E-Book
The secrets of highly effective data
governance programs
Good data governance is a key to ensuring that data is accurate and
consistent across an enterprise and that internal standards for
accessing, using and securing data are followed. But many IT
professionals and business managers still don’t fully understand what
data governance is or how to set up a successful data governance
program. This eBook will provide an explanation of data governance
concepts and techniques as well as expert advice on how to develop an
effective governance plan.
Sponsored By:
SearchDataManagement.com E-Book
The secrets to highly effective data governance programs
Sponsored By: Page 2 of 21
E-Book
The secrets to highly effective data
governance programs
Table of Contents
Building a data governance framework: governance processes and issues
Data governance best practices: setting up a governance program
Common challenges in creating a data governance model and program
Data governance roles and responsibilities call for diverse skill sets
Resources from Pitney Bowes Business Insight
SearchDataManagement.com E-Book
The secrets to highly effective data governance programs
Sponsored By: Page 3 of 21
Building a data governance framework: governance processes and issues
By Gwen Thomas, SearchDataManagement.com Contributor
The ultimate goal of all data governance programs is the same: ensuring that your data
conforms to user and organizational expectations.
Such data exists when it’s needed, can be accessed by those who need it and means what
users think it means. Properly governed data also can be combined with other pieces of
information to build useful data sets or filtered and sorted to meet the information needs of
individual users. In addition, it conforms to data quality and other fit-for-use criteria, and it
has been protected – as best is possible – from misuse and the introduction of data errors.
A host of information management functions and roles are in place to manage data based
on those expectations as it works its way through internal systems and business processes
and is used in new IT projects. Along the way, hundreds of points of risk occur: conditions
that could result in one or more of the expectations not being met for one or more users of
the data.
Where every point of risk exists, someone has (hopefully!) made a decision about how best
to manage the risk. A control has been specified and implemented according to a policy,
standard, rule or guideline. The data has thus been governed. Sets of coordinated activities
and controls that lead to routinely governed data comprise what the Data Governance
Institute calls "little g governance."
Whether you know it or not, a "little g" data governance framework is already present in
your organization; it has to be. Controls necessarily have been embedded in your systems,
business processes, operating procedures, data stores and data flows. When these data
controls are operating efficiently and effectively – and when their underlying objectives align
with the user's objectives – "little g governance" tends to be invisible to much of the
business.
SearchDataManagement.com E-Book
The secrets to highly effective data governance programs
Sponsored By: Page 4 of 21
Of course, sometimes a "little g governance" control point becomes visible to users. In
many cases, they appreciate the fact that it is keeping them from making a data-related
mistake or introducing a data error. An example is when an application control prevents
users from entering text characters in a field where numbers are expected. Sometimes
controls are irritatingly visible but still clearly valuable, such as requirements to enter
passwords or to click "OK" as a confirmation before taking an action on data.
What a formal data governance framework is designed to address
But sometimes "little g governance" controls become irritating to the point where it's not OK
with users. They can't get what they want: they don't have permission to access the data
they need, or a data field that they’d prefer not to fill out is required, or the daily data they
want to see has instead been aggregated into monthly totals. At that point, users of
information might start to question specific controls and disagree with the policies behind
them – or at least ask for the controls to be refined and better aligned with their needs.
They also might ask who made the decisions that led to the controls being implemented and
how they can change those decisions.
"Big G Governance" is designed to address these issues. It enables and informs "little g
governance" operational data controls in the following areas:
How business objectives and data-control objectives are aligned and prioritized.
How the control objectives are translated into policies and standards.
How high-level policies are then translated into more detailed data governance rules.
Which data stakeholders' perspectives are considered during those processes.
How “decision rights” are allocated among participants (i.e., the process for making
decisions).
How accountability is set for putting data controls into effect.
How data-control issues and exceptions are addressed.
When organizations say that they’re implementing a data governance framework and
governance processes, they usually mean that they’re formalizing the rules of engagement
for addressing those "Big G" activities.
SearchDataManagement.com E-Book
The secrets to highly effective data governance programs
Sponsored By: Page 5 of 21
So what do data governance programs look like?
Interestingly, "little g governance" – which is dispersed across an organization's business,
information management and IT operations – tends to look much the same in every
organization. Invoking "little g governance" follows a typical pattern:
1. A data risk is identified.
2. A manager, team or subject-matter expert makes a decision on how to manage the
risk, based on pre-defined empowerment levels. The decision maker is expected to
specify a data control that meets the needs of stakeholders while conforming to the
data architecture, standards and accepted best practices of the specific operating
unit and the enterprise as a whole.
3. Once a decision is made, an operational team develops, implements, manages and
monitors the new control.
Ideally, these "little g governance" activities become embedded in routine data
management activities. In contrast, "Big G Governance" models and processes tend to be
different in every organization. Yes, they all exist to create data governance policies that
can be translated into operational rules and specific data controls. Yes, they all address
similar gaps in an organization's ability to crystallize data problems, activate problem-
solving efforts and engage the appropriate executives in supporting data governance and
setting governance policies, and then to communicate the policies to all employees and
monitor and enforce compliance with them.
Designing a “Big G” data governance framework: questions to consider
But what makes every “Big G” data governance framework unique is a combination of three
factors:
The problem (or problems) resulting from inadequate data governance. Is it poor
data quality? A lack of access to required information? Reference data that hasn’t been
standardized? Data integration challenges? Non-compliance with regulatory or data privacy
requirements? Or a combination of the above?
SearchDataManagement.com E-Book
The secrets to highly effective data governance programs
Sponsored By: Page 6 of 21
The types of gaps or weaknesses in the existing data management and
governance processes. Is there a “tone-from-the-top” gap that discourages compliance
with data governance policies and rules by business units and employees? Are potential
decision makers not ready, willing or able to work together? Do current management
practices encourage private deals on data governance between different stakeholder groups
instead of open, transparent negotiations?
The state of the existing information environment. Are data governance problems
centralized or dispersed? Is the challenge in analyzing the potential impact of data
governance policies, developing operational rules and definitions or enforcing compliance?
How many workers will be affected in business functions, information management teams
and technology groups?
The Data Governance Institute recognizes six very different focus areas for data governance
programs:
Policy, standards and strategy
Data quality
Data privacy, compliance and security
Architectural integration and analysis
Data warehousing and business intelligence
Management alignment
Most organizations design a data governance framework that concentrates on the focus area
most important to them, while also supporting other concerns. The result usually is a data
governance program with bottom and top layers that look much like those of every other
program but a middle layer that is unique to the individual organization.
That in-between layer is where things get interesting. Many activities take place there:
administration, analysis, decision making, policy and expectation setting, and lots of
communication. The most common organizational model is a data governance office
combined with a data governance council or a roundtable of data stewards. But that basic
pattern can have numerous variations. And the mix of roles, responsibilities and capabilities
that an organization puts in place will ultimately make the difference between effective and
SearchDataManagement.com E-Book
The secrets to highly effective data governance programs
Sponsored By: Page 7 of 21
ineffective translation of high-level data governance policy into operational rules and
controls.
About the author: Gwen Thomas is the president and founder of the Data Governance
Institute, which offers consulting and training services in the areas of data governance and
data stewardship as well as a variety of information resources on those topics. As a
consultant, Thomas has helped companies such as American Express, Sallie Mae, Wachovia
Bank and Disney to build or upgrade their data governance and stewardship programs. She
also is a frequent speaker at industry events, a regular contributor to IT and business
publications, and the author of the book Alpha Males and Data Disasters: The Case for Data
Governance.
SearchDataManagement.com E-Book
The secrets to highly effective data governance programs
Sponsored By: Page 8 of 21
Data governance best practices: setting up a governance program
By Gwen Thomas, SearchDataManagement.com Contributor
The most common organizational model for data governance programs includes three
layers. At the top is a group of executives who typically are three to five levels above the
points where operational data controls need to be implemented; they prioritize data
governance efforts and provide “tone-from-the-top” guidance and support, and they may
resolve issues that are escalated up the chain of command.
The middle layer usually includes at least two groups: one to set and administer high-level
data governance policies, and another to decide how to translate those policies into specific
rules and controls. The people in these groups are likely to be one to three levels above the
workers who will be acting on their decisions.
That third layer identifies potential points of risk for data in operational processes, systems
and data flows and then embeds data controls based on the decisions made higher up the
chain.
The activities of the top two layers constitute what the Data Governance Institute calls "Big
G Governance," while the work done by the operational layer constitutes "little g
governance." The latter is essentially a science, but designing an effective "Big G" program
is more like an art. The people tasked with structuring such a program must balance many
organizational, cultural and environmental factors to develop a set of roles, responsibilities
and procedures that can effectively address the organization's needs and will be acceptable
within the existing data management and governance ecosystem.
That starts with the work required to facilitate the decision-making process and ensure that
data governance best practices are followed. It might be possible to give the responsibility
for tasks such as identifying affected stakeholders, gathering information, scheduling and
running meetings, and drafting policies and recommendations to existing groups or data
governance participants themselves.
SearchDataManagement.com E-Book
The secrets to highly effective data governance programs
Sponsored By: Page 9 of 21
Some organizations, though, decide to set up a data governance office to manage those
activities. That creates additional choices: the data governance office could be an actual or
virtual group, and the number of workers assigned to it and their roles will depend on the
type and amount of work to be done.
Even more choices follow. Consider these very different data-related problems and the
corresponding data governance organizational models that were used to address them:
Problem #1: Access management disputes need to be resolved.
Business users can't get permission to access the information they need, even though an
access management program is in place. Why? There's no mechanism for resolving the
competing concerns of "maintaining confidentiality" and "using information." In addition,
there's no official process for appealing a denial of access.
Adopted action plan:
A task force will be formed to collect high-level policies, guidance and requirements
from legal, compliance, contracting and other relevant departments. This effort is
sponsored by business executives, and a leadership group will be designated to
resolve escalated issues.
A data governance council with representatives from affected operations will
translate the requirements into rules that can be embedded in access management
processes. In addition, an administrative group will facilitate the ongoing work,
manage meetings, document the rules and act as a liaison with system access
managers.
Controls based on the new rules will be embedded within access management
processes, and compliance expectations will be communicated to business users.
Problem #2: Business intelligence (BI) data needs to be better cleansed.
Senior management is concerned about the quality of the data in the company’s data
warehouse. It tasks the data warehouse management team with cleansing the data and
implementing controls to keep dirty data from entering the warehouse.
SearchDataManagement.com E-Book
The secrets to highly effective data governance programs
Sponsored By: Page 10 of 21
Adopted action plan:
The top layer is already taken care of, as support among senior executives for
improving the quality of the data is strong.
A data governance office that has been set up negotiates rules of engagement. For
example, a data quality team will do the data cleansing and work with a data
governance team to identify the types of data problems that are present and controls
that could detect, correct and prevent them. Those two teams will also work with
management to designate responsibilities for implementing the new controls and
addressing future data quality issues.
Some of the IT workers involved in the process of feeding information into the data
warehouse will receive formal data stewardship assignments, making them
accountable for alerting the middle-layer groups to any issues and participating in
workshops to review and refine the data controls.
Problem #3: Data integration puzzles need to be solved.
An organization typically encounters delays on systems integration and BI projects because
the data in one system can’t easily be integrated with data in other systems.
Adopted action plan:
Senior management calls for a “data roundtable” charged with solving data-related
problems that have a significant impact on multiple systems or business processes.
It allocates funding and sets expectations for IT and business-unit management to
provide resources with appropriate skills, knowledge and power to be part of the
roundtable group.
The roundtable participants will meet on a regular basis to address the problems,
with support from a data governance office. Once decisions are made, workers from
the data governance office will communicate them to data stakeholders and end
users.
SearchDataManagement.com E-Book
The secrets to highly effective data governance programs
Sponsored By: Page 11 of 21
"Little g governance" resources may be called upon to provide input to the data
governance office and the data roundtable group, and then will take part in
implementing the fixes and data controls.
As you can see, these three situations called for significantly different flavors of data
governance. None of them followed a cookie-cutter approach, although they all resulted in a
data governance framework that addressed both "Big G" and "little g" data governance roles
and responsibilities in three interlocking layers.
To help you figure out what model to follow in your organization, the Data Governance
Institute recommends the following 10-step process:
1. Start with the end in mind. Ask and answer this question: what data problems need
to be removed or reduced, and why? Be specific about the business objectives and
compliance/control objectives that are being negatively affected by the problems.
2. Identify stakeholders and potential value propositions for achieving the desired
result. What is it worth to Group A to solve the data problems? What is it worth to
Group B? To Group C?
3. Establish a clear vision, succinct value statements and rallying cries for establishing
proper data governance processes.
4. Identify what it will take to satisfy your key stakeholders. Will they respond to
anecdotal evidence of results? Testimonials? Facts? Dollars?
5. Document examples of "little g governance" objectives and the work that needs to
be done to meet them.
6. Develop a list of "Big G Governance" activities that will be required to remove the
obstacles to the "little g" work.
7. Determine whether your data governance efforts will be one-time, as needed or
ongoing.
8. Distinguish between proactive or reactive governance activities and their potential
impact on different stakeholder groups.
SearchDataManagement.com E-Book
The secrets to highly effective data governance programs
Sponsored By: Page 12 of 21
9. Identify other governance and management groups that will need to be involved in
the decision-making process.
10. Gain an understanding of the maturity and complexity of the business process,
information management and IT environments that will be included in the data
governance initiative.
If you follow these steps, it should be clear what needs to be done, what you already have
to work with and what resources you might need to add. You’ll be well on your way to
designing a data governance program that can be successful in your unique organizational
culture.
SearchDataManagement.com E-Book
The secrets to highly effective data governance programs
Sponsored By: Page 13 of 21
Common challenges in creating a data governance model and program
By Gwen Thomas, SearchDataManagement.com Contributor
The most common hurdle that IT and data management professionals within organizations
face when trying to implement a new data governance program or expand an existing one is
management indecision about whether to take action on the request for approval and
funding.
That indecision is usually based upon a correctable situation: The program's proponents
aren’t being clear about what they're proposing. In many cases, they don't distinguish
between "little g governance" – policies and controls that are embedded in processes,
systems, data stores and data flows to ensure that data meets user expectations – and "Big
G Governance" – the highly political negotiations, decision making and policy setting that
informs and supports "little g” data governance.
It's rare for senior executives to argue against routine, low-level, nonthreatening changes to
how data is managed and governed. But "Big G" activities by their very nature are a threat
to the decision-making status quo. Most corporate leaders won’t support that level of
change without fully understanding its potential impact on an organization.
Another obstacle to adopting a data governance strategy and starting a governance
program comes in the form of potentially valid reasons to not modify current information
management practices: "That data is subject to Sarbanes-Oxley controls!" "Only the chief
privacy officer can make that change!" "We can't move forward until the project
management office agrees!"
Such objections may require you to re-examine your proposed data governance model. For
example, if your organization’s Sarbanes-Oxley control environment includes a piece of the
data architecture that you're considering for new "little g governance" controls, you can't
move forward unless it's done via an aligned effort with the individuals or group responsible
for Sarbanes-Oxley compliance.
SearchDataManagement.com E-Book
The secrets to highly effective data governance programs
Sponsored By: Page 14 of 21
On the other hand, chief privacy officers tend to specify high-level data control objectives.
Usually, they're OK with operational controls designed by others, as long as the controls
map to the appropriate objectives. However, you may need to amend your proposed rules
of engagement so no "Big G Governance" decisions that affect data privacy processes can
be made without the CPO’s approval.
When the data governance model works – then doesn’t
Some data governance programs are approved and get off to a successful start but then
dwindle over time. It's very common, for example, for a “data roundtable,” or data
governance council, to begin its work by addressing high-profile data problems and issues
that are of great interest to the members. They attend meetings enthusiastically, knowing
they're making a difference – one that comes with bragging rights they can exercise with
their business peers, constituents and superiors.
But as time goes on, the problems put before the data governance council may become
more routine, and some of the members may start to feel that they could be delegating the
work or attending fewer meetings. They still support the data governance strategy and
program in principle but are personally less engaged in the governance process.
That might be a problem of perception – for example, if the staff of a data governance office
isn’t presenting the data problems and governance issues in a way that highlights the value
of addressing them and provides a clear win for the roundtable participants. Or it might be
time to evolve your data governance framework and organizational model now that the
governance processes have become more mature and entrenched. Perhaps some issues
could be addressed by working groups, and the data governance council could be approvers
in those cases instead of frontline deciders.
Of course, that can lead to a different kind of problem, in which the people asked to make
data governance decisions aren't up to the job. Maybe they don't have the required
background, knowledge or insight to successfully carry out their assigned data governance
roles and responsibilities. As a result, their decisions and judgment may be challenged, to
the detriment of the data governance program (and potentially their own careers).
SearchDataManagement.com E-Book
The secrets to highly effective data governance programs
Sponsored By: Page 15 of 21
Other times, the members of a data governance council or working group are ready, willing
and able to participate, but they aren’t empowered to make decisions. Instead, each
meeting ends with one or more participants having to check in with a superior for guidance.
Decisions take so long to make that corporate management loses faith in the data
governance model and process.
Perhaps the most dangerous situations are those in which the data governance program
manager or workers in a data governance office don't fully understand the organization's
political and management culture. For example, they might not know the answer to basic
questions such as, "Can this data problem be introduced for the first time to a data
roundtable in a conference room, or will the members require individual briefings and time
to consider their stakeholders' positions and needs?"
A data governance model with too little support?
Another obstacle to success typically presents itself after the data governance program is in
motion. All of the conditions appear to be right: You have clear and well-documented data
problems to address. You have appropriate “tone-from-the-top” support from senior
management. You have middle-layer decision makers with the knowledge, skills and power
to make "Big G Governance" decisions. It’s understood where the data governance points of
contact will be within your organization’s business, information management and IT
operations, as well as the data privacy office and other decision-making groups. And you
have a single data governance manager with no support staff.
The problem is that all of the various resources want to get involved in making data
governance policy decisions, aligning the policies with organizational objectives and
translating policies into operational data controls. They want to attack big problems and
little problems, new problems and persistent problems. They want to make a difference –
which is good, right?
But they've never worked together in this way, and they're expecting the data governance
manager to show them how to do that. They also want this one person to provide
“concierge support” to a host of participants at different levels; to take the lead in
identifying data problems, developing recommendations and finding the resources required
SearchDataManagement.com E-Book
The secrets to highly effective data governance programs
Sponsored By: Page 16 of 21
to implement fixes; to put in place and execute an internal communications plan; and on
and on.
Clearly, this could be too much work for a single person. If so, the data governance
program might collapse under the weight of its own aspirations – and the lone manager
might collapse from overwork. The solution to this problem is obvious: Corporate
executives approving a data governance plan must be realistic in their expectations, support
and funding.
For organizations that are looking to address a broad set of data-related problems and
issues, successfully designing a data governance model and program will require sufficient
resources – perhaps including a full-fledged data governance office – to address all of the
"soft work" involved in managing the process. Senior management must recognize that
need and not depend on heroic efforts.
SearchDataManagement.com E-Book
The secrets to highly effective data governance programs
Sponsored By: Page 17 of 21
Data governance roles and responsibilities call for diverse skill sets
By Gwen Thomas, SearchDataManagement.com Contributor
Data governance is rarely only a "spot solution" imposed upon specific data control points
within an organization. When people say they’re embarking on a data governance strategy
and program, they typically mean that they intend to improve existing operational controls
embedded in systems across the enterprise while simultaneously implementing high-level
data governance policies.
These two sets of activities – “little g governance” on the one hand, “Big G Governance” on
the other – require very different skill sets, organizational knowledge and levels of
authority. That’s because data governance roles and responsibilities are also very different:
The people involved in "Big G" efforts set governance policies and translate them into
objectives and rules of engagement for "little g" teams to follow as they build, manage and
monitor individual data controls.
"Big G" participants must have excellent analytical and communication skills. They must
have the organizational power to negotiate on behalf of the departments or business units
they represent. They must have the respect, support and trust of their constituents – the
users in those operations.
Not all contributors to a "Big G" initiative need to be data experts, but they do have to be
able to understand the root causes of data errors and issues. They also need to know – or
be able to learn – basic concepts about how data flows through systems and business
processes. And they must be able to express the data governance needs, requirements,
priorities and constraints of their stakeholder units.
If decisions or recommendations made by a data governance council or other type of “Big
G” group will have a significant impact on operations within an organization, the data
governance program also requires resources who can work with affected business managers
to explain governance policies and their rationale, set expectations for compliance, detail
SearchDataManagement.com E-Book
The secrets to highly effective data governance programs
Sponsored By: Page 18 of 21
the process for escalating and resolving issues, and monitor the status of data controls
based on the policies.
Different options on key data governance roles and responsibilities
Sometimes those activities are performed by the members of a data governance council,
data roundtable or data stewardship committee. In other cases, the outreach duties will be
a function of a formal data governance office staffed by workers responsible for
implementing an aligned approach to governance logistics, administration and
communications.
Often, however, other groups that can be leveraged for such "soft skills" work already exist.
For example, perhaps an organizational change management group can help with the
internal changes that come with a data governance program. In addition, many CIOs have
created a communications arm within IT that can be invoked to support the data
governance office.
The work that goes into "little g governance" tends to be more routine, and more hands-on.
It depends on specific skills for designing, analyzing, maintaining and monitoring the data
controls that have been inserted into systems, applications, data stores and data flows.
Those duties might be labeled data stewardship instead of data governance; either way,
they involve executing everyday activities in a way that enforces data-related policies.
But what happens when data governance issues bubble up through the layers of operations?
Who documents, addresses or escalates them? In some organizations, that is a function of
the management structure: Issues and concerns flow up the corporate hierarchy until they
reach the appropriate level to be addressed or are handed off to a data governance council
or equivalent group.
However, other companies find that approach to be ineffective or inefficient. Instead, they
create layers of data stewards – workers who have other jobs but also defined data
stewardship responsibilities. Typically, they’re organized into groups, teams or hierarchies
focused on specific information issues. The rationale for this approach is that the potential
SearchDataManagement.com E-Book
The secrets to highly effective data governance programs
Sponsored By: Page 19 of 21
for bureaucratic overhead is far outweighed by the advantages of focused attention, clear
paths of communication and the deepening knowledge of participants.
Such data stewardship hierarchies can include high-level roles with titles such as "lead
steward" or "enterprise steward." The people filling those roles might also serve on data
governance councils or other "Big G" groups, effectively tying together all of the various
strands of data governance and data stewardship. But those are complex models that you
might not want to implement.
Setting data governance roles and responsibilities: question and answer time
So, what kind of resources will you need for your data governance program? And what skills
and knowledge will they need to make the program successful? The answers, of course,
depend on the data governance model you adopt and the type of data governance
framework you implement.
The decision about which model is right for you depends on what your organization wants to
achieve through data governance and how much it's willing to put into reaching those
objectives. Indeed, that question needs to be asked before a data governance program is
designed or staffed, and every time a new governance project, task or challenge is taken
on.
The ability to ask the question, get an answer from senior management and validate it with
business stakeholders is probably the most important skill that a data governance manager
can have. Next is the ability to recognize political danger in the answers (or non-answers)
you receive. The ability to learn how to respond to such dangers is also critical to the long-
term survival of a data governance program.
As a result, choosing the right data governance manager or managers is potentially the
most important decision that can be made when a governance program is being designed.
The temptation is to pick someone who is deeply knowledgeable about information
management practices and can work well with the organization's operational layer.
SearchDataManagement.com E-Book
The secrets to highly effective data governance programs
Sponsored By: Page 20 of 21
However, "Big G Governance" programs require leaders who can manage out and up as well
as down. Your data governance management team must be skilled in activities such as
securing access to required resources and bringing participants to the point where
organizational alignment on data governance policies and procedures is possible. They must
be trusted diplomats with the confidence, communication skills and organizational power to
do what needs to be done to make your data governance program a success.
SearchDataManagement.com E-Book
The secrets to highly effective data governance programs
Sponsored By: Page 21 of 21
Resources from Pitney Bowes Business Insight
Considering a Services Approach for Data Quality
Data Warehousing The Keys for a Successful Implementation
Data Quality Considerations in Master Data Management Structure
About Pitney Bowes Business Insight
Pitney Bowes Business Insight helps corporations and government agencies to acquire,
serve and grow customer/citizen relationships. Our software and services create business
value for our customers by making it easier for them to engage with and provide services to
their customers more effectively and efficiently.