Chapter 5
Data Governance

Through an unfortunate accident of history, the term data management was originally used to describe the work that Database Administrators (DBAs) and other highly technical people did to ensure that data in large data banks was available and accessible. It is still strongly associated with those activities. The term data governance was introduced, in part, to make clear that managing data goes beyond managing databases. More importantly, data governance describes the processes by which organizations make decisions about data, decisions that need to be carried out by people throughout the enterprise.

In most enterprises data moves horizontally, across business verticals. If an organization is to leverage its data effectively across functions, it needs to establish common frameworks and policies to make consistent decisions about data across verticals. Data governance should play a role very similar to financial governance within an organization.

Data governance (DG) is defined as the exercise of authority and control (e.g., planning, monitoring, and enforcement) over the management of data assets. Governance activities help control data development and usage. They also reduce risks associated with data and enable an organization to leverage data strategically.

All organizations make decisions about data, regardless of whether they have a formal data governance function. Those that establish a formal data governance program exercise authority and control with greater intentionality and consistency.18 Such organizations are better able to increase the value they get from their data assets.

This chapter will:

• Define data governance and discuss its importance
• Review different models for organizing data governance functions
• Discuss data governance activities, including data stewardship, and how they contribute to the organization

Data governance as oversight

The data governance function guides all other data management functions. The purpose of data governance is to ensure that data is managed properly, according to policies and best practices.19 A common analogy is to equate data governance to auditing and accounting. Auditors and controllers set the rules for managing financial assets. Data governance professionals set rules for managing data assets. Other areas carry out these rules. In either case, data governance is not a one-time thing; this oversight function must be sustained after it is established (see Figure 8). Principles for data governance need to be embedded in data management lifecycle and foundational activities (see Figure 1). An ongoing program, data governance requires ongoing commitment to ensuring that an organization gets value from its data and reduces risks related to data.

While the driver of data management overall is to ensure an organization gets value out of its data, data governance focuses on how decisions are made about data and how people and processes are expected to behave in relation to data. The scope and focus of a particular data governance program will depend on organizational needs. To achieve these goals, most data governance programs include:

• Oversight: Ensuring all data governance functional areas follow guiding principles for the sake of the enterprise.
• Strategy: Defining, communicating, and driving execution of data strategy and data governance strategy.
• Policy: Setting and enforcing policies related to data and Metadata management, access, usage, security, and quality.
• Standards and quality: Setting and enforcing data quality and data architecture standards.
• Stewardship: Providing hands-on observation, audit, and correction in key areas of quality, policy, and data management.
• Compliance: Ensuring the organization can meet data-related regulatory compliance requirements.
• Issue management: Identifying, defining, escalating, and resolving issues related to data security, data access, data quality, regulatory compliance, data ownership, policy, standards, terminology, or data governance procedures.
• Data management projects: Sponsoring efforts to improve data management practices.
• Data asset valuation: Setting standards and processes to consistently define the business value of data assets.

To accomplish these goals, a data governance program will articulate principles, develop policies and procedures, cultivate data stewardship practices at multiple levels within the organization, and engage in organizational change management efforts that actively communicate to the organization the benefits of improved data governance and the behaviors necessary to successfully manage data as an asset across the data lifecycle (see Figure 9).

Many governance programs plan their roadmaps based on a capability maturity model that enables them to grow and improve their practices (see Chapter 3). For most organizations, adopting formal data governance requires the support of organizational change management, as well as sponsorship from a C-level executive, such as Chief Risk Officer, Chief Financial Officer, or Chief Data Officer.

Business drivers for data governance

The most common driver for data governance is regulatory compliance, especially for heavily regulated industries, such as financial services and health care. Responding to evolving legislation requires strict data governance processes. The explosion in advanced analytics and data science has created an additional reason to implement governance structures.

While compliance or analytics may drive governance, many organizations back into data governance via an information management program driven by other business needs, such as Master Data Management (MDM), by major data problems, or both. A typical scenario: a company needs better customer data, it chooses to develop Customer MDM, and then it realizes that successful MDM requires data governance.

Data governance is not an end in itself. It needs to align directly with organizational strategy. The more clearly it helps solve organizational problems, the more likely people will be to change behaviors and adopt governance practices. Drivers for data governance most often focus on:

• Reducing risks, such as those related to compliance, the organization’s general reputation, or to data security and privacy.
• Improving processes, such as the ability to comply with regulation, manage vendors, serve customers, and operate efficiently.

Data governance program characteristics

Ultimately, the goal of data governance, like the goal of data management generally is to enable an organization to manage data as an asset. Data governance provides the principles, policy, processes, framework, metrics, and oversight to manage data as an asset and to guide data management activities at all levels. To achieve this overall goal, a data governance program must be:

• Sustainable: Data governance is an ongoing process that requires organizational commitment. Data governance necessitates changes in how data is managed and used. This means managing change in a way that is sustainable beyond the initial implementation of any data governance component.
• Embedded: Data governance is not an add-on process. Data governance activities need to be incorporated into development methods for software, use of data for analytics, management of Master Data, and risk management.
• Measured: Data governance done well has positive financial impact, but demonstrating this impact requires understanding the starting point and planning for measurable improvement.

Implementing a data governance program requires commitment to change. The following principles, developed since the early 2000s, can help set a strong foundation for data governance:20

• Leadership and strategy: Successful data governance starts with visionary and committed leadership in support of enterprise business strategy.
• Business-driven: Data governance is a business program that must govern IT decisions related to data as much as it governs business interaction with data.
• Shared responsibility: Data governance is a shared responsibility between business data stewards and technical data management professionals.
• Multi-layered: Data governance occurs at both the enterprise and local levels, and often at levels in between.
• Framework-based: Because data governance activities require coordination across functional areas, the data governance program must establish an operating framework that defines accountabilities and interactions.
• Principle-based: Guiding principles are the foundation of data governance activities, and especially of data governance policy.

The core word in governance is govern. Data governance can be understood in terms of political governance. It includes:

• Legislative-like functions: Defining policies, standards, and the enterprise data architecture.
• Judicial-like functions: Issue management and escalation.
• Executive functions: Protecting and serving, administrative responsibilities.

To better manage risk, most organizations adopt a representative form of data governance, so that all stakeholders can be heard.

Data governance models

Each organization should adopt a governance model that supports its business strategy and is likely to succeed within its own cultural context. Models differ with respect to their organizational structure, level of formality, and approach to decision-making. Some models are centrally organized, while others are distributed. All models need a degree of flexibility. Organizations should also be prepared to evolve their model to meet new challenges and to be adaptive as organizational culture evolves.

Data governance organizations may also have multiple layers to address concerns at different levels within an enterprise – local, divisional, and enterprise-wide. The work of governance is often divided among multiple committees, each with a purpose and level of oversight different from the others. This work needs to be coordinated for an organization to benefit from synergy between the pieces.

Figure 10 represents a generic data governance model. The model involves activities at various levels within the organization (as noted on the vertical axis: local, divisional, enterprise), as well as separation of governance responsibilities within organizational functions and between business (left side) and technical/IT (right side).

Much of the work of data governance is carried out at the ground level, by data stewards who are associated through a data governance office. Stewards may be full or part-time. They will be responsible for different types of data depending on the needs of the organization. Often they will lead subject area or function working groups that report up through a Data Governance Council. At the enterprise level on the business side, many organizations have a Data Governance Steering Committee at the executive level. The Steering Committee helps enforce directives across the enterprise and serves as an escalation point.

On the IT side, work is often split between programs with various projects, implemented through project teams, and operational responsibilities that are carried out by data management services or production support / operations teams. A level of stewardship is required on the IT side as well. Most organizations will need governance structures within both business and IT sides of the house, as well as an oversight function. The different parts of the organization charged with governance activities need to actively collaborate and coordinate. Figure 11 shows how this kind of model can be implemented in different various ways, depending on the organization’s needs and constraints.

The organizational choices for data governance depend on the existing structure of the enterprise, the goals of data governance, and the organization’s cultural disposition to centralization and collaboration. In a centralized model, one data governance organization oversees all activities in all subject areas. In a replicated model, the same DG operating model and standards are adopted by each business unit. In a federated model, one data governance organization coordinates with multiple business units to maintain consistent definitions and standards.

In addition to organizing people for data governance, it is also helpful to establish an operating model which defines the interaction between the governance organization and the people responsible for data management projects or initiatives, the engagement of change management activities to introduce this new program, and the model for issue management resolution pathways through governance. Figure 12 illustrates an example you can adapt to meet the requirements and match the culture of your organization. Regardless of your situation, several facets will remain the same. Executive functions provide oversight. The DGO works within domains. Policy is pushed down, and issues are escalated. Stewards and stakeholders engage at multiple levels.

Figure 11: Enterprise Data Governance Operating Framework Examples (DMBOK2, p. 75)21

Data stewardship

Data Stewardship is one of those concepts that people don’t always understand. A steward is a person whose job it is to manage the property of another person. Data Stewards manage data assets on behalf of others and in the best interests of the organization.22 This concept grew out of the recognition that, within any organization, there have always been people who have expertise in the data and genuinely care about how an organization maintains data and makes it available for use. As the importance of data has grown, so too has formal recognition of this stewardship function.

Data Stewards represent the interests of all stakeholders and must take an enterprise perspective to ensure enterprise data is of high quality and can be used effectively. Effective Data Stewards are accountable and responsible for data governance activities and have a portion of their time dedicate to these activities. The term accounts for both informal stewards – those very helpful people in every organization who enable others to be successful. And formal stewards – those with “data steward” in their job titles.

The focus of stewardship activities will differ from organization to organization, depending on organizational strategy, culture, the problems an organization is trying to solve, its level of data management maturity, and the formality of its stewardship program. However, in most cases, data stewardship activities will focus on some, if not all, of the following:

• Creating and managing core Metadata: Standardization, definition and management of business terminology, valid data values, and other critical Metadata. Stewards are often responsible for an organization’s Business Glossary, which becomes the system of record for business terms related to data.
• Documenting rules and standards: Definition/documentation of business rules, data standards, and data quality rules. Expectations used to define high-quality data are often formulated in terms of rules rooted in the business processes that create or consume data. Stewards help surface and refine these rules in order to ensure that there is consensus about them within the organization and that they are used consistently.
• Managing data quality issues: Stewards are often involved with the identification, prioritization, and resolution of data related issues or in facilitating the process of resolution.
• Executing operational data governance activities: Stewards are responsible for ensuring that data governance policies and initiatives are adhered to, from day to day and from one project to the next. They should influence decisions to ensure that data is managed in ways that support the overall goals of the organization.

Launching data governance

Data governance enables shared responsibility for data-related decisions. Data governance activities cross organizational and system boundaries in support of an integrated view of data. Successful data governance requires a clear understanding of what is being governed and who is being governed, as well as who is governing.

Regardless of how they are organized, the data governance teams perform similar activities. Before a program is set up, the data governance team needs to understand the current state of the organization’s strategy, culture, and specific data challenges. The goal of this assessment is to define what data governance means to the organization and establish a data governance strategy.

Initial assessments are likely to include:

• Data Management Maturity Assessment: Determine how well the company uses people, processes, and technology to manage and get value from its data. This assessment can help determine levels of formal and informal stewardship, existing standards, etc. and identify opportunities for improvement.
• Assessment of capacity to change: Determine the capacity of the organization required to adopt behaviors required for successful data governance. Identify potential obstacles to a governance program.
• Collaborative readiness: Characterize the organization’s ability to collaborate across functions to steward and make consistent, holistic decisions about data.
• Business alignment: Assess how well the organization aligns its uses and management of data with business strategy. Identify critical organizational touch points for the data governance organization (e.g., procurement, budget/funding, regulatory compliance, SDLC standards).
• Data quality assessment: Identify critical data and existing data pain points in order to provide insight into existing issues and risks associated with data and business processes.
• Regulatory compliance assessment: Understand the relation of data risks to compliance requirements and how these are currently managed. Identify controls and monitoring that could improve the organization’s ability to comply with regulations.

Initial assessments contribute to the business case for data governance. The maturity, data quality, and compliance assessments should identify concrete starting points for improvement, but the overall approach should be driven by a strategy that defines the scope and approach to data governance efforts in relation to business goals. The strategy should be defined through:

• A charter that defines goals and principles
• An operational framework with accountabilities
• An implementation roadmap and plan for operational success that describes:
  • The target state of data governance activities and how they will be embedded in standard business and IT processes
  • The initial set of initiatives to improve data management capabilities and data quality
  • The enterprise-wide benefits expected from the work
  • Metrics to demonstrate the benefits

Once the strategy is defined and the team begins work, they will execute the strategy by:

• Defining policies
• Underwriting data improvement projects
• Engaging with change management to educate staff and drive the adoption of desired behaviors
• Managing issues and conflicts that may arise during the process of implementation

Sustainable data governance

As described in the chapter introduction, the data governance function guides data management by establishing policies and best practices for managing data assets and by providing ongoing oversight of their implementation. Because these practices must be carried out by other areas, data governance principles must be embedded in data management lifecycle and foundational activities.

A successful data governance program will:

• Establish a strategy that aligns with and supports business strategy
• Define and enforce policies that define behaviors based on data management principles
• Set standards for data quality
• Provide stewardship of critical data
• Ensure the organization complies with data related regulations
• Manage issues related to aspects of data and governance itself

A successful DG program will also move the organization up the data management maturity curve by

• Sponsoring data management projects
• Standardizing data asset valuation
• Engaging in ongoing communication about the behaviors needed to get value from data

The Chief Data Officer

Most companies recognize at some level that data is a valuable corporate asset. In the last decade, some have appointed Chief Data Officers (CDO) to help bridge the gap between technology and business and evangelize an enterprise-wide data management strategy at a senior level. This role is on the rise. Forbes magazine reported in January 2018 that more than 60% of fortune 1000 firms have a CDO.23

While the requirements and functions of a CDO are specific to each company’s culture, organizational structure, and business needs, many CDOs act as a combination of business strategist, adviser, data quality steward, and all-around data management ambassador.

In 2014, Dataversity published research outlining common mandates for a CDO.24 These included:

• Establishing an organizational data strategy
• Aligning data-centric requirements with available IT and business resources
• Establishing data governance standards, policies and procedures
• Providing advice (and perhaps services) to the business for data-dependent initiatives, such as business analytics, Big Data, data quality, and data technologies
• Evangelizing the importance of good information management principles to internal and external business stakeholders
• Providing oversight of data usage in analytics and business intelligence

Regardless of industry, it is common for a data management organization to report up through the CDO. In a more decentralized operating model, the CDO is responsible for the data strategy, but resources that are in IT, operations, or other lines of business execute that strategy. Some DMOs are established initially with the CDO just determining the strategy, and over time other aspects of data management, governance, and analytics are folded under the CDO umbrella as efficiencies and economies of scale are identified.

Data governance and leadership commitment

More than any other aspect of data management, data governance requires leadership commitment and executive sponsorship. There are many potential obstacles to success. Governance focuses on getting people to behave differently toward data. Changing behaviors is challenging, especially for enterprise-wide initiatives. And governance of any kind can be perceived as an imposition, rather than as a means of improving processes and enabling success. But, if you educate yourself on the ways in which data supports your business strategy, you will quickly see and endorse the benefits of data governance:

• Making decisions about data in the context of overall business strategy makes more sense than making these decisions on a project-by-project basis
• Codifying expected behavior toward data in governance policies sets clear guidelines for employees and other stakeholders
• Defining data once and defining it consistently saves time, effort, and organizational churn
• Establishing and enforcing data standards is an efficient means of defining and then improving the quality of the organization’s most critical data
• Reducing risks related to data privacy helps prevent data breaches and is good for an organization’s reputation and bottom line

What you need to know

• Data governance is an ongoing program that provides oversight for all other data management functions, by articulating strategy, establishing frameworks, setting policy, and enabling data usage across verticals.
• Data governance is not an end in itself. It is a means to achieve business goals.
• How the data governance function is organized depends on the goals of the data governance program and culture of the organization.
• DG helps organizations meet the challenges of data management by aligning activities and behaviors with principles of data management, along with guiding principles established to support an organization’s business strategy.
• Data governance requires leadership commitment. That commitment will also enable other functions in data management functions to be more successful.