Data Governance: Keystone of Information Management Initiatives

Alan McSweeney 

Objectives
•

To provide an overview of the importance and relevance of data governance as part of an information management initiative

April 21, 2010

2 

Agenda
• • • •

Data Management Issues Data Governance and Data Management Frameworks Approach to Data Governance State of Information and Data Governance

April 21, 2010

3 

Data Governance
• • •

Provides an operating discipline for managing data and information as a key enterprise asset Includes organisation, processes and tools for establishing and exercising decision rights regarding valuation and management of data Elements of data governance
− − − − − − − − − − − − − Decision making authority Compliance Policies and standards Data inventories Full lifecycle management Content management Records management, Preservation and disposal Data quality Data classification Data security and access Data risk management Data valuation

April 21, 2010

4 

Data Management Issues
• • •

Discovery - cannot find the right information Integration - cannot manipulate and combine information Insight - cannot extract value and knowledge from information Dissemination - cannot consume information Management – cannot manage and control information volumes and growth

• •

April 21, 2010

5 

Data Management Problems – User View
• • • • • • • • • • • • • • •

Managing Storage Equipment Application Recoveries / Backup Retention Vendor Management Power Management Regulatory Compliance Lack of Integrated Tools Dealing with Performance Problems Data Mobility Archiving and Archive Management Storage Provisioning Managing Complexity Managing Costs Backup Administration and Management Proper Capacity Forecasting and Storage Reporting Managing Storage Growth
April 21, 2010 6 

Information Management Challenges
•

Explosive Data Growth
− Value and volume of data is overwhelming − More data is see as critical − Annual rate of 50+% percent

•

Compliance Requirements
− Compliance with stringent regulatory requirements and audit procedures

•

Fragmented Storage Environment
− Lack of enterprise-wide hardware and software data storage strategy and discipline

•

Budgets
− Frozen or being cut
April 21, 2010 7 

Information Management Issues
• • •

52% of users don’t have confidence in their information 59% of managers miss information they should have used 42% of managers use wrong information at least once a week 75% of CIOs believe they can strengthen their competitive advantage by better using and managing enterprise data 78% of CIOs want to improve the way they use and manage their data Only 15% of CIOs believe that their data is currently comprehensively well managed
April 21, 2010 8

•

•

• 

Data Quality
• •

Poor data quality costs real money Process efficiency is negatively impacted by poor data quality Full potential benefits of new systems not be realised because of poor data quality Decision making is negatively affected by poor data quality

•

•

April 21, 2010

9 

Information
•

Applications
•

Processes IT Systems

Information

• •

•

People

Infrastructure

•

Information in all its forms – input, processed, outputs – is a core component of any IT system Applications exist to process data supplied by users and other applications Data breathes life into applications Data is stored and managed by infrastructure – hardware and software Data is a key organisation asset with a substantial value Significant responsibilities are imposed on organisations in managing data
10

April 21, 2010 

Data, Information and Knowledge
• • • • • •

• •

Data is the representation of facts as text, numbers, graphics, images, sound or video Data is the raw material used to create information Facts are captured, stored, and expressed as data Information is data in context Without context, data is meaningless - we create meaningful information by interpreting the context around data Knowledge is information in perspective, integrated into a viewpoint based on the recognition and interpretation of patterns, such as trends, formed with other information and experience Knowledge is about understanding the significance of information Knowledge enables effective action
April 21, 2010 11 

Data, Information, Knowledge and Action

Knowledge

Action

Information

Data

April 21, 2010

12 

Information is an Organisation Asset
•

Tangible organisation assets are seen as having a value and are managed and controlled using inventory and asset management systems and procedures Data, because it is less tangible, is less widely perceived as a real asset, assigned a real value and managed as if it had a value High quality, accurate and available information is a pre-requisite to effective operation of any organisation Information is a high-value asset of any enterprise What do you do when you have something valuable
− Retain it − Protect it − Manage it
April 21, 2010 13

•

•

• • 

Data Management and Project Success
•

Data is fundamental to the effective and efficient operation of any solution
− Right data − Right time − Right tools and facilities

• • •

Without data the solution has no purpose Data is too often overlooked in projects Project managers frequently do not appreciate the complexity of data issues

April 21, 2010

14 

Generalised Information Management Lifecycle
Enter, Create, Acquire, Derive, Update, Capture

•

Generalised lifecycle that differs for specific information types
e, Co nt ro

Store, Manage, Replicate and Distribute

M an ag

la

nd

Protect and Recover

Ad mi

n is t er

•

Design, define and implement framework to manage information through this lifecycle

Archive and Recall

Delete/Remove

April 21, 2010

15 

Generalised Information Management Lifecycle
•

Need to implement management frameworks and associated solutions to automate the information lifecycle
Data Governance Framework Data Architecture to Implement Data Governance Data Infrastructure to Implement Data Architecture

Data Operations to Manage Data Infrastructure
April 21, 2010 16 

Expanded Generalised Information Management Lifecycle
Plan, Design and Specify Implement Underlying Infrastructure Enter, Create, Acquire, Derive, Update, Capture Store, Manage, Replicate and Distribute

De

sig n, Im

ple m

en

t, M an ag e,

Co nt ro

la

nd

Ad

mi ni

ste

•

Include phases for information management lifecycle design and implementation of appropriate hardware and software to actualise lifecycle
April 21, 2010

r

Protect and Recover

Archive and Recall

Delete/Remove
17 

Objectives of Implementing Solutions to Deliver Generalised Information Management Lifecycle
• • • •

• • • •

Establish effective policies for lifecycle enterprise information management to control data growth and lower information management costs Meet service level goals to ensure the timely completion of key business processes for mission-critical applications Support appropriate data retention compliance initiatives and mitigate risk for compliance, audits and legal discovery requests Support appropriate data retention compliance requirements and mitigate risk for compliance, audits and legal discovery requests that keep historical transaction records accessible until legal retention periods expire Implement scalable archiving strategies that easily adapt to ongoing business requirements Improve application portfolio management to decommission redundant applications and simplify the IT infrastructure Manage application information growth and its impact on service levels, operational costs and risks as well as storage requirements Manage data quality, consistency, security, privacy and accuracy
April 21, 2010 18 

Data and Information Management
•

Data and information management is a business process consisting of the planning and execution of policies, practices, and projects that acquire, control, protect, deliver, and enhance the value of data and information assets

April 21, 2010

19 

Data and Information Management
To manage and utilise information as a strategic asset

To implement processes, policies, infrastructure and solutions to govern, protect, maintain and use information To make relevant and correct information available in all business processes and IT systems for the right people in the right context at the right time with the appropriate security and with the right quality To exploit information in business decisions, processes and relations
April 21, 2010 20 

Data Management Goals
•

Primary goals
− To understand the information needs of the enterprise and all its stakeholders − To capture, store, protect, and ensure the integrity of data assets − To continually improve the quality of data and information, including accuracy, integrity, integration, relevance and usefulness of data − To ensure privacy and confidentiality, and to prevent unauthorised inappropriate use of data and information − To maximise the effective use and value of data and information assets

April 21, 2010

21 

Data Management Goals
•

Secondary goals
− To control the cost of data management − To promote a wider and deeper understanding of the value of data assets − To manage information consistently across the enterprise − To align data management efforts and technology with business needs

April 21, 2010

22 

Triggers for Data Management Initiative
•

When an enterprise is about to undertake architectural transformation, data management issues need to be understood and addressed Structured and comprehensive approach to data management enables the effective use of data to take advantage of its competitive advantages

•

April 21, 2010

23 

Data Management Principles
• •

Data and information are valuable enterprise assets Manage data and information carefully, like any other asset, by ensuring adequate quality, security, integrity, protection, availability, understanding and effective use Share responsibility for data management between business data owners and IT data management professionals Data management is a business function and a set of related disciplines

•

•

April 21, 2010

24 

Organisation Data Management Function
•

Business function of planning for, controlling and delivering data and information assets Development, execution, and supervision of plans, policies, programs, projects, processes, practices and procedures that control, protect, deliver, and enhance the value of data and information assets Scope of the data management function and the scale of its implementation vary widely with the size, means, and experience of organisations Role of data management remains the same across organisations even though implementation differs widely
April 21, 2010 25

•

•

• 

Scope of Complete Data Management Function
Data Warehousing and Business Intelligence Management Metadata Management Data Governance

Data Development

Data Quality Management

Data Security Management

Data Operations Management Data Architecture Management
April 21, 2010

Reference and Master Data Management Document and Content Management
26 

Data Governance
•

Capstone of Data Management initiatives

Data Governance
Database Architecture Management

Data Warehousing and Business Intelligence Management

Data Quality Management

Metadata Management

Data Security Management Data Operations Management Reference and Master Data Management

Data Development Document and Content Management

April 21, 2010

27 

Objectives of Data Governance
• •

Guide information management decision-making Ensure information is consistently defined and well understood Increase the use and trust of data as an organisation asset Improve consistency of projects across the organisation Ensure regulatory compliance Eliminate data risks

• • • •

April 21, 2010

28 

Shared Role Between Business and IT
•

Data management is a shared responsibility between data management professionals within IT and the business data owners representing the interests of data producers and information consumers Business data ownership is the concerned with accountability for business responsibilities in data management Business data owners are data subject matter experts Represent the data interests of the business and take responsibility for the quality and use of data
April 21, 2010 29

•

• • 

Why Develop and Implement a Data Management Framework?
• • • • • • • • • •

Improve organisation data management efficiency Deliver better service to business Improve cost-effectiveness of data management Match the requirements of the business to the management of the data Embed handling of compliance and regulatory rules into data management framework Achieve consistency in data management across systems and applications Enable growth and change more easily Reduce data management and administration effort and cost Assist in the selection and implementation of appropriate data management solutions Implement a technology-independent data architecture
April 21, 2010 30 

Data Governance and Data Management Frameworks

April 21, 2010

31 

Data Governance and Data Management Frameworks
• • •

DMBOK - Data Management Book of Knowledge TOGAF - The Open Group Architecture Framework COBIT - Control Objectives for Information and related Technology

April 21, 2010

32 

DMBOK, TOGAF and COBIT
Can be a Precursor to Implementing Data Management DMBOK Is a Specific and Comprehensive Data Oriented Framework

TOGAF Defines the Process for Creating a Data Architecture as Part of an Overall Enterprise Architecture

DMBOK Provides Detailed for Definition, Implementation and Operation of Data Management and Utilisation

Can Provide a Maturity Model for Assessing Data Management

COBIT Provides Data Governance as Part of Overall IT Governance

April 21, 2010

33 

DMBOK, TOGAF and COBIT – Scope and Overlap
Data Development Data Operations Management Reference and Master Data Management Data Warehousing and Business Intelligence Management Document and Content Management Metadata Management Data Quality Management

DMBOK

TOGAF

Data Architecture Management Data Management Data Migration

Data Governance

Data Security Management

COBIT

April 21, 2010

34 

Data Management Book of Knowledge (DMBOK)
•

DMBOK is a generalised and comprehensive framework for managing data across the entire lifecycle Developed by DAMA (Data Management Association) DMBOK provides a detailed framework to assist development and implementation of data management processes and procedures and ensures all requirements are addressed Enables effective and appropriate data management across the organisation Provides awareness and visibility of data management issues and requirements
April 21, 2010 35

• •

•

• 

Data Management Book of Knowledge (DMBOK)
• •

Not a solution to your data management needs Framework and methodology for developing and implementing an appropriate solution Generalised framework to be customised to meet specific needs Provide a work breakdown structure for a data management project to allow the effort to be assessed No magic bullet

•

•

•

April 21, 2010

36 

Data Management-Related Frameworks
•

• • • •

TOGAF (and other enterprise architecture standards) define a process for arriving an at enterprise architecture definition, including data TOGAF has a phase relating to data architecture TOGAF deals with high level DMBOK translates high level into specific details COBIT is concerned with IT governance and controls:
− IT must implement internal controls around how it operates − The systems IT delivers to the business and the underlying business processes these systems actualise must be controlled – these are controls external to IT − To govern IT effectively, COBIT defines the activities and risks within IT that need to be managed

• •

COBIT has a process relating to data management Neither TOGAF nor COBIT are concerned with detailed data management design and implementation
April 21, 2010 37 

TOGAF and Data Management
•
Phase A: Architecture Vision Phase B: Business Architecture

Phase H: Architecture Change Management

Phase C1 (subset of Phase C) relates to defining a data architecture
Phase C1: Data Architecture

Phase G: Implementation Governance

Requirements Management

Phase C: Information Systems Architecture Phase C2: Solutions and Application Architecture

Phase F: Migration Planning Phase E: Opportunities and Solutions

Phase D: Technology Architecture

April 21, 2010

38 

TOGAF Phase C1: Information Systems Architectures - Data Architecture - Objectives
•

Purpose is to define the major types and sources of data necessary to support the business, in a way that is:
− Understandable by stakeholders − Complete and consistent − Stable

• •

Define the data entities relevant to the enterprise Not concerned with design of logical or physical storage systems or databases

April 21, 2010

39 

TOGAF Phase C1: Information Systems Architectures - Data Architecture - Overview
Phase C1: Information Systems Architectures - Data Architecture Approach Elements Inputs Steps Outputs

Key Considerations for Data Architecture

Reference Materials External to the Enterprise

Select Reference Models, Viewpoints, and Tools Develop Baseline Data Architecture Description Develop Target Data Architecture Description

Architecture Repository

Non-Architectural Inputs

Architectural Inputs

Perform Gap Analysis

Define Roadmap Components

Resolve Impacts Across the Architecture Landscape Conduct Formal Stakeholder Review

Finalise the Data Architecture

Create Architecture Definition Document
April 21, 2010 40 

TOGAF Phase C1: Information Systems Architectures - Data Architecture - Approach - Key Considerations for Data Architecture
•

Data Management
− Important to understand and address data management issues − Structured and comprehensive approach to data management enables the effective use of data to capitalise on its competitive advantages − Clear definition of which application components in the landscape will serve as the system of record or reference for enterprise master data − Will there be an enterprise-wide standard that all application components, including software packages, need to adopt − Understand how data entities are utilised by business functions, processes, and services − Understand how and where enterprise data entities are created, stored, transported, and reported − Level and complexity of data transformations required to support the information exchange needs between applications − Requirement for software in supporting data integration with external organisations

April 21, 2010

41 

TOGAF Phase C1: Information Systems Architectures - Data Architecture - Approach - Key Considerations for Data Architecture
•

Data Migration
− Identify data migration requirements and also provide indicators as to the level of transformation for new/changed applications − Ensure target application has quality data when it is populated − Ensure enterprise-wide common data definition is established to support the transformation

April 21, 2010

42 

TOGAF Phase C1: Information Systems Architectures - Data Architecture - Approach - Key Considerations for Data Architecture
•

Data Governance
− Ensures that the organisation has the necessary dimensions in place to enable the data transformation − Structure – ensures the organisation has the necessary structure and the standards bodies to manage data entity aspects of the transformation − Management System - ensures the organisation has the necessary management system and data-related programs to manage the governance aspects of data entities throughout its lifecycle − People - addresses what data-related skills and roles the organisation requires for the transformation

April 21, 2010

43 

TOGAF Phase C1: Information Systems Architectures - Data Architecture - Outputs
•

Refined and updated versions of the Architecture Vision phase deliverables
− Statement of Architecture Work − Validated data principles, business goals, and business drivers

•

Draft Architecture Definition Document
− Baseline Data Architecture − Target Data Architecture
• • • • • • • • • • • Business data model Logical data model Data management process models Data Entity/Business Function matrix Views corresponding to the selected viewpoints addressing key stakeholder concerns Gap analysis results Data interoperability requirements Relevant technical requirements Constraints on the Technology Architecture about to be designed Updated business requirements Updated application requirements

− Draft Architecture Requirements Specification

− Data Architecture components of an Architecture Roadmap
April 21, 2010 44 

COBIT Structure
COBIT Plan and Organise (PO) Acquire and Implement (AI) Deliver and Support (DS) Monitor and Evaluate (ME) ME1 Monitor and evaluate IT performance ME2 Monitor and evaluate internal control ME3 Ensure regulatory compliance ME4 Provide IT governance PO1 Define a strategic IT plan PO2 Define the information architecture PO3 Determine technological direction PO4 Define the IT processes, organisation and relationships PO5 Manage the IT investment PO6 Communicate management aims and direction PO7 Manage IT human resources PO8 Manage quality PO9 Assess and manage IT risks PO10 Manage projects AI1 Identify automated solutions AI2 Acquire and maintain application software AI3 Acquire and maintain technology infrastructure AI4 Enable operation and use AI5 Procure IT resources AI6 Manage changes AI7 Install and accredit solutions and changes DS1 Define and manage service levels DS2 Manage third-party services DS3 Manage performance and capacity DS4 Ensure continuous service DS5 Ensure systems security DS6 Identify and allocate costs DS7 Educate and train users DS8 Manage service desk and incidents DS9 Manage the configuration DS10 Manage problems

DS11 Manage data
DS12 Manage the physical environment DS13 Manage operations April 21, 2010 45 

COBIT and Data Management
•

COBIT objective DS11 Manage Data within the Deliver and Support (DS) domain Effective data management requires identification of data requirements Data management process includes establishing effective procedures to manage the media library, backup and recovery of data and proper disposal of media Effective data management helps ensure the quality, timeliness and availability of business data

•

•

•

April 21, 2010

46 

COBIT and Data Management
•

• •

Objective is the control over the IT process of managing data that meets the business requirement for IT of optimising the use of information and ensuring information is available as required Focuses on maintaining the completeness, accuracy, availability and protection of data Involves taking actions
− Backing up data and testing restoration − Managing onsite and offsite storage of data − Securely disposing of data and equipment

•

Measured by
− User satisfaction with availability of data − Percent of successful data restorations − Number of incidents where sensitive data were retrieved after media were disposed of

April 21, 2010

47 

COBIT Process DS11 Manage Data
•

DS11.1 Business Requirements for Data Management
− Establish arrangements to ensure that source documents expected from the business are received, all data received from the business are processed, all output required by the business is prepared and delivered, and restart and reprocessing needs are supported

•

DS11.2 Storage and Retention Arrangements
− Define and implement procedures for data storage and archival, so data remain accessible and usable − Procedures should consider retrieval requirements, cost-effectiveness, continued integrity and security requirements − Establish storage and retention arrangements to satisfy legal, regulatory and business requirements for documents, data, archives, programmes, reports and messages (incoming and outgoing) as well as the data (keys, certificates) used for their encryption and authentication

•

DS11.3 Media Library Management System
− Define and implement procedures to maintain an inventory of onsite media and ensure their usability and integrity − Procedures should provide for timely review and follow-up on any discrepancies noted

•

DS11.4 Disposal
− Define and implement procedures to prevent access to sensitive data and software from equipment or media when they are disposed of or transferred to another use − Procedures should ensure that data marked as deleted or to be disposed cannot be retrieved.

•

DS11.5 Backup and Restoration
− Define and implement procedures for backup and restoration of systems, data and documentation in line with business requirements and the continuity plan − Verify compliance with the backup procedures, and verify the ability to and time required for successful and complete restoration − Test backup media and the restoration process

•

DS11.6 Security Requirements for Data Management
− Establish arrangements to identify and apply security requirements applicable to the receipt, processing, physical storage and output of data and sensitive messages − Includes physical records, data transmissions and any data stored offsite

April 21, 2010

48 

COBIT Data Management Goals and Metrics
Activity Goals
•Backing up data and testing restoration •Managing onsite and offsite storage of data •Securely disposing of data and equipment

Process Goals
•Maintain the completeness, accuracy, validity and accessibility of stored data •Secure data during disposal of media •Effectively manage storage media

Activity Goals
•Backing up data and testing restoration •Managing onsite and offsite storage of data •Securely disposing of data and equipment

Are Measured By
Key Performance Indicators
•Frequency of testing of backup media •Average time for data restoration

Drive

Are Measured By
Process Key Goal Indicators
•% of successful data restorations •# of incidents where sensitive data were retrieved after media were disposed of •# of down time or data integrity incidents caused by insufficient storage capacity

Drive

Are Measured By
IT Key Goal Indicators
•Occurrences of inability to recover data critical to business process •User satisfaction with availability of data •Incidents of noncompliance with laws due to storage management issues
49

April 21, 2010 

Approach to Data Governance

April 21, 2010

50 

Data Governance
• •

Core function of Data Management Interacts with and influences each of the surrounding ten data management functions Data governance is the exercise of authority and control (planning, monitoring, and enforcement) over the management of data assets Data governance function guides how all other data management functions are performed High-level, executive data stewardship Data governance is not the same thing as IT governance Data governance is focused exclusively on the management of data assets
April 21, 2010 51

•

•

• • • 

Data Governance
• • • •

Shared decision making is the hallmark of data governance Requires working across organisational and system boundaries Some decisions are primarily business decisions made with input and guidance from IT Other decisions are primarily technical decisions made with input and guidance from business data stewards at all levels Decisions Made Decisions Made by Business by IT Management Management

Business Operating Model IT Leadership Capital Investments Research and Development Funding Data Governance Model
April 21, 2010

Enterprise Information Model Information Needs Information Specifications Quality Requirements Issue Resolution

Information Management Strategy Information Management Policies Information Management Standards Information Management Metrics Information Management Services

Database Architecture Data Integration Architecture Data Warehousing Architecture Metadata Architecture Technical Metadata
52 

Data Governance
•

Data governance is accomplished most effectively as an on-going program and a continual improvement process Every effective data governance program is unique, taking into account distinctive organisational and cultural issues, and the immediate data management challenges and opportunities Data governance is not the same thing as IT governance

•

•

April 21, 2010

53 

Data Governance and IT Governance
•

IT Governance makes decisions about
− IT investments − IT application portfolio − IT project portfolio

•

•

•

•

IT Governance aligns the IT strategies and investments with enterprise goals and strategies COBIT (Control Objectives for Information and related Technology) provides standards for IT governance
− Only a small portion of the COBIT framework addresses managing information

Data Governance is focused exclusively on the management of data assets Data Governance is at the heart of managing data assets

•

Some critical issues, such as SarbanesOxley compliance, span the concerns of corporate governance, IT governance, and data governance
April 21, 2010 54 

Data Governance – Definition and Goals
•

Definition
− The exercise of authority and control (planning, monitoring, and enforcement) over the management of data assets

•

Goals
− To define, approve, and communicate data strategies, policies, standards, architecture, procedures, and metrics − To track and enforce regulatory compliance and conformance to data policies, standards, architecture, and procedures − To sponsor, track, and oversee the delivery of data management projects and services − To manage and resolve data related issues − To understand and promote the value of data assets
April 21, 2010 55 

Data Governance - Overview
Inputs
•Business Goals •Business Strategies •IT Objectives •IT Strategies •Data Needs •Data Issues •Regulatory Requirements

Primary Deliverables
•Data Policies •Data Standards •Resolved Issues •Data Management Projects and Services •Quality Data and Information •Recognised Data Value

Suppliers

Data Governance

Consumers
•Data Producers •Knowledge Workers •Managers and Executives •Data Professionals •Customers

•Business Executives •IT Executives •Data Stewards •Regulatory Bodies

Participants
•Executive Data Stewards •Coordinating Data Stewards •Business Data Stewards •Data Professionals •DM Executive •CIO
April 21, 2010

Tools
•Intranet Website •E-Mail •Metadata Tools •Metadata Repository •Issue Management Tools •Data Governance KPI •Dashboard

Metrics
•Data Value •Data Management Cost •Achievement of Objectives •# of Decisions Made •Steward Representation / Coverage •Data Professional Headcount •Data Management Process Maturity
56 

Data Governance Function, Activities and SubActivities
Data Governance Data Management Planning Data Management Control Supervise Data Professional Organisations and Staff Coordinate Data Governance Activities Manage and Resolve Data Related Issues Monitor and Ensure Regulatory Compliance Monitor and Enforce Conformance with Data Policies, Standards and Architecture Oversee Data Management Projects and Services Communicate and Promote the Value of Data Assets

Understand Strategic Enterprise Data Needs Develop and Maintain the Data Strategy Establish Data Professional Roles and Organisations Identify and Appoint Data Stewards Establish Data Governance and Stewardship Organisations Develop and Approve Data Policies, Standards, and Procedures Review and Approve Data Architecture Plan and Sponsor Data Management Projects and Services Estimate Data Asset Value and Associated Costs
April 21, 2010

57 

Data Governance
•

Data governance is accomplished most effectively as an on-going program and a continual improvement process Every data governance programme is unique, taking into account distinctive organisational and cultural issues, and the immediate data management challenges and opportunities Data governance is at the core of managing data assets

•

•

April 21, 2010

58 

Data Governance - Possible Organisation Structure
Data Governance Structure

Organisation Data Governance Council

CIO

Data Governance Office

Data Management Executive

Business Unit Data Governance Councils

Data Technologists

Data Stewardship Committees

Data Stewardship Teams
April 21, 2010 59 

Data Governance Shared Decision Making
Business Decisions Shared Decision Making
Enterprise Information Management Strategy Enterprise Information Management Policies Enterprise Information Management Standards Enterprise Information Management Metrics Enterprise Information Management Services

IT Decisions

Business Operating Model

Enterprise Information Model

Database Architecture

IT Leadership

Information Needs

Data Integration Architecture Data Warehousing and Business Intelligence Architecture Metadata Architecture

Capital Investments

Information Specifications

Research and Development Funding

Quality Requirements

Data Governance Model

Issue Resolution

Technical Metadata

April 21, 2010

60 

Data Stewardship
•

Formal accountability for business responsibilities ensuring effective control and use of data assets Data steward is a business leader and/or recognised subject matter expert designated as accountable for these responsibilities Manage data assets on behalf of others and in the best interests of the organisation Represent the data interests of all stakeholders, including but not limited to, the interests of their own functional departments and divisions Protects, manages, and leverages the data resources Must take an enterprise perspective to ensure the quality and effective use of enterprise data
April 21, 2010 61

•

•

•

• • 

Data Stewardship - Roles
•

Executive Data Stewards – provide data governance and make of high-level data stewardship decisions Coordinating Data Stewards - lead and represent teams of business data stewards in discussions across teams and with executive data stewards Business Data Stewards - subject matter experts work with data management professionals on an ongoing basis to define and control data

•

•

April 21, 2010

62 

Data Stewardship Roles Across Data Management Functions - 1
All Data Stewards Data Architecture Management Data Development Review, validate, approve, maintain and refine data architecture Validate physical data models and database designs, participate in database testing and conversion Executive Data Stewards Review and approve the enterprise data architecture Coordinating Data Stewards Integrate specifications, resolving differences Business Data Stewards Define data requirements specifications Define data requirements and specifications

Data Operations Management

Define requirements for data recovery, retention and performance Help identify, acquire, and control externally sourced data Provide security, privacy and confidentiality requirements, identify and resolve data security issues, assist in data security audits, and classify information confidentiality Control the creation, update, and retirement of code values and other reference data, define master data management requirements, identify and help resolve issues
63

Data Security Management

Reference and Master Data Management

April 21, 2010 

Data Stewardship Roles Across Data Management Functions - 2
All Data Stewards Data Warehousing and Business Intelligence Management Executive Data Stewards Coordinating Data Stewards Business Data Stewards Provide business intelligence requirements and management metrics, and they identify and help resolve business intelligence issues Define enterprise taxonomies and resolve content management issues Create and maintain business metadata (names, meanings, business rules), define metadata access and integration needs and use metadata to make effective data stewardship and governance decisions Define data quality requirements and business rules, test application edits and validations, assist in the analysis, certification, and auditing of data quality, lead clean-up efforts, identify ways to solve causes of poor data quality, promote data quality awareness
64

Document and Content Management Metadata Management

Data Quality Management

April 21, 2010 

Data Strategy
• •

High-level course of action to achieve high-level goals Data strategy is a data management program strategy a plan for maintaining and improving data quality, integrity, security and access Address all data management functions relevant to the organisation

•

April 21, 2010

65 

Elements of Data Strategy
• • • • • • • • • •

Vision for data management Summary business case for data management Guiding principles, values, and management perspectives Mission and long-term directional goals of data management Management measures of data management success Short-term data management programme objectives Descriptions of data management roles and business units along with a summary of their responsibilities and decision rights Descriptions of data management programme components and initiatives Outline of the data management implementation roadmap Scope boundaries
April 21, 2010 66 

Data Strategy

Data Management Programme Charter Data Management Scope Statement
Goals and objectives for a defined planning horizon and the roles, organisations, and individual leaders accountable for achieving these objectives Overall vision, business case, goals, guiding principles, measures of success, critical success factors, recognised risks

Data Management Implementation Roadmap
Identifying specific programs, projects, task assignments, and delivery milestones

April 21, 2010

67 

Data Policies
•

Statements of intent and fundamental rules governing the creation, acquisition, integrity, security, quality, and use of data and information More fundamental, global, and business critical than data standards Describe what to do and what not to do Should be few data policies stated briefly and directly

•

• •

April 21, 2010

68 

Data Policies
•

Possible topics for data policies
− Data modeling and other data development activities − Development and use of data architecture − Data quality expectations, roles, and responsibilities − Data security, including confidentiality classification policies, intellectual property policies, personal data privacy policies, general data access and usage policies, and data access by external parties − Database recovery and data retention − Access and use of externally sourced data − Sharing data internally and externally − Data warehousing and business intelligence − Unstructured data - electronic files and physical records
April 21, 2010 69 

Data Architecture
•

Enterprise data model and other aspects of data architecture sponsored at the data governance level Need to pay particular attention to the alignment of the enterprise data model with key business strategies, processes, business units and systems Includes
− Data technology architecture − Data integration architecture − Data warehousing and business intelligence architecture − Metadata architecture

•

•

April 21, 2010

70 

Data Standards and Procedures
•

Include naming standards, requirement specification standards, data modeling standards, database design standards, architecture standards and procedural standards for each data management function Must be effectively communicated, monitored, enforced and periodically re-evaluated Data management procedures are the methods, techniques, and steps followed to accomplish a specific activity or task

•

•

April 21, 2010

71 

Data Standards and Procedures
•

Possible topics for data standards and procedures
− Data modeling and architecture standards, including data naming conventions, definition standards, standard domains, and standard abbreviations − Standard business and technical metadata to be captured, maintained, and integrated − Data model management guidelines and procedures − Metadata integration and usage procedures − Standards for database recovery and business continuity, database performance, data retention, and external data acquisition − Data security standards and procedures − Reference data management control procedures − Match / merge and data cleansing standards and procedures − Business intelligence standards and procedures − Enterprise content management standards and procedures, including use of enterprise taxonomies, support for legal discovery and document and e-mail retention, electronic signatures, report formatting standards and report distribution approaches
April 21, 2010 72 

Regulatory Compliance
•

Most organisations are is impacted by government and industry regulations Many of these regulations dictate how data and information is to be managed Compliance is generally mandatory Data governance guides the implementation of adequate controls to ensure, document, and monitor compliance with data-related regulations.

•

• •

April 21, 2010

73 

Regulatory Compliance
•

Data governance needs to work the business to find the best answers to the following regulatory compliance questions
− − − − − − − − − − − − − − How relevant is a regulation? Why is it important for us? How do we interpret it? What policies and procedures does it require? Do we comply now? How do we comply now? How should we comply in the future? What will it take? When will we comply? How do we demonstrate and prove compliance? How do we monitor compliance? How often do we review compliance? How do we identify and report non-compliance? How do we manage and rectify non-compliance?
74

April 21, 2010 

Issue Management
•

Data governance assists in identifying, managing, and resolving data related issues
− − − − − − − − − − − Data quality issues Data naming and definition conflicts Business rule conflicts and clarifications Data security, privacy, and confidentiality issues Regulatory non-compliance issues Non-conformance issues (policies, standards, architecture, and procedures) Conflicting policies, standards, architecture, and procedures Conflicting stakeholder interests in data and information Organisational and cultural change management issues Issues regarding data governance procedures and decision rights Negotiation and review of data sharing agreements

April 21, 2010

75 

Issue Management, Control and Escalation
•

Data governance implements issue controls and procedures
− Identifying, capturing, logging and updating issues − Tracking the status of issues − Documenting stakeholder viewpoints and resolution alternatives − Objective, neutral discussions where all viewpoints are heard − Escalating issues to higher levels of authority − Determining, documenting and communicating issue resolutions.

April 21, 2010

76 

Data Management Projects
•

Data management roadmap sets out a course of action for initiating and/or improving data management functions Consists of an assessment of current functions, definition of a target environment and target objectives and a transition plan outlining the steps required to reach these targets including an approach to organisational change management Every data management project should follow the project management standards of the organisation

•

•

April 21, 2010

77 

Data Asset Valuation
•

Data and information are truly assets because they have business value, tangible or intangible Different approaches to estimating the value of data assets Identify the direct and indirect business benefits derived from use of the data Identify the cost of data loss, identifying the impacts of not having the current amount and quality level of data

• •

•

April 21, 2010

78 

State of Information and Data Governance
•

Information and Data Governance Report, April 2008
− International Association for Information and Data Quality (IAIDQ) − University of Arkansas at Little Rock, Information Quality Program (UALR-IQ)

•

Ponemon Institute 2009 Annual Study Cost of a Data Breach

April 21, 2010

79 

Terms Used by Organisations to Describe the Activities Associated with Governing Data
Data Management Data Governance Data Stewardship Information Management Information Governance Data Resource Management Information Stew ardship Information Resource Management Other 0%
April 21, 2010

62.7% 55.4% 46.6% 43.6% 17.2% 10.8% 10.3% 10.3% 13.7% 10% 20% 30% 40% 50% 60% 70%
80 

Your Organisation Recognises and Values Information as a Strategic Asset and Manages it Accordingly

Strongly Disagree

3.4%

Disagree

21.5%

Neutral

17.1%

Agree

39.5%

Strongly Agree

18.5%
0% 10% 20% 30% 40% 50%

April 21, 2010

81 

Direction of Change in the Results and Effectiveness of the Organisation's Formal or Informal Information/Data Governance Processes Over the Past Two Years

Results and Effectiveness Have Significantly Improved Results and Effectiveness Have Improved Results and Effectiveness Have Remained Essentially the Same Results and Effectiveness Have Worsened Results and Effectiveness Have Significantly Worsened Don’t Know 0%

8.8%

50.0%

31.9%

3.9%

0.0%

5.4% 10% 20% 30% 40% 50% 60% 70%

April 21, 2010

82 

Perceived Effectiveness of the Organisation's Current Formal or Informal Information/Data Governance Processes

Excellent (All Goals are Met) Good (Most Goals are Met) OK (Some Goals are Met)

2.5%

21.1%

51.5%

Poor (Few Goals are Met) Very Poor (No Goals are Met) Don’t Know 0%

19.1%

3.9%

2.0% 10% 20% 30% 40% 50% 60% 70%

April 21, 2010

83 

Actual Information/Data Governance Effectiveness vs. Organisation's Perception

It is Better Than Most People Think

20.1%

It is the Same as Most People Think

32.4%

It is Worse Than Most People Think

35.8%

Don’t Know

11.8%

0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

50%

April 21, 2010

84 

Current Status of Organisation's Information/Data Governance Initiatives
Started an Information/Data Governance Initiative, but Discontinued the Effort Considered a Focused Information/Data Governance Effort but Abandoned the Idea None Being Considered - Keeping the Status Quo Exploring, Still Seeking to Learn More Evaluating Alternative Frameworks and Information Governance Structures Now Planning an Implementation First Iteration Implemented the Past 2 Years First Interation"in Place for More Than 2 Years Don’t Know 0%
April 21, 2010

1.5% 0.5% 7.4% 20.1% 23.0% 13.2% 19.1% 8.8% 6.4% 5% 10% 15% 20% 25% 30%
85 

Expected Changes in Organisation's Information/Data Governance Efforts Over the Next Two Years
Will Increase Significantly 46.6%

Will Increase Somewhat

39.2%

Will Remain the Same

10.8%

Will Decrease Somewhat

1.0%

Will Decrease Significantly

0.5%

Don’t Know

2.0%

0%
April 21, 2010

10%

20%

30%

40%

50%

60%
86 

Focus of Information / Data Governance Efforts
Customers Financials Products and Production Services Sales Employees Supply Chain, Vendors, Suppliers Items / Materials Equipment and Facilities Maintenance Environment, Health and Safety Other 0%
April 21, 2010

70.2% 57.6% 46.6% 41.9% 35.6% 31.4% 25.1% 20.4% 16.2% 13.1% 10.5% 9.5% 10% 20% 30% 40% 50% 60% 70% 80%
87 

Overall Objectives of Information / Data Governance Efforts
Improve Data Quality Establish Clear Decision Rules and Decisionmaking Processes for Shared Data Increase the Value of Data Assets Provide Mechanism to Resolve Data Issues Involve Non-IT Personnel in Data Decisions IT Should not Make by Itself Promote Interdependencies and Synergies Between Departments or Business Units Enable Joint Accountability for Shared Data Involve IT in Data Decisions non-IT Personnel Should not Make by Themselves Other None Applicable Don't Know 5.2% 1.0% 2.6% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100 %
April 21, 2010 88

80.2% 65.6% 59.4% 56.8% 55.7% 49.6% 45.3% 35.4% 

Primary Activities of Organisation's Information / Data Governance Efforts
Standardise Data Definitions Across The Organisation Provide Common Information Strategies, Processes, Policies, And Standards On Behalf Of The Organisation Support Data Warehouse And Business Intelligence Initiatives Define And Standardise Common Business Rules Across The Organisation Select And Charter Specific Data Quality Improvement Projects Provide Oversight And Enforcement Of Data Standards On Every Project That Involves Information Systems And Technology Establish A Common Vocabulary And Culture Around The Deployment Of Data That Ensures Its Privacy, Compliance, And Security Support The Access And Use Of Common Corporate Data Through A Focus On Architecture And Integration Support The Development Of An Enterprise Logical Data Model Guide The Management Of Master Or Reference Data Support Information Management Problem-Solving And Decision-Making And Providing Processes For Strategic Alignment. Manage Information Products Measure The Costs Of Low Quality Data Measure The Value Of High Quality Data Implement Internal Information Chain Management Implement External Data Supplier Management Implement Information Product Management Other

70.5% 61.6% 58.4% 53.7% 49.5% 47.9% 46.8% 45.8% 43.7% 42.6% 40.0% 27.9% 25.3% 23.2% 13.2% 10.0% 10.0% 10.0% 0% 10% 20% 30% 40% 50% 60% 70% 80%

April 21, 2010

89 

Primary Drivers for Organisation's Information / Data Governance Efforts
General Desire To Improve The Quality Of Our Data Data Warehousing / Business Intelligence Compliance / Risk Enterprise Architecture Information Security / Privacy Master Data Management (MDM) Project Applications / Systems Integration Customer Data Integration (CDI) Project Suffered Major Negative Impact From Bad Data Quality Service-Oriented Architecture (SOA) Project Enterprise Resource Planning (ERP) Project Merger And Acquisition Planning Or Implementation Product Information Management (PIM) Project Reaction To Competitors' Activity Other 0% 3.7% 8.5% 10% 20% 30% 40% 50% 60% 70% 80% 25.9% 22.2% 18.0% 16.4% 12.7% 10.1% 33.3% 32.3% 31.2% 30.2% 46.6% 57.7% 65.6%

April 21, 2010

90 

Category of Tools Currently Used in Organisation
Data Quality Analysis, Assessment Or Profiling Extract-Transform-Load (ETL) And Other Data Integration Tools Data Modeling (Computer-Aided Software Engineering) Data Matching And Reconciliation (Data De-Duplication) Data Quality Monitoring Metadata Repository Data Remediation / Cleansing Tools Data Relationship Discovery And Mappings Workflow Tools Business Rules Engines Master Data Management (MDM) Tools Customer Data Integration (CDI) Tools Product Information Management (PIM) Tools Rules Discovery Tools Other 0% 5.9% 4.3% 5.9% 10% 20% 30% 40% 50% 60% 70% 80% 13.4% 20.3% 18.7% 28.9% 25.7% 39.0% 48.7% 48.7% 45.5% 44.4% 57.2% 66.3%

April 21, 2010

91 

Functional Area to Which the Leader of the Organisation's Information / Data Governance Effort Reports
Information Technology 43.1%

Senior / Executive Management Team

31.0%

Finance

17.2%

Compliance / Risk

8.6%

Operations / Manufacturing

8.6%

Marketing

5.2%

Purchasing

1.7%

Legal

1.7%

Other 0% 5%

8.6% 10% 15% 20% 25% 30% 35% 40% 45% 50%

April 21, 2010

92 

Number of Levels Between the Organisation's Most Senior Leader and the Person Most Directly in Charge of the Information / Data Governance Effort
5 Levels or More 12.3%

4 Levels

14.0%

3 Levels

26.3%

2 Levels

22.8%

1 Level

14.0%

They are the Same Person

3.5%

Don't Know

7.0%

0%
April 21, 2010

5%

10%

15%

20%

25%

30%
93 

Membership of Senior Information / Data Governance Body within an Organisation
The Senior / Executive Management Team is the Top Information / Data Governance Body C-Level non-IT Executives 21.4% 26.8%

C-Level IT Executives

26.8%

Middle-Level non-IT Managers

51.8%

Middle-Level IT Managers

33.9%

Junior-Level non-IT Supervisors/Managers

7.1%

Junior-Level IT Supervisors / Managers My Organisation Does Not Have any Governance Body for Information and Data Assets 0%
April 21, 2010

14.3%

7.1% 10% 20% 30% 40% 50% 60%
94 

Relationship Between Information / Data Governance and Data Quality Leadership
Information Governance and Data Quality Are Led by the Same Person 36.8%

Information Governance and Data Quality Are Led by Different People Who Report to the Same Manager

17.5%

Information Governance and Data Quality Are Led by Different People Who Report to Different Managers

19.3%

There is No Specific Individual in Charge of Our Data Quality Program

17.5%

Other

8.8%

0%
April 21, 2010

10%

20%

30%

40%

50%

60%
95 

Change In Organisation's Information / Data Quality Over the Past Two Years
Information / Data Quality Has Significantly Improved 10.5%

Information / Data Quality Has Improved

68.4%

Information / Data Quality Has Remained Essentially the Same

15.8%

Information / Data Quality Has Worsened

3.5%

Information / Data Quality Has Significantly Worsened

0.0%

Don’t Know

1.8%

0%

10%

20%

30%

40%

50%

60%

70%

80%

April 21, 2010

96 

Maturity Of Information / Data Governance Goal Setting And Measurement In Your Organisation
5 - Optimised 3.7%

4 - Managed

11.8%

3 - Defined

26.7%

2 - Repeatable

28.9%

1 - Ad-hoc

28.9%

0%
April 21, 2010

5%

10%

15%

20%

25%

30%

35%

40%

45%

50%
97 

Maturity Of Information / Data Governance Processes And Policies In Your Organisation
5 - Optimised 1.6%

4 - Managed

4.8%

3 - Defined

24.5%

2 - Repeatable

46.3%

1 - Ad-hoc

22.9%

0%
April 21, 2010

5%

10%

15%

20%

25%

30%

35%

40%

45%

50%
98 

Maturity Of Responsibility And Accountability For Information / Data Governance Among Employees In Your Organisation
5 - Optimised 6.9%

4 - Managed

3.2%

3 - Defined

31.7%

2 - Repeatable

25.4%

1 - Ad-hoc

32.8%

0%
April 21, 2010

5%

10%

15%

20%

25%

30%

35%

40%

45%

50%
99 

Average Per Record Cost of a Data Breach 2005 – 2009 USD
$250 $197 $182 $138 $202 $204

$200

$150

$100

$50

$0 2005 2006 2007 2008 2009

April 21, 2010

100 

Average Organisational Cost of a Data Breach 2005 – 2009 USD
$8,000,000 $7,000,000 $6,000,000 $5,000,000 $4,000,000 $3,000,000 $2,000,000 $1,000,000 $0 2005 2006 2007 2008 2009 $4,514,429 $4,787,637 $6,355,132 $6,655,758 $6,751,451

April 21, 2010

101 

More Information
Alan McSweeney alan@alanmcsweeney.com

April 21, 2010

102