized DMS organization is sometimes known as a Data Management Center of Excellence (COE).

Data management professionals within DMS organizations may include data architects, data analysts, data modelers, data quality analysts, database administrators, data security administrators, meta-data administrators, data model administrators, data warehouse architects, data integration architects, and business intelligence analysts. These organizations may also include data integration developers and analytics / report developers, although often they remain in the Application Development organization with other developers. Decentralized organizations may include only a few of these roles. The data management professionals across all organizations constitute a data management professional community, and together with data stewards, they unite in a Data Management Community of Interest (COI).

3.2.5 The Data Management Executive

There is no substitute for the leadership of a CIO and a dedicated Data Management Executive, guiding the data management function and promoting the data management program. Visionary and active leadership is a critical success factor for effective data management.

The Data Management Executive leads the data management function, serving as the CIO’s right hand for information. The Data Management Executive should report directly to the CIO, responsible for coordinating data management, data stewardship, and data governance. Given the broad scope of the CIO’s responsibilities, the CIO needs one person accountable for managing data and information assets.

Data Management Services organizations and their staff should report to the Data Management Executive, directly or indirectly. The Data Management Executive is responsible for data management professional staffing, skills development, contractor management, budgeting and resource allocation, management metrics, data steward recruitment, collaboration across business and IT organizations, and management of the organizational and cultural changes required to support data management. The Data Management Executive works closely with peer leaders of Application Development, Infrastructure / Operations and other IT functions.

The Data Management Executive is responsible for implementing the decisions of the Data Governance Council. He or she serves as the operational coordinator for the Data Governance Council, working in close partnership with the Chief Data Steward, by maintaining the data strategy and overseeing data management projects.

3.2.6 The Data Governance Office

In larger enterprises, The Data Governance Office is a staff organization of data stewardship facilitators who support the activities and decision making of business data stewards at all levels. The purpose of the Data Governance Office is to provide full-time support for part-time business data stewardship responsibilities.

Much as a congressional committee is supported by staff professionals, the data stewardship facilitators perform the legwork required to obtain the information that enables business data stewards to make informed and effective decisions. In larger enterprises, the addition of staff responsibilities to data management responsibilities may be overwhelming. The Data Management Executive, data architects, and data quality analysts may not be able to find the necessary time to effectively coordinate the communicating, information gathering, and decision making required for data governance and stewardship. When this happens, organizations should consider creating a Data Governance Office.

It is critical that full-time data stewardship facilitators do not assume responsibility for data stewardship. Their role is to support the Data Governance Council, Data Stewardship Committees, and Data Stewardship Teams. The Data Governance Office may report to the Data Management Executive, or it may report outside of IT entirely. The diagram in Figure 3.4 depicts these organizations and their relationships.

3.3 Data Governance Activities

The activities comprising the data governance function are explained below. Each of the activities is important for fully implementing the data governance function within an organization.

Figure 3.4 Data Management Organizations–Governance, Stewardship, Services

3.3.1 Data Strategy

A strategy is a set of choices and decisions that together chart a high-level course of action to achieve high-level goals. In the game of chess, a strategy is a sequenced set of moves to win by checkmate or to survive by stalemate. A strategic plan is a high-level course of action to achieve high-level goals.

Typically, a data strategy is a data management program strategy–a plan for maintaining and improving data quality, integrity, security, and access. However, a data strategy may also include business plans to use information to competitive advantage and support enterprise goals. Data strategy must come from an understanding of the data needs inherent in the business strategies. These data needs drive the data strategy.

Data strategy is not the same thing as data architecture. The decision to define data architecture may be part of a strategy, and the decisions to implement components of data architecture are strategic decisions. The strategy may influence the architecture, which, in turn, supports the strategy, guiding other decisions.

In many organizations, the data strategy is owned and maintained by the Data Governance Council, with guidance from the Chief Information Officer and the Data Management Executive. In other organizations, these executives may retain ownership and control of the data strategy; however, sharing ownership builds a data management partnership with the business. Often, the Data Management Executive will draft an initial data strategy even before a Data Governance Council is formed, in order to gain senior management commitment for establishing data stewardship and governance.

The components of a data strategy might include:

• A compelling vision for data management.
• A summary business case for data management, with selected examples.
• Guiding principles, values, and management perspectives.
• The mission and long-term directional goals of data management.
• Management measures of data management success.
• Short-term (12-24 months) SMART (specific / measurable / actionable / realistic / time-bound) data management program objectives.
• Descriptions of data management roles and organizations, along with a summary of their responsibilities and decision rights.
• Descriptions of data management program components and initiatives.
• An outline of the data management implementation roadmap (projects and action items).
• Scope boundaries and decisions to postpone investments and table certain issues.

The data strategy is often packaged into three separate deliverables, including:

• A Data Management Program Charter: Overall vision, business case, goals, guiding principles, measures of success, critical success factors, recognized risks, etc.
• A Data Management Scope Statement: Goals and objectives for some planning horizon, usually 3 years, and the roles, organizations, and individual leaders accountable for achieving these objectives.
• A Data Management Implementation Roadmap: Identifying specific programs, projects, task assignments, and delivery milestones.

These deliverables are often published as part of a Data Management Program intranet website.

The data strategy should address all data management functions relevant to the organization. For instance, the data strategy should include the meta-data management strategy. See Figure 2.1 for the complete list of data management functions.

3.3.2 Data Policies

Data policies are short statements of management intent and fundamental rules governing the creation, acquisition, integrity, security, quality, and use of data and information. Data policies are more fundamental, global, and business critical than detailed data standards. Data policies vary widely across organizations. Data policies describe “what” to do and what not to do, while standards and procedures describe “how” to do something. There should be relatively few data policies, and they should be stated briefly and directly.

Data policies are typically drafted by data management professionals. Next, data stewards and management review and refine the policies. The Data Governance Council conducts the final review, revision, and adoption of the data policies. The Data Governance Council may delegate this authority to the Data Stewardship Committee or the Data Management Services Organization.

Data policies must be effectively communicated, monitored, enforced, and periodically re-evaluated. Data policies may cover topics such as:

• Data modeling and other data development activities within the SDLC.
• Development and use of data architecture.
• Data quality expectations, roles, and responsibilities (including meta-data quality).
• Data security, including confidentiality classification policies, intellectual property policies, personal data privacy policies, general data access and usage policies, and data access by external parties.
• Database recovery and data retention.
• Access and use of externally sourced data.
• Sharing data internally and externally.
• Data warehousing and business intelligence policies.
• Unstructured data policies (electronic files and physical records).

3.3.3 Data Architecture

The Data Governance Council sponsors and approves the enterprise data model and other related aspects of data architecture. The Data Governance Council may appoint an Enterprise Data Architecture Steering Committee to oversee the program and its iterative projects. The enterprise data model should be developed and maintained jointly by data architects and data stewards working together in data stewardship teams oriented by subject area, and coordinated by the enterprise data architect.

As data stewardship teams propose changes and develop extensions to the enterprise data model, the Data Architecture Steering Committee oversees the project and reviews changes. The enterprise data model should ultimately be reviewed, approved, and formally adopted by the Data Governance Council. Executive data stewards on the Council should pay particular attention to the alignment of the enterprise data model with key business strategies, processes, organizations, and systems.

Similarly, the general approach, business case, and less technical aspects of related data architecture should also be reviewed, approved, and adopted by the Data Governance Council. This includes the data technology architecture, the data integration architecture, the data warehousing and business intelligence architecture, and the meta-data architecture. It may also include information content management architecture and enterprise taxonomies. The Council may delegate this responsibility to the Data Architecture Steering Committee.

3.3.4 Data Standards and Procedures

Data standards and guidelines include naming standards, requirement specification standards, data modeling standards, database design standards, architecture standards, and procedural standards for each data management function. Standards and guidelines vary widely within and across organizations. Data standards are usually drafted by data management professionals. Data standards should be reviewed, approved and adopted by the Data Governance Council, unless this authority is delegated to a Data Standards Steering Committee. Data standards and guidelines must be effectively communicated, monitored, enforced, and periodically re-evaluated.

Data management procedures are the documented methods, techniques, and steps followed to accomplish a specific activity or task. Like policies and standards, procedures vary widely across organizations. Procedural documentation is usually drafted by data management professionals, and may be reviewed by a Data Standards Steering Committee.

Data standards and procedural guidelines may include:

• Data modeling and architecture standards, including data naming conventions, definition standards, standard domains, and standard abbreviations.
• Standard business and technical meta-data to be captured, maintained, and integrated.
• Data model management guidelines and procedures.
• Meta-data integration and usage procedures.
• Standards for database recovery and business continuity, database performance, data retention, and external data acquisition.
• Data security standards and procedures.
• Reference data management control procedures.
• Match / merge and data cleansing standards and procedures.
• Business intelligence standards and procedures.
• Enterprise content management standards and procedures, including use of enterprise taxonomies, support for legal discovery and document and e-mail retention, electronic signatures, report formatting standards, and report distribution approaches.

3.3.5 Regulatory Compliance

Every enterprise is impacted by governmental and industry regulations. Many of these regulations dictate how data and information is to be managed. Generally, compliance with these regulations is not optional. Part of the data governance function is to monitor and ensure regulatory compliance. In fact, regulatory compliance is often the initial reason for implementing data governance. Data governance guides the implementation of adequate controls to ensure, document, and monitor compliance with data-related regulations.

For companies publicly traded in the United States, the Sarbanes-Oxley Act of 2002 established stringent financial reporting and auditing requirements. It was designed to make executives more responsible and accountable for oversight of their companies. There are several other regulations with significant implications on how information assets are managed. For example:

• HIPPA: The Health Information Protection and Portability Act (HIPPA) is a United States federal law enacted in 1996 requiring employers, medical providers, and insurance companies to respect the privacy and security of patient health information. Title II of HIPPA also established national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers, encouraging electronic data interchange in US healthcare.
• Basel II New Accord: Since 2006, financial institutions doing business in European Union countries are required to report standard information proving liquidity.
• Solvency II: The European Union has similar regulations for the insurance industry.
• PCI-DSS: The Payment Card Industry Data Security Standards (PCI-DSS).
• The Government Accounting Standards Board (GASB) and the Financial Accounting Standards Board (FASB) accounting standards also have significant implications on how information assets are managed.

Data governance organizations work with other business and technical leadership to find the best answers to the following regulatory compliance questions:

• How relevant is a regulation? Why is it important for us?
• How do we interpret it? What policies and procedures does it require?
• Do we comply now? How do we comply now?
• How should we comply in the future? What will it take? When will we comply?
• How do we demonstrate and prove compliance?
• How do we monitor compliance? How often do we review compliance?
• How do we identify and report non-compliance?
• How do we manage and rectify non-compliance?

3.3.6 Issue Management

Data governance is the vehicle for identifying, managing, and resolving several different types of data related issues, including:

• Data quality issues.
• Data naming and definition conflicts.
• Business rule conflicts and clarifications.
• Data security, privacy, and confidentiality issues.
• Regulatory non-compliance issues.
• Non-conformance issues (policies, standards, architecture, and procedures).
• Conflicting policies, standards, architecture, and procedures.
• Conflicting stakeholder interests in data and information.
• Organizational and cultural change management issues.
• Issues regarding data governance procedures and decision rights.
• Negotiation and review of data sharing agreements.

Most issues can be resolved locally in Data Stewardship Teams. Issues requiring communication and / or escalation must be logged. Issues may be escalated to the Data Stewardship Committee, or higher to the Data Governance Council, as shown in Figure 3.5. Issues that cannot be resolved by the Data Governance Council should be escalated to corporate management and / or governance.

Figure 3.5 Data Issue Escalation Path

Data governance requires control mechanisms and procedures for:

• Identifying, capturing, logging, and updating issues.
• Tracking the status of issues.
• Documenting stakeholder viewpoints and resolution alternatives.
• Objective, neutral discussions where all viewpoints are heard.
• Escalating issues to higher levels of authority.
• Determining, documenting, and communicating issue resolutions.

Do not underestimate the importance and value of data issue management; and the need for these control mechanisms and procedures should not be underestimated, either. The judicial branch, which has responsibility for issue management, is an equal third partner with the legislative branch, which has responsibility for defining policies, standards, and the enterprise data architecture, and with the executive branch, which has responsibility for protecting and serving administrative responsibilities.

3.3.7 Data Management Projects

Data management initiatives usually provide enterprise-wide benefits requiring cross-functional sponsorship from the Data Governance Council. Some of these projects and programs are designed to implement or improve the overall data management function. Other projects and programs focus on one particular data management function, such as:

• Data Architecture Management.
• Data Warehousing and Business Intelligence Management.
• Reference and Master Data Management.
• Meta-data Management.
• Data Quality Management.

Significant organizational change is often required to implement more effective data management. Implementing a data strategy usually requires making some organizational and cultural changes to support that strategy. A data management roadmap sets out a course of action for initiating and / or improving data management functions. The roadmap typically consists of an assessment of current functions, definition of a target environment and target objectives, and a transition plan outlining the steps required to reach these targets, including an approach to organizational change management.

Every data management project should follow the project management standards of the organization. At a minimum, every project should begin with a clearly defined and documented project charter, outlining the mission, objectives, scope, resources, and delivery expectations of the sponsors, which in these cases, is the Data Governance Council. The Council helps define the business case for data management projects and oversees project status and progress. The Council coordinates its efforts with a Project Management Office (PMO), where one exists. Data management projects may be considered part of the overall IT project portfolio.

The Data Governance Council may also coordinate data management efforts with the sponsors of related projects, particularly large programs with enterprise-wide scope. These include enterprise resource planning (ERP) and customer relationship management (CRM) projects, or in the public sector, citizen relationship management projects. Such large programs benefit from formal data management, because:

1. Information quality is essential to the success of these projects, and
2. A key project objective is to integrate information across the enterprise.

Data management provides these projects with:

• A master blueprint for enterprise-wide information integration (a data architecture).
• Approaches to managing data quality and master data management.
• Strategies, tools, structures, and support to enable business intelligence.
• A proven approach to partnering with business leaders in governing enterprise integration.

3.3.8 Data Management Services

As the expert custodians and curators for data and information assets, data professionals provide many different services for the enterprise. Data Management Services organizations may formalize the definition and delivery of these service, in order to be more focused on meeting enterprise needs. These services range from high level governance coordination, enterprise architectural definition and coordination, information requirements analysis, data modeling facilitation, and data quality analysis to traditional database design, implementation, and production support services.

By offering the full range of data management activities as services, IT management can involve the Data Governance Council in the estimation of enterprise needs for these services and the justification of staffing and funding to provide these services. As sponsors of these on-going services, the Data Governance Council can oversee their effectiveness from a business perspective, vouch for data valuation assumptions, and confirm assessments of data value and data management business value contribution.

3.3.9 Data Asset Valuation

Data and information are truly assets because they have business value, tangible or intangible. Today’s accounting practices consider data and information as intangible assets, much like software, documentation, expert knowledge, trade secrets, and other intellectual property. Goodwill is the accounting term for the additional amount of money a company is worth beyond the value of its tangible assets and any specifically referenced other intangible assets.

Organizations use many different approaches to estimate the value of their data assets. One way is to identify the direct and indirect business benefits derived from use of the data. Another way is to identify the cost of its loss, identifying the impacts of not having the current amount and quality level of data:

• What percentage change to revenue would occur?
• What percentage change to costs would occur?
• What risk exposures might occur, and what would be the potential financial impact?

Seen in this light, the impacts are often estimated to be quite large, but because there are so many other contributing factors, of which the loss of any might result in similar negative impacts, these impacts are understood to be somewhat disproportional. Typically, business leaders negotiate and agree on a conservative percentage of the total potential impact, which might be considered as the contribution to revenue (for instance) made by data assets in relative proportion to other contributing resources and factors.

Another way to determine data asset value is to estimate what competitors might pay for these assets, if offered exclusive of any other assets. Making these estimates and earning their acceptance requires a significant and on-going dialog with accountants and financial executives. These conversations are typically new and somewhat foreign to most IT managers.

Sometimes business stewards find it easier to estimate the value of business losses due to inadequate information. Information gaps–the difference between what information is needed and whatever trustworthy information is currently available–represent business liabilities. Closing and preventing these gaps represent opportunities for data management programs to provide some estimate of business value.

3.3.10 Communication and Promotion

Data stewards at all levels and data management professionals must continually communicate, educate, and promote the importance and value of data and information assets and the business contribution of data management functions. Raising stakeholder awareness and appreciation of data management issues and benefits is an on-going responsibility of everyone in the data management community.

All data producers and information consumers must understand data policies and their organization’s commitment to data quality, data security, data protection, data delivery, and data support. All stakeholders should be aware of data stewardship and governance programs, organizations, roles, and responsibilities. All stakeholders should also be aware of organizational investments in data management projects, and the objectives and expectations for these projects. All stakeholders must understand whatever responsibilities they have to conform to data standards and comply with external regulations.

Every individual data management role and organization is responsible for communicating these key messages. However, organizations should specifically assign responsibility for communication planning to one or two individuals.

Organizations typically use several approaches to communicating these key messages. These approaches include:

• Maintaining an intranet website for a data management program.
• Posting announcements on other websites within the enterprise.
• Posting hardcopy announcements on actual bulletin boards at locations.
• Publishing a newsletter distributed in hardcopy or via e-mail.
• Taking advantage of opportunities to make short information and promotion announcements at department meetings.
• Presenting topics of interest to appropriate audiences.
• Promoting participation in a Data Management Community of Interest.
• Crafting ahead of time, the key messages that can be said succinctly whenever opportunities arise, helping individuals communicate these key messages consistently.

A data management intranet website is a particularly effective vehicle for communicating:

• Executive messages regarding significant data management issues.
• The data management strategy and program charter, including vision, benefits, goals, and principles.
• The data management implementation roadmap.
• Data policies and data standards.
• Descriptions of data stewardship roles and responsibilities.
• Procedures for issue identification and escalation.
• Documents and presentations describing key concepts, available for download.
• Data governance organization descriptions, members, and contact information.
• Data Management Services organization rosters and contact information.
• Individual profiles on data stewards and data management professionals.
• Program news announcements.
• Descriptions and links to related online resources.
• Entry points to request services or capture issues.

3.3.11 Related Governance Frameworks

At the time of this writing, there are no standard or commonly used frameworks for data governance, although some proprietary frameworks have been developed by a few consulting firms. Several frameworks do exist for related governance topics, including:

• Corporate Governance (COSO ERM).
• IT Governance (COBIT).
• Enterprise Architecture (Zachman Framework, TOGAF).
• System Development Lifecycle (Rational Unified Process, for example).
• System Development Process Improvement (SEI CMMI).
• Project Management (PRINCE II, PMI PMBOK).
• IT Service Management (ITIL, ISO 2000).

3.4 Summary

The guiding principles for implementing data governance into an organization, a summary table of the roles for each data governance activity, and organizational and cultural issues that may arise during implementation of a data governance function are summarized below.

3.4.1 Guiding Principles

The implementation of data governance into an organization follows eleven guiding principles:

1. Data management is a shared responsibility between business data stewards (trustees) and data management professionals (expert custodians).
2. Data stewards have responsibilities in all 10 data management functions.
3. Every data governance / data stewardship program is unique, taking into account the unique characteristics of the organization and its culture.
4. The best data stewards are found, not made. Whenever possible, appoint the people already interested and involved.
5. Shared decision making is the hallmark of data governance.
6. Data governance councils, and data stewardship committees and teams perform “legislative” and “judicial” responsibilities, while data management services organizations perform “executive branch” responsibilities (administer, coordinate, serve, protect).
7. Data governance occurs at both the enterprise and local levels and often at levels in between.
8. There is no substitute for visionary and active IT leadership in data management. The Data Management Executive is the CIO’s right hand for managing data and information.
9. Some form of centralized organization of data management professionals is essential to enterprise-wide data integration.
10. Organizations should define a formal charter for the Data Governance Council, approved by the Board of Directors or Executive Committee, with specific authorities granted to that group.
11. Every enterprise should have a data strategy, driven by the enterprise business strategy, and used to guide all data management activities.

3.4.2 Process Summary

The process summary for the data governance function is shown in Table 3.1. The deliverables, responsible roles, approving roles, and contributing roles are shown for each activity in the data governance function. The Table is also shown in Appendix A9.

Activities	Deliverables		Responsible Roles	Approving Roles	Contributing Roles
1.1.1 Understand Strategic Enterprise Data Needs (P)	Strategic Enterprise Data Needs		DM Executive	Data Governance Council, CIO	Data Stewards, Data management professionals
1.1.2 Develop and Maintain the Data Strategy (P)	Data Strategy – Vision, Mission, Bus. Case, Goals, Objectives, Principles, Components, Metrics, Implementation Roadmap		DM Executive	Data Governance Council, CIO	Data Stewards, Data management professionals
1.1.3 Establish Data Management Professional Roles and Organizations (P)	Data Management Services organizations and staff		CIO	Data Governance Council	DM Executive
1.1.4 Establish Data Governance and Stewardship Organizations (P)	Data Governance Council, Data Stewardship Committee, Data Stewardship Teams		DM Executive, CIO, Data Governance Council	Senior Mgmt	Data Stewards, Data management professionals
1.1.5 Identify and Appoint Data Stewards (P)	Business Data Stewards, Coordinating Data Stewards, Executive Data Stewards		DM Executive, Executive Data Stewards	Data Governance Council	Coordinating Data Stewards, Data management professionals
1.1.6 Develop, Review and Approve Data Policies, Standards, and Procedures (P)	Data Policies, Data Standards, Data Management Procedures		DM Executive	Data Governance Council, CIO	Data Stewardship Committee, Data Stewardship Teams, Data management professionals
1.1.7 Review and Approve Data Architecture (P)	Adopted Enterprise Data Model, Related Data Architecture		Data Governance Council	Data Governance Council, CIO	Enterprise Data Architect, Data Stewardship Committee, Data Stewards, Data Architects, DM Executive
1.1.8 Plan and Sponsor Data Management Projects and Services (P)	Data Management Projects, Data Management Services		Data Governance Council	Data Governance Council, CIO, IT Steering Committee	DM Executive, Data management professionals, Data Stewards
1.1.9 Estimate Data Asset Value and Associated Costs (P)	Data Asset Value Estimates, Data Mgmt. Cost Estimates		Data Stewards	Data Governance Council	DM Executive, Data management professionals
1.2.1 Supervise Data Professional Organizations and Staff (C)	Data Management Services organization(s) and staff	DM Executive(s)		CIO	Data management professionals
1.2.2 Coordinate Data Governance Activities (C)	Data Governance Organization Schedules, Meetings, Agendas, Documents, Minutes	DM Executive, Enterprise Data Architect, Data Architects		Data Governance Council, Data Stewardship Committee, Data Stewardship Teams, CIO	Data management professionals
1.2.3 Manage and Resolve Data Related Issues (C)	Issue Log, Issue Resolutions	Data Stewardship Teams, Data Stewardship Committee, Data Governance Council		Data Stewardship Teams, Data Stewardship Committee, Data Governance Council	DM Executive, Data management professionals
1.2.4 Monitor and Ensure Regulatory Compliance (C)	Compliance Reporting, Non-compliance Issues	Data management professionals		Data Governance Council	DM Executive, CIO
1.2.5 Communicate, Monitor and Enforce Conformance with Data Policies, Standards, Procedures, and Architecture (C)	Policy / Standards / Arch / Procedure Communication, Non-conformance Issues	Data management professionals, Data Stewards		Data Governance Council, Data Stewardship Committee	DM Executive
1.2.6 Oversee Data Management Projects and Services (C)		DM Executive		Data Governance Council	Data management professionals
1.2.7 Communicate and Promote the Value of Data and Data Management (C)	Data Management Website, Data Management Newsletter, Understanding and Recognition	DM Executive, Data management professionals, Data Stewards, CIO		Data Governance Council	Data Stewards

Table 3.1 Data Governance Process Summary Table

3.4.3 Organizational and Cultural Issues

Questions may arise when an organization is planning to implement the data governance function. A few of the common questions are listed below with a general answer.

Q1: Why is every governance program unique?

A1: Each organization is unique in structure, culture, and circumstances. Each data governance program should be unique to address the needs of the organization, while at the same time sharing some common characteristics and basic principles. Each data governance program has different sponsoring individuals, business drivers, scope boundaries, regional and departmental organizations, approaches to business and IT liaison, relationships with other governance programs and major projects, collaboration and teamwork challenges, organizational heritage, shared values and beliefs, common expectations and attitudes, and unique meaning to organizational rites, rituals, and symbols. As the organization changes, the challenges posed for data governance also change. Good data governance programs address these challenges and take advantage of the opportunities they present.

Q2: Should data stewardship be a part-time or full-time responsibility?

A2: Experts generally recommend data stewards be given part-time responsibility for data stewardship. Data stewardship is a role, not a job. Data stewards need to be involved with the business to maintain business knowledge, peer respect, and credibility as subject matter experts and practical leaders.

Q3: Can full-time IT / business liaisons be data stewards?

A3: Yes, and their roles vary widely across organizations. However, true business leaders should also participate as data stewards, unless the scope and focus is technical. Problems occur when liaisons represent the business or IT exclusively, excluding either of their internal customers. Stewardship and governance are mechanisms for liaisons to be more effective by bringing all parties to the table.

Q4: What qualifications and skills are required of data steward role candidates?

A4: First and foremost, business knowledge and understanding of the data is required. People can be taught data management concepts and techniques, such as how to read a data model. Soft skills are also very important in data stewardship, including:

• Respected subject area expertise–information, processes, and rules.
• Organizational / cultural knowledge and industry perspective.
• Strong verbal and written communication skills.
• Clarity and precision in thinking and communication.
• Teamwork, diplomacy, and negotiation skills.
• Adaptability, objectivity, creativity, practicality, and openness to change.
• Ability to balance local and functional needs with enterprise needs.

Q5: How are individual data stewards and data governance organizations empowered? How do stewards earn respect?

A5: Maintaining the importance of data governance and data stewardship to the organization can be shown in several ways:

• Ensure there is strong and continued executive sponsorship and support–and that everybody knows about it. Where they lead, others will follow.
• When there is conflict, stay objective. Even better, really understand and appreciate both points of view. Then find a common goal and reframe the issue to drive attainment of that goal.
• Make sure there is something in it for them! Show how they will they benefit, personally and / or in the eyes of their boss. Make it easy to say yes by crafting win-win solutions.
• Information is more powerful than force. Impress people with facts and reasoning presented effectively, rather than pound on them saying, “Because you have to!”
• Earn not just respect, but also trust. Trust is essential to collaborative success. Earn trust over time by demonstrating sincere interest in others and by being open with information.

3.5 Recommended Reading

The references listed below provide additional reading that supports the material presented in Chapter 3. These recommended readings are also included in the Bibliography at the end of the Guide.

3.5.1 Websites

The Data Administration Newsletter (TDAN)–http://www.TDAN.com

DM Review Magazine–www.dmreview.com. Note: www.dmreview.com is now www.information-management.com.

EIM Insight, published by The Enterprise Information Management Institute–

http://eiminstitute.org

SearchDataManagement.com white paper library–

http://go.techtarget.com/r/3762877/5626178

3.5.2 Prominent Books

There are very few books specifically devoted to data governance. Perhaps the most pertinent book published to date is:

Thomas, Gwen. Alpha Males and Data Disasters: The Case for Data Governance. Brass Cannon Press, 2006. ISBN-10: 0-978-6579-0-X. 221 pages.

3.5.3 Regulatory and Compliance Books

Compliance is an important data governance issue. The following book is particularly focused on regulatory compliance:

Bloem, Jaap, Menno van Doorn, and Piyush Mittal. Making IT Governance Work in a Sarbanes-Oxley World. John Wiley & Sons, 2005. ISBN 0-471-74359-3. 304 pages.

3.5.4 General Books

The books and other materials listed below describe IT governance in general, which as noted above, is not at all the same thing as data governance. Nevertheless, they are closely related concepts, and these publications can be helpful:

Benson, Robert J., Tom Bugnitz, and Bill Walton. From Business Strategy to IT Action: Right Decisions for a Better Bottom Line. John Wiley & Sons, 2004. ISBN 0-471-49191-8. 309 pages.

IT Governance Institute. Control Objectives for Information and related Technology (CobiT©). www.isaca.org/cobit

Lutchen, Mark. Managing IT as a Business: A Survival Guide for CEOs. John Wiley & Sons, 2003. ISBN 0-471-47104-6. 256 pages.

Maizlish, Bryan and Robert Handler. IT Portfolio Management Step-By-Step: Unlocking the Business Value of Technology. John Wiley & Sons, 2005. ISBN 0-471-64984-8. 400 pages.

Van Grembergen, Wim and Steven Dehaes. Enterprise Governance of Information Technology: Achieving Strategic Alignment and Value. Springer, 2009. ISBN 0-387-84881-5, 360 pages.

Van Grembergen, Wim and Steven Dehaes. Implementing Information Technology Governance: Models, Practices and Cases. IGI Publishing, 2007. ISBN 1-599-04924-3, 255 pages.

Van Grembergen, Wim and Steven Dehaes. Strategies for Information Technology Governance. IGI Publishing, 2003. ISBN 1-591-40284-0. 406 pages.

Weill, Peter and Jeanne Ross. IT Governance: How Top Performers Manage IT Decision Rights for Superior Results. Harvard Business School Press, 2004. ISBN 1-291-39253-5. 288 pages.