DATA

GOVERNANCE
LEARNING OBJECTIVES

By the end of this chapter, the student should be able to:

1.Introduce and understand Business Drivers & Goals
2.Understand the concept Data Governance
3.Define and understand the Data Stewardship, Data Policies and Data Asset
Valuation
4. Know how to Develop Data Governance Strategy, Develop Organizational Touch
points, and define DG Operating Framework
I. DATA GOVERNANCE
 Data Governance (DG) is defined as the exercise of authority and
control (planning, monitoring, and enforcement) over the management
of data assets.
 All organizations make decisions about data, regardless of whether they
have a formal Data Governance function.
 Those that establish a formal Data Governance program exercise
authority and control with greater intentionality (Seiner, 2014).
 Such organizations are better able to increase the value they get from their data
assets.
I. DATA GOVERNANCE

 The Data Governance function guides all other data management functions. The
purpose of Data Governance is to ensure that data is managed properly,
according to policies and best practices (Ladley, 2012).
 While the driver of data management overall is to ensure an organization gets
value out of its data, Data Governance focuses on how decisions are made about
data and how people and processes are expected to behave in relation to data.
The scope and focus of a particular data governance program will depend on
organizational needs, but most programs include:
I. DATA GOVERNANCE
 Strategy: Defining, communicating, and driving execution of Data Strategy and Data Governance
Strategy
 Policy: Setting and enforcing policies related to data and Metadata management, access, usage,
security, and quality
 Standards and quality: Setting and enforcing Data Quality and Data Architecture standards
 Oversight: Providing hands-on observation, audit, and correction in key areas of quality, policy, and
data management (often referred to as stewardship)
 Compliance: Ensuring the organization can meet data-related regulatory compliance requirements
 Issue management: Identifying, defining, escalating, and resolving issues related to data security, data
access, data quality, regulatory compliance, data ownership, policy, standards, terminology, or data
governance procedures
 Data management projects: Sponsoring efforts to improve data management practices
 Data asset valuation: Setting standards and processes to consistently define the business value of
data assets
1.1 BUSINESS DRIVERS

Reducing Risk
 General risk management: Oversight of the risks data poses to
finances or reputation, including response to legal (E-Discovery) and
regulatory issues.
 Data security: Protection of data assets through controls for the
availability, usability, integrity, consistency, auditability and security of
data.
 Privacy: Control of private confidential Personal Identifying Information
(PII)
1.1 BUSINESS DRIVERS
Improving Processes
 Regulatory compliance: The ability to respond efficiently and consistently to regulatory
requirements.
 Data quality improvement: The ability to contribute to improved business performance by making
data more reliable.
 Metadata Management: Establishment of a business glossary to define and locate data in the
organization; ensuring the wide range of other Metadata is managed and made available to the
organization.
 Efficiency in development projects: SDLC improvements to address issues and opportunities in
data management across the organization, including management of data-specific technical debt
through governance of the data lifecycle.
 Vendor management: Control of contracts dealing with data, such as cloud storage, external data
purchase, sales of data as a product, and outsourcing data operations.
1.2 GOALS AND PRINCIPLES
 The goal of Data Governance is to enable an organization to manage data as an asset. DG provides the
principles, policy, processes, framework, metrics, and oversight to manage data as an asset and to guide
data management activities at all levels.

Sustainable: The DG program needs to be ‘sticky’. DG is not a project with a defined end; it is an
ongoing process that requires organizational commitment. DG necessitates changes in how data is
managed and used. This does not always mean massive new organizations and upheaval. It does
mean managing change in a way that is sustainable beyond the initial implementation of
any data governance component. Sustainable data governance depends on business leadership,
sponsorship, and ownership.
Embedded: DG is not an add-on process. DG activities need to be incorporated into development
methods for software, use of data for analytics, management of Master Data, and risk
management.
Measured: DG done well has positive financial impact, but demonstrating this impact requires
understanding the starting point and planning for measurable improvement.
1.2 GOALS AND PRINCIPLES
 Implementing a DG program requires commitment to change. The following principles, developed since the
early 2000s, can help set a strong foundation for data governance
Leadership and strategy: Successful Data Governance starts with visionary and committed leadership.
Data management activities are guided by a data strategy that is itself driven by the enterprise
business strategy.
Business-driven: Data Governance is a business program, and, as such, must govern IT decisions
related to data as much as it governs business interaction with data.
Shared responsibility: Across all Data Management Knowledge Areas, data governance is a shared
responsibility between business data stewards and technical data management professionals.
Multi-layered: Data governance occurs at both the enterprise and local levels and often at levels in
between.
Framework-based: Because data governance activities require coordination across functional areas,
the DG program must establish an operating framework that defines accountabilities and interactions.
Principle-based: Guiding principles are the foundation of DG activities, and especially of DG policy.
Often, organizations develop policy without formal principles – they are trying to solve particular
problems. Principles can sometimes be reverse engineered from policy. However, it is best to
articulate a core set of principles and best practices as part of policy work.
1.3 ESSENTIAL CONCEPTS
▪ Just as an auditor controls financial processes but does not actually execute financial
management, data governance ensures data is properly managed without directly executing data
management (see Figure 15). Data governance represents an inherent separation of duty
between oversight and execution.
1.3 ESSENTIAL CONCEPTS
Data-centric Organization
 A data-centric organization values data as an asset and manages data through all phases of
its lifecycle, including project development and ongoing operations. To become data-centric,
an organization must change the way it translates strategy into action. Data is no longer
treated as a byproduct of process and applications. Ensuring data is of high quality is a goal
of business processes. As organizations strive to make decisions based on insights gained
from analytics, effective data management becomes a very high priority.
 While each organization needs to evolve its own principles, those that seek to get more
value from their data are likely to share the following:
 Data should be managed as a corporate asset
 Data management best practices should be incented across the organization
 Enterprise data strategy must be directly aligned with overall business strategy
 Data management processes should be continuously improved
1.3 ESSENTIAL CONCEPTS

Data Governance Organization

▪ The core word in governance is govern. Data governance can be
understood in terms of political governance. It includes legislative-like
functions (defining policies, standards, and the Enterprise Data
Architecture), judicial-like functions (issue management and
escalation), and executive functions (protecting and serving,
administrative responsibilities). To better manage risk, most
organizations adopt are presentative form of data governance, so that
all stakeholders can be heard.
1.3 ESSENTIAL CONCEPTS

Data Governance Operating Model Types

▪ In a centralized model, one Data Governance organization oversees all
activities in all subject areas. In a replicated model, the same DG
operating model and standards are adopted by each business unit. In
a federated model, one Data Governance organization coordinates
with multiple Business Units to maintain consistent definitions and
standards.
1.3 ESSENTIAL CONCEPTS
Data Stewardship
 Data Stewardship is the most common label to describe accountability and responsibility for data and processes
that ensure effective control and use of data assets. Stewardship can be formalized through job titles and
descriptions, or it can be a less formal function driven by people trying to help an organization get value from its
data. Often terms like custodian or trustee are synonyms for those who carry out steward-like functions.
Data stewardship activities will focus on some, if not all, of the following:
• Creating and managing core Metadata: Definition and management of business terminology, valid data values, and
other critical Metadata. Stewards are often responsible for an organization’s Business Glossary, which becomes the
system of record for business terms related to data.
• Documenting rules and standards: Definition/documentation of business rules, data standards, and data quality
rules. Expectations used to define high quality data are often formulated in terms of rules rooted in the business
processes that create or consume data. Stewards help surface these rules in order to ensure that there is consensus
about them within the organization and that they are used consistently.
• Managing data quality issues: Stewards are often involved with the identification and resolution of data related
issues or in facilitating the process of resolution. Executing operational data governance activities: Stewards are
responsible for ensuring that, day-to-day and project-byproject, data governance policies and initiatives are adhered
to. They should influence decisions to ensure that data is managed in ways that support the overall goals of the
organization.
II. ESSENTIAL CONCEPTS
▪ Types of Data Stewards
A steward is a person whose job it is to manage the property of another person. Data Stewards manage data assets on
behalf of others and in the best interests of the organization (McGilvray, 2008). Data Stewards represent the interests
of all stakeholders and must take an enterprise perspective to ensure enterprise data is of high quality and can be used
effectively. Effective Data Stewards are accountable and responsible for data governance activities and have a portion
of their time dedicate to these activities.

• Chief Data Stewards

• Executive Data Stewards
• Enterprise Data Stewards
• Business Data Stewards
• A Data Owner
• Technical Data Stewards
• Coordinating Data Stewards
II. ESSENTIAL CONCEPTS
Data Policies
Data policies are directives that codify principles and management intent into fundamental rules governing
the creation, acquisition, integrity, security, quality, and use of data and information.

Data Asset Valuation

Data asset valuation is the process of understanding and calculating the economic value of data to an
organization. Because data, information, and even Business Intelligence are abstract concepts, people have
difficulty aligning them with economic impact. The key to understanding the value of a non-fungible item (like
data) is understanding how it is used and the value brought by its usage (Redman, 1996). Unlike many other
assets (e.g., money, physical equipment), data sets are not interchangeable (fungible).
II. ESSENTIAL CONCEPTS
Some other ways to measure value include:
Replacement cost: The replacement or recovery cost of data lost in a disaster or data breach, including the
transactions, domains, catalogs, documents and metrics within an organization.
Market value: The value as a business asset at the time of a merger or acquisition.
Identified opportunities: The value of income that can be gained from opportunities identified in the data (in
Business Intelligence), by using the data for transactions, or by selling the data.
Selling data: Some organizations package data as a product or sell insights gained from their data.
Risk cost: A valuation based on potential penalties, remediation costs, and litigation expenses, derived from legal or
regulatory risk from:
 The absence of data that is required to be present.
 The presence of data that should not be present (e.g., unexpected data found during legal discovery; data
that is required to be purged but has not been purged).
 Data that is incorrect, causing damage to customers, company finances, and reputation in addition to the
above costs.
 Reduction in risk and risk cost is offset by the
II. ACTIVITIES
2.1 Define Data Governance for the Organization
Data Governance efforts must support business strategy and goals. An organization’s business strategy and goals
inform both the enterprise data strategy and how data governance and data management activities need to be
operationalized in the organization. Data governance enables shared responsibility for data-related decisions.
Data governance activities cross organizational and system boundaries in support of an integrated view of data.
Successful data governance requires a clear understanding of what is being governed and who is being governed, as
well as who is governing.
II. ACTIVITIES
 2.2 Perform Readiness Assessment
Assessments that describe the current state of an organization’s information management capabilities, maturity, and
effectiveness are crucial to planning a DG program. Because they can be used to measure a program’s effectiveness,
assessments are also valuable in managing and sustaining a DG program.
Typical assessments include:
 Data management maturity: Understand what the organization does with data; measure its current data management
capabilities and capacity. The focus is on the impressions business personnel have about how well the company
manages data and uses data to its advantage, as well as on objective criteria, such as use of tools, levels of reporting,
etc.
 Capacity to change: Since DG requires behavioral change, it is important to measure the capacity for the organization to
change behaviors required for adapting DG. Secondarily, this activity will help identify potential resistance points.
 Collaborative readiness: This assessment characterizes the organization’s ability to collaborate in the management and
use of data. Since stewardship by definition crosses functional areas, it is collaborative in nature.
 Business alignment: Sometimes included with the change capacity, a business alignment assessment examines how well
the organization aligns uses of data with business strategy. It is often surprising to discover how ad hoc data-related
activities can be.
II. ACTIVITIES
2.3 Perform Discovery and Business Alignment
 A DG program must contribute to the organization by identifying and delivering on specific benefits (e.g., reduce
fines paid to regulators). Discovery activity will identify and assess the effectiveness of existing policies and
guidelines – what risks they address, what behaviors they encourage, and how well they have been
implemented. Discovery can also identify opportunities for DG to improve the usefulness of data and content.
Business alignment attaches business benefits to DG program elements.
 Data Quality (DQ) analysis is part of discovery. DQ assessment will provide insight into existing issues and
obstacles, as well as the impact and risks associated with poor quality data. DQ assessment can identify business
processes that are at risk if executed using poor quality data, as well as the financial and other benefits of
creating a Data Quality program as part of data governance efforts.
II. ACTIVITIES
2.4 Develop Organizational Touch Points
Part of alignment includes developing organizational touchpoints for Data Governance work.
 Procurement and Contracts: The CDO works with Vendor/Partner Management or Procurement to develop and
enforce standard contract language vis-à-vis data management contracts. These could include Data-as-a-Service
(DaaS) and cloud-related procurements, other outsourcing arrangements, third-party development efforts, or
content acquisition/ licensing deals, and possibly data-centric IT tools acquisitions and upgrades.
 Budget and Funding: If the CDO is not directly in control of all data acquisition-related budgets, then the office
can be a focal point for preventing duplicate efforts and ensuring optimization of acquired data assets.
 Regulatory Compliance: The CDO understands and works within required local, national, and international
regulatory environments, and how these impact the organization and their data management activities. Ongoing
monitoring is performed to identify and track new and potential impacts and requirements.
 SDLC / development framework: The data governance program identifies control points where enterprise
policies, processes, and standards can be developed in the system or application development lifecycles.
 II. ACTIVITIES
2.5 Develop Data Governance Strategy
 A data governance strategy defines the scope and approach to governance efforts. DG strategy should be defined
comprehensively and articulated in relation to the overall business strategy, as well as to data management and
IT strategies. It should be implemented iteratively as the pieces are developed and approved. The specific
content will be tailored to each organization, but the deliverables include:
 Charter: Identifies the business drivers, vision, mission, and principles for data governance, including readiness
assessment, internal process discovery, and current issues or success criteria
 Operating framework and accountabilities: Defines structure and responsibility for data governance activities

 Implementation roadmap: Timeframes for the roll out of policies and directives, business glossary, architecture,
asset valuation, standards and procedures, expected changes to business and technology processes, and
deliverables to support auditing activities and regulatory compliance
 Plan for operational success: Describing a target state of sustainable data governance activities
II. ACTIVITIES
2.6 Define the DG Operating Framework
While developing a basic definition of DG is easy, creating an operating model that an organization will adopt can be
difficult. Consider these areas when constructing an organization’s operating model:
 Value of data to the organization: If an organization sells data, obviously DG has a huge business impact.
Organizations that use data as a crucial commodity (e.g., Facebook, Amazon) will need an operating model
that reflects the role of data. For organizations where data is an operational lubricant, the form of DG will be
less intense.
 Business model: Decentralized business vs. centralized, local vs. international, etc. are factors that influence
how business occurs, and therefore, how the DG operating model is defined. Links with specific IT strategy,
Data Architecture, and application integration functions should be reflected in the target operating
framework design
 Cultural factors: Such as acceptance of discipline and adaptability to change. Some organizations will resist
the imposition of governance by policy and principle. Governance strategy will need to advocate for an
operating model that fits with organizational culture, while still progressing change.
 Impact of regulation: Highly regulated organizations will have a different mindset and operating model of DG
than those less regulated. There may be links to the Risk Management group or Legal as well.
 THE END

THANKS FOR LISTENING!

SEE YOU ON OUR NEXT LIVE DISCUSSION…

GOD BLESS EVERYONE!