Implementing Effective Data Governance
Implementing Effective Data Governance
Implementing Effective Data Governance
In the third of our series of data management blogs, we look at data governance. The first blog described the symptoms of poor data management, the second looked at metadata tooling. Here, we bring the themes together.
Data governance done badly can be expensive, time consuming, and can easily lead to fruitless bureaucracy. However, without it, the enterprise can be exposed to unreliable data quality, poorly understood data in divergent architectures, unpredictable impacts from IT change, and poor adherence to information security and regulatory obligations.
Whether you are just embarking on the data governance journey or adjusting your current direction, we recommend making a clear statement of what you expect your governance to deliver for the firm and keeping sight of that during the journey. Our view of its function and benefit is described below.
What is the objective of data governance?
Enterprise data is an asset, and it needs to be governed well so that it is:
- Usable: data must be accessible to users, and available through tools the business can use to solve problems
- Understood: knowing the source, meaning, lineage, lifecycle and purpose of your data is critical to appropriate usage and to developing quality insights
- Reliable: timely, correct and complete data, which is fit for purpose
- Secure: technical and procedural controls which prevent data leakage through carelessness or malicious intent
- Compliant: e.g. with external regulation, privacy laws, internal policies, etc.
Data governance ensures continuous attention to and management of these facets over time. Each facet can be improved in isolation, but it can only retain the appropriate standard and deliver value if effective and efficient processes, policies, oversight, measures and controls are in place.
How is effective data governance implemented?
Modern data governance considers data to be an enterprise-wide shared asset and introduces management principles and processes around it. Typically, this requires the creation of some new roles and forums, including: a Data Officer, Data Owners, a Data Governance Committee, a Data Management Office and Data Architects.
The key is that data governance structure is data-centric, permanent, and is led by the business. Data is owned and generated by the business. Clearly, IT has a huge part to play in providing custody of key business data through the lifecycle, and will also generate data in its own right through systems processing, monitoring, logs, cost recovery data, etc.
This structure oversees the critical elements of the data governance framework.
Data Strategy: This is the long-term playbook for the governance process. It includes the firm’s vision for data, the Governance Operating Model, and the data architecture roadmap.
The operating model needs to establish clear data ownership across the enterprise, the forums to enforce governance policy, data processes, and clarity on the roles and responsibilities for data across the organisation. Citihub have developed a standardised data governance operating model to assist with this, if needed.
Change Management: This manages compliance with the data strategy. It includes monitoring progress towards the target data architecture and policing the adoption and implementation of data management standards (eg adherence to an enterprise data model, or mandatory messaging formats, etc). The change management function must integrate with the existing change lifecycle and data lifecycle management (DLM) controls.
MetaData Management: This is a key enabler of effective data governance. Metadata supports:
- Usability by supporting discovery of datasets within the firm (you cannot access data if you don’t know it exists).
- Understanding through documenting data definitions, relationships and sources providing contextual attributes allowing datasets to be usable and relatable across different enterprise processes.
- Security through correct categorisation, mapping data distribution and access, etc.
- Compliance which requires metadata to know which policies should apply, and what systems are in scope.
Data Quality: Data quality is often misunderstood in the context and role of data governance. Whilst the activities of data quality management are federated across data owners, activities driven by data governance include stipulating the inclusion of quality metrics in business dashboards, setting and monitoring quality targets, and achieving data quality standards during system testing and continuous improvement. A long-term, iterative focus on quality will be necessary to improve quality over time.
Information Security: This is an area of data governance that most firms have a good handle on, albeit from a systems rather than data-centric perspective. For example, access rights are typically granted at a systems level, but this does not align with data as an enterprise shared asset. Often, data is treated with the same ‘least privilege’ access approach, making it difficult for data to be utilised effectively in the enterprise. There is an emerging view that entitlements should be managed in a data-centric and functional way and technology is emerging to make this feasible.
Policies and Procedures: These need to be fit for purpose and understood by the actors in the governance process (the Data Officer, the Data Architects, the Data Owners, etc). Note that policies do not change data – processes do. So the data governance function must identify the processes which are expected to manage each facet of the data, and must scrutinise the execution/result of the process to ensure it is delivering what was expected (quality metrics are an example of this).
But hang on… data has traditionally been managed through IT/Business projects – why change that approach? Why centralise data management operations?
Firms are recognising that much of the data they generate should be treated as an enterprise-wide asset. Core reference data such as products and customers clearly is but, for example, transactional, financial, and risk data also have uses across the enterprise with every consumer invested in the usability and reliability of the sources. Just as financial assets, human resources or IT Infrastructure requires a centralised department for effective management, shared data assets also benefit from a central focus ensuring a holistic view of data quality, flows, compliance, security and usage.
Furthermore, we increasingly see regulators insisting that firms have a clear understanding of their data and the inputs into decisions that are taken, and that appropriate controls to maintain that data are in place. In response, many firms are centralising responsibility for meeting these obligations and also looking to improve the intrinsic and utilitarian value of their enterprise data across other functions such as Sourcing, Supply Chain Management, Cost Transparency, Spend Management, Vulnerability Management, Cybersecurity, and Business Continuity.
Modern data governance teams are data-centric, not project or system aligned, and their role is to support proper development, control, and improve overall value of the firm’s data assets.
How can Citihub Help?
Citihub have experience of implementing effective and practical data governance from the ground up.
If you already have data governance in place but are uncertain of the efficiency or benefit, we can assess the effectiveness of your existing solution. Our maturity model assessment will establish and measure coverage of the key elements, and our practical know-how will assess the effectiveness of existing processes and operating models to realise your policy objectives.
If you have not yet started the journey, we can lead your organisation through the adoption process, shaping and guiding the creation of the operating model including establishing data ownership and establishing oversight forums, and design an implementation to work alongside your existing organisational processes.
We have experience and partnerships with some of the leading data governance tools. We can work with you to capture the key metadata (i.e. glossary, lineage, etc) and implement appropriate data controls, documentation, workflows, and mapping to regulation and policy.
Above all, we believe data governance has to be practical and effective and must deliver real benefit to an organisation.
Whether you are just embarking on the data governance journey or adjusting your current direction, we recommend making a clear statement of what you expect your governance to deliver for the firm and keeping sight of that during the journey.
Essential Capabilities for building Defense in Depth for Public and Hybrid Cloud
The explosive increase in Cloud Services consumed across the industry, coupled with a dramatic incre...
FT Names Citihub Digital as one of 2021’s Leading Management Consultants
“We’re thankful to be recognized for the 4th successive year for our leadership in financial ser...
Cyber Resilience is more than Detect and Prevent, it’s also about Respond and Recover
Joining forces with Synechron, our Risk & Cyber Security SMEs Graham Fletcher and Gavin Wilson share...
Digital Transformations in the age of COVID-19
Joining forces with Synechron, our Enterprise Transformation SMEs offer their perspectives on why a ...
Meeting your Data Obligations in the Cloud After Brexit
Joining forces with Synechron, our RegTech SMEs – Bob Mudhar & Anand Chandra - talk about the the ...
How to set up a Test Coverage threshold in Go and Github
Senior Consultant Luis Carrazana enumerates the steps needed to implement a Test Coverage Threshold...
Cyber security and the growth of untrusted infrastructure and hybrid workforces
Joining forces with Synechron, our Dev & Sec SMEs talk about the increasingly important role of clou...
Increasing test coverage without slowing down development
Are you confident about refactoring your legacy project? What are you doing to ensure stability with...
15 Minutes with: Utsav Ratti on Smashing the silos between IT and business teams
Has the pandemic made the divide between IT and business teams worse or has it presented an opportun...