The most common hurdle that IT and data management professionals within organizations face when trying to implement a new data governance program or expand an existing one is management indecision about whether to take action on the request for approval and funding.
That indecision is usually based upon a correctable situation: The program's proponents aren’t being clear about what they're proposing. In many cases, they don't distinguish between "little g governance" – policies and controls that are embedded in processes, systems, data stores and data flows to ensure that data meets user expectations – and "Big G Governance" – the highly political negotiations, decision making and policy setting that informs and supports "little g” data governance.
It's rare for senior executives to argue against routine, low-level, nonthreatening changes to how data is managed and governed. But "Big G" activities by their very nature are a threat to the decision-making status quo. Most corporate leaders won’t support that level of change without fully understanding its potential impact on an organization.
Another obstacle to adopting a data governance strategy and starting a governance program comes in the form of potentially valid reasons to not modify current information management practices: "That data is subject to Sarbanes-Oxley controls!" "Only the chief privacy officer can make that change!" "We can't move forward until the project management office agrees!"
Such objections may require you to re-examine your proposed data governance model. For example, if your organization’s Sarbanes-Oxley control environment includes a piece of the data architecture that you're considering for new "little g governance" controls, you can't move forward unless it's done via an aligned effort with the individuals or group responsible for Sarbanes-Oxley compliance.
On the other hand, chief privacy officers tend to specify high-level data control objectives. Usually, they're OK with operational controls designed by others, as long as the controls map to the appropriate objectives. However, you may need to amend your proposed rules of engagement so no "Big G Governance" decisions that affect data privacy processes can be made without the CPO’s approval.
When the data governance model works – then doesn’t
Some data governance programs are approved and get off to a successful start but then dwindle over time. It's very common, for example, for a “data roundtable,” or data governance council, to begin its work by addressing high-profile data problems and issues that are of great interest to the members. They attend meetings enthusiastically, knowing they're making a difference – one that comes with bragging rights they can exercise with their business peers, constituents and superiors.
But as time goes on, the problems put before the data governance council may become more routine, and some of the members may start to feel that they could be delegating the work or attending fewer meetings. They still support the data governance strategy and program in principle but are personally less engaged in the governance process.
That might be a problem of perception – for example, if the staff of a data governance office isn’t presenting the data problems and governance issues in a way that highlights the value of addressing them and provides a clear win for the roundtable participants. Or it might be time to evolve your data governance framework and organizational model now that the governance processes have become more mature and entrenched. Perhaps some issues could be addressed by working groups, and the data governance council could be approvers in those cases instead of frontline deciders.
Of course, that can lead to a different kind of problem, in which the people asked to make data governance decisions aren't up to the job. Maybe they don't have the required background, knowledge or insight to successfully carry out their assigned data governance roles and responsibilities. As a result, their decisions and judgment may be challenged, to the detriment of the data governance program (and potentially their own careers).
Other times, the members of a data governance council or working group are ready, willing and able to participate, but they aren’t empowered to make decisions. Instead, each meeting ends with one or more participants having to check in with a superior for guidance. Decisions take so long to make that corporate management loses faith in the data governance model and process.
Perhaps the most dangerous situations are those in which the data governance program manager or workers in a data governance office don't fully understand the organization's political and management culture. For example, they might not know the answer to basic questions such as, "Can this data problem be introduced for the first time to a data roundtable in a conference room, or will the members require individual briefings and time to consider their stakeholders' positions and needs?"
A data governance model with too little support?
Another obstacle to success typically presents itself after the data governance program is in motion. All of the conditions appear to be right: You have clear and well-documented data problems to address. You have appropriate “tone-from-the-top” support from senior management. You have middle-layer decision makers with the knowledge, skills and power to make "Big G Governance" decisions. It’s understood where the data governance points of contact will be within your organization’s business, information management and IT operations, as well as the data privacy office and other decision-making groups. And you have a single data governance manager with no support staff.
The problem is that all of the various resources want to get involved in making data governance policy decisions, aligning the policies with organizational objectives and translating policies into operational data controls. They want to attack big problems and little problems, new problems and persistent problems. They want to make a difference – which is good, right?
But they've never worked together in this way, and they're expecting the data governance manager to show them how to do that. They also want this one person to provide “concierge support” to a host of participants at different levels; to take the lead in identifying data problems, developing recommendations and finding the resources required to implement fixes; to put in place and execute an internal communications plan; and on and on.
Clearly, this could be too much work for a single person. If so, the data governance program might collapse under the weight of its own aspirations – and the lone manager might collapse from overwork. The solution to this problem is obvious: Corporate executives approving a data governance plan must be realistic in their expectations, support and funding.
For organizations that are looking to address a broad set of data-related problems and issues, successfully designing a data governance model and program will require sufficient resources – perhaps including a full-fledged data governance office – to address all of the "soft work" involved in managing the process. Senior management must recognize that need and not depend on heroic efforts.
About the author: Gwen Thomas is the president and founder of the Data Governance Institute, which offers consulting and training services in the areas of data governance and data stewardship as well as a variety of information resources on those topics. As a consultant, Thomas has helped companies such as American Express, Sallie Mae, Wachovia Bank and Disney to build or upgrade their data governance and stewardship programs. She also is a frequent speaker at industry events, a regular contributor to IT and business publications, and the author of the book Alpha Males and Data Disasters: The Case for Data Governance.