The most common organizational model for data governance programs includes three layers. At the top is a group...
of executives who typically are three to five levels above the points where operational data controls need to be implemented; they prioritize data governance efforts and provide “tone-from-the-top” guidance and support, and they may resolve issues that are escalated up the chain of command.
The middle layer usually includes at least two groups: one to set and administer high-level data governance policies, and another to decide how to translate those policies into specific rules and controls. The people in these groups are likely to be one to three levels above the workers who will be acting on their decisions.
That third layer identifies potential points of risk for data in operational processes, systems and data flows and then embeds data controls based on the decisions made higher up the chain.
The activities of the top two layers constitute what the Data Governance Institute calls "Big G Governance," while the work done by the operational layer constitutes "little g governance." The latter is essentially a science, but designing an effective "Big G" program is more like an art. The people tasked with structuring such a program must balance many organizational, cultural and environmental factors to develop a set of roles, responsibilities and procedures that can effectively address the organization's needs and will be acceptable within the existing data management and governance ecosystem.
That starts with the work required to facilitate the decision-making process and ensure that data governance best practices are followed. It might be possible to give the responsibility for tasks such as identifying affected stakeholders, gathering information, scheduling and running meetings, and drafting policies and recommendations to existing groups or data governance participants themselves.
Some organizations, though, decide to set up a data governance office to manage those activities. That creates additional choices: the data governance office could be an actual or virtual group, and the number of workers assigned to it and their roles will depend on the type and amount of work to be done.
Even more choices follow. Consider these very different data-related problems and the corresponding data governance organizational models that were used to address them:
Problem #1: Access management disputes need to be resolved.
Business users can't get permission to access the information they need, even though an access management program is in place. Why? There's no mechanism for resolving the competing concerns of "maintaining confidentiality" and "using information." In addition, there's no official process for appealing a denial of access.
Adopted action plan:
- A task force will be formed to collect high-level policies, guidance and requirements from legal, compliance, contracting and other relevant departments. This effort is sponsored by business executives, and a leadership group will be designated to resolve escalated issues.
- A data governance council with representatives from affected operations will translate the requirements into rules that can be embedded in access management processes. In addition, an administrative group will facilitate the ongoing work, manage meetings, document the rules and act as a liaison with system access managers.
- Controls based on the new rules will be embedded within access management processes, and compliance expectations will be communicated to business users.
Problem #2: Business intelligence (BI) data needs to be better cleansed.
Senior management is concerned about the quality of the data in the company’s data warehouse. It tasks the data warehouse management team with cleansing the data and implementing controls to keep dirty data from entering the warehouse.
Adopted action plan:
- The top layer is already taken care of, as support among senior executives for improving the quality of the data is strong.
- A data governance office that has been set up negotiates rules of engagement. For example, a data quality team will do the data cleansing and work with a data governance team to identify the types of data problems that are present and controls that could detect, correct and prevent them. Those two teams will also work with management to designate responsibilities for implementing the new controls and addressing future data quality issues.
- Some of the IT workers involved in the process of feeding information into the data warehouse will receive formal data stewardship assignments, making them accountable for alerting the middle-layer groups to any issues and participating in workshops to review and refine the data controls.
Problem #3: Data integration puzzles need to be solved.
An organization typically encounters delays on systems integration and BI projects because the data in one system can’t easily be integrated with data in other systems.
Adopted action plan:
- Senior management calls for a “data roundtable” charged with solving data-related problems that have a significant impact on multiple systems or business processes. It allocates funding and sets expectations for IT and business-unit management to provide resources with appropriate skills, knowledge and power to be part of the roundtable group.
- The roundtable participants will meet on a regular basis to address the problems, with support from a data governance office. Once decisions are made, workers from the data governance office will communicate them to data stakeholders and end users.
- "Little g governance" resources may be called upon to provide input to the data governance office and the data roundtable group, and then will take part in implementing the fixes and data controls.
As you can see, these three situations called for significantly different flavors of data governance. None of them followed a cookie-cutter approach, although they all resulted in a data governance framework that addressed both "Big G" and "little g" data governance roles and responsibilities in three interlocking layers.
To help you figure out what model to follow in your organization, the Data Governance Institute recommends the following 10-step process:
- Start with the end in mind. Ask and answer this question: what data problems need to be removed or reduced, and why? Be specific about the business objectives and compliance/control objectives that are being negatively affected by the problems.
- Identify stakeholders and potential value propositions for achieving the desired result. What is it worth to Group A to solve the data problems? What is it worth to Group B? To Group C?
- Establish a clear vision, succinct value statements and rallying cries for establishing proper data governance processes.
- Identify what it will take to satisfy your key stakeholders. Will they respond to anecdotal evidence of results? Testimonials? Facts? Dollars?
- Document examples of "little g governance" objectives and the work that needs to be done to meet them.
- Develop a list of "Big G Governance" activities that will be required to remove the obstacles to the "little g" work.
- Determine whether your data governance efforts will be one-time, as needed or ongoing.
- Distinguish between proactive or reactive governance activities and their potential impact on different stakeholder groups.
- Identify other governance and management groups that will need to be involved in the decision-making process.
- Gain an understanding of the maturity and complexity of the business process, information management and IT environments that will be included in the data governance initiative.
If you follow these steps, it should be clear what needs to be done, what you already have to work with and what resources you might need to add. You’ll be well on your way to designing a data governance program that can be successful in your unique organizational culture.
About the author: Gwen Thomas is the president and founder of the Data Governance Institute, which offers consulting and training services in the areas of data governance and data stewardship as well as a variety of information resources on those topics. As a consultant, Thomas has helped companies such as American Express, Sallie Mae, Wachovia Bank and Disney to build or upgrade their data governance and stewardship programs. She also is a frequent speaker at industry events, a regular contributor to IT and business publications, and the author of the book Alpha Males and Data Disasters: The Case for Data Governance.