It's challenging to create data governance processes that cross multiple departments and business units to protect data, meet business goals and comply with regulations such as Sarbanes-Oxley, according to a study co-authored by David Newman, research vice president with Stamford, Conn.-based Gartner Inc. The study predicts that by 2008, less than 10% of organizations will succeed at their first attempts at data governance because of cultural barriers and a lack of senior-level sponsorship. To mitigate this risk, Newman said, companies should consider developing a data governance structure with "checks and balances," much as democratic governments do.
"Checks and balances is a simple model that can take different forms, but it's essential that people understand that there are different accountabilities and responsibilities in organizations today," Newman said. "There are accountabilities and responsibilities at the boardroom level and those must cascade throughout the whole organization. Everyone has a role in the accuracy and integrity of information."
"The government model helps us understand that there are competing interests, but there are things that we share in common," Newman said. "That's the best way of approaching governance at a practical level."
The study outlined different roles within a checks-and-balances-style data governance structure. Many aren't dedicated, full-time jobs; rather, they are defined roles that employees have in the governance process, Newman noted.
- Executive level. This team ideally includes chief officers and provides the sponsorship, strategic direction, funding, advocacy and oversight of data governance programs. This group may also need to commit to using data from only sanctioned sources to avoid dueling "renegade spreadsheets" or other boardroom-level conflicts in numbers, Newman said.
- Judicial level. This cross-functional team of senior business-unit and IT leaders is called into session as needed for strategic planning activities and to enforce governance activities or corporate policies. This group plays an important role in mediating disagreements about governance practices or policies.
"You often get disagreements about things like -- how do you measure sales? The marketing side might view sales one way; the financial side would interpret it another way," Newman explained. "Are sales recorded when someone buys the product, or are they recorded when the truck leaves the distribution center? [Governance committees] work through the variations that have to be accommodated on a department level but also get agreement about how to report sales at a cross-functional or enterprise level."
- Legislative level. This working group is chaired by a senior business leader designated by the executive team, and may include business and technology leaders from finance, IT, data management and other departments. This group should meet on a regular basis to mandate policies and ensure that they are in line with business objectives, the study said. This team is also responsible for developing policies around structured and unstructured data, committing resources to governance activities, setting up data stewardship programs, identifying gaps in policies, and escalating problems that it can't resolve to the judicial governance team.
- Administrative level. These are the employees who implement data governance on a day-to-day basis by carrying out policies and managing their own specific subject areas, Newman said. Employees at this level may be responsible for developing data models and corporate data vocabularies, implementing master data management best practices, organizing content and records management, implementing data security and access policies, instituting and monitoring data quality processes, tracking governance-related metrics, and recommending standards and policies to the legislative group. This group would also oversee subject-level data stewards who implement governance policies and maintain data quality metrics for a particular area, such as customer or product data.
Even with this structure, data governance won't always be easy -- and there will be conflicts, Newman cautioned. Organizations face interesting dilemmas as they seek to make information available to all who need it while still protecting themselves from data breach dangers, he said. This multilayered model can provide a familiar structure for working through data governance processes and resolving differences.
"Each level has a role in governance that's commensurate with their responsibilities," Newman said. "This model helps organizations understand how they can embrace their governance responsibilities that extend from the boardroom to the mailroom," he concluded.