Professional Documents
Culture Documents
Data Governance Sucess
Data Governance Sucess
Rupa Mahanti
Data Governance
Success
Growing and Sustaining Data Governance
Data Governance Success
“Whatever you may be interested in, if data governance is part of that equation for you, this book
will give you new insights, ammunition to bring back into your day to day work, and an introduction
to a community of data governance practitioners.”
—From the foreword by Dan Power, Founder and President, Hub Designs Inc.
“Rupa Mahanti’s strong engagement with questions central to the success of data governance
continues in the third volume of her comprehensive DG series. In Data Governance Success:
Growing and Sustaining Data Governance, she takes up the challenge of developing data gover-
nance practices over time through strategy, organizational structure, and effective metrics. Based
on a maturity model framework, she presents a practical approach to data governance and, through
it, a clearer path for organizations to get more value from their data.”
—Laura Sebastian-Coleman, Author of Navigating the Labyrinth: An Executive Guide
to Data Management.
“The road to a successful and enduring Data Governance practice has challenges that can impact its
effectiveness or event stop it altogether. These challenges include the resistance by some IT groups
to share the necessary information about their systems and data, or the “business as usual” mindset
that prevents workers from focusing on the enterprise and its information value chains. This book
provides a practical approach to effectively identify and address these challenges from a strategic
to a tactical perspective.”
—Andres Perez, Information Management Consultant and President of IRM Consulting, Ltd. Co.
“Implementing data governance it’s not difficult, but it is challenging. Rupa Mahanti covers a lot
of areas on what you need to know in order to implement a data governance program successfully
while navigating its pitfalls.”
—George Firican, Founder of LightsOnData.
“Nothing ever stands still, it is either growing and moving forward or it is failing. Data Governance
Success: Growing and Sustaining Data Governance is an essential tool for any organization trying
to transform its data governance into a successful, ongoing program instead of a well-intentioned,
but failed project.”
—Dr. John R. Talburt, Acxiom Chair of Information Quality at the University of Arkansas at Little
Rock, and Lead Consultant for Data Governance and Data Integration with Noetic Partners.
“I can hear readers who open this book for the first time thinking, “This book will help me figure
out how to start our data governance project.” I’m hoping that by the time they reach the end, these
same readers will be fortified by the experiential knowledge that Rupa Mahanti and her band of data
experts have imparted throughout these pages. Data has moved beyond a byproduct of the systems
that generate it to become the major driving force behind business, and indeed our own evolution.
It’s more than a project, it could very well be our salvation.”
—Jill Dyché, Author and Data Strategy Consultant.
“Segueing from data governance imperatives, strategy, and ecosystem, this volume of the trilogy
arms readers with crucial practical insight about data governance success factors, and provides
means to surmount challenges and achieve mastery.”
—Jeannine Siviy, Director, Healthcare Solutions, SDLC Partners, Co-author
of CMMI and Six Sigma.
Rupa Mahanti
© The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature
Singapore Pte Ltd. 2021
This work is subject to copyright. All rights are solely and exclusively licensed by the Publisher, whether
the whole or part of the material is concerned, specifically the rights of reprinting, reuse of illustrations,
recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or
information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar
methodology now known or hereafter developed.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication
does not imply, even in the absence of a specific statement, that such names are exempt from the relevant
protective laws and regulations and therefore free for general use.
The publisher, the authors and the editors are safe to assume that the advice and information in this book
are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or
the editors give a warranty, expressed or implied, with respect to the material contained herein or for any
errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional
claims in published maps and institutional affiliations.
This Springer imprint is published by the registered company Springer Nature Singapore Pte Ltd.
The registered company address is: 152 Beach Road, #21-01/04 Gateway East, Singapore 189721,
Singapore
Data Governance: The Way Forward
This mini-series of three volumes looks at
different aspects of data governance. The
volumes do not assume any prior or
specialist knowledge in data governance.
Data governance is an important component
of the data management discipline, and these
books should appeal aspiring information
management candidates, aspiring/current BI
and reporting analysts, project managers
heading information management projects,
business and IT consultants, especially those
involved with data, university students,
professionals in organisations from all
industries and sectors who wish to gain a
comprehensive understanding of data
governance.
To my parents,
for their unwavering support, dedication,
love and encouragement.
The final book in the series opens with a discussion of the challenges and dynamics
of data governance. Sometimes achieving success in data governance seems easier
said than done.
Data governance is an inherently political area, involving a wide range of stake-
holders and constituencies, often with divergent interests, both within and outside
of the enterprise. But there are “rookie mistakes” to avoid and best practices that
organizations can apply.
According to Gartner, about 90% of organizations fail in their first run at data
governance. A lack of executive sponsorship and uninterrupted funding are two of
the biggest reasons. Another is treating data governance as a one-off project, rather
than a long-term, ongoing program. Other challenges include lack of alignment
between the business and IT and a data strategy that does not line up with the overall
corporate strategy.
Large organizations can have thousands of different application databases, data
warehouses and other repositories, often of differing value to the enterprise. Often,
companies find it difficult to identify what is truly critical and to prioritize the many
different kinds of data.
One often disastrous challenge is when the business abdicates its responsibility
for data to IT, feeling that, since data is ultimately stored in a database, and databases
reside on computers, that this is all IT’s responsibility and does not require the busi-
ness to be involved. The reality is that strong business/IT alignment and collaboration
are required.
Chapter 2 does an excellent job reviewing and debunking common mispercep-
tions about data governance and goes on to outline several key factors for ensuring
data governance success, including strong executive sponsorship, a commitment to
success, alignment with corporate strategy, adequate training and education, and an
orientation to approaching data governance as an organizational change management
exercise first and foremost.
Creating a compelling business case and a robust data strategy are usually two of
the first tasks of the data governance organization. It is also useful to figure out if the
organization is ready to implement a data governance initiative. Some of the biggest
ix
x Foreword by Dan Power
issues arise if there is some outside pressure to do it, but the organization is showing
multiple warning signs that it is not ready.
Once the overall corporate strategy is clear, and a data strategy has been developed
that supports it, then a data governance strategy can be created to show how the
program will be conducted over its first 18 to 24 months. And the business case
for “why we need data governance” (versus what happens if we do not have data
governance) can be created as well.
The book does a good job covering data governance maturity models. There
are a number of them from different organizations, and they typically assign a one
to five score, similar to the capability maturity model (CMM) created by the U.S.
Department of Defense and now maintained by the Software Engineering Institute
at Carnegie Mellon University.
Chapter 5 describes the components of data governance and outlines a workable
framework. Start with the people component—they are the heart of a data governance
program. Different people in the enterprise will participate in different ways and
in different roles. Ideally, you are looking for people to do what they are already
doing, but to do more of it, or to change it slightly, or even just to weave it into an
enterprise-wide context where now they are doing it for a single area or department.
The operating model can be a difficult question as well. A purely centralized or
decentralized model often does not work well in today’s large, siloed organizations.
Top-down operating models work well in traditional command-and-control-oriented
organizations.
Many companies find a hybrid or federated model to work well, similar to how
the USA has a federal, state, and local level of government. Execution and imple-
mentation of data governance are done on a decentralized basis, by the people who
are closest to the action (the state and local levels). The enterprise level provides
a single point of contact and centralized accountability. It can be cumbersome and
challenging to coordinate however and requires close collaboration between several
different layers.
Data governance is a complex, challenging topic that has arisen relatively recently
in the big scheme of things. Data professionals with many years of experience are
sometimes challenged by the difficulty of successfully implementing a data gover-
nance initiative. This three-book series gives a lot of great information, models, best
practices, and approaches, making it an incredibly valuable resource for anyone new
to the discipline of data governance.
What I have found most rewarding about data governance over a thirty-three-
year career is that it continues to be challenging, interesting, and rewarding, and
I have made a lot of great friends over that time with similar interests in soft-
ware, technology, master data management, data quality, data governance, business,
management, alliances, and project management.
Whatever you may be interested in, if data governance is part of that equation for
you, this book will give you new insights, ammunition to bring back into your day-
to-day work, and an introduction to a community of data governance practitioners.
Foreword by Dan Power xi
I hope that your journey in the “data world” is as rewarding as mine has been. I
fell into it in 1987 and have never managed to escape, but it has been and continues to
be a very rewarding profession, and it continues to become more and more relevant
to our world. Good luck on your journey!
While good data is an enterprise asset, bad data is an enterprise liability. However,
in order to have good data, it needs to be managed effectively, and effective data
management requires data governance.
Companies that govern and manage their data effectively are able to achieve a
competitive advantage in the marketplace. Data governance is often viewed as “nice
to have.” However, with the increase in value of data and data being treated as an
asset, and compliance and analytics calling for better quality data and improved data
protection, data governance is a “must have.”
Data governance enables you to effectively and proactively manage data assets
throughout the enterprise by providing guidance as in “how to do it” in the form
of policies, standards, processes, and rules. It also helps in defining roles and
responsibilities to define who will do what, with respect to data.
While implementing data governance is not rocket science, it is also not a simple
exercise. There is a lot of confusion around what data governance is, and as a result, a
lot of challenges arise in the implementation of data governance. Data governance is
not a “project” or a “one-off exercise” but a journey that involves a significant amount
of effort, time, investment, and cultural changes that must be taken into consideration
to achieve and sustain data governance success.
This book entitled, Data Governance Success: Growing and Sustaining Data
Governance, is the third and the last book in the data governance series which consists
of three books as outlined below:
• Data Governance and Compliance. This first book in the trilogy sets the stage
in terms of evolution of corporate governance, laws and regulations, other forms
of governance, how data governance interacts with other corporate governance
subdisciplines, and goes on to explain how data governance helps in achieving
compliance.
xiii
xiv Preface
• Data Governance and Data Management. This second book provides the
big picture of data and data governance (data as an asset, different technical
aspects of data, data governance drivers, and benefits). It also covers interactions
with different data management disciplines and initiatives, and data governance
technology and tools.
• Data Governance Success. This final book, the one that you are currently reading,
discusses the different perceptions that individuals and organizations have in rela-
tion to data governance, the challenges in implementing data governance, and the
key factors that should be considered to ensure data governance success.
These books share the combined knowledge related to data, and data governance
that I have gained over the years of working in different industrial and research
programs, and projects associated with data, processes, and technologies. I have inter-
acted with professionals all over the world and have read many books and articles,
most of which are listed in the references.
The data governance trilogy will be highly beneficial for IT students, academi-
cians, information management and business professionals, and researchers to
enhance their knowledge and get guidance on their own specific data governance
projects.
This series is written primarily for information management professionals, risk
management professionals, compliance professionals, data quality practitioners,
information management researchers, and students looking forward to a career in
data management or governance.
In addition, this series will be useful for aspiring information management candi-
dates, aspiring business intelligence (BI) and reporting analysts, project managers
heading information management projects, business consultants, IT consultants,
university students, and researchers, and professionals in organizations from all
industry sectors who want to gain an understanding of data governance.
Data governance is often overlooked and its value is grossly underestimated. A lot
of people are highly skeptical about data governance. In order to retain interests of
such an audience, I have conducted interviews with 11 thought leaders, researchers,
and professors. Their interview responses have been included in the appendix section
of the first book of the series—Data Governance and Compliance—with an intent to
share their challenges and experiences with data governance.
Each book has a slight overlap in terms of people, processes, and metrics-related
aspects of data governance, though it is the third book that covers these aspects in
detail. The technical aspect is a major component of the second book and will be
moderately discussed in the first book in relation to compliance and is minimally
discussed in this book.
Data governance is an enterprise-wide program, and its implementation often fails
(or the program even fails to take off) due to a number of challenges and perceptions. It
is therefore important to understand these challenges and perceptions, and the factors
critical to ensure data governance success. Specifically, we need to understand the
different levels of data governance maturity, the role of strategy, data governance
organization structure, and metrics.
Preface xv
Writing this book was an enriching experience and has given me great pleasure and
satisfaction but has been more time consuming and challenging than I thought. I owe
a debt of gratitude to many people who have directly or indirectly helped me on my
data governance journey.
I am extremely grateful to the many leaders in the field of data governance and
related fields who have taken the time to write articles and/or books so that I and
many others could gain knowledge. The bibliography in one or more books in the
data governance book series shows the extent of my appreciation to those who have
made that effort; special thanks to Anne-Marie Smith, Boris Otto, Chisolm Malcolm,
Carlo Batini, Dan Myers, Dan Power, Dannette McGilvray, David Loshin, David
Plotkin, Doug Laney, Dylan Jones, Evan Levy, George Firican, Gwen Thomas,
Hubert Österle, John Ladley, John Talburt, Jill Dyché, Kelle O’Neal, Larissa
Moss, Larry P. English, Laura Sebastian-Coleman, Lowell Fryman, Majid Abai,
Monica Scannapieco, Neera Bhansali, Nicola Askham, Peter Aiken, Philip Russom,
Prashanth H. Southekal, Robert F. Smallwood, Robert Seiner, Richard Wang, Sid
Adelman, Steve Sarsfield, Sunil Soares, Thomas C. Redman, Todd Harbour, Tony
Fisher, Wayne Eckerson, and Yinle Zhou.
I had quite a few questions in relation to book publishing, and I am extremely
grateful to Bill Hefley, Jill Dyché, Karl Wiegers, Laura Sebastian-Coleman, Nicole
Radziwill, Sandeep Nagar, and Victor Squires for answering some of them. Many
thanks to Satish Gawade for helping me with understanding the terms of the book
contract.
Many thanks to Andres Perez, Christopher Butler, George Firican, Jill Dyché,
John Talburt, John Zachman, Laura Sebastian-Coleman, Phil Watt, Shannon Fuller,
Stan Rifkin, and Tony Epler for agreeing for an interview and sharing their unique
perspectives.
I would like to thank many clients and colleagues who have challenged and collab-
orated with me on so many initiatives over the years. I appreciate the opportunity to
work with such high-quality people.
I am very grateful to Springer for giving me an opportunity to publish this book. I
am particularly thankful to Anushangi Weerakoon for her continued cooperation and
support for this project. She was extremely patient and flexible in accommodating
xvii
xviii Acknowledgments
my requests. Her unique perspective and feedback made this book so much better. I
would like to thank Bhagyalakkshme Sreenivasan and Saranya Kalidoss for making
the production process smooth for me. Thanks to the Springer team for helping me
make this book a reality. The Springer team made the process and the experience very
easy and enjoyable. I am also thankful to the reviewers for their time and constructive
feedback that helped improve the quality of this book.
Many thanks to Jeannine Siviy for her feedback and helpful suggestions that
helped make this a better book.
I am grateful to my teachers at Sacred Heart Convent, DAV JVM, and Birla
Institute of Technology, where I received the education that created opportunities
that have led me where I am today. Thanks to all my English teachers and special
thanks to Miss Amarjeet Singh because of whose efforts I have acquired good reading
and writing skills. My years in Ph.D. research have played a key role in my career and
personal development, and I owe a special thanks to my Ph.D. guides—Dr. Vandana
Bhattacherjee, Late Dr. S. K. Mukherjee, and my teacher and mentor Dr. P. K. Mahanti
who supported me during this period. Though miles way, Dr. Vandana Bhattacherjee
and Dr. P.K. Mahanti still provide me with guidance and encouragement, and I will
always be indebted to them. I am also thankful to my students whose questions have
enabled me think more and find a better solution.
Last but not least, many thanks to my parents for their unwavering support, encour-
agement, and optimism. They have been my rock throughout my life, even when they
are not near me and hence share credit for every goal I achieve. Writing this book
took most of my time outside of work hours. I would not have been able to write
the manuscript without they being so supportive and encouraging. They were my
inspiration and fueled my determination to finish this book.
About This Book
While good data is an enterprise asset, bad data is an enterprise liability. Data
governance enables you to effectively and proactively manage data assets throughout
the enterprise by providing guidance in the form of policies, standards, processes,
and rules, and defining roles and responsibilities outlining who will do what, with
respect to data. While implementing data governance is not rocket science, it is not
a simple exercise. There is a lot confusion around what data governance is and a
lot of challenges in the implementation of data governance. Data governance is not
a project or a one-off exercise, but a journey that involves a significant amount of
effort, time, investment, and cultural change, and a number of factors need to be taken
into consideration to achieve and sustain data governance success. Data Governance
Success: Growing and Sustaining Data Governance is the third and final book in the
data governance series entitled—Data Governance: The Way Forward and discusses
the following:
• Data governance perceptions and challenges
• Key considerations when implementing data governance to achieve and sustain
success
• Strategy and data governance
• Different data governance maturity frameworks
• Data governance—people and process elements
• Data governance metrics.
This book shares the combined knowledge related to data and data governance that
the author has gained over the years of working in different industrial and research
programs and projects associated with data, processes, and technologies, and unique
perspectives of thought leaders and data experts through interviews conducted. This
book will be highly beneficial for IT students, academicians, information manage-
ment, and business professionals and researchers to enhance their knowledge to
support and succeed in data governance implementations. This book is technology
agnostic and contains a balance of concepts and examples and illustrations making
it easy for the readers to understand and relate to their own specific data projects.
xix
Contents
xxi
xxii Contents
xxv
Acronyms and Abbreviations
BI Business intelligence
CDE Critical data element
CDO Chief data officer
CEO Chief executive officer
CFO Chief financial officer
CIO Chief information officer
CMM Capability Maturity Model
CMO Chief management officer
CRM Customer relationship management
CRO Chief risk officer
DBA Database administrator
DBMS Database management system
DCAM Data Management Capability Assessment Model
DDGO Departmental Data Governance Office
DG Data governance
DGF Data governance framework
DGI Data Governance Institute
DGO Data Governance Office
DGPC Data Governance for Privacy, Confidentiality, and Compliance
DQ Data quality
DW Data warehouse
EDGO Enterprise Data Governance Office
EDM Enterprise data management
ERP Enterprise resource planning
FAST Function Analysis Systems Technique
GQM Goal Question Metric
IAM Identity access management
IT Information technology
MDM Master data management
PII Personally Identifiable information
POC Proof of concept
xxvii
xxviii Acronyms and Abbreviations
xxxi
Chapter 1
Data Governance Journey—Introduction
Abstract This chapter introduces to the audience data governance and other data
management functions in a concise fashion as these have been discussed in great
detail in the second book of the series- Data Governance and Data Management. This
chapter also presents the evolution of the data management discipline, the business
drivers for data governance, data governance benefits and the key factors necessary
for success of a DG program very briefly.
With enterprises capturing and storing exponential volumes of data, data needs to be
given priority and there needs to be adequate management around the data to derive
the best value. Data management is no longer a simple discipline that existed in
the early days of computing, when data management was all about inputting values
through punch cards and storing data in magnetic tapes.
As we saw in Book 2—Data Governance and Data Management, in the present age
of computing, data management is a multifaceted discipline comprising of several
closely interacting sub-disciplines or functions, with data governance being one of
© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2021 1
R. Mahanti, Data Governance Success,
https://doi.org/10.1007/978-981-16-5086-4_1
2 1 Data Governance Journey—Introduction
the core functions tying together all the other data management functions as shown
in Fig. 1.1. As shown in the figure, there are different types of data—master data,
reference data, transactional data, big data, and content and records. These data need
to be managed and there are different disciplines such as master data management to
manage master data and create a single version of truth; reference data management
to manage reference data; data lakes to store and manage big data; and document
and content management systems to manage document and content. Metadata is
data about data and provides context around data with metadata management being
one of core data management discplines. As data needs to be processed and stored,
data storage and operations is the discipline that deals with storage of data. The
data needs to be modeled, linkages need to be established, and data flows need to be
established, before storage of data in repositories (for example in databases) and data
architecture and modeling are the corresponding data management disciplines. Data
from multiple heterogeneous sources need to be integrated and data integration is the
data management discipline that deals with the same. Data warehousing and master
data management are special cases of data integration. Data may need to be migrated
from one platform or data structure to another structure. This process is known as
Fig. 1.1 Data governance tying together the data management functions
1.2 Data Management Discipline 3
data migration. Data can be analyzed for decision making purposes, forecasting and
studying trends and data analytics is a data management initiative that deals with
this.
In today’s rapidly changing digital world, with data growing out of proportions,
with new regulations coming into picture and existing regulations being revised and
having an impact on data, and good data being a key differentiator for organizations
to gain competitive advantage and stay ahead in market, robust data governance is not
optional, but an essential. Data governance empowers and facilitates good behavior
with respect to data and restricts behavior that creates risks with regard to data.
There are several business drivers and use cases of data governance including
compliance, reputation management, improving customer satisfaction, better deci-
sion making, improving data quality, data security, data privacy, data analytics, big
data, improving operational efficiency, revenue growth, mergers and acquisitions
(M&A), and partnering and outsourcing.
Generally any organization that captures, manages, and uses data has some form
of data governance in place. While all organizations have some form of governance
for individual applications or business units, the data practices lack sufficient breadth,
depth or alignment of a formal governance program, instead allowing individuals,
departments or business units to make their own rules and standards (Tucci 2010).
Conversely, formal data governance structures are characterized by established poli-
cies, processes, guidelines, practices, and defined data roles, responsibilities and
accountabilities for specific staff across the organization.
As data, industry, technologies, and compliance are evolving, data governance
is becoming even more crucial in the corporate world. The adoption of data gover-
nance is faster in regulated industries with compliance being one of the key business
drivers. However, even for non-regulated industries, the benefits surpass the cost of
establishing data governance in the organization.
Data is the lifeblood of an organization and hence needs to be managed with
care. Effective data management needs sound data governance. Effective data gover-
nance implementation has several benefits, namely, common understanding of data,
increased collaboration, zeroing in on data location, improved data quality, increased
confidence in data, improved brand protection, improved decision making, compet-
itive advantage, improved data management, improved data security, improved
compliance, improved risk mitigation, cost savings, increased revenue, support
impact analysis, and business and IT partnership.
However, data governance is fraught with challenges and false notions, and several
factors play a role in the successful implementation of data governance. These factors
include leadership and management support, commitment and alignment, change
management and cultural change, executive sponsorship, stakeholder engagement
and management, strategy and business case, skill sets, knowledge, and abilities,
4 1 Data Governance Journey—Introduction
Reference
Tucci L (2010) Why you need a formal data governance program, and how to get started.
TechTarget. http://searchcio.techtarget.com/news/1517117/Why-you-need-a-formal-data-gov
ernance-program-and-how-to-get-started. Accessed on 31 Mar 2018
Chapter 2
Data Governance Challenges
and Dynamics
2.1 Introduction
Many organizations, especially highly regulated ones like healthcare, life sciences,
and financial institutions recognize that implementing effective data governance is
critical to meeting the increasing demand for high quality data, which is needed
to improve operational efficiency, strategic decision making, and meeting various
regulatory and compliance mandates and requirements. However, attaining success
in implementing an effective data governance program is easier said than done.
Here are some of the questions that come in mind when it comes to data governance
(also shown in Fig. 2.1):
© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2021 5
R. Mahanti, Data Governance Success,
https://doi.org/10.1007/978-981-16-5086-4_2
6
Why is data
Why do data
governance
governance programs
challenging?
fail?
? ?
? ?
What are barriers to ? ?
What are the
achieving data ? ?
indicators that your
governance? ? data governance
? program is dying?
?
?
? ?
? ?
?
? ? What are the DOs
What are the data ?
? and DON'Ts of data
governance critical
success factors? ? governance
It’s fine to celebrate success but it is more important to heed the lessons of failure.
—Bill Gates
Why do data governance programs fail? There are various reasons and situations
that lead to or increase the probability of the failure of a data governance program,
or may cause the initiative to struggle. First, let’s consider some statistics:
• As per Gartner’s prediction in 2006, 90% of organizations would fail in their
initial efforts toward data governance (Correia 2015).
• Symantec’s 2014 information governance survey revealed that while 74% of the
respondents had a formal, enterprise-wide governance strategy, just 20% of them
said that their strategy was very effective (Correia 2015).
8 2 Data Governance Challenges and Dynamics
• As per a survey conducted by Amitech, more than 60% of the insurance plans
have either formal data governance programs in place or in the works. However,
50% of new data governance programs fail to deliver (Amitech).
Data governance is an enterprise wide initiative that requires sustained executive
sponsorship and senior management commitment. Without a senior level sponsor to
act as a champion for data governance and provide continuous funding, an initiative
as broad reaching as data governance, is bound to fail.
There is no standard well defined and universally agreed definition of data gover-
nance (SAS). This often results in misinterpretation as to what data governance
actually is. Data governance is often incorrectly viewed as a one-off project or as
an academic exercise (SAS). As outlined by Christopher Butler, Chief Data Officer,
HSBC, UK, the focus is on data governance as a standalone objective without consid-
ering the broader business objectives and how strongly data governance can support
these (Mahanti 2021a).
Data governance objectives not being aligned to the organization’s strategic objec-
tives will cause a data governance initiative to fail. Data governance is a cross-
functional program that requires buy-in and consensus on policies from different
business stakeholders at different levels. The lack of buy-in from key stakeholders
can result in data governance programs to be thwarted right in the very begin-
ning. Difficulty in getting consensus on governance policies from various business
units/departments in the organization can considerably slow down the program.
The data governance program is not well understood, and the resourcing, effort,
and time required for implementing and sustaining data governance is often under-
estimated leading to its failure. An absence of skilled resources or a lack of sufficient
resources can be detrimental to the implementation of data governance. As per Nancy
Couture, wrong timing of data governance activities is another reason for DG failure.
Some examples are (Couture 2018):
• Getting the DG stakeholders involved too soon without anything for them to
actually do.
• Providing stakeholders with a role without any training.
• Installing data governance tools without processes and workflows designed.
• Moving ahead with data governance without a charter, scope, objectives, strategy,
roadmap or a supporting data governance office to ensure progress.
• Not publishing training and communications in relation to DG.
Data governance requires a good understanding of the data including, what the
data means, what is it used for, where is the data located, and what will be the
implications if the data is not correct. All these questions can be answered by the
subject matter experts who are also extremely busy people and have other priorities.
Failing to secure their time for the data governance initiative can significantly slow
down the initiative.
Organizations have a lot of data, but not all data are equally important, and hence
not all data are of use when implementing data governance. Failure to focus on
the “data that really matters” (Turner 2016) or critical data will result in the data
2.2 Data Governance Failures 9
governance program to fail sooner or later, as the organizations will not realize
business benefits.
There is no single, right way to do data governance, and that’s one of the reasons
it can be difficult to be successful and to make data governance stick (Couture 2018).
Every organization has its unique culture, structures, and hierarchies, and failing to
take these factors into account when designing a data governance program will result
in the failure of the program. Not having the right data governance framework and
model can also result in the collapse of the program.
Data is an enterprise asset, which is stored in data repositories, which are tech-
nically managed by the IT teams in an organization. This results in misplacing the
accountability of the data solely with IT. Business users tend to look upon data as an
IT related issue. Often, the business users and IT teams find it difficult to collaborate
on data issues (SAS). IT is not in position to outline the business rules related to the
data—the business users are the subject matter experts and the right people to define
the rules, while the IT teams are the right people to technically implement the rules.
Governance must encompass each and everybody who uses data across (and
beyond) in an organization and any mismatch will result in its failure (Turner 2016).
In this section, we discuss some obstacles and challenges (summarized in Fig. 2.3)
that organizations face when trying to implement data governance.
10 2 Data Governance Challenges and Dynamics
Supply Chain
CRM Management
System
Data warehouse
Nomenclature
- Touchpoints
- User
With the large number of data sources, data repositories, data elements, and large
volumes of data (See Fig. 2.4), an organization’s data landscape is massive and
complex, and therefore overwhelming in terms of where to start, and how to approach
data governance.
It is important to have a high level understanding of your organization’s data
landscape—the data your organization holds and how the data is managed, the data
flows across the systems, the important applications and systems including sources
Vastness & complexity Data & data
Restrictive nature of
of the data landscape governance not
DG
priorities
Organizational
Linguistic barriers
conflicts
Incomplete understanding
Executive buy-in of the term – data
governance
and target systems, and the relationship between the data and systems, before you
start data governance.
The conceptual data models should be a good place to start gaining a high-level
understanding and then proceeding to the next levels (logical data models and phys-
ical data models), ironing out the details as needed. The details can be found in logical
and physical data models, file definitions, documentation, and source to target data
mapping documents.
If you are a business user, you would need the help of the technology experts
(data modelers or data analysts) to understand how data is stored. Technical business
analyst is a new role that has emerged to bridge the gap between the business users
and developers.
Understanding your organization’s data landscape will enable you to understand
the root cause of the organizational data issues, chalk out the impacts, and design data
governance effectively. Proceeding with data governance without understanding the
data landscape will result in addressing the data problem symptoms rather than the
root cause, and could result in negative impacts, as data usage is not fully understood.
This will in turn result in your data governance initiative getting a bad name.
Not all datasets and data elements in an organization have the same business value,
with some being more critical than others. However, this is often overlooked when
collecting and storing data. In addition, some data sets contain only current data,
while others contain a full history of data. So there are lots of data at varying levels
of importance, which organizations find challenging to govern. This challenge can
be overcome by identifying the critical data elements and prioritizing the business
value of the data sets to able to determine the rigour with which, data needs to be
governed, and the right governance requirements around the data.
A common governance mistake is to assume that all important data reside in
enterprise’s transactional “systems of record” and business intelligence systems such
as data warehouse and master data repository, hence, focus only on these systems.
Often, critical data are located in “data shadow systems” dispersed throughout an
organization and hence, needs to be taken into consideration from a data governance
perspective (Sherman 2011).
The importance of data and the business value, that data can provide to the organiza-
tion, are not understood by stakeholders including business executives. Hence, data
governance is often not viewed as a priority.
Organizations tend to have a prevailing culture where intuition is valued rather than
data. Such a culture is detrimental for any data initiative including data governance.
It is imperative that stakeholders understand the value of data, and view data as
a strategic enterprise asset that can provide competitive edge, and understand and
support the rationale for implementing data governance.
14 2 Data Governance Challenges and Dynamics
To be successful, a data governance program requires time and input from business
users and subject matter experts (SMEs), who have in-depth understanding of the
data and key managers who can make operational changes happen. They are suitable
to play the role of data stewards and are highly-sought after resources who often
already have numerous high priority tasks assigned to them, so dedicating time for
them to work on data governance would require demonstration that data governance is
considered high priority. Therefore, it is important to first align the data governance
initiative to the organizational priority and have a strong business case for data
governance. This will provide justification for getting the required resources to spend
time on the program.
As the data governance program and the data steward role matures in the organi-
zation, the time allotted for data stewards would need to be protected so that they can
spend it on ongoing data governance work such as revising data policies, proactive
data quality management, maintaining and adapting data standards, and updating
role-based access policies as things inevitably change.
Data is an enterprise asset and data governance is an enterprise wide program that
needs collaboration across the different business units and departments in an orga-
nization. However, a large number of groups work in siloed fashion in a complex
diversified data environment across the organization, which results in challenges
in collaboration in form of linguistic barriers and bringing IT and business teams
together which are discussed in detail in the sections below:
language in relation to the data they manage. However, data governance involves
breaking these data silos so that data can be managed as a strategic enterprise
asset. Breaking silos requires facilitating conversations between the different depart-
ments, which can be a challenge, as it requires breaking these language barriers. One
way to deal with this challenge is to use an employee who has worked in multiple
departments in his career, to be a facilitator to bridge the gaps, and enable effective
collaboration required for data governance.
be accountable for data, IT for networks and systems, and DG is where they should find
common ground.
There are a lot of connotations around the term data governance, ranging from
disagreements over its meaning, arguments over its semantics, and bad reputation
associated with it as follows:
One of the important challenges with data governance is that, no one can quite agree
on, what exactly the term data governance means. There are no formal, industry-
accepted definitions for the term. As a part of a survey conducted by erwin and UBM,
respondents were presented with a set of different definitions for data governance.
As per the survey results report, 67% describe data governance as understanding
data flows across the organization, and 62% see data governance as building policies
that govern the organization around data. According to 59% of the respondents, data
governance is understanding of deployed data; 57% said it is a framework of people
and processes with responsibility for data, and 42% said data governance is about
building a glossary of data standards. 22% percent said data governance enables
business intelligence self-service. The responses reflect the wide range of opinions
on what data governance is all about, and hint at the problems that many organizations
have in implementing it (Erwin 2017).
Some people vehemently argue over semantics as to whether the function should be
called data governance or information governance. These semantic arguments can
result in wasting valuable time arguing, and thus preventing from making progress,
2.3 Data Governance—Perceptions and Challenges 17
cause ‘storming’ when you need the data governance team to be ‘norming’ and
‘performing’ (Edwards 2016).
It is important for discussions to revolve around the problem statement, the scope,
and the core functions that your data governance program needs to provide, instead
of focusing on the semantics. Also, see Sect. 2.3.5.3 about naming the program
something, that doesn’t include ‘data governance’ in the name.
Data governance has a lot of negative connotations. It raises fears of red tape and
long boring meetings (Edwards 2016). Despite the real value that data governance
provides, some organizations are reluctant to implement data governance because
of past failures or bad experiences. Some organizations have tried their hand at
data governance before, and have spent a lot of time in meetings, and maintaining
spreadsheets with no visible results. These organizations suffer from the “Once bitten,
twice shy” syndrome.
As pointed out by Ashish Haruray, in his LinkedIn article, Why Failed Data
Governance Experience Is Valuable! “Everyone likes success stories but unfortu-
nately failures don’t get the press they usually deserve. There’s as much to learn
from the failures, if not more. (Haruray 2017)”
It is important to have retrospective session with all stakeholders to understand
what went well, what went wrong, and what and how things could have been improved
to chalk out the do’s and don’ts, and use the lessons learnt to design a strategy to
implement data governance.
It is important to plan how you approach data governance by looking at the chal-
lenges that only data governance can solve, and a feasible strategy for solving them
instead of pushing the data governance agenda. If using the term data governance
creates roadblocks or unnecessary resistance, it is advisable to create a program name
around the outcomes that is desired from implementing data governance, or just talk
about the desired outcomes. For example, if the challenge is to locate data in a data
warehouse, know its lineage and who owns the data, a data governance program
should be implemented with the help of a data catalog which will have details of
what data is in the data warehouse, what it means and who owns it, and its lineage,
thus making it easy to find, understand, and trust the data. Since data governance
has a bad vibe, it is better to talk about implementing the data catalog rather than
talking about data governance upfront. For example, if the goal of data governance
is to achieve improved data quality, you might name the initiative as a “Data Quality
Program” to get better buy-in and support.
18 2 Data Governance Challenges and Dynamics
Any enterprise wide initiative needs clearance from the executive level and data
governance is no different. Getting executive buy-in can be challenging, as the senior
management is often occupied with bigger problems, and can fail to see the value of
data governance.
Having a clearly focused business case which talks about the specific benefits (and
not generic benefits) of the data governance implementation will help get executive
buy-in. This is because generic benefits are difficult to sell to senior management, who
want to know how data governance will help them attain their strategic objectives.
Also, it is important to have an executive sponsor who is well respected amongst
the senior management, who has clout and politic influence to get buy in for the data
governance program. The executive sponsor should be able to explain the business
case for data governance with the right intensity, focus, and level of detail, so that data
governance becomes an organizational priority. The role of the executive sponsor in
the success of data governance program will be discussed under the “Key factors for
ensuring data governance success” section in this chapter.
Despite the enterprise-wide awareness of the importance of data governance, a
troublingly large number of organizations continue to stumble because of a lack of
executive support. In a survey conducted by erwin, 42% cited a lack of executive
support, and 39% pointed to a broader lack of organizational support as obstacles to
data governance (Erwin 2017).
Costs and budgets can be one of the major obstacles in the path of implementing
data governance in the organization. In a survey conducted by erwin, when asked to
identify the biggest obstacles to their data governance initiatives, 58% of respondents
cited project costs as their top issue. A lot of that concern clearly is tied to budgets
for data governance. For all the apparent enthusiasm around data governance, only
37% of the respondents had a separate budget for it. A startling 63% of respondents
stated that either they didn’t have a budget or didn’t know if they had one (Erwin
2017).
While business and other stakeholders might view data governance as an enterprise
initiative, they appear somewhat reluctant to pay their share of the tab for it. While
the business gets data governance at a high level, it is less clear on costs and the
efforts required to implement it (Erwin 2017). The role of the executive sponsor in
having budget allocated will be discussed under the “Key factors for ensuring data
governance success” section in this chapter.
2.3 Data Governance—Perceptions and Challenges 19
When asked about the biggest challenge that he had ever faced in a data gover-
nance implementation, this is what Shannon Fuller, Director of Governance Advisory
Services, Gray Matter Analytics had to say (Mahanti 2021a)
Cultural change is the biggest challenge. In many organizations, there is no culture of data
ownership or active data management.
While the first challenge pointed out by Andres Perez on “resistance by IT groups
to open up and share the necessary information about their systems, practices, and
data” is more due to wariness to fear of loss of identity or power, the second challenge
is more to do with reverting back to old behavior.
When asked about the biggest challenges that she has faced when imple-
menting data governance, Laura Sebastian-Coleman, Data Quality Lead, Finance
Data Governance Center of Excellence, CVS Health says the following (Mahanti
2021a):
One of the biggest challenges I have faced (in three organizations) is describing to people,
in the language of the organization, the behaviors they should adopt. This is followed by
actually getting them to change those behaviors. Unfortunately, there are obstacles to culture
change that individuals cannot always overcome. For example, IT funding models can be
20 2 Data Governance Challenges and Dynamics
direct obstacles to data quality, if those models focus solely on meeting project timeframes
and do not account for the quality of the data produced by projects.
Organization politics can derail your data governance program. This is where
you need an influential senior executive sponsor, who can steer his way through
organizational politics, and offer leadership and management support.
Organizational conflict over data is a big challenge. This is because data is a shared
resource and there is always a conflict along the following lines:
Conflict 1: Who pays for the data in case of issues?
Conflict 2: Once Conflict 1 is resolved, who has the final say when there is no
consensus amongst groups trying to come to decision with respect to resolving the
issue?
Conflict 3: Which team or group fixes or addresses the issue: source system team,
target system team, or the intermediate system teams?
Once data is viewed as a strategic asset, and all stakeholders understand the value
that data brings, the business function which is the most impacted by the bad data
would be willing to pay for rectifying the data issues. The following two conflicts
can be resolved by having all the relevant IT and business stakeholders to look at the
pros and cons of each option and come to a decision.
Laura Sebastian-Coleman, Data Quality Lead, Finance Data Governance Center
of Excellence, CVS Health, stresses on Conflict 1 when she states from her experience
that organizational conflict is not about who owns the data or who uses the data. The
conflict is about who has to pay if the data is not right (Mahanti 2021a).
She further explains that (Mahanti 2021a):
Conflict itself can be reduced through good facilitation; especially when this is focused on
ensuring that all the parties have as objective a view of a problem’s costs and benefits. But
what actually gets done depends largely on funding.
the domain owner facilitating resolution, by gathering all requirements for the
respective data from constituents across the organization (Mahanti 2021a).
Varun Pant, Director IT, Swati Consultancy Pty Ltd and DAMA Australia Secretary,
posted an interesting statement about data governance on Linkedin on August 03,
2020. He stated (Pant 2020)
Data governance is like a brake in a car - it is not there to slow you down, but enables you
to go faster, more safely.
Brakes can be viewed as restrictive, but are necessary for a safe journey, and their
appropriate application can avert accidents. However, if applied when not necessary,
can slow progress.
Data governance is about establishing policies, processes, rules, standards, and
controls around data to improve the quality of data, and ensure data security and
privacy. However, this can result in restricting accessibility and constraining people
from what they can do with the data, reduce opportunities for the user, and reduce
productivity levels (Chen 2017). For example, data that was earlier accessible, will
now require following a process, which requires several levels of approvals before
the users can get access to the same data. These processes and restrictions can be
heavy, inflexible, time consuming, and may adversely impact operational efficiency
as well as productivity. Control is important to ensure data protection and quality.
Also, privacy and security cannot be attained without controlling accessibility. Good
governance must balance security, accessibility, productivity, and enablement (Chen
2017), and ensure that processes are streamlined to minimize accessibility cycle
times.
Reality doesn’t bite, rather our perception of reality bites. —Anthony J. D’Angelo, The
College Blue Book
With data growing at an alarming rate, the data management discipline and its
functions have also evolved and matured. Great strides have been made in the field
of data management, and it is still rapidly growing and attracting a lot of interest
worldwide across all industry sectors. However, the data management discipline
has not been immune to perceptions and misunderstandings, with their narrative
being a combination of both fact and fiction causing confusion and concern. Data
governance is a critical function of data management, and has its share of percep-
tions. Also, there is a certain degree of confusion related to it, with data governance
22 2 Data Governance Challenges and Dynamics
being considered synonymous with terms like data management, data quality, meta-
data management, data compliance, data privacy, data policies, data definitions, and
master data management.
One of the biggest challenges in implementing data governance are the misun-
derstandings and perceptions, that individuals have about data governance, that can
either lead to individuals resisting the data governance endeavor, or approaching it
in a wrong manner, or not doing it at all. These along with other misconceptions that
are related to terms, tend to mislead people when it comes to making data gover-
nance related decisions, or slow down, hinder, or put a stop to rolling out their data
governance initiatives. Let’s cover these perceptions (See Fig. 2.5).
A common perception is that IT headed by the chief data officer is accountable and
responsible for data governance. This perception stems from the fact that data resides
in the IT architecture like database systems and file systems, and since IT teams are
owners of IT applications and systems in an organization, the perception is that, the
data held in these systems also should be owned and governed by them, and that,
IT should be made responsible for data governance. However, while IT teams are
the caretakers of the technical aspects of the data, it is the business who are the
data consumers and the subject matter experts, and who define the business rules
around data and who own the data. However, the responsibility for deploying data
governance is joint one- data governance should be primarily driven by the business
with IT in a supporting role (Loshin 2017; Mahanti 2019).
Some people think that data governance is a project, while there are some who think
that data governance is an IT project. While a data governance initiative can trigger
a number of projects, data governance by itself is not a project.
The fact is that data governance is an enterprise wide continuous initiative that
encompasses all business units. Also, while IT and technology do have a role to
play in data governance from an execution standpoint, data governance is not an IT
project or even a project for that matter. Looking at it from the lens of a project would
assign it a fixed start and end date. However, data governance (once implemented) is
meant to continue as part of the inner culture or business as usual activities or daily
functioning routine of an organization.
Data governance is a continuous initiative, and while it should be able to evolve,
and dynamically adapt to the changes in business, technology and data (Chikkatur),
it does not have an end date.
DG can be done big
DGOs are the data DG is a project/ IT
bang
stewards project
DG is a published
DG is same as data
repository containing
stewardship common data definitions
DG is about compliance
IT is responsible for & meeting regulatory
DG requirements
DG is about making
DG does not work in
and maintaining
small organizations
policies
Since compliance is the biggest business driver for data governance, there is a misun-
derstanding that data governance is only about compliance. However, this is not true.
As seen in Chap. 2 in the second book of this series -Data Governance and Data
Management, there are other business drivers and use cases, such as big data, data
analytics, and improving data quality (Mahanti 2021b).
Data governance benefits organizations in a number of ways such as increased
operational efficiency, improved data understanding, improved data lineage, better
decision making, greater data quality, increased confidence in the data, improved
risk mitigation, and cost savings (Mahanti 2019).
Implementing data governance effectively results in an organization being capable
to comply with what is asked for by the regulators by ensuring greater data under-
standing, improved data quality, data transparency, and data traceability, with compli-
ance becoming the offshoot of the continuing data governance process. Compliance
and how data governance helps achieve compliance has been discussed in greater
detail in first book of the series -Data Governance and Compliance (Mahanti 2021a).
There is a misconception that data governance is only about data privacy. This is
not true. While, data governance is about implementing the processes, rules, and
policies around concepts of data privacy/security, inter-departmental data exchange
2.3 Data Governance—Perceptions and Challenges 25
agreements, and improving quality of data to meet with compliance and regulatory
requirements, as well as protecting sensitive data and preventing data breaches, it is
much more than just data privacy as highlighted in the “Data governance is about
compliance and meeting regulatory requirements” section.
Data privacy and data security have been discussed in detail in Book 1—Data
Governance and Compliance and Book 2—Data Governance and Data Management
(Mahanti 2021a, b).
Data governance is often perceived as a set of policies, that result in more work to do
on top of the work, the employees are already responsible for. This misconception
can foster attitudes that make it difficult for organizations to get people to adopt data
governance best practices (Baker and Sjoberg 2018).
This perception also leads to organizations thinking that adding another data
policy to a list of policies is all that is needed to implement data governance, while in
reality, issuing a data policy will be of little value if it is not enforced, and does not
drive the right behaviors and actions, and processes, rules, standards, and controls
are not developed in line with the policies.
Organizations sometimes make the mistake of governing data in silos, either because
they are under the misconception, that data governance should be siloed by business
units or departments, or because of a tendency to address individual data issues
arising in a particular department or business unit.
However, while confining data governance to one department or business unit
may satisfy its internal governance needs, more problems can arise as data is shared
across departments. As data is an enterprise asset and certain data entities will be
used by multiple business units and reside in their associated systems, an enterprise
wide approach to implementing data governance should be taken in a staggered
incremental fashion, by taking effective data governance processes and applicable
controls incorporated in one business unit, and extending them to others (Mahanti
2019).
While data governance and change management share similar characteristics, they
are not the same.
26 2 Data Governance Challenges and Dynamics
Small organizations are under the false impressions that the theory of data governance
with its enterprise wide focus and governance bodies cannot be applied to them
because of the size and the costs associated with it.
The truth is that data governance can be tailored to be implemented satisfactorily in
any organization, irrespective of the size and the industry sector. Smaller sized orga-
nizations would have fewer layers in the data governing body. Data governance can
sometimes be more effective and easier to establish in small organizations because
of lesser conflicts, easier accessibility of the decision makers, and their familiarity
with the systems and data.
As per scientists, the universe was created with a big bang, which was a single event
that led to a chain reaction, which in turn created the universe. Many people tend
to have a similar misconception around data governance, that is, data governance
can be done big bang. This misunderstanding stems partly from the perception, that
“data governance is simple and straightforward to implement” and partly because of
the fact that data governance is not well understood, and is equated to developing
2.3 Data Governance—Perceptions and Challenges 27
a few processes and policies, which should not take too much time and effort, and
hence can be implemented big bang.
However, successful data governance is more than just devising processes and
policies, but it is about building relationships with people to make them more accept-
able to the change, and getting employees in the organization to learn and follow the
processes and comply with the policies, which takes a considerable amount of time.
An incremental approach to governance is an optimal approach to implementing
governance.
While both data stewardship and data governance support the recognition of data as
an enterprise asset, they are not the same (Talburt and Zhou 2015). Data governance
is a program which deals with the creation of policies, standards, roles, and responsi-
bilities, and ensures that the right people are assigned the right data responsibilities,
whereas data stewardship refers to the activities necessary to make sure that the data
is accurate, in control, and easy to discover and process by the appropriate parties,
and it involves people who put data governance into operational practice. Data stew-
ardship is the operational facet of a data governance program that involves the actual
routine work of governing the enterprise’s data (Plotkin 2013).
There is a mistaken belief that data governance teams are data stewards, and are
responsible for taking care of the data and resolving data issues. Data governance
office (DGO) headed by the Chief Data Officer (CDO) is a support team that facilitates
and co-ordinates activities of the various data stakeholders such as business data
stewards, technical data stewards, data owners, and working groups/committees in a
data governance program.
The DGO team brings together different data stakeholders from different business
units to facilitate discussions on different data and data governance topics such as
agreement and alignment on policies, processes, standards, and resolution of data
issues.
While the DGO team liaise with the data stewards from different business units
and applications on data issues, they themselves are not data stewards.
with initiatives like master data management, metadata management, data quality,
data storage, and records management.
These perceptions can be misleading as organizations already implementing any of
these initiatives would come to a false conclusion that they are already implementing
data governance, when in reality they are not. Some of the perceptions that can be
misleading are:
Data governance is the same as data management (Mahanti 2019).
Data governance is the same as data quality (Mahanti 2019).
Data governance is the same as metadata management.
Data governance is the same as master data management.
Data governance is the same as records management (Mahanti 2019).
Data governance is about data storage in a central repository (Iron Mountain;
Mahanti 2019).
Data management is a overarching umbrella, which encompasses a number of
disciplines or functions such as, but not limited to data governance, data quality,
metadata management, master data management, data storage and operations. Data
governance is identified as one of the core components of data management tying
together the other data management functions.
In Data Governance and Data Management (the second book of the series), we
have discussed in detail the relationship and distinction between data governance,
data management, and data quality and dispelled the confusions in relation to master
data management, records management, metadata management, and data storage in
central repositories.
Leadership and management have a crucial role to play in the success of any enterprise
wide initiative or management program and the same applies for a data governance
program. The various dimensions that influence and play a role in the success of a
data governance initiative can be grouped into three heads:
• Support and commitment;
• Alignment; and
• Executive sponsorship.
2.4.1.2 Alignment
Leadership and management alignment at all levels are critical to the successful
implementation of data governance in an organization. Misalignment and disagree-
ment amongst the leaders result in stagnation of a data governance program.
The leaders and management need to align and agree on what data governance is
set to achieve for the organization (Mahanti 2018). This includes agreement on:
• Business case for data governance.
• Mission, vision, and objectives of the data governance program.
• Leadership accountability for data governance.
• Challenges and roadblocks to overcome in rolling out data governance in the
organization, and ways to overcome the same.
• Definition of data governance success.
• Accountabilities, roles, and responsibilities for delivering data governance results.
32 2 Data Governance Challenges and Dynamics
If the leaders are not aligned, they will end up sending mixed messages to their
subordinates, which can lead to resistance, and sooner or later disrupt the data gover-
nance progress (O’Neale 2015). Hence, it is important to identify the disconnects
and conflicts from the start to the end of the program, and address and resolve them
as quickly as possible to ensure continued unified support for the data governance
program.
Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise
before defeat. —Sun Tzu
Strategy and execution (that is tactics) play an important role in the success of a
data governance program. The various dimensions that influence and play a role in
the success of a data governance initiative can be grouped into six heads:
• Strategy and business case;
• Skill sets, knowledge, and abilities;
• Data governance framework and operating models;
• Data governance tools and technology;
• Incremental approach to data governance; and
• Data governance metrics.
The data governance strategy should align with the organization’s corporate
strategy as well as the organization’s data strategy. The data governance initiatives
should align and integrate with the other data intensive initiatives being implemented
in the organization to avoid conflicts and achieve maximum business value. The
data governance strategy should state the future data governance vision and have a
strategic roadmap outlined and realistic milestones set to achieve the vision (Alder
2005). There should be a strong business case for data governance outlining the costs,
value proposition, risks, and benefits.
An organization’s strategic business objectives and future direction, their data
and application landscape, regulatory landscape, business impact of data issues, what
value they want to derive from their data, size of the organization, organization struc-
ture and hierarchies, organization culture, current data maturity and their readiness to
achieve higher maturity levels should be taken into consideration when designing the
data governance strategy. We will discuss more on strategies in Chap. 3 and maturity
models in Chap. 4.
Data governance is an enterprise wide cross functional effort and involves many
stakeholders at different levels across different business units across the organiza-
tion. A mix of roles and responsibilities are also required. The roles and responsi-
bilities drive the knowledge, skill sets, and competencies required. Hence, a variety
of knowledge, skills, and expertise distributed across teams are needed for a data
governance initiative to be successful—namely, technical skills like data quality,
data analysis, data assessment, data architecture, data modeling, data stewardship,
data governance knowledge, data life cycle management, and good business knowl-
edge of data. In addition, soft skills—like leadership, communication skills (both
verbal and written), excellent writing, presentation skills, influencing, prioritization,
negotiation, facilitation skills, inter-personal skills, diplomacy, ability to manage
conflicting priorities, persuasion skills, stakeholder management, and organizational
skills are also required. For example, achieving cultural change would need these
skills. Also, with a rise in multinational organizations with operations across the
globe, which requires working across remotely located teams, soft skills become
even more important to ensure effective collaboration and achieve desired results.
People involved at the top level decide governance policies and translate them into
objectives and rules of engagement for the lower level teams to follow as they build,
monitor, and manage individual data controls (CIOReview 2016; Mahanti 2018).
A good knowledge of the source systems and target systems is also required. It is
essential to know where data resides in the organizations. This is why you need to
enlist in-house subject matter experts to be involved in the data governance program.
This is because, while it is possible to recruit individuals with knowledge and experi-
ence in data governance implementation and associated tools and technologies, they
2.4 Key Factors for Ensuring Data Governance Success 35
would not have the knowledge of the intricate details of the organization’s data land-
scape, systems, business processes creating and using the data, and business rules
governing the quality and usage of the data.
Dylan Jones, Founder of Data Quality Pro and Data Migration Pro, in his article
“Data governance: The perfect marriage of soft and hard skills?” provides a list of
soft skills cited in interviews with data governance experts (Jones 2016), which show
that data governance, data quality, data stewardship knowledge, data communication,
coaching, and change management skills are very important in a data governance
program. This is illustrated in the interview responses, which state that considerable
amount of time is spent by interviewees in training people on data governance and
data quality, briefing senior management on their role and responsibilities as data
stewards, and demonstrating a range of formats to report data quality issues (Jones
2016).
In response to the interview question on which skill sets, expertise, and knowledge
are important in the implementation of data governance, Jill Dyché, Principal, Jill
Dyché, LLC. states, (Mahanti 2021a)
“At minimum, I’d say the necessary skills fall into three buckets.
1: Business analysis: Every company needs data-conversant analysts who can define data
requirements and tie them back to business requirements and strategy.
2: Data stewardship: Tactical data stewards can ensure that data quality, metadata, data
modelling, and data deployment are formal processes using best-of-breed toolsets.
3: Platform specialists: Whether you’re relying on a legacy data warehouse or a newfangled
big data in the cloud platform, there should be an understanding of the data’s sources and
destinations. Designating specific platforms for specific purposes leads to trustworthy data.”
When asked about the role of data governance framework and data governance oper-
ating models in the successful implementation of data governance, this is what Jill
Dyché, Principal, Jill Dyché, LLC. had to say (Mahanti 2021a)
Critical. Data governance frameworks and delivery models help to not only define data
governance, but also establish its boundaries and success measures. If delivery models are
absent, data professionals can end up ‘going rogue’ and fixing things that aren’t broken.
Frameworks keep people on track and ensure that there’s a delivery pipeline.
Data governance has its share of politics and change management struggles. The program
structure needs to be shaped in such a way so as to best address these struggles and mitigate
the risks associated with them.
Since data governance touches data owned and used by different business units in
an organization, it is essential to establish cross-functional data governance bodies
who work together to ensure that data is handled efficiently as well as to ensure data
quality.
Businesses should assume the ownership of the data and take the lead in driving
data governance. Ownership of data does not mean that the data belongs to an indi-
vidual or department, but it refers to the final accountabilities with regards to data
such as quality, and decision in case of conflicts regarding data. This is appropriate,
since the data in due course exist to serve the business, and the business is the primary
beneficiary of effective data governance (Panian 2010).
Data governance policies are one of the components in the data governance frame-
work and are necessary to manage data governance operations. Without well defined,
practicable, and enforceable data governance policies around data governance struc-
ture, data quality, data access, data usage, data retention, and data archival, it is not
possible to succeed in your data governance efforts as chances are high that your data
will not be governed and managed effectively. Policies are like rulebooks but unless
they can be consumed as requirements, and if there is no way to enforce them, they
are useless.
Data governance involves a large number of stakeholders at different levels and
from different departments in the organization, so data governance policies should
be written in a way so as to project a coherent vision to all these stakeholders, and
provide a framework of overarching governance.
Creating and maintaining effective data governance policies which drive
processes, guidelines, rules, and standards, and which can be understood and
translated into actionable items, and adhered to by the whole organization, is crucial.
Data governance policies are documented set of guidelines for warranting the
formal management of an organization’s data in a consistent, collaborative, and coor-
dinated fashion so as to derive maximum business value from data while minimizing
the risks.
Data governance policies also set limits on who can and should do what with the
data, and what should not be done to and with the data. Hence, unless these policies
are correct and clear, you will not have the right governance around data assets.
Also, the policies should be reviewed at regular intervals, and revised if necessary,
to ensure that it reflects the current needs of the organization and stakeholders, and
are compliant with the internal and external regulations.
Practicable and enforceable data governance policies foster greater accountabili-
ties and define parameters for operational activities related to data (Mahanti 2018).
An effective data governance policy drives process, guidelines, standards, and rules
that results in availability of high quality organizational data, which in turn leads to
38 2 Data Governance Challenges and Dynamics
better management of business operations and supply chains, and improved efficien-
cies in marketing and customer relationship management (CIO Review 2016). We
will discuss more about data governance policies in Chap. 5.
To help manage organizational data and to ensure that it meets regulations, data gover-
nance tools should be used to streamline your data governance processes quickly
and easily. Tools and technology provide support, and facilitates the people and
processes aspect of data governance through automation, scaling, and augmentation.
Data governance tools and technologies cannot be used as plug and play, and by
themselves cannot achieve data governance outcomes for you.
While data governance tools are not a replacement for an organization’s data
governance system, they offer capabilities that support the administrative tasks and
processes of data stewardship. These tools support the creation of data policies,
manage workflow, provide monitoring, and measurement of policy compliance and
data use (Peyret and Goetz 2014).
Data governance tools and technologies can form an important part of an overall
data governance strategy and implementation as they can automate repetitive activ-
ities and processes. Hence, the use of data governance tools can improve the
productivity of the data governance program and reduce operational costs.
There are several data governance tools available from different vendors in the
market, and tool selection should be made based on the business requirements and
use cases, and the capabilities of the tool to meet those requirements and use cases
(Mahanti 2018). Some vendors providing data governance tools are Collibra, Infor-
matica, Datum, IBM, Oracle, Infogix, Global IDs and SAP. Chapter 4 in the second
book of this series-Data Governance and Data Management, discusses the various
components and aspects of data governance, that can be facilitated by technology and
tools, the readiness checks to be performed before exploring the market to purchase
a data governance tool, as well as the different players in the market, that provide
tools for supporting data governance (Mahanti 2021b).
The issues addressed by data governance are wide-ranging, ranging from arbitration
of cross-functional data usage (Dyché and Nevala 2017) to compliance requirements
around data quality, data privacy, data security, data access, data retention, and data
usage.
As a result, governance initiatives endeavoring to address a range of enterprise
needs in one big bang are quickly crushed by role confusion, prioritization argu-
ments, “emergency” development projects, resourcing constraints, bandwidth issues,
productivity questions, and a resistance to change (Dyché and Nevala 2017).
2.4 Key Factors for Ensuring Data Governance Success 39
The big bang approach quickly turns data governance into a major project that
requires a lot of time and resources (Askham). Business users need to play an active
role in data governance, but they have their own daily chores and responsibilities.
Implementing data governance big bang will be disruptive, and may result in creating
a whole set of new responsibilities on top of already existing responsibilities, require
additional time, and getting resources allocated will be an uphill battle from the very
start.
To avoid risks of failure, to be less disruptive, and less resource intensive, an
incremental approach to data governance is recommended. The data governance
work should be broken into manageable chunks of firmly scoped initiatives having
clearly articulated business value and sponsorship (Dyché and Nevala 2017).
There should be a short-term and long-term roadmap in place, which shows key
milestones and the different initiatives that are to be implemented. The order in
which these initiatives will be executed would be based on the business priority.
This will showcase the business value of data governance which is necessary for
the success of data governance effort. It would also help in getting support and
acceptance for the initiative, and establish the momentum needed to sustain the data
governance program, as well as enable people to use the learnings and experience
from these initiatives to better implement the next initiative by making corrections
and adjustments as needed, and will allow your organization to realize the short-term
and long-term benefits of a data governance program.
While an incremental approach takes more time, it brings about business support
by establishing the value of governance in a context relevant to each stakeholder
or sponsor. Also, a phased approach establishes data governance as a repeatable,
core business practice, and process rather than a standalone “once and done” project
(Dyché and Nevala 2017).
Management thinker, Peter Drucker was often seen to be quoting the following
axioms:
You can’t manage what you can’t measure.
If you can’t measure it, you can’t improve it.
and executive management want to see quantifiable results early on and at regular
intervals, and in the absence of quantifiable results, funding is like to stop.
Relevant metrics helps assess out the effectiveness of the data governance imple-
mentation as well as its progress. It also enables improving and controlling the same.
It enables you to demonstrate to your executive sponsors and stakeholders, that you
are attaining the objectives set forth in the data governance use case. Metrics that
bring you closer to the objective should be assessed, monitored, and the process for
capturing and reporting metrics should be defined and established.
It is important to understand the benefits of attaining the objectives. These might
be cost savings, a reduction in data issues, shorter lead times, and improvements in
user satisfaction. All these indicators should be actively monitored, and the results
regularly shared with the wider organization.
If the purpose of your data governance business use case is improved data quality,
then your metrics should be based on data quality improvements along the relevant
data quality dimensions like accuracy, consistency, timeliness, and currency.
It should be understood that measurement and metrics are not the end, but a means
to achieving the end goal. The goals and targets should be measurable. The results
of measurement are just the starting point of the improvement plan.
A sound measurement framework with periodic assessments of milestones
achieved, benefits, and value provides visibility to the stakeholders on the progress
and contribution of data governance in creating business value. It also helps in
maintaining interest in the data governance program and retaining support of the
stakeholders, to ensure continuity of the program.
Depending on the area of focus and goals of the data governance program and the
outcomes the organization wants to get out of the program, specific metrics would
need to be defined and analyzed to measure the success of the program. While defining
metrics, one should remember that over analysis leads to paralysis and hence, it is
best to avoid defining too many metrics. Only metrics that will be meaningful to
the business, that add value, and are able to drive improvement decisions should be
used. The proposed metrics and the process for capturing and reporting metrics should
be reviewed, agreed, and approved by the stakeholders. This will help validate the
“what” and “how” of measurement, and result in prevention of mistakes of measuring
the wrong things, or measuring the right things in the wrong way.
Chapter 6 covers the characteristics of good data governance metrics, data gover-
nance metric categories, data governance metric documentation, and some examples
of data governance metrics that will give you guidance when choosing metrics to track
your data governance program. Chapter 6 also covers dashboards and scorecards in
brief to visualize and present metrics.
2.4 Key Factors for Ensuring Data Governance Success 41
Organizational change management (OCM) has a crucial role to play in the successful
implementation of data governance in an organization. The various OCM factors that
influence and play a role in the success of a data governance initiative are as below:
• Stakeholder engagement and management;
• Cultural change and change management;
• Training and education; and
• Communication and collaboration.
rather than generic benefits and pain points, in such a way that stakeholders under-
stand “what is it in it for them”. This is because stakeholders are able to empathize
with “what is it in it for them” rather than a generic benefit or pain point. Selling data
governance to stakeholders is the key to initial stakeholder acceptance. The stake-
holders should also be involved to participate in the design of the data governance
framework design so that they are able to contribute and voice their concerns. This
increases transparency. Also having them alongside throughout your data governance
journey would pave a path to a smoother implementation when the time is right.
Stakeholders should understand and agree with the scope of the data governance
program, the rationale behind it, and the goals that data governance is set to achieve.
They should also understand the roles and responsibilities of key participants in
the data governance program as well as understand what is expected from them in
terms of time, effort, duties, and inputs. Stakeholders should understand and agree
to the timeframes, processes, and milestones used to measure and assess progress
and effectiveness of the data governance initiative.
The data governance council and stakeholders need to work together to conjointly
outline the data governance success criteria and commit to providing proof of the
benefits. The data governance council needs to inform stakeholders about ongoing
initiatives to keep stakeholders confident, supportive, and engaged. Keeping stake-
holders up-to-date with the progress also reinforces the data governance council’s
commitment to the initiatives and keeps the stakeholders enthusiastic about the data
governance initiative (Fox 2014).
There should be an ongoing, open, and honest feedback mechanism for the data
governance council to elicit feedback from the stakeholders. Feedback taken into
consideration buys goodwill of the stakeholders and helps build their confidence in
the data governance council. For a data governance program to succeed, trust and
confidence is essential (Fox 2014).
doing something old.” Although this sounds quite easy, it’s easier said than done as
cultures are deeply entrenched in the organization fabric, and replacing them with
something new is not easy.
According to Peter Drucker, “For new technology to be embraced, people have
to believe that it has ten times the advantages of what people were previously
doing.” Communicating why the present way of working will no longer work; that
is, explaining the risks and adverse impacts of not doing data governance and the
benefits of data governance from the end user perspective, can get people motivated
and have a more positive outlook when it comes to data governance.
Also, the appropriate infrastructure in the form of training, policy, and processes
to be followed, and the tools and technologies needed should be there in place for
embracing the change.
Understanding and communicating the “why, what, when, who, and how” of the
changes that data governance will bring about, can dispel some resistance to the
change. It is important to assist the impacted groups to let go of their old way of
working and get them to feel comfortable doing things the new way.
Every organization has a different culture and different ways of operation and
hence, the impacts will differ for each organization. In order to effectively manage
the change brought about by data governance roll-out, a change plan and strategy
should be built to facilitate the change.
It is important to understand the prevailing organizational culture, and put yourself
in the shoes of the impacted groups and try to understand how they will be impacted
by the change wrought by data governance. It is also important to anticipate how
they will react to the data governance changes and the concerns they might have.
It is important to understand the way of operation prior to the change and post
implementation of data governance, to understand what has changed for the impacted
group, and what would be needed to make them feel more acceptable of the change.
It is also important to recognize that impacts would not be uniform throughout
the enterprise. There would be several user groups impacted by the changes brought
about by data governance implementation and impacts for different user groups
would vary.
It is important to understand specific impacts for these different groups to be able
to understand the best course of action—as is in determining what is needed in terms
of change management—for example, class room training versus hands-on training,
communication, awareness sessions or a combination of some or all of these.
Awareness sessions, communication and training strategies need to be tailored to
suit the different user groups. For example, for groups that have very low impact,
email communications may suffice, while a high impact group would need face to
face communication, awareness sessions, class room training as well as hands-on
training.
It is also important to anticipate the level of resistance that will be offered by
the different stakeholder groups during the implementation of a data governance
program. Listening carefully to the concerns of each stakeholder group will help
understand the reasons behind their concerns and devise adequate strategies to
address them. Some stakeholder groups will be for the change, while some will
2.4 Key Factors for Ensuring Data Governance Success 45
be against the change brought about by data governance. Knowing who is going to
work for and with you, and who is going to work against you, can help you plan
accordingly.
There are different change management models such as adoption curve, commit-
ment curve, and Beckhard’s models, and depending upon what suits best for the
organization, one of these can be adopted.
Appropriate training and education are essential to the successful roll out of any
new program that requires new ways of working, and the same applies to effec-
tive implementation and sustenance of data governance in an organization (Mahanti
2018). Andres Perez, Information Management Consultant and President of IRM
Consulting, Ltd. Co. stresses on training being one of the three factors critical to
successful data governance implementation and states that (Mahanti 2021a)
Data governance is difficult. It goes against the grain of the typical organization. Organi-
zations are managed top-down using a command and control (hierarchical) method while
information flows across all of these stovepipes. Data governance must be practiced by all
members of the organization and the DG leadership must provide proper training to them so
that they can work across organizational borders effectively.
When? Why?
Where? What?
education would also need to be tailored accordingly for the organization (Mahanti
2018).
First, one has to understand the scope of the data governance training and educa-
tion, that is, what is in scope, and what is out of scope. This would be dominated
by the objectives of the data governance program. Nonetheless, some of the critical
topics on which training needs to be delivered are the following:
• Laws and regulations related to data and information.
• Personally Identifiable information (PII) (for example, email address, credit
card debit card information, and social security number), sensitive, and
protected/restrictive data. Sensitive and protected data vary from industry to
industry. For e.g., Protected Health Information is specific to the healthcare
industry.
• Managing confidential data and information.
• Safeguarding and protecting data and information (Thomas 2015).
• Managing proprietary records, for e.g. customer information.
• Handling intellectual property, i.e., patents, trademarks, and copyrights (Thomas
2015).
• Data stewardship.
• Metrics and performance reporting.
• Data management.
• Data quality.
• Data governance tools.
The next thing is to identify the audience or stakeholder groups who need to be
trained and educated regarding data governance.
What are the impacted teams?
How would they be affected by data governance changes?
What would they be doing differently as a result of implementation of data governance?
Answering these questions would help you determine the training required and
design training material adequately.
Training is necessary to ensure that employees fully understand what the changes
are, what is required of them, what are the gaps, and how things need to be done, with
data governance in place. This is principally imperative for individuals who have no
previous knowledge, awareness, or exposure to data governance (Marcan 2017).
There are various factors that influence the training and education requirements
which are summarized in Fig. 2.8. Training would need to be tailored depending on
the job descriptions, roles, responsibilities, and the amount of upskilling required.
The maturity level would also help ascertain the gaps that need to be filled. If the
data governance initiative is a part of a wider data quality initiative and is coupled
with data quality or master data management initiatives, training would need to be
tailored accordingly. The enterprise architecture and IT application landscape also
need to be taken into consideration when assessing the training requirements.
If software tools are to be used for data governance, software tool training would
need to be conducted so that the responsible individuals know how to use the tools.
48
Roles &
responsibilities
Job description
Industry sector
Resistance to
Policies & change
procedures
DG Maturity level
Other data education-
initiatives influencers
Regulatory/
Compliance
Funding requirements
IT applications
2 Data Governance Challenges and Dynamics
Training content for different compliance and regulatory requirements would differ.
For example, GDPR and Basel would need different training.
Different industry sectors would also have different data governance requirements.
For example, the highly regulated industries, such as finance, banking, insurance, life
sciences, manufacturing and healthcare are subject to more stringent compliance and
regulations and need more rigorous processes and practices around data governance,
and the data governance education requirements would also need to be adequate, thus
enabling the employees to do their tasks properly so that compliance and regulatory
requirements are fulfilled. Training must be focused on how data governance and
compliance form a part of successful business processes (Lopez 2012).
Both business users and IT professionals need to be trained. IT professionals need
training and education to help them understand that data governance is much more
that a technical problem, and while technical solution is an aspect, there are other
aspects like policies and procedures too. Business users need training to help them
understand what are the new roles and responsibilities they must staff and adopt
(Lopez 2012).
It is important to measure the benefits from educating and training in data gover-
nance, and the impacts in the absence of training, for the various stakeholder groups
to demonstrate why data governance training and education is needed, and how will
it benefit different stakeholder groups.
The timing and frequency of the training sessions need to be established for the
different stakeholders. Also, how the training will be delivered needs to be deter-
mined. This would vary depending upon the roles, responsibilities, job descriptions,
and the knowledge gap of the different stakeholder groups and user constituen-
cies. Data governance education and training would range from organizing aware-
ness sessions (for example, awareness related to legislations, regulations) to training
sessions which demonstrate how they need to do the work.
The degree of resistance to change because of lack of knowledge and deficiency of
required skills, the gaps which need to be filled for the audience to perform their jobs
adequately would dominate the type and mode of training required. For example, data
governance might result in a major change in processes. In this case, a combination
of classroom and hands-on training along with adequate training documentation in
the form of user manuals and quick reference guides would be a desired approach.
In case of minor changes, awareness sessions would suffice. Funding might lead to
organize training so that you do not cross the budget.
A combination of different education and training approaches would need to
adopted. Some common education and training approaches are:
• Classroom training;
• Hands-on or on-the-job (OJB) training;
• Presentations;
• User manuals;
• Videos;
• Quick reference guides; and
• E-learning.
50 2 Data Governance Challenges and Dynamics
It might be a good idea to hire external consultants who have a long-standing data
governance experience to facilitate training on the core data governance topics.
You need to decide as to where to start the data governance education and training
in your organization. You need to start by educating your executive sponsor if he
does not have the requisite knowledge, and conduct awareness sessions for senior
management and mid-tier management groups, and then train and educate the opera-
tional teams on the new ways of working, which might be a combination of technical
education and/or training on process changes.
Short
communication
description
Message
Author
objective
Elements of a
DG
communication
plan
Audience/
stakeholder Communication
groups medium
Frequency
There are certain things that you might want to take into consideration and things
you would want to avoid when embarking on a data governance initiative in your
organization.
Group Data
Industry interactions management
sector and challenges &
geography opportunities
Organization
Data
structures &
landscape
hierarchy
Organization
Scope
One size size
does not
fit all
Context Circumstances
Organization
Business
culture and
drivers
maturity level
Business Organization
strategy goals
the basic data governance concepts and principles. Hence, data governance designed
for different organizations will share some common characteristics.
For example, the business driver for data governance in a utility company may be
to improve the quality of their asset data stored in their geospatial database, whereas
in a healthcare organization to protect patient data, whereas in a retail company to
achieve a single version of truth for their customer and product data. Each of these
scenarios might require data governance to be implemented in a different way.
The business and data challenges will differ based on the size, industry sector,
and the data they hold. Legislations differ by industry sector and geography. Also,
organizations that have offices in more than one country or have global operations
will require a different data governance structure when compared to organizations
that have operations and offices in one country only. The organization’s culture and
maturity levels also have an influence on how you proceed with data governance.
In short, no two organizations are the same, and similar data governance practices
cannot be applied to all of them.
2.5 Data Governance Program—Do’s, Don’ts, Tips and Lessons Learnt 55
Data governance programs are often perceived as being “invasive” and “over-and-
above” the existing work culture of an organization, as pointed by Robert S. Seiner,
author of the book—“Non-Invasive Data Governance”.
It is important to be as non-invasive and non-disruptive as possible when designing
and implementation data governance in your organization. There are already individ-
uals working in the organization who are familiar with the data (that is the business
and technology subject matter experts). Such individuals are involved in dealing with
the data and resolving issues. They are natural candidates for data stewards, and their
opinions should be valued.
The aim should be to build data governance on what is existing (that is organiza-
tions structures, hierarchies, resources, and cultures), instead of building everything
from the scratch, and defining too many new roles or hiring new resources. This can
be achieved by identifying existing practices, processes, and identifying people in
the organization that have a level of accountability for the data they are defining,
producing, and using to complete their job or function. Also, existing resources
should not be overburdened with large amount of work because of data governance.
It is also important to design a data governance operating model of roles and
responsibilities that aligns with the way your organization operates today, and allows
you to overlay the framework over your existing organizational components, and
repurpose roles and practices to focus on data governance.
Identifying existing escalation paths and decision-making capabilities from both
a positive standpoint as in scenarios in which they do work, and from a negative
perspective as in the scenarios in which they do not work, will enable leveraging what
is working instead of having to build from scratch. It will also help in addressing the
opportunities for improvements that can minimize disruption. Understanding what
data is handled by people, and helping them formalize their behavior to the benefit
of others, potentially impacted by that behavior along the data lifecycle is another
aspect of being non-invasive.
to educate and prepare stakeholders for what data governance is, its benefits, and
to communicate expectations, so that they are more amenable to the changes and to
make the road ahead easier to traverse. This will help achieve success in the initiative.
The foundation or base of a construction has a crucial role to play in the successful
development and sustenance of the building structure. Stronger the base, longer
lasting is the structure!
When it comes to implementing a data governance program in an organization,
it is important to establish a strong foundation to ensure long term sustainability of
the program. It is important for the leaders to know the scope of the data governance
initiative, the major issues and their impacts, and what they are trying to achieve.
The data governance body needs to understand what data needs to be governed and
why, who understands the ins and outs of the data, and who the stakeholders are.
Data governance initiatives are often run in combination with data quality initiatives,
master data management or BI initiatives, which in turn, may or may not be driven by
2.5 Data Governance Program—Do’s, Don’ts, Tips and Lessons Learnt 57
compliance requirement. These initiatives are cost intensive and as a whole require
significant changes in operation and culture.
When outcomes are not seen for a long time, the interest and commitment tend
to diminish. Therefore, demonstrating returns on investments early on and at regular
intervals, by resolving an issue or fixing a problem with broad visibility and impact to
the organization, and communicating the same to the impacted groups and commu-
nities, can help reduce resistance, keep stakeholder hooked, build and maintain
momentum, as well as furnish justification for sustained funding.
It is important to share success stories to keep the fires burning and improve success
rates. Organizations have tried implementing data governance and not got it right
the first time. As stated by Dr. John Talburt, Acxiom Chair of Information Quality at
the University of Arkansas at Little Rock, and Lead Consultant for Data Governance
and Data Integration with Noetic Partners Inc. “…As more and more organizations
implement DG and share their “lessons learned,” DG practice is improving and
success rates are increasing, (Mahanti 2021a).”
As pointed by Andres Perez, Information Management Consultant and President
of IRM Consulting, Ltd. Co. (Mahanti 2021a),
…The value is not distributed evenly across business areas, so it is important for those who
gain the most to share the wealth with those who do not by providing feedback on business
value and by treating each other as partners.
Keep the data governance process as simple, clear, and consumable as possible with
a plainly defined process flow and a RACI chart with clear segregation of duties and
responsibilities for ease of understanding and operation. It is also important to have
a well-defined communication plan.
If data governance processes are complicated and process steps are ambiguous,
then it will be difficult for the employees to follow the same, and they will circumvent
them. It is important to ensure that all tasks in the process flow are adding value to the
overall organization. Steps should be added to processes only when they are abso-
lutely needed. For example, if data needs to be exchanged between data producer and
a single data consumer group without intermediate systems or additional consumer
groups using the data, then an agreement can be reached between the data producer
and consumer without the need for additional data governance processes to be defined
(Klein, 2017).
58 2 Data Governance Challenges and Dynamics
Without clear focus, data governance initiatives can lose momentum. It is important
to have well defined scope and unambiguous, defined goals when it comes to imple-
menting data governance. It is also important to understand the primary objective
of the initiative, identify the individuals and groups who will derive value from its
implementation, and the key benefits. This will help stay focused within the scope
and achieve results.
Data governance involves defining and assigning roles, responsibilities, and authori-
ties. Each of the data governance roles need to be assigned to the right people. For that
purpose, each data governance role should have clearly defined criteria for participa-
tion—knowledge and skill sets required, what tasks are to be accomplished, and the
right candidates must be carefully vetted for each role based on whether they match
the criteria specified for the role. For example, business data stewards are responsible
for a subset of the data and define rules relating to the data (for example, business
meaning of the data elements, format, and domain values). Hence, they need to have
good business knowledge of the dataset. In other words, the business data steward
should be a subject matter expert of the dataset for which he is assigned the role.
Data owner role requires a comprehensive understanding of the business as well
as leadership, communication, and decision-making skills. If individuals with the
requisite knowledge, experience, and right skill sets are not assigned to the data
governance roles, it will fail to drive the desired outcomes and would lead to failure.
Data governance needs to serve several goals. Some of these goals will have
conflicting requirements and require varying levels of controls. For example, compli-
ance goals might need to restrict data access whereas business integration goals might
need expansion of data access.
Other contrasting goals include business versus technology, data content versus
data usage, strict governance (as in case of compliance) versus loose guidance (as
in case of data architecture standards), departmental data ownership versus enter-
prise data ownership, data security/protection versus data accessibility, compliance
requirements versus productivity (Russom 2008).
2.5 Data Governance Program—Do’s, Don’ts, Tips and Lessons Learnt 59
It is important to understand the scope of the data governance program and the roles
and responsibilities needed before forming the steering committees and the working
groups, and assigning people to them, and not the other way around.
This is because creating the governance bodies first without knowledge or under-
standing of the scope would most likely not have the correct people on board, which
you would only discover once you have understood the scope, which would require
you to form committees again causing business to lose interest.
The saying “Rome was not built in a day” applies to data governance too. It takes
a considerable amount of time for data governance processes to become entrenched
in the organization culture and hence, you need to plan for the long haul.
The initial stages of the data governance involve establishing and defining the
working structure and processes, which need both time and resources. Hence, the
data governance bodies should be provided with adequate support so that they can
spend time on the program. Once the operating rhythms are established, data gover-
nance bodies need to evolve the data governance function to meet new challenges to
continue to deliver value.
Data governance requires active participation from data stewards—the subject matter
experts who are already extremely busy and have a number of pressing duties on their
plate. Providing incentives for participation and rewarding their efforts can gain a
more sustained commitment, maintain enthusiasm, and help promote desired cultural
changes across the organization.
60 2 Data Governance Challenges and Dynamics
A data governance program does not fail abruptly. There are indicators, both blatant
and subtle, that indicate your data governance program’s downfall. As pointed out
by Jill Dyché and Kimberley Nevala, in their article-” 10 Mistakes to Avoid When
Launching Your Data Governance Program”
Data governance isn’t overtly canceled. It simply fizzles like a damp firecracker.
Data governance should not be designed in a vacuum without integrating other data
management functions and data initiatives, and without establishing relationships
with other decision-making bodies in the organization. Data governance affects
data management functions and initiatives including data security management, data
quality management, data integration initiatives like data warehousing, master data
management, as well as data modeling, data architecture, and big data.
Designing and implementing data governance without integrating existing
decision-making bodies would result in resistance. Also, not taking into account other
2.5 Data Governance Program—Do’s, Don’ts, Tips and Lessons Learnt 61
data initiatives would prevent an organization from leveraging maximum benefit and
getting the best business value from data, and achieving the right balance when
objectives of these initiatives conflict with one another.
By establishing relationships with these organizations, you gain the ability to
learn from previous program’s experience (the stumbling blocks, dependencies, risks,
issues, and constraints) in the specific environment. By involving the leaders who
have previously worked on more mature programs and discussing data governance
decisions with them, you can get help in getting consensus and endorsement for the
implementation of data governance across the organization (Buff 2018).
Avoid establishing big data governance steering committees and working groups, as
more the number of individuals on each committee, the more politics comes into play
and the more watered-down governance responsibilities become. To be successful,
try to limit the size of committees to between six and twelve people, and ensure that
committee members have the required knowledge and decision-making authority
(Sherman 2011).
Compliance and regulatory requirements are one of the key drivers of data gover-
nance. In case the business case for data governance is driven by regulatory require-
ments, organizations often take a tunnel view to data governance with an intent to
deliver the bare minimum requirements in a short time to meet the regulator needs
only.
They create a checklist of tasks, and focus on ticking the tasks on checklist without
understanding the benefits, and completely ignoring long term goals. Therefore, data
governance is not embedded in the cultural fabric of the organization, and the focus
is on risk mitigation, and not on the opportunities.
A tick box approach to data governance offers little in terms of on-going sustain-
ability, transparency, or business value for the effort invested. Also, all the facets of
data are not taken into consideration. Hence, if and when regulations change, you
will have to start all over again. It is important to look at data governance holistically,
treat it as an ongoing process, have the entire organization involved, and look at the
root cause of the problem. This will not only enable you to comply with any checklist
or regulatory requirements, without the need for a fresh implementation whenever a
new checklist is issued, but will also achieve other business benefits.
62 2 Data Governance Challenges and Dynamics
Effective data governance is not a one-off exercise and cannot be implemented all
at once. As stated by Dr. John Talburt, it is important to share lessons learnt and the
success stories of data governance so as to help improve the program and increase
success rates (Mahanti 2021a).
Data governance is not a project or even a destination, but a long drawn journey
and practice that needs to be sustained and measured, to develop and mature over
time, so that it becomes a central business process with improvement goals which
are continually revised to reflect changing business goals, and to be used as criteria
in managing data improvement. In line with Aristotle’s quote—“Quality is not an
act, it is a habit”, “Data governance is not an act, it is a habit.”
As stated by Dr. Stan Rifkin, effective data governance program needs to take into
account organizational and human factors (Mahanti 2021a). Successfull entrench-
ment of data governance in the cultural fabric of the organization requires a combi-
nation of a number of contributing elements—executive sponsorship, leadership and
management commitment and alignment, a robust strategy and strong business case,
a combination of hard and soft skills, training and education, communication, team-
work and collaboration, metrics to track progress and effectiveness of the data gover-
nance initiative, data governance organization structures in place, technology and
tools, and effective change management.
Of all these elements, executive sponsorship is the most important, because
without sponsorship you will not be able to kick start your data governance initia-
tive. There are connections between these elements. For example, a lack of leader-
ship and management commitment would not result in sustained sponsorship and
not drive change. Training and education also helps drive awareness and enables
change management. Metrics showing the benefits realized by data governance can
increase leadership and management faith and commitment and pave the grounds
for sustained sponsorship.
Identifying the different data governance perceptions, and debunking them is
also crucial in avoiding a problem or challenge that does not exist. It also helps in
isolating and addressing the real obstacles and challenges. Data governance is often
confused with other terms associated with data, like data quality, data management,
master data management, metadata management, records management, and even
change management. Organizations often consider data governance synonymous
with these. People misconstrue the meaning and value of data governance and the
shape it would eventually take in their organizations, resulting in its failure (Dyché
and Nevala 2017). Hence, it is important that the correct definition, meaning, and
value of data governance is relayed and understood by the people in the organization.
It is necessary to understand the challenges, organization readiness, and mindset
of people, your champions (who will bat hard for you), movers (who will not bat
quite so hard) and shakers (pockets of resistance), the current state and the future
state, and based on this understanding, devise the best way to rollout data governance
in your organization.
2.6 Concluding Thoughts 63
References
Advision Digital (2016) Why do you need data governance? WorleyParson Group, Last accessed on
November 9, 2018 from http://digital.advisian.com/curious/why-do-you-need-data-governance/
Alder S (2005) Six steps to data governance success, CIO. Last accessed on 31 March
2018 from https://www.cio.com/article/2438861/enterprise-architecture/six-steps-to-data-gov
ernance-success.html
Amitech, Data governance. Last accessed on June 20, 2020. https://amitechsolutions.com/modern-
data-management/data-governance/
Askham N The 9 biggest mistakes companies make when implementing data governance. Last
accessed on 16th July, 2018 from http://static1.squarespace.com/static/52ed2570e4b02079a8
2e6ff3/t/56111545e4b0890ee92b5901/1443960146356/Nicola+Askham+-+9+biggest+data+
governance+mistakes.pdf
Aviation Week (1998) Success with six sigma after an elusive goal. Aviation Week 149(20):53
Baker S, Sjoberg P (2018) Intelligent data governance for dummies, Hitachi Vantara Special Edition.
Wiley
Bhansali N (2013) Data governance: creating value from information assets. CRC Press
Buff A (2018) Data governance danger: five warning signs of imminent failure, Big Data Quar-
terly. Last accessed April 20, 2019 http://www.dbta.com/BigDataQuarterly/Articles/Data-Gov
ernance-Danger-Five-Warning-Signs-of-Imminent-Failure-124076.aspx
Chen A (2017) Breaking data myths- highlights from Tableau CEO’s Keynote at #DATA17 Last
accessed on Dec 26, 2017 from https://centricconsulting.com/breaking-data-myths-by-tableau-
ceo-data17-keynote_cincinnati/
Chikkatur L Information management part 1: myths and facts. Last accessed on 25 December, 2017.
https://www.melissadata.com/enews/articles/010809/1.htm
CIO Review (2016) Why data governance is important and what skills are key for it? Last accessed
on 9 April, 2018 at https://security.cioreview.com/news/why-data-governance-is-important-and-
what-skills-are-key-for-it-nid-18105-cid-21.html
[CIO-WIKI], Data Governance. https://cio-wiki.org/wiki/Data_Governance
Correia J (2015) Data governance: 5 common pitfalls and how to avoid them. Last accessed April
20, 2019. https://www.daymarksi.com/information-technology-navigator-blog/data-governance-
5-pitfalls-and-how-to-avoid-them
Couture N (2018) Implementing data governance – 3 key lessons learned. Last accessed April
20, 2019. https://www.cio.com/article/3328855/implementing-data-governance-3-key-lessons-
learned.html
64 2 Data Governance Challenges and Dynamics
Davis J (2016) 9 tips for data governance success. Last accessed on March 10, 2018 from https://
www.informationweek.com/big-data/big-data-analytics/9-tips-for-data-governance-success-/d/
d-id/1327129?image_number=3
Dyché J, Kimberley N (2013) 10 mistakes to avoid when launching your data governance program,
SAS Best Practices White Paper, Last downloaded on 20th March, 2018 from https://www.sas.
com/content/dam/SAS/en_us/doc/whitepaper1/ten-mistakes-to-avoid-when-launching-data-gov
ernance-program-106649.pdf
Edwards PJ (2016) Why is data governance in healthcare so difficult? Himformatics
Erwin (2017) State of data governance report. Last accessed from Dec 28, 2018 from https://go.
erwin.com/2018-state-of-data-governance-report
Fox M (2014) Five indispensable best practices for communicating your data governance strategy.
Knowledgent blog. Last accessed on 10 July, 2018 at https://blog.knowledgent.com/five-indisp
ensable-best-practices-for-communicating-your-data-governance-strategy/
Haruray A (2017) Why failed data governance experience is valuable! LinkedIn. Last accessed April
20, 2019. https://www.linkedin.com/pulse/why-failed-data-governance-experience-valuable-ash
ish-haruray/
Iron Mountain, Information Governance: Puncturing The Myths, Last accessed on 25 December,
2017. http://www.ironmountain.com/resources/general-articles/i/information-governance-pun
cturing-the-myths
Jones D (2016) Data governance: the perfect marriage of soft and hard skills? The Data Roundtable.
https://blogs.sas.com/content/datamanagement/2016/09/29/data-governance-soft-hard-skills/
Klein J (2017) Six things you need to know about data governance. SEI Blog https://insights.sei.
cmu.edu/sei_blog/2017/06/six-things-you-need-to-know-about-data-governance.html
Lopez K (2012) The 5 things you must do before starting any data governance program, Sponsored
by Embarcardero, InfoAdvisors Inc. Last accessed on 18th July, 2017 https://www.embarcadero.
com/images/dm/technical-papers/karenlopezebookv5.pdf
Loshin D (2017) Busting 10 Myths about data quality management, information builders white paper.
Knowledge integrity incorporated
Mahanti R (2018) Data governance implementation: critical success factors, software quality
professional. ASQ 20(4):4–21
Mahanti R (2019) Data quality: dimensions, measurement, strategy, management and governance.
ASQ Quality Press, Milwaukee, WI, 526 p. ISBN: 9780873899772
Mahanti R (2021a) Data governance and compliance, Springer Books, Springer, ISBN: 978-981-
33-6877-4
Mahanti R (2021b) Data governance and data management, Springer Books, Springer, https://doi.
org/10.1007/978-981-16-3583-0; ISBN: 978-981-16-3582-3
Marcan C (2017) 10 Steps to creating a successful data governance strategy, manufacturing busi-
ness technology, Advantage Business Media, Posted on 09/08/2017 - 11:16 am. Last accessed
on 10th December, 2017 from https://www.mbtmag.com/article/2017/09/10-steps-creating-suc
cessful-data-governance-strategy
Navigate Team (2014) Debunking common misconceptions about data governance frameworks.
last accessed on 8th July, 2018 from http://www.navigatecorp.com/debunking-common-miscon
ceptions-about-data-governance-frameworks/
O’Neale K (July 2015) Identifying the right operating model for your organization: a step toward
sustainable data governance. Last accessed on 10 April 2020, from http://www.b-eyenetwork.
com/blogs/oneal/archives/2015/07/the_right_operating_model.php
Panian Z (2010) Some practical experiences in data governance. World Acad Sci Eng Technol
Manage 62:939–946
Pant V (2020) Linkedin Post. Last accessed August 5, 2020 from https://www.linkedin.com/feed/
update/urn:li:activity:6695938653677613056/?commentUrn=urn%3Ali%3Acomment%3A(act
ivity%3A6695938653677613056%2C6695978205234520064)
Peyret H, Goetz M (2014) The forrester wave™: data governance tools, Q2 2014
Plotkin D (2013) Data stewardship, Elsevier Science Publication
References 65
Abstract Strategy plays a critical role in the success of data governance and the role
of strategy in data governance is elaborated in this chapter. Before an organization
takes a leap of faith and embarks on its data governance journey, it needs to have a
data strategy and a data governance strategy. This chapter discusses DG readiness
(as in how ready is the organization to undertake data governance), warning signs
that indicate that the organization is not yet ready to implement a more mature data
governance approach, data governance maturity assessment, and factors to consider
when analysing the gaps between the as-is and to-be state. The interactions between
corporate strategy, data strategy and data governance are discussed. The importance
of a data governance business case, the key components of a DG business case,
data governance strategy, data governance strategy map, and the data governance
roadmap is also discussed in this chapter. The role of the chief data officer in data
governance implementation is discussed in this chapter. It is critical to commence
any data governance initiative with a short, high priority, and well defined and under-
stood pilot. The prioritisation and selection of the pilot phase have been discussed
succinctly.
3.1 Introduction
© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2021 67
R. Mahanti, Data Governance Success,
https://doi.org/10.1007/978-981-16-5086-4_3
68 3 Strategy and Data Governance
The extent to which companies can link their corporate strategies to data is the extent to
which they’ll get support and funding for data governance!
Data governance introduces a new way of working that challenges entrenched beliefs.
An organization might not be ready for the massive change brought about by data
governance, and the change could be detrimental to the enterprise, a particular
program or project. That is, while data governance may be the right thing to do,
the timing to do it might not right. Nicola Askham, data governance coach, states
in her article – “The 9 biggest mistakes companies make when implementing data
governance (and how to avoid them all)” –
Sometimes, an organization is just not ready to implement a data governance initiative. Even
if the organization is ready, it may not be mature enough to implement anything more than
baby steps towards their end goal.
Some of the warning signs that an organization is not ready for a more mature
data governance approach have been summarized in Fig. 3.1 and are as follows:
• Refusal of business groups to get involved (The Data Governance Institute 2017).
• Refusal of leadership to sponsor a data governance effort (The Data Governance
Institute 2017).
• The decision to implement a bottom-up program when the decisions and rules
that must be implemented should be made from the top of the organization (The
Data Governance Institute 2017).
• The decision to empower a group (an outsourcer, partner, or team) to make data-
related decisions for a data-related effort where they would benefit from NOT
(The Data Governance Institute 2017).
– Considering an enterprise view,
– Involving data stakeholders,
– Correcting data issues, and
– Acknowledging data issues.
• Key stakeholders do not see a need for data governance, and there is no executive
decree to change their outlook.
70 3 Strategy and Data Governance
3.4 Strategy
The term strategy does not have a universally accepted definition. Therefore, in
different contexts and to different people, strategy means different things.
The Canadian guru Henry Mintzberg (1978) defined strategy as a pattern in a
stream of decisions.
Strategy is an outline of how a business intends to achieve its goals. The goals are
the objective, and the strategy sets out the route to achieving that objective (Henry).
Liddell and Scott (1999) define strategy as a high-level plan to achieve one or
more goals under conditions of uncertainty. Daniell (2007) defined strategy as the art
and science of informed action to achieve a specific vision, an overarching objective,
or a higher purpose for a business enterprise.
Organizational culture
Capabilities
Organizational structures
Skill sets
Fig. 3.2 Gap analysis between as-is state, to-be state, and factors to consider
74 3 Strategy and Data Governance
In the private sector, strategy is about a business gaining competitive edge over
other businesses. This is because business do not operate in vacuum but have to
compete with several other players in the market. Having a value proposition superior
to other businesses that are trying to appeal to the same customers and turning it into
a habit is key to sustain competitive advantage. Robust “where-to-play” (that is the
target customer segment) and “how-to-win” choices, therefore, are still essential to
strategy (Lafley and Martin 2018).
Every organization has its own unique strategy, which is an expression of organi-
zational objectives that identifies specific goals within a confined scope of operations
to deliver value and achieve specific benefits.
While strategy is not the only determining factor in the success or failure of an
organization, a robust strategy can yield amazing results for an organization which
has mediocre level of competence. On the contrary, the most inspiring leaders when
dealing with an inappropriate strategy will have to wield their full competence and
drive, merely to keep afloat (Tilles 1963).
The importance of strategy in success can be illustrated by the following examples
from history (Tilles 1963):
• When Hannibal wreaked the humiliating defeat on the Roman army at Cannae in
216 b.c., he led a ragged band against soldiers who were in possession of supe-
rior arms, better training, and competent “noncoms.” This was possible because
his strategy was so superior that all of those advantages proved to be relatively
insignificant.
• Jacob Borowsky made Lestoil the hottest-selling detergent in New England by
using an effective strategy to battle competition with superior resources.
• Walmart’s global strategy for expansion was “being the cheapest” and it beat
out all of the competition by offering the same products for the lowest prices
(Kimberlee 2018).
• Porsche’s carefully designed and brilliantly executed strategy focused on Japanese
manufacturing concepts to improve efficiency and launching new products to
increase market appeal resulted in highest profit margins across the industry
(~15%); comparatively other players found themselves far behind in terms of
profitability (2016 numbers) e.g. Mercedes (~7%) or Hyundai (~4%) (The Burnie
Group).
• When Facebook launched in 2004, it was one of several social media sites with
MySpace being dominant. Facebook had a strategy that focused on measured
expansion. Facebook is omnipresent today, but it starting small with a focused
group of Harvard students, and after gaining traction in Havard, it expanding
gradually to other colleges, and when ready, finally opened up to non-students.
This allowed Facebook to focus on adjusting the product to the needs of each
new customer segment. As a result, it avoided the growth challenges that led to
MySpace’s decline (Izquierdo 2020).
• When Dollar Shave Club launched its razor business in 2012, Gillette had a
commanding share of about 70% of the U.S. market according to Entrepreneur
magazine. In 2019, Gillette’s market share had eroded to about 53% according to a
3.4 Strategy 75
CNBC report. Meanwhile, Dollar Shave Club’s growth prompted Unilever to buy
it for $1 billion. Dollar Shave Club beat Gillette by adopted a strategy that offered
a cheaper alternative directly to end consumers through Internet, as opposed to
Gilette that sold its products through retail outlets which costed more. Dollar
Shave Club worked with manufacturers in Asia to produce razors, eliminating
any markup from a middle man (Izquierdo 2020).
In the words of John Zachman, author of “The Framework for Enterprise
Architecture” (The “Zachman Framework”), Zachman International, (Mahanti
2021a)-
There is an old engineering adage, “Form Follows Function.” Today, this might be restated
as “Structure Follows Strategy.” Structure (form) takes time and costs money. If you expend
the time and money to build it before you define what it is for or what it is to do, you have
delivered a classic solution in search of a problem … which in all likelihood is a huge waste
of resources.
Don’t sell a data strategy on its own. It’s just not going to work. It’s got to be coupled with
a broader strategy that the data strategy fits into. - Jim Swanson, CIO, Monsanto, [Source:
Data Strategy Playbook]
As shown in Fig. 3.3, the corporate strategy which is driven by the corporate
vision and mission, sits at the top of the hierarchy, and defines the overall corporate
objectives. Corporate strategy also defines the way in which these objectives will be
accomplished to create value while attaining competitive advantage.
The corporate strategy is the overall strategy of an organization that consists
of several business units, and helps determine how to structure its business and
human resources, and support business units to share human resources and technical
resources, and work together to create more value and meet the corporate objectives.
Mission translation, that is, translating mission and high-level enterprise objec-
tives into operational goals and objectives is important for clarity and alignment and
is achieved using methodologies such as (Siviy et al. 2008; Siviy and Kirwan 2008):
• Function Analysis Systems Technique (FAST) goal decomposition [Siviy and
Ismail];
• Six Sigma’s Y-to-x decomposition (Siviy et al 2007);
• Critical success factors (developed Daniel 1961, refined Rockart 1986);
• Systems thinking’s current and future reality trees and other system dynamics
methods;
• Traditional strategic planning methods; and,
• Balanced scorecard strategy maps (Kaplan and Norton 1996, 2004).
76 3 Strategy and Data Governance
Corporate
Vision &
Mission
Drive
Corporate
FEEDS Strategy Should
INTO align
Should with
align
with
Data Part Data Drive Data
Vision &
Governance of Strategy Mission
Governs
data assets
A corporate strategy should also recognize the organization’s critical assets that
would be a differentiator in terms of attaining competitive advantage. Data is an
enterprise asset and some data are critical. The corporate objectives should be mapped
to the data required to achieve them (Mahanti 2021a). For example, one of the
corporate objectives could be to increase revenue. One way to increase revenue is
to increase the customer base. The data that this corporate objective maps to are
customer and prospect data.
Data strategy is the vision and actionable foundation for the organization’s ability
to harness data-related or data-dependent capability that helps achieve the strategic
objectives of the organization. A data strategy establishes common methods, prac-
tices, processes, procedures, usage pattern, and structures to acquire, manage, inte-
grate, manipulate, secure, operationalize, consume, and share data across the orga-
nization in a repeatable manner. It is, in effect, a checklist for developing a roadmap
toward the digital transformation journey that companies are actively pursuing as
part of their modernization efforts (Gurevich and Dey 2018).
3.5 Corporate Strategy, Data Strategy, and Data Governance 77
John Gallant and Kevin Fleet in their book “ The Data Strategy Playbook: A CIO’s
practical guide to driving change” define data strategy as follows (Gallant and Fleet
2018):
A data strategy defines how an organization achieves specific business goals through the
strategic use of its data assets.
Ramesh Dontha defines data strategy as follows with the key points highlighted
in bold (Dontha 2018):
Data strategy lays out a comprehensive vision across the enterprise and sets a foundation
for the company to employ data-related or data-dependent capability.
Data governance implements the data strategy. With respect to the customer
and prospect data example, some of the activities that data governance could be
looking at are, locating the critical customer and prospect data elements, improving
customer and prospect data collection processes, establishing enterprise wide stan-
dards for these elements, and ensuring processes and metrics are in place to ensure
that the data is of high quality. Figure 3.3 shows the high level interaction between
an organization’s corporate strategy, data strategy, and data governance.
Data strategy is often confused with data governance. They are distinct but at the
same time also tightly intertwined (Thalanki 2017). The scope of data strategy is
wide-ranging and represents an umbrella for all data initiatives such as data architec-
ture, data warehouse, data analytics, business intelligence (BI), data migration, master
data management (MDM), reference data management, metadata management, data
governance, and data quality. A data strategy ensures that all data initiatives follow
a common method and structure that is repeatable (Gurevich and Dey 2018).
Paul Barth listed four principles of a successful data strategy in the form of
questions (Barth 2018a, 2018b) as follows:
Question #1—How does data generate business value?
Question #2—What are our critical data assets?
Question #3—What is our data ecosystem?
Question #4—How do we govern data?
The above questions show that data governance is one of the four factors for an
effective data strategy and not the only factor.
Richard Inserro, Principal, PwC, mentioned in his presentation at Data Citizens
‘17, “The CDO Mandate and the Path Forward,” data governance must be the starting
point of any data strategy, and must have the capability and flexibility to support
the productivity aspirations, risk mitigation, and operational efficiency needs of the
business, and properly align IT activities.
These can be achieved by businesses when their programs build a community of
common language, collaboration framework, policies, and responsibilities to start
their data strategy journeys, which are the basis of data governance (Marchese and
Rao 2018).
Without prioritizing governance in your data strategy, the desired impact of data on
your business will never be realized in an efficient and dependable manner over time.
As Stephen Covey famously said, “Begin with the End in Mind means to begin each
day, task, or project with a clear vision of your desired direction and destination, and
then continue by flexing your proactive muscles to make things happen,” (Marchese
and Rao 2018).
Data governance is usually a line item in the data strategy. Benefits of data strategy-
governance combinations can be divided into two buckets—tangible and intangible as
postulated by Adelman, Moss and Abai in 2005. Tangible benefits include (Adelaman
et al. 2005):
• Revenue enhancement,
• Cash flow acceleration,
3.5 Corporate Strategy, Data Strategy, and Data Governance 79
• Analyst productivity,
• Cost containment,
• Demand chain management,
• Fraud reduction,
• Improved marketing effectiveness,
• Better supplier and customer relationships,
• Customer conversion rates, and
• Customer attrition and retention rates.
Intangible benfits include (Adelaman et al. 2005):
• Better and faster decision making,
• Better public relations and reputation management,
• Better customer service,
• Employee empowerment, and
• Competitive effectiveness.
Data governance means nothing to the executive management and leadership unless
it contributes to generating revenue or results in cost savings. Data governance inter-
sects with business initiatives specifically the ones which are data initiatives (for
example, customer relationship management (CRM), enterprise resource planning
(ERP), and compliance) as well as data management initiatives (for example, master
data management, and data integration).
The data governance strategy should contain an answer to the following questions
as illustrated in Fig. 3.4:
• Why are you doing data governance?
• Who are the stakeholders in the data governance program?
• What needs to be done to achieve the “why”?
• Where do you want to start?
• How do you want to achieve data governance?
• When do you want to do what?
The “Why” defines the desired outcomes and goals of the data governance
program, and should be aligned with the organization’s data strategy and corporate
strategy. The “Why” that is, “why are you doing data governance?” should always
be defined before you define “Who”, “When”, “How”, “What”, and “Where” ques-
tions. The “Who” helps in defining the data governance stakeholders. The “When”,
“How”, “What” and “Where” form parts of the roadmap. Data governance strategy
should align with the data strategy and corporate strategy as shown in Fig. 3.5.
In short, the data governance strategy defines the objectives and desired outcomes
of data governance program, the scope of the data governance program, the stake-
holders, and the roadmap. It is driven by the business drivers and uses cases for data
80 3 Strategy and Data Governance
Goals and
Desired
Why? Outcomes
Timelines and
Milestones
When? What?
Data
Governance
Strategy Scope of Data
Governance
How? Who?
DG
Initiatives
Stakeholders
Aligns Corporate
Strategy
Aligns
Fig. 3.5 Data governance strategy, data strategy, and corporate strategy alignment
and benefits expected from the same. The objectives and desired outcomes should
be well defined and documented as well. This is because if you do not know what
it is you are aiming to accomplish as an organization, your likelihood of success is
very slim.
The objectives and the desired outcome in the data governance strategy helps
determine the scope of the data governance program, the data governance business use
cases, initiatives, and roadmap activities (high level time-bound plot of when should
the data governance initiatives start, the time sequencing of the data governance
initiatives, and the milestones).
3.6 Data Governance Strategy 81
A data governance strategy map defining the summary of the goals and outcomes,
critical success factors, the core disciplines, supporting disciplines, and showing the
relationships amongst these components on one page can help communicate the data
governance strategy to different levels of the organization. Benefits, risks, success
factors, implementation, and priority should be defined for each of the business use
cases. The scope and roadmap help determine the subsequent on-boarding of the
data governance resources.
A data governance strategy acts as the vision document of the company, and
ensures that the whole organization understands the goal of the program and each
person’s role in achieving success. It defines how data governance initiatives will
be defined, funded, governed, and rooted into enterprise operations. The gover-
nance strategy should also define how the organization will assess, define, plan,
operationalize, monitor, and measure the data governance programs (Addagada
2016).
The data governance maturity model can be used as a tool in planning a data
governance implementation program by using it to establish the current and future
state as well as to track the progress of the data governance implementation program.
Several data governance maturity models have been discussed in Chap. 4.
While the data governance strategy creation typically takes a few weeks and has
some sort of timeframe for executing it—however, it is only high level in terms of
how it will be achieved. The time span of the strategy and roadmap usually ranges
from 18 to 24 months.
The data governance steering committee consisting of C-level executives should
be defined and engaged to support review, and approve the strategy, if necessary. The
data governance strategy should be documented, and walkthrough sessions should
be conducted with stakeholders, to elicit feedback and sign offs.
The data governance strategy should be reviewed every six months or at least once
a year. This is because in order to stay competitive as well as comply with regulations,
an organization’s business objectives and priorities change with time, which requires
the IT strategy, data strategy, and data governance strategy also to be revisited and
revised accordingly. For example, the regulatory landscape is constantly evolving, in
reaction to fraud, scandals, and security breaches, with new laws coming into being
and existing laws being revised, resulting in new requirements in relation to data
whether in the form of increased data security, privacy, protection, restricted access
or more granular reporting. Hence, organizational strategies also need to be revised,
and data governance also needs to evolve to meet these new requirements.
As stated by Dr. John Talburt, Acxiom Chair of Information Quality at the University
of Arkansas at Little Rock, and Lead Consultant for Data Governance and Data
Integration with Noetic Partners Inc. “…every DG program should start with a good
business case projecting the value of the program,” (Mahanti 2021a).
82 3 Strategy and Data Governance
It is important to give careful consideration and invest time in building the business
case for data governance, to present a strong and compelling case that convinces
the executive team to provide the required funding, as well as gain their support
throughout the entire data governance journey. It is important to remember that data
governance is a multi-year effort, and funding should be secured accordingly (Power
2014).
The data governance business case establishes the focus areas, risks, threats, priori-
ties, and benefits for the data governance program. In short, it provides a justification
for doing data governance, and acts as a reference guide before and during data
governance implementation.
Having a business case for data governance has several benefits. The act of creating
a business case forces you to identify the pockets of greatest need. It is important to
identify the areas of greatest need as well as return. This is because the business case
helps in assessing the risks, threats, values, and costs, which in turn can help you to
weight the impacts of not doing it against benefits of doing it. It helps set the right
priorities. It also helps to validate any preconceived assumptions about the strategy,
and direction that your initiative must take (Jones 2015).
Also, data governance ties together other data management initiatives like data
security management, data quality management, and master data management and a
business case for those initiatives would cover the need for data governance. Taking
our earlier example of customer and prospect data to increase revenue, you need high
quality customer and prospect data, and data governance would be needed to ensure
that the said data is of high quality.
Generally, data governance is driven by a small group. However, data governance
implementation affects all business units across the enterprise as data crosses the
business unit boundaries and is not a departmental asset.
A robust data governance business case which outlines the risks and values helps
in gaining cross-departmental agreement as each group has a vested interest in its
outcome. This ensures that all stakeholders have a common understanding of the
value of data governance. Without a business case, business units, and departments
not driving data governance will question “ What is in it for me?”, and there is a like-
lihood of these groups offering resistance to the implementation of data governance
as they see data governance being forced upon them (Jones 2015).
In the absence of a data governance business case, you have no protection when
there is an organizational restructure at the executive and C-suite levels. The backing
by previous leadership and management who supported the data governance program
is no longer there, and the new leadership and management may not perceive the
business benefit of data governance, and may ultimately scrap the initiative (Jones
2015).
A compelling data governance business case which has the risks, values, costs,
and justification outlined for doing data governance can provide a greater degree of
protection from the unexpected management changes. It can also provide justification
to the management to continue with the implementation of the data governance
program (Jones 2015).
3.7 Building a Business Case for Data Governance 83
Data governance is not a technology project or a project for that matter, but a
business program and practice that deals with the data assets of an enterprise. Hence,
creating a business case for data governance is different from creating a business case
for a traditional technology project. Many of these variances revolve around subject
areas, such as business process, change management, business benefit, and holistic
impact (Information Builders 2012).
The data governance business case should establish the high-level understanding
and communication for the business benefits that the governance program will seek
to achieve (use cases), who will be involved (resource types), where governance
disciplines will be applied (processes in the use cases), and the economic value for
applying governance to achieve those outcomes (Fryman 2016a) in a lucid manner
as the subject of data governance might be new to the stakeholders involved. An
effective data governance business case consists of three key components (Fryman
2016a) as shown in Fig. 3.6.
1. Risk.
2. Value.
3. Cost.
Risk
DG Business
Case
Components
Value Cost
Risk
The data governance business case should outline the risks of not doing data gover-
nance and call out the urgency of the problem with data to support the same. In
financial and healthcare organizations, which can be subjected to penalties for non-
compliance, and where there are legal, regulatory, and reputational impacts of not
governing data, the risks of not doing data governance are apparent. With the rest of
the industry sectors, the risk of not doing data governance may not be as obvious.
However, with the enormous amounts of data that the organizations store, there is
a huge risk associated with data, if it is not governed and managed appropriately.
Some of the risks of not doing governance are –
• Fines and penalty because of non-compliance,
• Data security breaches,
• Privacy violation,
• Potential loss of public opinion or negative public opinion that might result in
decrease of revenue, and
• Risk of revenue, regulatory, or capitalization reporting may be in error or
questioned.
Risk factors are often difficult to assign a financial value to (Fryman 2016b). For
example, it is difficult to quantify the brand damage or negative public opinion. The
level of concern associated with the above risk factors, the likelihood and the severity
of the impact may be used to determine the degree of risk. It is best to classify your
risks as high, medium, or low, and if possible associate a dollar value with the risk
factors.
Value
Value is either anticipated cost reduction or benefit expected to be achieved from the
implementation of data governance in the organization. The business case should
call out how the organization will be benefited or improved by implementing data
governance to convince the executive leadership and senior management to give
their blessing to the data governance program. The value you will obtain from data
governance is dictated by the business outcomes and capabilities you want to achieve
by implementing data governance and use cases of data governance. Some examples
of outcomes are as follows:
• Reduce cycle-time searching for data necessary to conduct management reporting
and analytics (Fryman 2016b).
• Improve and align business terminology across the enterprise.
• Improve data quality definition across the enterprise.
• Improve discovery of authoritative data.
• Improve user access to authoritative data sources while ensuring data protection
and security.
• Improve the processes and time to resolution while reducing the cost of issue
management around data (Fryman 2016b).
3.7 Building a Business Case for Data Governance 85
Cost
Cost is one of the key components of the data governance business case. It is defined
as the financial cost involved in implementing data governance along the following
cost buckets:
1. Resources.
2. Infrastructure and technology.
3. Processes.
You also need to identify your current costs and estimate future costs once the
data governance processes, resources, infrastructure, and technology are in place.
Cost estimation for resources
The following needs to be taken into consideration when conducting cost estimation
for resources:
• The types of resource required.
• Number of resources that are required.
• Number of incidents per week/month/quarter.
• Average effort and cost per incident.
• Impact of improvements and technology on the resource costs.
Taking our earlier example, of customer and prospect data, a data quality assess-
ment exercise would tell us how good or bad is the quality of data, and whether it
would be possible to assign a dollar value.
Say, ABC electronics is launching a set of new laptop, camera, and cell phone
models. If 20% of the customer and prospect contacts lead to sales worth approxi-
mately $1500 per lead and the customer and prospect database has 80,000 records out
of which 30,000 records do not have correct addresses, then the lost revenue would
be approximately $9 million. If the cost of improving data quality and implementing
data governance is $2 million, and by doing so, you can correct 90% of the addresses,
then that equals to 72,000 records correct. Hence, you will still get revenue of $7.4
million and $5.4 million of profit.
When constructing a business case for data governance, there are two ways of
going about it- look at the critical data, assess the business impact and cost of bad
data, or look at the business objectives, the data that will be required to fulfill the
business objectives, and how the data is falling short of meeting those business
objectives. In both cases, you need to be able to assign a dollar value towards the
cost of implementing each of the objectives.
Once you know your current state of maturity (that is where you are or the ‘as-is’
state), the future state of maturity (that is where you want to be or the ‘to-be’ state or
‘target’ state), and the gap between the ‘as-is’ state and the ‘to-be’ state, a roadmap
can be produced for attaining the ‘to-be’ state. As the king said in Lewis Carroll’s
‘Alice in Wonderland’:
Begin at the beginning and go on till you come to the end: then stop.
projects so that execution can follow. It contains core components and initiatives
with the estimated start and end dates, which will be required to achieve the business
objectives.
The data governance roadmap should define the data governance organization
structure and operating model consisting of roles, responsibilities, decision rights,
rules, controls, and accountabilities across the different business units. The data
governance organizational structure has been discussed in detail in Chap. 5.
The data governance roadmap should also define the change management plan
and should contain steps to integrate with other data initiatives like data quality, data
warehousing, and data security initiatives.
Certain data governance capabilities form the base, and their implementation
should be prioritized to ensure that the structure is in place to support the imple-
mentation of subsequent capabilities. First, organizational roles must be defined
with clearly documented accountabilities and responsibilities in the context of the
underlying governance structure. The accountability established will support the
implementation of the other capabilities [Urso].
It is important that the roadmap has the appropriate level of detail. Roadmaps are
fundamental communication tools, and you’re going to need a significant number of
people within your organization to ‘buy into’ your roadmap [Entity].
As discussed in Chap. 2, you should not take the “big bang” approach when imple-
menting data governance in your organization. It is critical to commence any data
governance initiative with a short, high priority, well defined, and well understood
pilot. The prioritization and selection of the pilot phase should be directed by the
area within the business with the greatest need, most pain and/or largest perceived
benefit. This pilot can be selected based on priorities set across one or more of the
following dimensions:
• Critical data domain, critical data sets, and critical data elements.
• The data function or data initiative.
Identify the different data domains in the organization and select the most critical
data domain for a data governance pilot. Depending on the industry sector, there may
be different data domains. A data domain is connected to a number of applications
and business processes, and has a large number of data sets and data elements.
It is important to identify the critical data sets within the critical data domain, and
the critical data elements in the critical data sets in this data domains. Critical data
elements are subsets of critical data sets which are in turn subsets of critical data
3.9 Data Governance Pilot 89
Critical
data domains
Critical
data sets
Critical
data
elements
Fig. 3.7 Critical data domains, data sets, and data elements
domains as shown in Fig. 3.7. Also, while looking for critical data elements, one has
to consider the interrelationships between the data domains.
For example, financial data domain is very critical as it drives accounting, finan-
cial, and regulatory reporting, and is subject to audits. Since, there are huge risks
associated with financial data, financial data domain is the primary domain for finan-
cial data. However, financial data is also driven by other data domains like customer,
product, events, and assets. These are secondary domains in relation to financial data.
Hence, data elements and data sets indirectly associated with financial data in these
secondary domains also become critical.
From a HIPAA compliance perspective, certain patient data elements need to be
of high quality and also need to be adequately protected. However, the address data
associated with a patient also needs to be accurate, current, and complete, so that
medical reports and communication containing sensitive health information do not
fall into wrong hands.
The following criteria can be used to identify the critical data sets and critical data
elements:
• Number of consumers or users of the data.
• Criticality of the business processes consuming the data.
• Number of enterprise obligations that the data set/data elements are used for.
• Risks associated with the data set and data elements; (for example—financial risk,
compliance risk, health risk, and fraud).
• Data classification; (for example, sensitive and confidential).
90 3 Strategy and Data Governance
Critical
Data
Domains
Critical
Data
Sets
Critical
Data
Elements
Data Security
Management
For example, the pilot may be data governance to support the product data domain
and the product data set in the product data domain and the master data manage-
ment initiative. While party data or specifically customer data is important across
all industry sectors, certain data domains are relatively more important in certain
industry sectors. For example, for the utilities and telecommunication industry, the
asset data and its quality are specifically important, whereas for the retail sector, the
product data is important.
The Chief Data Officer (CDO) is a C-level role to transform the organization into
a data driven organization and with overall accountability for data as an enterprise
asset. There is no universal agreement on the definition and responsibilities of the
CDO. This is because the role of CDO is still evolving. As per Sunil Soares, author
of “The Chief Data Officer Handbook for Data Governance” the definition of the
Chief Data Officer (CDO) and chief data office are as follows:
Chief Data Officer is a C-level executive with overall accountability for data management
in an enterprise.
The chief data office refers to the enterprise data management (EDM) organization or
department, which reports to the CDO.
Fig. 3.9 Data governance tying together the data management functions and initiatives
Chief Information Officer (CIO). In essence, the CDO establishes data policies and
standards around the data management functions in the organization but outsources
the technology aspects to the CIO.
Data governance plus some operational and analytical systems
In this pattern, the CDO owns data governance, data quality, and metadata as well
as other functions such as master data management, reference data management,
business intelligence, and data warehousing. However, the CIO still retains control
over the other functions.
Broad EDM scope
In this pattern, the CDO owns most of the data management functions including data
governance with the exception of some departments such as database management,
which may continue to report to the CIO. The reporting structure for data architecture
and data modeling and design is typically highly sensitive because it may involve
breaking apart the enterprise architecture department.
3.10 Role of the Chief Data Officer in Data Governance 93
In all the above patterns, data governance is within the scope of the CDO. Although
the role of the CDO is still evolving, there are various aspects that are becoming more
steady (Soares 2014). One of them is that data governance is perceived as a critical
function as part of the chief data office, and the intent of the CDO role is to create a
strong executive focus on data governance.
Inderpal Bhandari, Chief Data Officer, Cambia Health in his foreword for Sunil
Soares’s book – “The Chief Data Officer Handbook for Data Governance”states
(Soares 2014):
Since 2006, I have created the role of Chief Data Officer thrice in different healthcare
organizations. My role expanded in scope over time, in keeping with the trend of increasing
importance of data to a business. I went from the leader of a functional unit to the general
manager of a business unit and then to a member of the CEO’s senior leadership team. I had
to reinvent the CDO role at each transition to reflect the expanded scope. But one aspect
remained constant: Every time, I had to implement a data governance program.
within the organization have a part to play in its implementation success. The key to
data governance is to ensure collaboration across the enterprise (Woodie 2018).”
Dr. John Talburt stresses that for a CDO role to be successful, it should be
implemented correctly. He states (Mahanti 2021a).
…the CDO and DG will not be successful without business participation. The most effective
CDOs report to a business leader such as the CEO, CMO, and the CRO.
According to Dr. John Talburt, “when a CDO reports to the CIO, it is a sign the
organization does not understand the need for business to be accountable for data,
the CDO role is much less effective. As long as organizations see IT as accountable
for data and DG, they will at best have limited success.”
Dr. John Talburt goes on to state that CDO’s are often seen as being mainly
responsible for DG and DQ programs. And while the CDO should definitely oversee
DG and DQ, viewing the CDO as a purely operational role for DG and DQ limits
the role, and can cause organizations to miss out on a large part of the opportunity
to participate in the data revolution (Mahanti 2021a).
As per Christopher Butler, Chief Data Officer, HSBC, UK (Mahanti 2021a),
The Chief Data Officer is critical to aligning business and data areas together. He must fully
understand and be part of the business structure, provide the necessary data governance as
well alignment with IT tools and technology to move forward. The CDO is able to ensure the
right level of ‘C’ Suite support and be in a position to ensure that consistency and standards
apply to the entire organization.
The CDO should effectively communicate the value of data governance and take
the right steps to engage both data practitioners and data users, creating a collabo-
rative environment for managing and governing data. To make the data governance
process work, a CDO should ensure that an operating model for data stewardship and
governance is developed with defined roles, responsibilities, and levels of escalation
to enforce compliance with rules for using business data [Loshin].
The following data governance topics are the keys to the CDO agenda (Soares
2014):
• How do we organize for data governance?
• How do we drive business ownership of data?
• How do we set data policies, standards, and processes?
• How do we monitor the adherence to these data policies, standards, and processes?
• How do we enforce compliance with these data policies, standards, and processes?
• How do we leverage technology, especially in the context of big data?
A Chief Data Officer can be appointed in three different types of organizations in
the context of status of data governance implementation-
Scenario 1: Organizations that have already formalized data governance throughout
the enterprise and have formal data governance roles and responsibilities [Simon].
Scenario 2: Organizations that informally and invisibly practice data gover-
nance. Formal data governance roles are not seen; however, many individuals and
3.10 Role of the Chief Data Officer in Data Governance 95
Your organization’s culture will drive your governance strategy and your governance strategy
will drive culture change.
Every organization will have its own unique strategy to implement data gover-
nance depending on the organizations’ strategic business objectives and future direc-
tion, their data and application landscape, regulatory landscape, business impact
of data issues, the value they want to derive from their data, size of the organiza-
tion, organization structure and hierarchies, organization culture, their current data
maturity, and their readiness to achieve higher maturity levels.
96 3 Strategy and Data Governance
The business case is needed in order to secure sponsorship for a data governance
program (Mahanti 2021a) as well as sustain the support in case of changes in manage-
ment. As highlighted by George Firican, Director of Data Governance & Business
Intelligence at UBC DAE and Founder of www.lightsondata.com (Mahanti 2021a),
The overall strategy needs to address the business needs, deliverables, objectives, framework,
and best practices as well as change management accompanying it all. Both the strategy and
business case should help identify the risks, gaps, assumptions, constraints, and benefits,
tie them to the goals of the organization and determine why and how data governance can
support them.
You need a good data governance strategy to kick start your data governance
journey, and strategy should be followed by execution. As stated by Morris Chang-
Without strategy, execution is aimless. Without execution, strategy is useless.
References
Accenture (2018) Data governance strategy. Last accessed on 01 Dec 2018 from https://capitalma
rketsblog.accenture.com/data-governance-strategy
Addagada T (2016) Is this the right time to create a maturity model for your Data Governance Divi-
sion? Finextra blog. Last accessed on 20 Dec 2016 from https://www.finextra.com/blogposting/
12192/is-this-the-right-time-to-create-a-maturity-model-for-your-data-governance-division
Adelman S, Moss L, Abai, M (2005) Data Strategy. Addison-Wesley
Askham N The 9 biggest mistakes companies make when implementing data governance. Last
accessed on 16th July 2018 from http://static1.squarespace.com/static/52ed2570e4b02079a82e6
ff3/t/56111545e4b0890ee92b5901/1443960146356/Nicola+Askham+-+9+biggest+data+gov
ernance+mistakes.pdf
Barth P (2018a) The 4 principles of a successful data strategy, CIO Update. https://cioupdate.com/
the-4-principles-of-a-successful-data-strategy-2/
Barth P (2018b) The 4 principles of a successful data strategy, CIO update. https://cioupdate.com/
the-4-principles-of-a-successful-data-strategy/
Brown ED (2018) You need a chief data officer. Here’s Why. Eric D. Brown, Last accessed on 24
Dec 2018 from https://ericbrown.com/you-need-a-chief-data-officer-heres-why.htm
Daniel DR (1961) Management information crisis. Harvard Bus Rev September–October 1961
Daniell M (2007) The elements of strategy, pp 1–110
Dontha R (2018) December 16, 2016 Data strategy—What, why, when, who, where, digital trans-
formation pro. Last accessed on December 3, 2018 from https://digitaltransformationpro.com/
data-strategy-5ws/
Eckerson, Wayne, June, (2011) Creating an enterprise data strategy: Managing Data as a Corporate
Asset. http://docs.media.bitpipe.com/io_10x/io_100166/item_417254/Creating%20an%20Ente
rprise%20Data%20Strategy_final.pdf. Last accessed 1 June 2014
References 97
Entity The 12 step data governance road map to business success, entity white paper. Last accessed
on 22 Dec 2018 from https://www.entitygroup.com/12-step-data-governance-road-map/
Fryman L (2016a) Data governance business case journey begins with the first step, collibra
blog. https://www.collibra.com/blog/data-governance-business-case-a-journey-begins-with-the-
first-step/
Fryman L (2016b) Business glossaries and metadata: building the data governance business
case. The Data Administration Newsletter. http://tdan.com/business-glossaries-and-metadata-bui
lding-the-data-governance-business-case/19874
Gallant J, Fleet K (2018) The data strategy playbook: A CIO’s practical guide to driving
change, Informatica. https://static1.squarespace.com/static/5d529586daa0e30001b91b58/t/5d8
0e340809d981c12b885b8/1568727874802/TheDataStrategyPlaybook.pdf
Gow B (2006) Case study: Data governance & compliance for financial services, IBM corporation,
CDISP 2007. Last accessed on 22 Dec 2018. http://www.sourcemediaconferences.com/CDISP07/
pdf/Gow_Brett.pdf
Gurevich A, Dey S (2018) Defining a data strategy: an essential component of your digital
transformation journey, DXC.Technology White Paper
Henry, ND (2015) What is strategy? https://blackwells.co.uk/extracts/9780199288304_henry.pdf.
Accessed 25 Feb. 2015
Information Builders (2012) Building a business case for data governance: Ten critical steps, A
White Paper, iway Software
Izquierdo R (2020) Successful growth strategy examples from real-world companies. Last accessed
on 1 June 2020 from https://www.fool.com/the-blueprint/growth-strategy/
Jones D (2015) Justifying the need for a data governance business case. The Data RoundTable,
SAS Blog, https://blogs.sas.com/content/datamanagement/2015/08/10/justifying-need-data-gov
ernance-business-case/
Kaplan R, Norton D (2004) Strategy maps: converting intangible assets into tangible outcomes,
Harvard Business School Press
Kaplan RS, Norton DP (1996) The balanced scorecard: translating strategy into action. Harvard
Business School Press, Boston
Kimberlee L (2018) Examples of corporate business strategies, Chron. Last accessed on 1 June
2020 from https://smallbusiness.chron.com/examples-corporate-business-strategies-4755.html
Lafley AG, Martin RL (2018) Customer Loyalty Is Overrated, HBR’s 10 Must Reads series 2018.
Harvard Business Review Press, Boston, Massachusetts
Liddell HG, Scott R (1999) A greek-english lexicon, on Perseus
Loshin D, CDO should take lead on data governance process, info strategy, Search Data Manage-
ment, Techtarget. Last accessed on 24 Dec 2018 from https://searchdatamanagement.techtarget.
com/tip/CDO-should-take-lead-on-data-governance-process-info-strategy
Mahanti R (2021a) Data governance and compliance, Springer Books, Springer, number 978-981-
33-6877-4
Marchese, J, Rao N (2018) Data strategy begins governance, Collibra Blog. https://www.collibra.
com/blog/data-strategy-begins-governance/
Mauzy D, Bull B, Gould T (2016) Avoid the pitfalls: benefits of formal Part C data system
governance. SRI International, Menlo Park, CA
Mintzberg H (1978) Patterns in strategy formation. Manage Sci 24(9):1–15
Neilson GL, Martin KL, Powers E (2020) The secrets to successful strategy execution, HBR’s 10
must reads on strategy 2-volume Collection Harvard Business Review Press
Pastore M (2018) GDPR, compliance concerns driving data governance strategies, erwin Expert
Blog, Last accessed on 10 Sept 2018 from https://erwin.com/blog/driving-data-governance/
Power (2014) Building a data governance organization, information governance Blog-
Eckerson.com, eckerson.com/articles/building-a-data-governance-organization
Rockart JF (1989) A primer on critical success factors. In: Bullen CV (ed) The rise of managerial
computing: the best of the center for information systems research. Dow Jones-Irwin, Homewood,
IL
98 3 Strategy and Data Governance
4.1 Introduction
In the context of the organization as a whole, the term maturity relates to the measure
of the capability of an organization around different disciplines including people,
processes, data, technologies, and measurement practices.
The term ‘maturity’ when used in the context of processes relates to the extent of
sophistication and optimization of processes, from chaotic and ad-hoc practices at the
lowest level, to documented repeatable steps, to standard processes, to quantitatively
managed processes with result-oriented metrics, and to active optimization of the
processes, with increasing levels of maturity.
In the context of an organization’s software processes, maturity relates to the
degree of predictability, effectiveness, optimization, and control of the software
processes.
© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2021 99
R. Mahanti, Data Governance Success,
https://doi.org/10.1007/978-981-16-5086-4_4
100 4 Data Governance Maturity Models
Maturity models represent a distinct class of models, dealing entirely with the
organizational and information systems related to change and development processes
(Becker et al. 2010; Crosby 1979; Gibson and Nolan 1974; Mettler 2010; Nolan
1973).
A maturity model is a tool or a guiding framework that provides a means for
organizations to determine the current effectiveness and capabilities in a particular
discipline. It assists in figuring out what needs to be done, or what capabilities and
improvements are needed to acquire the future state that the organization desires to
achieve.
Maturity models are structured as a sequential level of capabilities, predictability,
and effectiveness, along a single dimension or multiple dimensions, with higher matu-
rity levels associated with higher levels of capabilities, predictability, and effective-
ness. Each level in the maturity model builds on top of a lower level. It is not possible
to jump to a higher level before conquering the lower ones as shown in Fig. 4.1.
4.2 Data Governance Maturity Models 101
Each data governance maturity model has a metamodel that comprises of the
following elements:
• Levels or stages—These are progressive stages in maturity.
• Subject areas—These are capabilities (key areas, components, functions, or
dimensions).
• Subject sub areas—These are areas or components or dimensions under the
subject areas. Subject areas might or might not be broken into sub areas.
• Subject area/subject sub area dimensions—These are assessment criteria for
each of the subject areas and/or subject sub areas which help determine their
maturity level.
While levels and the names assigned to levels are usually available for all the
different data governance maturity models, the subject areas are not available for all
of them. Subject sub areas as well as subject area/subject sub area dimensions are
rarely publicized.
Level 5 - OpƟmized
Level 4 - Managed Focus is on
conƟnuously
Level 3 - Defined Processes are improving process
measured & performance
Level 2 - Repeatable Sets of standard process capability
processes defined is established
4.3 Data Governance Maturity Model Metamodel
The data governance maturity model is modeled after the CMM defines four, five,
or six levels of maturity, ranging from an initial or chaotic level where practices and
policies are ad hoc to the highest level in which processes and practices lead to contin-
uous measurement, assessment, improvement, and optimization. Many industry prac-
titioners have modeled the data governance maturity model after CMM, and have
altered the five levels. In this section, we will discuss and compare data governance
models developed by Kalido, DataFlux, Informatica, Oracle, Microsoft, and IBM.
The number of levels and process areas in the maturity models defined by each of
these practitioners is summarized in Table 4.1. It is not possible to compare the DG
maturity models in Table 4.1 as the levels and/or subject areas are not aligned.
4.4.1 Kalido
Based on market research with more than 40 companies at varying stages of maturity,
Kalido has defined a data governance maturity model with four levels or stages—
application centric, enterprise-repository centric, policy centric, and fully governed,
with maturity at each level being gauged along three key areas—organization,
process, and technology as follows (Chen 2010).
Stage 1—Application Centric
From an organization’s perspective, the business sees data as an IT responsibility with
no or little collaboration between business and IT. This stage is characterized by an
absence of data authority or data stewardship. There is no process for data governance
in the organization. From a technology perspective, at this stage, business process
models, data models, as well as rules, are completely embedded in applications. Data
quality or data modeling tools do not exist, and enterprise-wide, cross-functional
views of data are not available.
Stage 2—Enterprise-Repository Centric
At this stage, from an organization’s perspective, some data stewardship is performed
by informal data experts, but there is no formal acknowledgment of the role and
definition of responsibilities, with the authority of data lying in the hands of IT.
Collaboration between business and IT is consistent. From a process perspective,
loosely defined governance processes are siloed by enterprise repositories like data
warehouse, a master data hub, and ERP systems, with data issues being tackled
reactively without addressing the root cause of the problem. From a technology
perspective, data quality tools and metadata tools exist for enterprise repositories.
4.4 Data Governance Maturity Models … 105
Table 4.1 Data governance maturity models—practitioners, maturity levels, and subject areas
Practitioner Maturity levels Subject area
Kalido 4 maturity levels— 3 key areas—
• application centric; • organization;
• enterprise repository centric; • process;
• policy centric; • technology
• fully governed
DataFlux 4 maturity levels— 5 components—
• undisciplined; • people;
• reactive; • policies;
• proactive; • technology;
• governed • risk and reward;
• advancing to the next stage
Microsoft 4 maturity levels— 3 key areas—
• basic; • people;
• standardized; • process;
• rationalized; • technology
• dynamic
Informatica 5 maturity levels— 4 dimensions—
• reactive; • driver;
• repeatable; • scope;
• structured; • how measured;
• proactive; • how managed
• embedded
Oracle 6 maturity levels— Subject areas not available
• none;
• initial;
• managed;
• standardized;
• advanced;
• optimized
IBM 5 maturity levels— 11 domains—
• initial; • organizational structures and awareness;
• managing; • stewardship;
• defined; • policy;
• quantitatively managed; • value creation;
• optimizing • data risk management and compliance;
• information security and privacy;
• data architecture;
• data quality management;
• classification and metadata;
• information lifecycle management;
• audit information, logging and reporting
106 4 Data Governance Maturity Models
4.4.2 DataFlux
DataFlux has defined a data governance maturity model with four levels—undis-
ciplined, reactive, proactive, and governed with the maturity at each level being
gauged along four key areas or components—people, policies, technology, and risk
and reward. In addition, DataFlux also has a component “advancing to the next stage”,
which outlines the actions required to move to higher levels (DataFlux Corporation).
Level 1—Undisciplined
As the name suggests, chaos reigns at this level.
From a people perspective, at this level, success is dependent on the competence
of a few individuals, with no executive awareness of data issues, and no management
buy-in for data quality.
4.4 Data Governance Maturity Models … 107
From a policies perspective, at this level, data problems are addressed reactively
in a firefighting mode, with no defined data quality processes, and a lot of data silos.
From a technology perspective, at this level, data analysis, profiling, and auditing
are not done, with data cleansing and standardization only applied to isolated data
sources, and data improvement focused on solitary applications.
From a risk and reward perspective, at this level, risks are extremely high, like
lost customers and opportunities due to data issues, while the rewards are low and
driven by the individual degree of success.
The first stage is often characterized by events that show the impact of bad data
quality like lost customers. This results in organizations to recognize the problems
at a departmental level, and start to quantify the effects of poor data quality in the
organization, and take steps to progress towards the next level of maturity. In order
to move to the next higher maturity level, organizations have to establish their data
governance objectives, baseline their data governance maturity, identify their critical
data assets, and have technology components in place for data quality and data
integration.
Level 2—Reactive
As the name suggests, organizations that operate at this level of maturity recognize
and address data issues only after the occurrence.
From a people perspective, at this level, success is dependent on the group of
database administrators while a useful data quality process is developed by individ-
uals. There are no standard processes across functions, and there is little management
buy-in for data quality.
From a policies perspective, while data governance rules start emerging at
this maturity level, the focus is still on correcting data issues, and processes are
built to address current data issues. Roles and responsibilities are standardized by
departments.
From a technology perspective, tactical data quality tools are used at this level,
with ERP and CRM systems using data quality technology, and data integration
attempted by departments in isolation.
From a risk and reward perspective, risks are high due to a lack of data integration,
and rewards are limited and anecdotal, with return on investments coming from
individual processes.
At this level, applications in the organizations are still non-integrated across
departments and business units. In order to move from the reactive stage to the
proactive stage, the organizations need to have a strategy to have a more unified
view of enterprise data across the departments for specific domains, which requires a
significant cultural change. Data stewards need to be established, and organizations
need to start using data monitoring technologies to proactively uncover data issues.
Level 3—Proactive
The organizations operating at this level are able to avoid risks and reduce uncertainty.
From a people perspective, at this level, management views data as a strategic
asset, understands the value of data governance, and commits resources for the
108 4 Data Governance Maturity Models
same. Data stewards are responsible for enacting and maintaining data quality
standards, business rules, and implementing the data management strategy.
From a policies perspective, at this level, the focus is on prevention of data issues
rather than correction, and to this effect, preventive data quality processes emerge,
with metrics sometimes used to provide insights into areas for improvement.
From a technology perspective, service-oriented architecture becomes an industry
standard. The data quality functionality is shared across different operation modes,
and data quality monitoring is in place to maintain the data quality.
From a risk and reward perspective, the risks range from medium to low level
because of the availability of better quality data that enables more reliable decision
making. The rewards range from medium to high as the data quality improves because
of a wider adoption in different functional areas across the organization.
At the proactive level, the organizations start unifying the data for a particular
domain like customers or products Movement to the next level (that is, the highest
maturity level) requires a unification approach for all corporate data, with the business
playing a key role in the data management process and IT playing a supporting role.
The movement to the highest maturity level also requires technology capability to
automate the business processes.
Level 4—Governed
The organizations operating at this level have an organization wide unified data
governance strategy.
From a people perspective, at this level, the data governance program has an
executive sponsorship with direct support from the Chief Executive Officer. The
business users play an active role in data strategy, with data governance groups
working actively with data stewards.
From a policies perspective, automated policies are in place to ensure that the
data continues to be of high quality throughout the organization. The business rules
for data quality and identity management are encapsulated in a service orientated
architecture (SOA). New data initiatives are only approved after impact analysis of
the existing data infrastructure has been carefully deliberated.
From a technology perspective, the data quality tools are standardized across the
organization. Data models capture the business and technical metadata for all data
elements.
From a risk and reward perspective, at the highest level of maturity, the risk is
low with the availability of high-quality data, and the rewards are high because of a
better understanding of the organization’s business and data driven decisions.
4.4.3 Microsoft
Microsoft has defined a data governance maturity model for data governance for
privacy, confidentiality, and compliance (abbreviated as DGPC). The model has four
progressive levels of maturity: basic, standardized, rationalized, and dynamic, with
4.4 Data Governance Maturity Models … 109
maturity at each level being gauged in three core capability areas namely, people,
process, and technology.
The people area is organized around three layers namely, executive management,
DGPC organization and workforce, and trusted business partners.
The process area is organized around five aspects of the data governance process—
guiding principles, manage DPGC organization, manage requirements, manage
strategy and policies, and manage control environment.
The technology area is organized around the sub categories—information life-
cycle, technology domains, and DGPC risk/gap analysis matrix (Salido and Patrick
2010).
Level 1—Basic
At this level, from a people perspective, the executive management is not aware
of data governance for privacy, confidentiality, and compliance (DGPC) needs and
capabilities. The DGPC organization comprises of localized disparate groups, which
do not include representation from cross-functional business units to address DGPC
needs in siloed fashion in their specific areas of responsibilities. No formal DGPC
roles and responsibilities are defined.
Workforce and trusted partners are not required to complete data governance
awareness training, and are not aware of their roles and responsibilities. They report
issues on an adhoc basis as the DGPC controls are limited and not well known.
From a process perspective, the DGPC processes are executed in an adhoc
fashion. An autonomous DGPC process is used by disparate localized groups,
with localized adhoc translation of requirements into business data and compli-
ance requirements, with neither a defined DGPC strategy nor defined data policies
in place. Adhoc controls are formulated, reviewed, approved, implemented, and
monitored by disparate groups in a siloed fashion based on their respective area of
responsibilities.
From a technology domain perspective, the information life cycle of confiden-
tial data is inconsistently examined and documented. Security technology domains
are implemented in an adhoc and reactive manner, with adhoc tools used to test
the security infrastructure. Adhoc data quality tools and adhoc monitoring technolo-
gies are also used. From a privacy, confidentiality, and compliance risk/gap analysis
perspective, no gap analysis exercise is undertaken, and there are no data privacy and
confidentiality principles.
Level 2—Standardized
At this level, from a people perspective, the executive management is supportive of
DGPC and communicates the importance of DGPC, formally designates the data
governance leaders from different groups to address the DGPC needs, defines and
communicates the DGPC roles and responsibilities to them, as well as receives the
DGPC status reports from the designated business leaders.
The DGPC organization consists of individual governing bodies having appro-
priate representation from cross-functional business units. Roles and responsibilities
are formally defined for each governing body, and data stewards are assigned to
110 4 Data Governance Maturity Models
each governing body. Workforce and trusted business partner areas are required to
complete data governance awareness training. They have a clear understanding of
their roles and responsibilities, and report issues related to data governance controls.
From a process perspective, the processes are structured, localized, and repeatable
based on institutional guiding principles. Disparate localized groups are responsible
for maintaining standard processes. Data governance committees and working groups
use standard processes for goal definition, to measure performance and reporting
progress against defined goals, for member selection, to define member roles and
responsibilities, to develop their data governance policies and strategies based on
their respective area of responsibility, to review, implement and monitor compliance
to their data governance policies.
A standard process is used for the translation of regulations into data compliance
requirements. All groups use a standard process to develop, review, and approve
data governance controls implementation plans, processes, and technical controls,
to implement data governance control standards and data governance controls effec-
tiveness action plans as well as monitor, report, review, and respond to their data
governance controls effectiveness status.
From a technology domain perspective, the information life cycle of confi-
dential data is examined and documented as a standard practice. IT collaborates
with business units to understand the security and privacy needs, identity access
management requirements, data protection requirements, auditing, and reporting
needs in order to develop a comprehensive strategy and roadmap for the security
infrastructure, identity access management requirements (which are deployed selec-
tively), data protection, and monitoring technologies (which are deployed selectively)
respectively.
The standard tools are used to test and validate security infrastructure components,
and standard data quality tools are used for data monitoring and cleansing. From
a privacy, confidentiality, and compliance risk/gap analysis perspective, disparate
groups subscribe to their own set of data privacy and confidential principles, with
focused working groups conducting their own data risk and gap analysis.
Level 3—Rationalized
At this level, from a people perspective, the executive management communicates
the importance of data governance, designates an executive leader to guide different
DGPC group leaders, receives and responds to consolidated data governance status
reports from the designated executive leader, and defines and communicates DGPC
roles and responsibilities to the designated executive leader as well as the DGPC
group leaders.
The DGPC organization consists of individual governing bodies having appro-
priate representation from cross-functional business units, with roles and responsi-
bilities formally defined for each governing body, and data stewards assigned to each
governing body as in level 2.
However, in addition, there is a central governing body which includes lead-
ership representation from cross-functional business units that provides guidance
to, coordinates, consolidates efforts of individual data governance committees, and
4.4 Data Governance Maturity Models … 111
formally and clearly defines roles and responsibilities for the committees which in
turn define roles and responsibilities for the working groups, ultimately defining and
communicating a unified DGPC strategy to the DGPC committees.
The committees and working groups have a unified hierarchical reporting struc-
ture. Workforce and trusted business partner area are required to complete data gover-
nance awareness training. They have a clear understanding of their roles and respon-
sibilities and report issues related to data governance controls as in level 2. In addition
to this, acknowledgment by workforce and trusted business partners is documented,
and performance, issues, and violations are tracked.
At this level, from a process perspective, processes are structured, localized, and
repeatable based on institutional guiding principles as in level 2. In addition to this,
duplicate processes are removed, and complex processes are simplified to make
them more manageable. A standard process is used to manage the hierarchical data
governance structure, including member selection and definition of member roles
and responsibilities. Standard processes are used to develop, review, and approve
data governance policies and strategies. DGPC committees and working groups use
standard processes for goal definition, to measure performance, and to report progress
against defined goals like in level 2; but in addition, the GRC council uses a process
to define goals and objectives for the DGPC committee, measure, and report on the
performance of the GRC council’s DGPC strategy.
A standard process is used for translation of regulations into data compliance
requirements as in level 2. In addition, efforts are made to ensure that the processes
are working as intended. All groups use a standard process to develop, review,
and approve data governance controls implementation plans, process and technical
controls, and implement data governance control standards and data governance
controls effectiveness action plans, as well as monitor, report, review, and respond
to their data governance controls effectiveness status as in level 2. In addition to
this, efforts are made to ensure that data governance controls implementation plans,
process and technical controls definition, data governance control standards, and data
governance controls effectiveness action plans are working as intended.
From a technology perspective, the information life cycle of confidential data is
examined and documented as a standard practice as in level 2. In addition to this,
lessons learned from the assessment of each information life cycle are also applied.
IT collaborates with business units to do the following:
• understand security and privacy needs as in level 2, and uses standard technology
and capabilities to gain a holistic view of all security infrastructure components;
• understand identity access management requirements, data protection require-
ments, auditing, and reporting needs, which are deployed extensively throughout
the organization;
• use the above to develop a comprehensive strategy and roadmap for the secu-
rity infrastructure, identity access management, data protection, and monitoring
technologies respectively.
Standard tools are used and automated to test and validate security infrastructure
components. Standard data quality tools are used for data monitoring and cleansing as
112 4 Data Governance Maturity Models
and measure and report on the performance of the GRC council’s DGPC strategy as
in level 3. A standard process is used for translation of regulations into data compli-
ance requirements and efforts are made to ensure that the processes are working as
intended. All groups use a standard process to develop, review, and approve data
governance controls implementation plans, process and technical controls, imple-
ment data governance control standards and data governance controls effectiveness
action plans as well as monitor, report, review, and respond to their data governance
controls effectiveness status. Efforts are made to ensure that the data governance
controls implementation plans, process and technical controls implement data gover-
nance control standards, and data governance controls effectiveness action plans are
working as intended as in level 3. In addition to this, continuous process improvement
techniques are used to optimize the processes.
From a technology perspective, the information life cycle of confidential data
is examined and documented as a standard practice and lessons learned from the
assessment of each information life cycle are applied as in level 3. IT collaborates
with business units to do the following:
• to understand the security and privacy needs, and use standard technologies and
capabilities to gain a holistic view of all security infrastructure components as in
level 3. In addition to this, centralized capabilities are used to regularly manage
configurable security policies across all infrastructure components.
• to understand the IAM requirements, data protection requirements, auditing, and
reporting needs, which are deployed extensively throughout the organization as
in level 3. In addition to this, enhanced IAM services are used at this level.
• to use the above to develop a comprehensive strategy and roadmap for the security
infrastructure, IAM, data protection, and monitoring technologies respectively as
in level 3. In addition, automated preventive action is enabled in response to
specific critical alerts.
Standard tools are used and automated to test and validate the security infras-
tructure components. Standard data quality tools are used for data monitoring and
cleansing as in level 3. From a privacy, confidentiality, and compliance risk/gap anal-
ysis perspective, all groups subscribe to a standard set of data privacy and confidential
principles, which are rationalized on a periodic basis, and the DGPC gap analysis is
embedded in the confidential information risk assessment and management process.
4.4.4 Informatica
Informatica has defined a data governance maturity model with five stages—reactive,
repeatable, structured, proactive, and embedded, with data governance being an IT
centric effort at the lowest level, and gradually moving to a business centric effort
with increasing stages of data governance maturity. Informatica assesses maturity
at each stage along four dimensions—driver, scope, “how measured”, and “how
managed” (Informatica Professional Services 2015).
114 4 Data Governance Maturity Models
Stage 1—Reactive
At this stage, data governance is at the grassroot level, being driven by a few
passionate individuals. Adhoc rules, policies, and/or standards are implemented into
IT projects as a part of their functional requirements from a scope perspective, with
success being measured by the success of the technology release. Management of
data governance can be best described as “Adhoc” at this stage.
Stage 2—Repeatable
At this stage, data governance still prevails at the grassroot level but is driven by
enterprise architecture (EA) or IT management. The scope of data governance is
limited to documented IT governance and EA standards. This results in metadata
reuse and improved collaboration across IT projects, with success being primarily
measured in terms of improved IT efficiencies. The management of data governance
can be best described as “Pilot” at this stage.
Stage 3—Structured
At this stage, data governance has a more top down sponsorship, though data gover-
nance is primarily driven by senior IT. The scope extends to establishing competency
centers and centers of excellence. Though the data governance efforts are still IT led,
but the business is more involved at this stage. Success is primarily measured at this
stage on operational metrics and SLAs. The management of data governance can be
described as “Project” at this stage.
Stage 4—Proactive
At this stage, the data governance program is sponsored by the business leaders. From
a scope perspective, the data governance program is initiated as a part of the wider
strategic enterprise information management program. The success is measured by
the success of the program with the data governance program being a multiphase
effort spread over a few years. The management of data governance can be best
described as a “Program” at this stage.
Stage 5—Embedded
At this stage, the data governance program is sponsored and supported by the top
executives or the executive board. With respect to scope, data governance is contained
as a self-sustaining core business function that manages data as an enterprise asset.
The measurement of success is not restricted to specific programs but is evaluated on
the basis of the overall impact on the business. The management of data governance
can be best described as a “Function” at this stage.
4.4 Data Governance Maturity Models … 115
4.4.5 Oracle
Oracle has defined a data governance maturity model with six levels or milestones—
none, initial, managed, standardized, advanced, and optimized (Sun 2011).
Level 0/Milestone 1—None
The organizations operating at this level tend to view and treat data as a by-product
of application, and formal governance processes do not exist in the organization.
Level 1/Milestone 2—Initial
At this level, IT is responsible for the data with collaboration between business and IT
being inconsistent and strongly dependent on the presence of individual data-savvy
champions in the different business functions across the organization.
Level 2/Milestone 3—Managed
While standardized processes are in a nascent stage of development at this level,
it is mainly characterized by loosely defined processes that exist around crucial
applications in the business functions. Data issues are tackled reactively without
addressing the root cause of the problem. Ownership and stewardship may be defined
in silos in the business functions.
Level 3/Milestone 4—Standardized
As the name of this level suggests, standardized processes are established across
business functions. The business is involved in data governance. A cross-functional
team is established, and data stewards are appointed, with their roles and responsi-
bilities clearly defined. At this level, a centralized repository of data policies, which
is easily accessible is also established, and the data quality is regularly monitored
and assessed.
Level 4/Milestone 5—Advanced
At this level, the data governance organizational structure is entrenched and is viewed
as a critical business function, with business taking full ownership for data content and
defining data policies. Quantitative process and maintenance quality goals are also
set.
Level 5/Milestone 6—Optimized
At this level, data governance is a core business process. The decisions are driven by
quantifiable, benefit-cost-risk analysis results with quantitative process-improvement
objectives which are used as benchmarks to manage process improvement, being
resolutely established and constantly revised to keep up with the changing business
goals.
116 4 Data Governance Maturity Models
4.4.6 IBM
IBM created a data governance council which in turn defined a data governance
council maturity model which has 5 levels—initial, managing, defined, quantitatively
managed, and optimizing.
It measures the data governance competencies of organizations based on the 11
crucial domains of data governance maturity namely—organizational structures and
awareness; stewardship, policy, value creation, data risk management and compli-
ance information security and privacy data architecture, data quality management,
classification and metadata information lifecycle management and audit informa-
tion, logging and reporting (IBM 2007). Each of these category domains also has
five levels of maturity and is assessed as follows (Alder 2006):
Initial: At the first level, the elements of practice in a specific category domain may
be present but are contained in individual departments, and are mostly implemented
in an adhoc fashion.
Managing: At the second level, the elements of practice in a specific category
domain are mostly defined at an enterprise level. However, the implementation is
not comprehensive across the enterprise.
Defined: At the third level of maturity, the elements of practice in a specific category
domain are defined as well as implemented across the enterprise. However, there are
no formal processes established to ensure continuous improvement.
Quantitatively Managed: At this level, the elements of practice in a specific category
domain are defined and implemented across the enterprise. Repeatable processes and
metrics are in place to monitor and track progress to ensure continuous improvement.
Optimizing: At the highest level of maturity, the elements of practice in a specific
category domain are implemented, monitored, and used in a proactive manner
across the enterprise to decrease risk and continuously improve the data governance
practices.
Each data governance maturity model has its own characteristics and strengths. A
data governance maturity model provides the foundation for subsequently planning a
data governance delivery process. Reviewing and evaluating data governance matu-
rity models should occur early in the process in order to establish an understanding
of the end state.
The data governance program differs from organization to organization, and the
data governance program needs to be tailored to suit the organizational needs. Simi-
larly, if none of the available data governance maturity models suit your needs,
you can tailor any of the existing data governance maturity model so that it meets
your organizational needs. The elements in the data governance maturity model will
be determined by what the organization is trying to achieve by implementing data
governance and how the data assets can facilitate that intent.
4.4 Data Governance Maturity Models … 117
The progression from the bottom level to the top level of maturity is character-
ized by changes in people, processes, behaviors, attitudes, tools, and technology.
For people, there is increasing ownership and stewardship with increasing levels of
maturity. There is a marked difference in attitudes and perceptions, with a shift from
data governance being viewed less as an overhead at lower maturity levels to more
as a return on investment, with progression towards higher levels of maturity.
For processes, with increasing levels of data governance maturity, data governance
becomes a part of the standard business practices and with data policies and standards
developed, maintained, and distributed, data governance processes are monitored,
rather than being looked at on an adhoc basis for quick fixes.
From a tools and technology perspective, the increasing levels of maturity are
characterized by transition from a manual way of doing things to enterprise wide
sophisticated tools to manage data. As you move from lower to higher levels of
maturity, there is a gradual reduction of risks and greater benefits to be reaped from
data governance practices at higher levels of maturity. The level of maturity varies
dramatically amongst organizations, with different organizations being at different
levels of data governance maturity.
The organizations that want to plan their data governance journey in an organized
manner can use data governance maturity models to manage change by determining
their current data governance maturity level (as-is level) and understand WHY they
are at that level, and then establishing WHAT level is appropriate for their business
(that is the should be/to-be or future state they wish to attain) and HOW, WHEN,
and WHERE in the organization to move from one level to the next level.
Moving from a lower level to a higher level requires investment in terms of time and
effort from business subject matter experts, IT teams, as well as technology. As the
organization proceeds through each level of maturity, the organization reaps greater
benefits and reduces risks from more effective data ownership and data stewardship,
better controls around the data, more comprehensive data policies and data standards,
formal conflict resolution process, increased degrees of formalization around devel-
opment and maintenance of data policies and data standards, greater enforcement
of data policies and data standards, and increased formalization of data governance
roles and responsibilities.
In short, the data governance maturity model can be used as a benchmarking tool
to assess the organization’s current data maturity, and determine where you want to
see your organization in terms of data maturity in the next year or two.
The data governance maturity model that we propose in this section, for the purposes
of assessment of data governance maturity has five levels and nine dimensions. Each
of these dimensions in turn have further five levels of maturity in alignment with the
CMM model. The five levels of data governance maturity are described succinctly
below:
118 4 Data Governance Maturity Models
• Data standards;
• Data ownership;
• Data stewardship;
• Data compliance;
• Data architecture—data access and security;
• Data quality; and
• Metadata.
The descriptions for data governance dimensions with respect to maturity are
summarized in Table 4.2.
As we see in Table 4.2, each of the data governance dimensions has several aspects
to them, which can be considered as sub-dimensions. For example, the extent of
awareness, comprehensiveness of the data governance program, senior management
support, roles and responsibilities to govern data, data governance metrics, the rigor of
conflict resolution, the involvement of supporting organizations in data governance,
and identification of data publishers/producers and data consumers are all subdimen-
sions of the overall data governance dimension. Each of these subdimensions need
to be defined and assessed, when data governance maturity is assessed.
For example, at the lowest level of maturity, that is, level 1, no data governance
roles exist. At the next maturity level, that is, at level 2, some data governance
roles exist, though they are not formally defined. At level 3, some pockets of data
governance roles are defined but not throughout the enterprise. At level 4, many
data governance roles are extensively and formally defined throughout the organiza-
tion, and at level 5, there is a comprehensive data governance structure established
throughout the organization.
With respect to data governance metrics subdimensions, at the lowest level, there
are no formally defined data governance metrics. At the next maturity level, that
is, at level 2, a few data governance metrics may be defined and measured in small
pockets on an adhoc basis. At level 3, more data governance metrics are defined and
measured at predefined intervals, but results are not published or tracked. At level 4,
there is an extensive set of data governance metrics defined and measured with results
being published but not tracked. At the highest level of maturity, that is, at level 5,
there is a comprehensive formal set of data governance metrics that are measured at
pre-defined intervals and the results are published and tracked.
Dimensions Description
A Overall data governance Overall data governance maturity describes the extent of awareness, comprehensiveness of the
data governance program, senior management support, roles and responsibilities to govern data,
data governance metrics, rigor of conflict resolution, involvement of supporting organizations in
data governance, identification of data publishers/producers, and data consumers
As the organization matures, the data governance program awareness grows, data governance
programs spread from few business units to across the organizations, management support for
data governance increases, roles become more formalized, supporting organization’s
involvement in data governance grows, data governance metrics evolve, and conflict resolution
process evolves and becomes more formal
B Data policies Data policies are a set of documented guidelines, principles, and rules for ensuring proper
management and use of metadata and data during the lifecycle of the data
Data policies maturity describes the extent of data policies’ comprehensiveness, adherence,
enforcement, distribution, data policies development and change, and ease of understanding of
data policies
As the organization matures, the comprehensive formalization of data policies increases, the
process for developing, changing, and approving data policies, the distribution and enforcement
of data standards also evolve and mature, and the quality of data policies in terms of ease of
understanding and currency also increases
C Data standards Data standards contain specific low-level mandatory controls for supporting and enforcing data
policies
Data standards maturity describes the extent of data standards’ comprehensiveness, adherence,
enforcement, distribution, development, change, and ease of understanding of data standards
As the organization matures, the comprehensive formalization of data standards increases, the
process for developing, changing, and approving data standards, the distribution and
enforcement of the data standards also evolve and mature, and the quality of data standards in
terms of ease of understanding and currency also increases
(continued)
4 Data Governance Maturity Models
Table 4.2 (continued)
Dimensions Description
D Data ownership Data ownership is the accountability for the data including data capture and enforcement of
business rules related to the data
Data ownership maturity describes the extent of data ownership comprehensiveness, definition
of data ownership roles and responsibilities, business understanding of data, training, familiarity
with and use of tools, and data users’ familiarity with data owners
As the organization matures, data ownership also evolves in lines of formalization of roles and
responsibilities, comprehensiveness, understanding of data, training, their level of expertise and
ease of accessibility of the data owners
E Data stewardship Data stewardship relates to managing data sets in an organization, which do not belong to the
stewards themselves. Data stewardship is the operational facet of a data governance program
that involves the actual routine work of governing the enterprise’s data (Plotkin 2013)
Data stewardship maturity describes the extent of data stewardship comprehensiveness,
4.6 Data Governance Maturity Assessment
Dimensions Description
G Data architecture—data access and Data architecture—data access and security refers to mechanisms to allow secure access to data
security for read, write, delete, and modify actions for ensuring security in data access and transfer
Data architecture—data access and security maturity describes the extent of security imposed
for data access and transfer, system interfaces, and maturity of data access middleware
components in the organization
As the organization matures, the architecture around data access and transfer matures in terms
of restricted direct access and restrictions on system interfaces; comprehensiveness of
middleware components; and evolution of policies and guidelines around the same
H Data quality Data quality discipline relates to the effective management of data assets in an organization by
assessing the quality of data, cleansing data, improving processes around capture, processing,
storage, and maintenance of data
Data quality maturity describes the extent of assessing and addressing quality of data prior to
application design, use of data quality metrics, standardization of data fields, the extent and
maturity of the data quality tools
As the organization matures, data quality also evolves along the lines of data quality awareness,
knowledge of data quality dimensions and their usage, usage of data quality metrics,
standardization of data fields, comprehensiveness and usage of data quality tools, and data
quality activities shift from reactive to proactive where possible with increasing levels of
maturity
I Metadata Metadata is data about data or data which is used to understand the data
Metadata maturity describes the extent of metadata capture and content, metadata access,
metadata maintenance, and integration of metadata repositories with other tools
As the organization matures, metadata also evolves in lines of extent of capture and management
of metadata in the enterprise, metadata repositories, metadata maintenance, and access
4 Data Governance Maturity Models
4.6 Data Governance Maturity Assessment 123
Table 4.4 Table format for recording the current and future state for data governance
Dimensions Current maturity Target maturity Metrics Expected
level level outcomes
A Data
governance—overall
B Data policies
C Data standards
D Data ownership
E Data stewardship
F Data compliance
G Data architecture—data
access and security
H Data quality
I Metadata
Table 4.5 Sample table for recording the current and future state for data governance
Dimensions Current maturity Target maturity Metrics Expected
level level outcomes
B Data standards 2 3 50% reduction in 25% increase in
data regulatory
inconsistency compliance
quality issue log would be the ideal state, but for a large and complex organization
whose culture is to solve data quality issues on an adhoc basis, getting all groups
in the organization to work together to maintain a single DQ issue log is a huge
cultural change, which is likely to fail. Instead, a short term goal would be to get
one group to maintain a DQ issue log, establishing governance processes around
tracking data quality issues, establishing roles, responsibilities, and accountabilities
around capturing, analyzing, tracking, and resolving data quality issues, getting all
stakeholders to agree on the process, and then follow the process. The next steps
would be to expand it across other groups, so that each group has a DQ issue log,
with a group data governance office reporting into the CDO, and then progress to
have a single enterprise issue log.
4.7 Summary
Several data governance maturity models, which focus on the data governance aspects
have been discussed in this chapter. Some maturity models like DCAM and CMMI
apply to data management. What is common across all these maturity models is the
advanced maturity from strictly reactive to predictive as you move from the bottom
4.7 Summary 125
level to the top level. It is not possible to compare these models, as their metamodels
are different.
While data governance maturity models provide milestones at each level, which
need to be aligned in order to ascend the data governance maturity ladder, it should
be kept in mind that these maturity models are not a prescription but a guiding
framework, that you can use to baseline your organization’s data governance maturity,
and set goals to move up the data governance maturity curve.
Also, depending on your organization’s size, structure, culture, resourcing, and
budget, your organization might be in a position to take only baby steps. While the
journey up the data maturity curve is not an easy one and cannot happen overnight,
the benefits can be monumental. As an organization climbs slowly up the maturity
ladder, it becomes more data driven, and its data risks decrease while operational
efficiency and ROI increases.
The results of maturity assessment carried out using one data governance maturity
model should not be compared with the results of maturity assessment carried out
with another maturity model as their subject areas and the content within the subject
areas are not the same. An organization should consistently use the same maturity
model that is aligned with its data governance practices to assess its DG maturity.
While one of the data governance maturity models discussed in this chapter may
suit your needs and be a 100% fit, depending on your organization context, strategy,
and business goals, you might need to tailor the data governance maturity model
dimensions to suit your needs.
Also, each organization has its unique culture and nuances. The elements in the
data governance maturity model will depend largely on what the organization is trying
to accomplish and how the data assets can enable that intent. You can create your own
maturity model from the mix of several data governance maturity models presented
in this chapter. Also, it is important to keep in mind that the data governance maturity
model is not static, and continues to evolve and mature as the data governance field
continues to evolve, and organizations continue to learn how to manage and leverage
data and act on the learning.
In response to the question regarding the association of the data governance matu-
rity levels with business benefits, John A. Zachman, author of “The Framework for
Enterprise Architecture” (The “Zachman Framework”), Zachman International and
Shannon Fuller, Director of Governance Advisory Services, Gray Matter Analytics
had to say the following (Mahanti 2021):
John A. Zachman: “… I would associate the business benefits of the data governance
maturity levels precisely the same as the business benefits of the Capability Maturity
Model pattern …”.
Shannon Fuller: “The key is to demonstrate how the data governance processes
enable/support the strategic initiatives of the organization.”
He went on to explain with an example of master provider data to improve on-
demand care in the healthcare domain as follows—“in healthcare, most providers
are moving to provide more on-demand care. That program cannot be successful
126 4 Data Governance Maturity Models
without knowing who your providers are, what they can do, and where they practice
i.e. Mastering Provider, …” (Mahanti 2021).
As highlighted by George Firican, Director of Data Governance and Business
Intelligence at UBC DAE and Founder of www.lightsondata.com, in his interview
(Mahanti 2021),
There is a direct correlation between the maturity of the data governance program and the
business benefits. At early maturity stages, the organizations reap few, if any, benefits from
their data. As data governance emerges, ROIs become more apparent, until the highest
maturity state of the program when the organizations only rely on data-based decisions and
treat this asset as a means to gain a competitive advantage.
References
Alder SB (2006) The six questions every organization should ask about data governance,
IBM Corporation. http://globalforum.items-int.com/gf/gf-content/uploads/2014/04/GF_2007_S
teven_Adler.pdf. Accessed 10 Apr 2018
Becker J, Knackstedt R, Poppelbu¨ss J (2010) Developing maturity models for IT management? A
procedure model and its application. Bus Inform Syst Eng 1(3):213–222
Chen W (2010) Kalido data governance maturity model, Kalido white paper
Crosby, PB (1979) Quality is free: the art of making quality certain. McGraw-Hill, New York
DataFlux Corporation, The data governance maturity model establishing the people, policies and
technology that manage enterprise data. A dataflux white paper
Gibson CF, Nolan RL (1974) Managing the four stages of EDP growth. Harv Bus Rev 52(1):76–88
IBM Corporation (2007) The IBM data governance council maturity model: building a
roadmap for effective data governance. https://www-935.ibm.com/services/uk/cio/pdf/leverage_
wp_data_gov_council_maturity_model.pdf. Accessed 31 July 2018
Informatica Professional Services (2015) Data governance assessment discover the business value
behind data governance, service offering. https://www.informatica.com/content/dam/inform
atica-com/global/amer/us/collateral/service-offering/en_data-governance-assement_service-off
ering_2804.pdf. Accessed on 31 July 2018
Mahanti R (2021) Data governance and compliance, Springer Books, Springer, number 978-981-
33-6877-4
Mettler T (2010) Maturity assessment models: a design science research approach. Int J Soc Syst
Sci 3(1):81–98
Nolan RL (1973) Managing the computer resource: a stage hypothesis. Commun ACM 16(7):399–
405
Salido J, Patrick V (2010) A guide to data governance for privacy, confidentiality, and compliance
part 4: a capability maturity model, Microsoft white paper
Sun H (2011) Enterprise information management: best practices in data governance. Oracle
Corporation, An Oracle white paper on enterprise architecture
Chapter 5
Data Governance Components
and Framework
Abstract Data governance framework (DGF) is one of the key factors in the
successful implementation of data governance. The three main components of data
governance are people (roles, responsibilities, working groups and committees),
processes, and tools and technology. In this chapter we will discuss each of these
components and how they interact with each other. The common functional titles used
in data governance are defined in this chapter. This chapter discusses the different data
governance roles and responsibilities, data stewardship, data ownership, processes,
standards, and policies. The different data governance bodies and committees have
also been discussed briefly in this chapter. Data stewards often fail and the failure
reasons have been discussed in a separate section. Different types of data stewards
have been discussed in succinct fashion in this chapter. There are different data
stewardship models and these have been discussed in this chapter. The different
characteristics of a data policy and the components of a data policy document have
been discussed in a lucid fashion in this chapter.
Sub-opƟmal
Process and Technology without People
and under-used systems
FrustraƟon, ineĸciency,
People and Process without Technology and high operaƟonal cost
– The system owners who are accountable for capture of the data and storing the
data in the system?
130 5 Data Governance Components and Framework
– The owners of the system who provision data to the downstream systems?
– Teams who manage the data capture?
– The teams that manipulate the data?
– The intermediate system owners?
– The target data system owners?
– Consumers of the data?
– Business or IT?
• Who can do what with the data, and under what circumstances, that is, what are
the boundaries regarding the access and usage of data?
• Who should define and approve, what can be done with the data?
Supply Chain
CRM Management
System
Data warehouse
Nomenclature
- Touchpoints
- User
There needs to be collaboration, alignment, and consensus regarding the data and
the related aspects around data (like data access, data security, data uses, and data
related roles), amongst these stakeholders which needs an adequate framework as
well as organizational structures for the data governance program with roles and
responsibilities at different levels, working groups, committees, policies, processes,
operating model, and rhythms that are best suited for the specific organization.
In this chapter, we will discuss the data governance framework, the data gover-
nance organizational structures, policies and processes, data ownership, data stew-
ardship, the different models of data stewardship, and the different data governance
operating models.
Processes
• Proactive;
• Reactive; and
• Ongoing data governance processes.
Data governance has several interacting components, which can be grouped under
three broad heads:
• People;
• Process; and
• Tools and technology.
Figure 5.4 shows the interactions and relationships between these high-level
components.
The people are at the heart of a data governance program. People collaborate to create
formal, standard and consistent policies, processes, rules, and standards across the
organization.
In order to achieve this, you need to define your data governance operating model,
the organization structures and bodies, define and assign clear roles, responsibilities,
accountabilities and decision rights, and establish the operating rhythm. There are
some functional titles in data governance that are commonly in use (See Fig. 5.5).
Data Producer
The data producer is an individual, organization, system, interface, device, or service,
who/which is responsible for generating, capturing, or providing data according to
the data consumers’ requirements.
Data Publisher
The data publisher is an individual, organization, system, interface, or service
who/which provisions data, and makes it available for consumption or for use in
the enterprise.
134
Roles and
responsibilities Establish and follow
Measure/
monitor
Automate
Metrics &
controls Measure/
monitor
Fig. 5.4 Data governance—interaction of the people, process, and technology components
5 Data Governance Components and Framework
5.4 Data Governance—The People Component 135
Data
Data
Publisher
Custodian
DG
Functional
Titles
Data Data
Steward Consumer
For example, in case of external data, the data producer is outside the organization;
the data publisher acquires, stores the data, and makes it available and accessible to
systems and people within the organization. The data producer and the data publisher
can be a single entity when the data is created as well as provisioned by the same
entity.
Data Consumer
The data consumer is a person (or group) who uses data for a specific purpose. The
data consumer is responsible for defining and prioritizing the uses of data, defining
the business and quality requirements in relation to the data, and verifying whether
the data is fit for use.
Data Owner
The data owner is an individual who has ultimate accountability and approving
authority for specific data sets, and usually holds a position in the senior management
to ensure that they have the power to make decisions for their specific data sets. The
data ownership is discussed in the section—“Data Ownership” in this chapter.
Data Steward
The data stewards are individuals responsible for the day to day management of data
sets in their specific business units or as per their assigned processes. We will discuss
136 5 Data Governance Components and Framework
data stewards and data stewardship in detail in the section—“Data Stewards and
Data Stewardship” in this chapter.
Data Custodian
The data custodians typically belong to the information technology area, and are
responsible for technical activities related to data including data storage, making
changes to the physical data models, IT infrastructure, data transfer, technical imple-
mentation of business rules and data quality rules, implementing technical controls
for ensuring data quality, and data protection. The common job titles for data custo-
dians are data designers, data modelers, database administrators (DBA), and ETL
developers.
The data stewards and data custodians work closely to ensure that their organi-
zation complies with the enterprise data management standards/policies, and that,
critical data-related issues are escalated to the appropriate data governance boards,
in a timely manner (Zaidi 2012).
While the data governance program structures and bodies are rarely the same across
organizations, there are some common component structures at different levels
(namely, executive, strategic, tactical, and operational) and support teams to facilitate
and coordinate activities across these different levels (see Fig. 5.6).
It is a good practice to have an executive steering committee for large orga-
nizations. The executive steering committee which is at the top data governance
organization chart, is the ultimate decision-making body and consists of the exec-
utive sponsor, C-level executives, IT leadership, and business leadership from all
key areas in the organization such as marketing, finance, human resources, and the
data governance manager. The executive steering committee provides strategic direc-
tion, defines roles, prioritizes data initiatives, ensures resourcing, facilitates overall
collaboration, and oversees the progress and success of a data governance program.
At the strategic level, the data governance council makes high-level decisions
in relation to data governance. It is a cross-functional group consisting of the data
owners from the key business areas and representatives from IT depending upon the
objectives of the organization’s data governance program.
In organizations that do not have an executive steering committee, the data gover-
nance council will also have executives. The data governance council is responsible
for reviewing and approving the data policies, data processes, data roles, and resolve
conflicts that cannot be solved at a data stewardship level.
At the tactical level is the data stewardship council which makes the data related
decisions. As the name suggests, the data stewardship council is made up of business
data stewards in the organization, and is headed by the enterprise data steward. The
responsibilities of the data stewardship council include driving data quality improve-
ments, acting as an advisory body for enterprise-level data standards, guiding princi-
ples and policies with the authority to approve new standards and changes to existing
standards, managing and resolving data issues, communicating the data governance
vision and objectives across the organization, communicating business rules using
data, communicating data related decisions of the data stewardship council and data
governance board to the data consumers, defining, designing and fine-tuning data
governance processes, reviewing and evaluating data governance performance and
effectiveness, providing a forum to collaborate and obtain consensus on definitions,
data quality issue resolution, policies, and processes, and enforcing uses of agreed
on business terminology (Plotkin 2013).
At the operational level, it is the data stewards who are responsible for the day
to day management of data in their specific business unit or as per their assigned
processes, such as identification of data that will be used by the business unit
and creating data definitions for the data, definition of rules around management,
usage, retention, access of data in line with the data policies, classifying data, identi-
fying, documenting data issues, and communicating the issues to right people in the
organization when necessary.
Executive Steering Committee
138
Data Stewards
SMEs responsible for taking care of specific
data assets including CDEs identification, data
Operational issue resolution, data access and usage
management, metadata management, data
definition management, establishing DQ
metrics.
• facilitate and support data governance and
data stewardship activities
• coordinate activities of the different data
governance structures at the different levels
provide technical support for data governance
5 Data Governance Components and Framework
The data governance office (DGO) and information technology partners are two
structures that act as support teams when implementing data governance.
Gwen Thomas in her article “Establishing a Data Governance Office” likens the
data governance office to a project management office, and states that a DGO would
be to data, what a PMO (project management office) is to projects.
The Data Governance Office (DGO) or data governance team facilitates and
supports data governance and data stewardship activities including running the data
governance program, keeping track of data stakeholders and stewards, providing
liaisons to other data initiatives like data quality, data security, data warehousing,
and other programs, such as compliance [TDGI], providing timely communication
to all stakeholders, and establishing and tracking data governance metrics.
The DGO facilitates and coordinates activities of the different data governance
structures at different levels. The DGO is headed by the data governance lead. The
composition of the DGO is driven by the focus and goals of the organization’s data
governance program and the size of the organization.
For small organizations, the data governance office may have only one person,
the data governance lead who is a data expert, has a strong political acumen as well
as understands the culture of the organization. However, finding all these skills in
one person is a rare feat and hence, the data governance office is often headed by
an individual, who has an understanding of the information management discipline,
with strong influencing and political skills to handle people issues, supported by data
architects and data analysts to help with the technical details.
Large organizations might need to have an enterprise data governance office
[EDGO] and departmental data governance office (DDGO) for each department,
which reports into the enterprise data governance office. The departmental data
governance offices headed by their respective department data officers handle data
governance activities at the departmental level, and work with the data stewards and
data owners in their department to resolve issues, institute data policies, processes,
and also interact with the other DDGOs.
Not all organizations elect to introduce a formal DGO structure. Instead, they
employ individuals such as data architects and data analysts who perform the
functions that would typically be assigned to a DGO [TDGI].
The information technology partner is the IT peer to the data governance lead
(O’Neal 2011) and is responsible for the implementation of the data governance
technical roadmap, securing the IT infrastructure on behalf of the business units
that own or have responsibility for data, and assuring that sensitive data, regardless
of format, is protected at all times by using approved equipment, networks, and
other controls, implementing business and data quality rules for maintaining and
improving data quality, automating the capture and tracking of data governance
metrics, automating the creation, capture, and maintenance of metadata, and ensuring
that all “strategic” data is modeled, named, and defined consistently.
An activity matrix which defines the activities that should be performed and with
what frequency, the deliverables, which groups, committees, teams or individuals are
responsible, accountable, consulted and informed, who needs to know about them
and how often they should be reviewed, not only helps create a mapping between the
140 5 Data Governance Components and Framework
data related activities and the stakeholders, but also helps the organization understand
the amount of work involved in terms of the time and effort of the involved groups
and stakeholders.
When you design your data governance program, it is important to decide on
an operating model and understand the data governance structures and bodies that
you will need, how these structures will fit into your operating model, and what
their responsibilities are with respect to data governance. Data governance operating
models will be discussed in the section - “Data Governance Operating Models” in
this chapter.
The composition of the data governance bodies and their responsibilities will be
driven by what data governance program is set to achieve in the organization. For
example, the data governance council composition will be different for an organi-
zation aiming at improving data quality, from another organization that is focused
on ensuring data privacy. The time commitment that will be needed, and what is
expected of the participants will also need to be clearly defined to set appropriate
expectations.
Most organizations will already have certain structures and will already be imple-
menting data governance to a certain extent. It is best to leverage these structures
and see how the additional responsibilities or new ways of working can be imple-
mented while causing minimum disruption. It is also necessary to define an operating
rhythm, which refers to the set of meetings with clear defined agendas that need to
be scheduled to drive, manage, and sustain the data governance implementation in
an organization. Without an operating rhythm, there is a high chance that activities
that need to sustain a data governance program will stop. A right mix of weekly,
monthly, quarterly, and annual meetings with clearly defined agendas need to sched-
uled with the right mix of people with the right focus. For example, there should be
a process associated with data issues management and a regular operating rhythm
should be established for managing data issues. The register that tracks issues should
be maintained and weekly meetings with the right stakeholders (data producers, data
stewards, data custodians, and data consumers) should be scheduled and take place
to track progress and help resolve issues. Quarterly meetings can be held with the
data owners to highlight the results.
belong to any one individual in the organization, but is under the collective ownership
of the enterprise. Organizations generally store data that belongs to someone else,
for example, employees, customers, suppliers, and vendors. The data are used by
different business functions to meet their respective needs.
While an organization captures a lot of data, it sometimes also acquires data sets
from external vendors; for example, financial services organizations acquire credit
risk data from organizations like Experian.
In the past, individuals or departments have equated data ownership with exclusive
possession, and with this perception of entitlement, power, and control, they have
made changes to the data, and business rules involved in the transformation of data
or its underlying data architecture to satisfy their business needs, without consulting
or even notifying other stakeholders, who have dependencies on the original data,
which have resulted in adverse impacts (example, production failures, delay in the
production of critical reports, and broken business processes). The same perception
of possession and control has led to the departments maintaining duplicate copies of
the same data and transforming data to suit their unique needs resulting in data silos
and inconsistencies (Talburt and Zhou 2015).
From a data perspective, the second definition applies with respect to ownership-
data ownership is the attitude of accepting responsibility for data and taking control
of how it develops.
In the words of Shannon Fuller, Director of Governance Advisory Services, Gray
Matter Analytics, “Data ownership is ultimately about assigning accountability for
making decisions about data.” (Mahanti 2021). Taking these factors into considera-
tion, with respect to data, ownership is accepting responsibility for the data, taking
control, and making decisions regarding how data is managed, shared, transformed,
accessed, and used.
The data does not belong to a single individual in an organization, and hence, clear
accountabilities in relation to data must be assigned to roles in the organization, and
individuals (or teams) may fill these roles, and these individuals or teams are called
the data owners.
The data owners can be thought of as approving authorities. The data owners
approve rules to create and capture data that are made by the data stewards, authorize
changes to data and/or its definitions that are proposed by data stewards or data
stakeholders, and have a final say on the quality of the data, as well as in the conflict
resolution process.
Establishing and enforcing data ownership can be challenging as the data moves
through different systems in an organization and are transformed to meet busi-
ness requirements. While business units who are subject matters experts for their
respective business functions and corresponding data that are used by their business
processes and have the official accountability for the data quality, there are other
business units who use the data and might require the data to be transformed in a
certain way, and then there are technical teams who actually implement the business
rules for data to be stored and reported as per business requirements.
The technical teams might implement business rules to transform the data based
on requirements of the business unit who is not ultimately accountable for the data
142 5 Data Governance Components and Framework
and without approval from the data owners, it could result in a lot of confusion as
the data owners cannot be held accountable for the data quality.
The data governance team needs to ensure that the processes are in place for
making changes to the data and also to educate teams on the approval authorities.
Data stewards is one of the key roles in data governance and data-driven organiza-
tions. Data governance is the exercise and enforcement of rules, processes, policies,
practices, standards, controls, metrics and decision rights, and people accountabili-
ties to manage data as a strategic enterprise asset; hence, people have a critical role to
play in data governance with the data stewards representing the largest proportion of
those people, with most cumulative knowledge about the enterprise data, including
uses of the data and the problems associated with data. As stated by David Plotkin
in his book “Data Stewardship”
The data stewards represent the largest population of those people, as well as the most
knowledgeable about data. They are, therefore, the keystone of the data governance program.
One of the most critical parts of the organization are the data stewards, who must work
together to determine ownership, meaning, and quality requirements for their data.
Given data stewards is one of the key data governance roles, one question that
frequently gets asked is the number of data stewards needed in an organization. Dan
Power states “A rule of thumb I’ve used is ‘one data steward per $1 billion in annual
revenue’ but of course that can’t be a hard and fast rule.”
The number of data stewards would vary depending on a number of factors such
as the complexity of the business processes and data landscape in the organization,
the extent to which processes are automated, the data quality tools, and the data
governance tools available for use (Power 2014).
Data stewardship is “the set of activities that ensure data-related work is performed
according to the policies and practices as established through governance” [The Data
Governance Institute [b]]. Data stewardship is the operational facet of a data gover-
nance program that involves the actual routine work of governing the enterprise’s
data (Plotkin 2013).
David Plotkin states (Plotkin 2013):
Data stewardship consists of the people, organization, and processes to ensure that the
appropriately designated stewards are responsible for the governed data.
Data governance is often confused with data stewardship but they are not the
same. Data stewardship implements policies and standards that are created by data
governance, while data governance oversees the enforcement of the data stewardship
activities. Without data governance, data stewardship would have no policies or stan-
dards to implement across the organization (Smith 2016), and data stewards would
5.4 Data Governance—The People Component 143
be forced to develop policies and standards in a tactical fashion, and manage their
enforcement, resulting in inconsistent standards and policies across the organization.
The responsibilities of a data steward include data issue resolution, data access,
and usage management in accordance with data access and data usage policies respec-
tively, metadata management, data definition management, assisting in the assess-
ment, creation, and modification of data policies and standards, ensuring compli-
ance with data governance policies, identification of critical data elements, and
establishing comparative importance of data elements to prioritize initiatives, under-
standing the data quality needs for specific business requirements and defining data
quality rules, and assisting in definition, management, and implementation of data
governance metrics (Plotkin 2013).
A data steward would need to act as a mediator between the business and IT, and
in this- a data steward satisfies the core definition of the steward that is—a person
who is responsible for managing something on behalf of someone else. Hence, a data
steward should have good interpersonal skills- collaboration, relationship building,
and negotiation skills.
While the data owner is ultimately accountable for the data, its definition and quality,
has final approval rights regarding the data, and has a role in the construction of data
policies, a data steward takes care of the data so that they are fit for purpose.
There is a perception that these two roles are the same, though that is not the case.
The perception perhaps stems from the fact, that in some small organizations, data
owners and data stewardship responsibilities are fulfilled by the same individual.
While data owners may delegate some of their responsibilities to the data stewards
assigned for the specific data set, the ultimate accountability of those responsibilities
being fulfilled rests with the data owner. Also, in the absence of a data steward, the
data owner is required to carry out the data stewardship duties in addition to his own
responsibilities.
While data stewardship is one of the key people components of data governance, data
stewards often fail. This is because data stewards are often assigned hastily, without
proper focus in situations such as a central point of contact is required for distributed
systems with heterogeneous large volumes of data [Dyché and Polsky]. They are
often not empowered to make decisions, or do not have the authority to resolve, and
are reduced to just being figureheads.
As pointed out by Andres Perez, Information Management Consultant and
President of IRM Consulting, Ltd. Co. (Mahanti 2021),
The job of the data steward is complex and requires proper leadership, organizational capa-
bility, and training. The complexity comes from the fact that a steward must learn to work
across the organization with a keen focus on collaboration and compromise (negotiation).
144 5 Data Governance Components and Framework
Organizations either create a full time role for data stewards or select data stewards
from existing staff in related subject areas, and give them responsibilities for data
stewardship, in addition to their existing responsibilities. In the latter case, data
stewardship responsibilities come secondary to their existing responsibilities. With
the vast volumes of data to be dealt with, data stewardship responsibilities can be
overwhelming, and the staff is not able to find time to execute their data stewardship
responsibilities. Also, the data stewards are often appointed without training them
regarding the roles, responsibilities, and accountabilities, and thus setting them up
for failure.
Data stewards are subject matter experts who understand the organization’s data,
the business context, and the usages of data. They consist of individuals who already
have good working relationships with other teams. Since each organization’s data
landscape is very unique, hiring data stewards would not work, as understanding the
data landscape and building relationships takes time, but sometimes the organizations
do hire data stewards owing to the resource shortage setting them up for failure.
Another reason for the failure of data stewardship is the appointment of too many
stewards or too few data stewards.
Dr. Anne Marie Smith, in her article—“Foundations of Data Stewardship” states
five reasons for data stewardship failure, namely-lack of enterprise data management
that is responsible for coordinating the various data management disciplines, lack of
enterprise data governance resulting in lack of policies and standards that guide data
stewards, corporate culture that does not embrace enterprise wide data stewardship
characterized by absence of executive sponsorship and senior management support,
lack of defined roles and responsibilities for data stewards, and lack of measurements
and metrics for the data stewards’ success (Smith 2011).
The data stewardship role involves a great degree of collaboration and negotiation
with different business units, which is directly proportional to the degree to which
the data is shared. Data is a shareable enterprise asset with data related to certain
entities like ‘customer’ shared more than the others. More the data is shared, the
higher are the chances of conflicts, and greater collaboration and negotiations are
needed on part of the data stewards.
Jill Dyché and Analise Polsky in their SAS Best Practices white paper—“5 Models
for Data Stewardship” provide 5 frameworks to choose from when launching data
stewardship as shown in Fig. 5.7.
5.4 Data Governance—The People Component 145
Examples:
Product, Events,
Data Party, …
Stewards by
Subject
Examples:
Examples:
Area Sales,
ERP, CRM, … AccounƟng,
Data Data MarkeƟng, …
Stewards by Stewards by
Systems Data Functions
stewardship
model
Examples: Examples:
Data Order-To-Bill,
warehousing Data Customer Service,
project, … Data Stewards by Procurement, …
Stewards by
Projects Business
Processes
Organizations typically have a large number of subject areas or data domains like
party, product, finance, and events. Each data domain can have subdomains; for
example, the party domain can be divided into customers, employees, vendors, and
suppliers.
In the “data steward by subject area” model, the data stewards are appointed by
data domain or subdomain or specific subject area which they manage and have
expertise in, and are known as the data domain stewards or the data object stewards
[Dyché and Polsky].
Advantages of this model are that there is a clear delineation with each data
steward being responsible for their data domains or sub data domains, there is a one
go-to person with regards to questions related to the respective subject areas and
data stewards gain a greater understanding of their respective subject area with time
in relation to business and data quality rules. However, the cons of this model are
that, it can be difficult to find an individual with expertise in a data domain, with
the likelihood of finding such a person is less, when the domains are complex and
very large. Other challenges include difficulty in tying the data stewards to business
initiatives and unwillingness to assign a single point of control for a subject area to
a single role [Dyché and Polsky].
146 5 Data Governance Components and Framework
Organizations have different business units and departments like sales, accounting,
marketing, legal, risk, and human resources, with each business unit/department
being in charge of the specific business functions.
In the data stewardship model by function, the data stewards are appointed from the
business units/departments. They have an understanding of the departmental business
processes and an established relationship with the business users, and understand how
these processes work and how business users use the data. These stewards are known
as the business or functional data stewards. Hence, they have a good understanding
of the context and uses of data.
However, departments or business units typically touch more than one subject area
or data domain, and while each data steward has a good understanding of the data
requirements in his/her respective department, they do not have an understanding of
the data requirements of other departments. They typically work in isolation without
collaborating with the other departments and business units, thus resulting in silos of
data, inconsistent models, and conflicting definitions and standards. This can become
a serious bottleneck when organization try to move towards a single view of data,
and would need a strong data governance model to resolve the difference between
the departments, and achieve consensus, consistency, and standardization.
This stewardship model is suitable for organizations that have mature enterprise
level business processes, and at the same time have a strong sense of their enterprise
level business processes from start to finish, and understanding of how these business
process touch and use data. Data stewards are assigned to discrete business processes
in this stewardship model and are known as process stewards.
The number of data stewards assigned to the business process depends on the
complexity of the business process. It is not uncommon to have several data stewards
for complex business processes. Typically, a business process touches multiple data
domains and hence, the data stewards assigned to a specific business process would
also be responsible for multiple data domains, the specific business process touches.
Also, since there is a likelihood of more than one data domain being touched by these
processes, like in the “data steward by function” model, the data stewards typically
work in isolation when it comes to data requirements for the business process that they
are assigned to. Hence, without strong data governance, there will be inconsistent
data definitions and data models.
5.4 Data Governance—The People Component 147
This model of data stewardship is a practical and quick method to introduce data
stewardship by using the project as a base to develop the data skill sets and then
ramp up to a broader scale beyond the project boundaries. In case of failure to ramp
up, it will end with the project which will have a finite end date [Dyché and Polsky].
In large organizations and complex data landscapes with mature data governance
and data stewardship, data stewardship might have a mix of models and consists of all
the five types of data stewards—business data stewards, technical data stewards, data
domain stewards, process data stewards, and project data stewards. The business data
stewards understand the needs of the business stakeholders and work with technical
data stewards, data domain stewards, process data stewards, and project data stewards.
The project data stewards bring the data related issues or queries originating in the
project to the business data stewards whose responsibility is to resolve and answer
them. The technical data stewards answer system related queries of the business and
data domain stewards. The process data stewards answer process specific queries of
business data stewards.
In addition to these roles, organizations can have additional stewardship roles like
the operational data steward who assists business data stewards with research and
analysis, the coordinating data steward who coordinate activities of the different
types of data stewards, the enterprise data steward who leads the team of data
stewards, the executive data steward who serves on the data governance council,
and the chief data steward who chairs the data governance bodies in lieu of the chief
data officer.
148 5 Data Governance Components and Framework
Alternatingly, an organization could have only two types of stewards- the business
data steward and the technical data steward who work together with data owners to
ensure that the data is fit for purpose. In smaller organizations, the data steward
and the data owner can be seen to merge into one role. The data stewardship and the
data ownership strategy adopted by the organization is determined by the resourcing,
skill set, the IT budget, the organization’s data landscape, and the data risks that need
to be addressed. Figure 5.8 summarizes the different types of data stewards that an
organization can have.
Chairs the DG
bodies in lieu Serve on the data
of the CDO governance council
Appointed by the
specific data domains
that they manage
Chief Executive
Data Leads the data
Answer process Data steward team
Data Steward Steward
specific queries of
Domain
business data
Steward
stewards
Enterprise
Data
Process Steward
Data
Steward
Types of
Data
Stewards Coordinating
Data
Technical Steward
Data Coordinates activities
Steward of different types of
data stewards.
Answer technical
queries related to Business Operational
data. Data Project Data
Steward Data Steward
SMEs who are Steward
Assists business
authorities on the Acts as intermediary stewards
data sets they between the project and
manage business data stewards
Under this broad category, we will discuss the following elements of data governance:
• Principles or data principles;
• Policies or data policies;
• Guidelines;
• Processes;
• Rules; and
• Standards or data standards.
Data principles are high-level statements about what an organization wants to achieve
by implementing data governance. They should not be confused with goals or poli-
cies. Goals are desired results, whereas principles guide an organization throughout
its life.
The data principles are more basic than data policies, and should be brief and to the
point, while having clarity. Dr. Anne-Marie Smith in her article “Data Governance
Guiding Principles” states that it is important to establish a set of points (which she
calls guiding principles) in a continuing program like data governance which enables
the organization to focus on the fundamental value of data management within the
organization, and how it will support its business goals (Smith 2016). Some examples
of data principles are as follows:
• Data must be treated as a strategic enterprise asset.
• The quality of critical data assets should be defined, assessed, managed, and
monitored throughout the data life cycle.
• Data must be managed so that the data complies with internal and external laws
and regulations.
• There should be clear accountabilities around data.
• Enterprise data should be standardized.
Policies form the building blocks of corporate governance and its sub-disciplines.
Similarly, data policies are building blocks of data governance. There is a common
misunderstanding that data governance is all about creating and enforcing policies
around data. However, while policies are an important component of data gover-
nance, data governance is not only about documented policies. Data governance is
150 5 Data Governance Components and Framework
much more than just policy making, with systematic audits, reconciliations, metrics,
processes, compliance reviews, and quality control activities.
The data policies are a collection of statements of an organization’s intent or
rules controlling the several data related activities and operations—creation, capture
and/or acquisition, retrieval/requests, transformation, management, quality, protec-
tion, sharing, and usage of data throughout its lifecycle. Data policies are formal,
brief, and describe the do’s and the don’ts at a high level in relation to these data
related activities in a clear and concise manner, so that those executing the policies
can make an informed decision.
However, data policies do not provide implementation details or solutions for
issues. In other words, data policies outline “what to do” and “what not to do”,
but NOT “how to do”. Failure to adhere to data policies may result in disciplinary
action. The data policies are further defined by data standards, rules, and processes.
The data policies should not be written in isolation, but should be written by engaging
all the relevant data stakeholders, and should align with the data principles as well as
elaborate on the data principles. For example, drafting a data security policy requires
a collaborative effort of the data owners, chief security officer, security architects,
and chief data officer.
Becky Metivier in her article—“Seven Characteristics of a Successful Information
Security Policy” outlines seven characteristics of a successful information security
policy, namely, endorsed, relevant, realistic, attainable, adaptable, enforceable, and
inclusive (Greene 2014). These characteristics are applicable to all data policies and
have been described in Fig. 5.9.
Every organization has a different data and technology landscape, has different
business needs of data, and is impacted differently by laws and regulations (both
internal and external), and hence, the data policies are not the same across all orga-
nizations. This is reinforced by Nicola Askham, in her article “How to Write a Good
Data Governance Policy”.
For a policy to be really useful (i.e. help you implement data governance successfully) it
needs to be written with your organization in mind…
The changes in the business needs of data, organizational changes, new laws,
regulations, and changes in existing laws and regulations may need data policies to
be revised. Hence, the data policies need to be reviewed from time to time, and the
review frequency of each data policy needs to be defined and noted in the respective
data policy. The updates to existing policies should be made only after proper assess-
ment and understanding of the impact of the changes, and how revising the existing
policies would address the same. The data governance committees should evaluate
and approve all modifications.
The data policies are generally created and maintained as electronic documents,
and maintained in document and content management systems (for example, Docu-
mentum and SharePoint) through the inbuilt version control mechanisms in these
systems and access controlled through the document classification. In addition, there
should be a version history in the policy document that indicates who made what
changes to the policy and when.
Policy must align
with the principles
and goals of the
organizaƟon
Policy has support
of the Relevant
management
Policy must make
Endorsed Realistic sense and reflect
reality
stakeholders Characteristics
Policy can be
Inclusive AƩainable successfully
implemented
Overview/
Summary/
Background
Reference Information
Documents Policy Purpose
Policy
Maintenance & Data Policy
Review Components Policy Scope
Frequency
Enforcement &
Implementation Definitions
Policy
Principles
the data classification policy and data classification standards in the “Reference
Documents” section.
The data policies typically address the areas such as data classification, data
security, data access, data usage, compliance, and data governance structure as
follows:
The policy outlining the data governance structures in the organization is known as the
data governance structure policy. The data governance function is generally shared
amongst executive sponsors, data governance office headed by a C-level executive,
data governance committees and working groups, data owners, data stewards, data
custodians, and data consumers. The data governance structure policy outlines the
structures and the key data related roles and responsibilities with respect to the
management of the organization’s data assets. It essentially outlines the roles and
responsibilities around data (for example, data access, retrieval and usage, storage,
destruction, and backup to ensure adequate management and protection of data) best
practices.
All data assets are not equal. Organizations store data that have different levels of
sensitivity, criticality, confidentiality, and privacy requirements, which drive access,
storage, security, usage, and quality requirements.
The data classification policy classifies an organization’s data based on their sensi-
tivity and risk profiles and encompasses all data acquired, owned, created, managed,
stored, and disseminated (both internally and externally) by the organization. The
data classification policy and the data classification schemes have been discussed
in detail in Chap. 3 in the second book of the series—Data Governance and Data
Management.
The data access policy ensures that the authorized individuals have appropriate access
to organizational data and information in alignment with the organization’s data
security and privacy policies, internal and external regulations, and data classification
policy. The data access is driven by a number of factors as follows:
Organizations by nature are data hoarders. However, storing data longer than needed,
not only takes up storage, requires maintenance, and has associated costs, but also
might conflict with the compliance requirements.
The data should be only retained for the timeframes that are needed for business
reasons in compliance with legal, contractual, and regulatory requirements. Not all
data have the same retention requirements. The data retention policy is a set of
5.5 Data Governance—The Process Component 155
guidelines that describes what data will be kept for how long, guidelines related
to backup, and whether data is archived or destroyed at the end of the retention
period, business reasons for retaining data, and other factors relating to the retention
of the data. There are various factors like compliance, legal, contractual, regulatory,
and operational requirements that can have conflicting needs when it comes to the
retention of data.
The data records management policy outlines guidelines around how data records
are created/captured, maintained, and deleted.
The data quality policy defines the organization’s approach to data quality and
outlines the guidelines in terms of roles and responsibilities and processes for main-
taining high quality data in order to manage activities, and meet internal and external
requirements to demonstrate accountability through accurate reporting and data
quality dimensions. The data quality policy should include the in-scope data and
should include the data quality threshold for critical data.
5.5.3 Guidelines
processes. Unlike policies that are mandatory, guidelines are not mandatory, but
recommended, and may not apply in all situations. Like policies, guidelines need to
be reviewed periodically too, but more frequently, as changes in environments can
trigger a change in guidelines.
5.5.4 Processes
Processes are methods or set of steps to support the various activities needed to
govern data as well as implement the data policies in the organization. While policies
define what to do, processes establish how to do. It is highly recommended to have
formal, documented, consistent, and repeatable processes for governing data, which
includes establishing processes for implementation of data policies, identification
and prioritization of critical data elements, naming and data definitions, business
rules documentation, changes to the data model, assessing data risks, reporting, data
quality issue management (including raising, escalating, tracking, and resolution
of data quality issues), establishing data ownership and data stewardship, decision
rights and conflict resolution, defining data governance council membership changes,
incorporation of controls, and monitoring metrics.
Processes should also be defined for capture/acquisition, processing, storage,
maintenance, access, distribution, deletion, archival, and purging of data. Both
reactive and proactive processes need to be defined when governing data.
Controls are used to mitigate risks associated with data or processes that can
adversely impact data. Controls can be both manual and/or automated. The descrip-
tion of the control, frequency or event triggering the control, and who is in charge
of the control needs to be established and documented. When there are changes to
the processes, controls need to be reviewed and modified as necessary. Changes to
processes might also necessitate new controls to be incorporated.
Risks can be found throughout the data life cycle, starting from creation or acqui-
sition of data to the end of the data lifecycle characterized by deletion or purging of
data.
For example, the errors might happen during manual data entry, and validation
controls can be implemented to prevent these from happening. If certain fields on
the form are mandatory, then validation controls can be implemented to prompt the
user to enter a value, before he is allowed to submit the form, or the submit button
can be disabled with a message on the screen, prompting users to enter values for the
empty fields. Additional controls can be implemented to prevent junk values. Another
example of control is when data are transferred between systems, count of records
and audit logs can help check the completeness of the data records. Manual controls
would involve someone manually checking the number of records on the source
and destination side and in case of missing records, someone manually sending the
missing records as a part of remediation.
5.5 Data Governance—The Process Component 157
Automated controls involve both the data file and control file containing file
specifics like name, date, time of transfer, number of records, and an automated
process comparing the number of records in the control file and the number of records
in the data file sent; rejecting the file and triggering the source system to send the data
again, if the number of records mentioned in the control file do not match with the
number of records in the data file. Sometimes, the controls cannot be implemented
for a risk or the controls may not be effective, in which case remediation activities
need to be defined, to correct the issue.
Like policies, processes need to be reviewed from time to time, and revised as
needed. The changes in organization structure, revision of existing data policies, new
laws, and new regulations or modifications of existing laws and regulations are some
reasons that might need a change in the processes.
Rob Karel categorizes data governance processes in his article “Data Governance:
The 4 Process Stages” into four different process stages (Karel 2014) (see Fig. 5.11):
• Discover,
• Define,
• Apply, and
• Measure and monitor.
As the name suggests, discover processes document the current or as-is state of
the organization’s data governance maturity, and helps define policies, standards,
and processes based on the future state of the organization. The gaps between the
current state and future state are also documented. Hence, the discover process stage
outcomes drive the define process stage (Karel 2014).
The define processes document data definitions, naming conventions, taxonomies,
relationships, as well as the policies, rules, standards, processes, measurement
strategy and metrics that must be defined to operationalize data governance (Karel
2014).
The apply processes operationalize and ensure compliance with all the data
governance policies, business rules, stewardship processes, workflows, and cross-
functional roles and responsibilities captured through the discover and define process
stages (Karel 2014).
The measure and monitor processes capture the effectiveness and progress of data
governance implementation. These processes help in identifying whether the data
governance implementation is moving towards the intended goal. If the measure-
ments indicate an issue, then an assessment needs to be carried out to discover the
problem spaces and leads to the discover process stage.
While processes detail the “how to” support activities needed to govern data, they
might not be sufficiently detailed, in which care step by step instructions in the form
of procedures are needed.
Define current state of data
158
Discover
process
Apply
process
Rules encompass the business rules and the data quality rules. Standards allude to data
standards. Rules and standards ensure consistent results from people and processes
using them.
Data standards define a frame of reference on representation, format, meaning,
structuring, transmission, and management of data elements. Examples of data
standards include data naming standards, data modeling standards, data transfer
standards, and data security standards.
Like the data policies and processes, the data standards must be adhered to across
the enterprise, and there should be a review process defined to ensure that the data
standards are up-to-date.
Adherence to data standards and rules can be measured by defining thresholds, and
assessing data against these thresholds to gauge conformance and quality. However,
enforcing data standards consistently and standardizing data across systems is not as
simple as it seems. First, you need all the relevant stakeholders to help define these
standards. Then you need to define the processes and rules, and implement controls
to make these happen. If your organization has operations in multiple countries then
this complicates matters even further.
For example, consider the standardization of addresses. At the grassroot levels,
you would need all stakeholders to agree on how you want different address compo-
nents captured. These would then be converted into business rules for data capture
and rules to map existing values to the standardized values. For example, the decision
may be to capture the state name in full without abbreviations. However, while some
countries like the US have states, some like the UK have county and hence, this needs
to be taken into consideration when planning for standardization.
It is important that individuals across the organization have a common under-
standing of the enterprise data, what the data represents, and the business terms that
represent this data (Mahanti 2019).
A Business Glossary also known as data glossary, and is a repository that has a
definition of terms across business domains, specific to the industry and organization,
which is shared across the organization. A business glossary is not just a list of
terms and definitions. Other valuable metadata such as transformation rules, data
owners, data stewards, description of any exceptions, and variations are also included
(Mahanti 2019).
While data governance is mostly about people and processes, tools and technology
facilitate and enable data governance through automation, scaling, augmentation,
and auditability. Organizations store large volumes of data, and data governance
160 5 Data Governance Components and Framework
Before delving into data governance operating models, let us understand, what oper-
ating model and governance operating model mean. As per Wikipedia, an operating
model is both an abstract or visual representation (model) of how an organization
delivers value to its customers or beneficiaries, as well as, how an organization
actually runs itself [Wiki- Operating Model].
Scott Baret, partner, Governance, Regulatory and Risk Strategies, Deloitte &
Touche LLP, who also serves as a global leader, Financial Services Enterprise Risk
Service, Deloitte Touche Tohmatsu Limited defines the governance operating model
as follows:
A governance operating model is the mechanism used by the board and management to
translate the elements of the governance framework and policies into practices, procedures,
and job responsibilities within the corporate governance infrastructure.
When asked about factors that should be taken into consideration while choosing
a data governance operating model for an organization, Jill Dyché, Principal, Jill
Dyché, LLC. stresses on culture while George Firican, Director of Data Governance
& Business Intelligence at UBC DAE and Founder ofwww.lightsondata.com, stresses
on the size of the organization, the organizational structure and that of its operations,
the main drivers, and complexity of its business, and technical environment (Mahanti
2021).
The data governance operating models can be of the following types (see
Fig. 5.12):
• Top Down;
• Centralized;
• Decentralized;
• Hybrid;
• Federated; and
• Crowdsourced.
5.7.2 Centralized
In this model, the decisions are made by a dedicated centralized group at the enter-
prise level who consider all the options, impacts, value, and risks before making a
decision that best suits the organization, and the business units are responsible for the
implementation. As stated by George Firican in his interview statement, this model
works for small organizations (Mahanti 2021).
Adopted in organizations with a
162
Crowdsourced Centralized
Federated Decentralized
5.7.3 Decentralized
This model is the direct opposite of the centralized model, with no single point of
data governance ownership. Most data governance programs start in this fashion and
have a relatively flat structure with informal data governance bodies. This model is
relatively quick to establish and implement. However, the informality of the data
governance bodies makes it difficult to sustain the program long term. Also, there
are issues with the shared data ownership and reaching consensus on shared data
issues is also difficult (O’Neal 2015). As stated by George Firican in his interview
statement, a decentralized model work well for an organization that has dispersed its
operations to several remote locations (Mahanti 2021).
5.7.4 Hybrid
5.7.5 Federated
This model is very closely related to the hybrid model and is a mix of both
the centralized and the decentralized models with additional layers of centraliza-
tion/decentralization. The data governance execution and implementation are decen-
tralized, with a single point of contact and accountability at an enterprise level. While
the federated model empowers divisions with differing requirements and provides the
ability to focus on specific data entities, divisional challenges, or regional priorities, it
has the disadvantages of having too many layers and autonomy at the business level,
and can be a challenge to coordinate across the organization. Also, it is difficult to
find a balance between the line of business priorities and enterprise priorities (O’Neal
2015). As stated by George Firican in his interview statement, the federated model
is suitable for organizations that have complex business and technical environments
(Mahanti 2021).
164 5 Data Governance Components and Framework
5.7.6 Crowdsourced
The term crowdsourcing was coined by Jeff Howe in his article “The Rise of Crowd-
sourcing” published in the June, 2006 issue of the Wired magazine. It is a combination
of the words – “crowds” and”outsourcing “ (Goodrich 2013).
Crowdsourcing can be described as getting work done from the crowd (a commu-
nity that is willing to participate and agrees to do work voluntarily) by using their
concepts, skills, and ideas to create content or facilitate the creation of content. When
applied in relation to data, each individual has equal and full rights as a data citizen
and is encouraged to participate freely (Christiaens 2016).
Phil Watt, Director, Elait Australia, states that (Mahanti 2021),
Over the last 2-3 years, a new approach to data governance has emerged and it is gaining
traction focused on a crowd-sourced or collaborative approach to governance.
With the self-service model, more and more business users have direct access to
the data and have a very good understanding of the data, as well as its context. While
the top down and the centralized approach to data governance offer stricter control,
these approaches will fail to capture this distributed data community knowledge into
the policies, processes, and standards for data governance.
Crowdsourcing data governance helps tap into this community which has exten-
sive knowledge and understanding of the data, but has no control. Crowdsourcing is a
good method to gather information. However, as individuals have different contexts
of data usage and different understanding of the same data, depending on different
levels of users involved, some level control is needed to ensure that the data is fit for
purpose and compliance requirements are also met.
Phil Watt, Director, Elait Australia is a strong advocate of the crowdsourced
approach with a layer of oversight to ensure regulatory compliance. In his inter-
view, Phil states the companies that he has seen adopting this approach (including
Airbnb and eBay), success had been sustained by allowing the community of analysts
to govern themselves, with a layer of oversight for privacy and security to ensure
regulatory compliance. In his words (Mahanti 2021):
I prefer the crowd-sourced approach driven by automation and collaboration capability…
For this to succeed; it must also have a layer of oversight to ensure regulatory compliance.
There is no single approach, framework, or a right way of doing data governance. The
different components of data governance—people, roles and responsibilities, organi-
zational structures, principles, policies, processes, rules, standards, and metrics will
always be there, irrespective of organizations when implementing data governance.
However, these components will be different for each organization. Hence, the data
governance approach consisting of these components, for any two organizations
could be very different, or somewhat similar, but can never be exactly the same.
5.8 Concluding Thoughts 165
References
Christiaens S (18 Aug 2016) Crowdsourcing data governance. Last accessed on 10 April 2020,
from https://www.collibra.com/blog/crowdsourcing-data-governance
Dyché J, Polsky A 5 Models for data stewardship, SAS best practices white paper
Frican G (April 2019) Surprising data roles you should know about. Lights on data blog. Last
accessed on 10 April 2020, from https://www.lightsondata.com/3-surprising-data-roles/
Goodrich R (Feb 2013) What is crowdsourcing? Business news daily. Last accessed on 10 April
2020, from https://www.businessnewsdaily.com/4025-what-is-crowdsourcing.html
Greene S (29 Mar 2014) Security program and policies: principles and practices, 2nd edn. Pearson
IT Certification
Howe J (2006) The rise of crowdsourcing. Wired Magazine 14(6):1–4
https://deloitte.wsj.com/riskandcompliance/2013/06/11/governance-operating-model-a-tool-for-
more-effective-board-oversight/
Jackson K (8 Mar 2018) Breaking down barriers with master data management and data governance,
session #249, HIMSS18. Last accessed on 10 April 2020, from https://365.himss.org/sites/him
ss365/files/365/handouts/550234736/handout-249.pdf
Karel R (2 Jan 2014) Data governance: the 4 process stages, informatica blog, https://blogs.inform
atica.com/2014/01/02/the-process-stages-of-data-governance/#fbid=iE2S7g10MP2
Macmillan Dictionary, ownership definition. Last accessed on 10 April 2020, from https://www.
macmillandictionary.com/dictionary/british/ownership
Mahanti R (2019) Data quality: dimensions, measurement, strategy, management and governance.
ASQ quality press, Milwaukee WI. pp. 526. ISBN: 9780873899772
Mahanti R (2021) Data governance and compliance, Springer Books, Springer, number 978-981-
33-6877-4
Metivier B (8 Feb 2016) Seven characteristics of a successful information security policy”, Sage
advice—cybersecurity blog. Last accessed on 10 April 2020, from https://www.sagedatasecurity.
com/blog/seven-characteristics-of-a-successful-information-security-policy
Mustimuhw Information Solutions Inc., (2015) Data governance framework. Last accessed on 10
April 2018, from https://static1.squarespace.com/static/558c624de4b0574c94d62a61/t/558c75
a5e4b0391692159c81/1435268517023/BCFNDGI-Data-Governance-Framework.pdf
O’Neal K (2011) The role of IT in business-led data governance, b-eye-network. Last accessed on
10 April 2020, from http://www.b-eye-network.com/view/15165
O’Neal K (July 2015) Identifying the right operating model for your organization: a step toward
sustainable data governance. Last accessed on 10 April 2020, from http://www.b-eye-network.
com/blogs/oneal/archives/2015/07/the_right_operating_model.php
166 5 Data Governance Components and Framework
Abstract Data governance metrics is one of the key factors in the success of data
governance. Data governance is often seen as a lot of overhead and hence, you need
meaningful metrics to show progress periodically. A section in this chapter has been
dedicated to discussing the characteristics of a good data governance metric. Organi-
zations often do not realize that they are measuring a wrong metric. A few indicators
that serve as warning signs and tell you that you need to revisit and revaluate your
data governance metrics are discussed in this chapter. This chapter also describes a
few data governance metrics categories, provides guidance on choosing and docu-
menting metrics, and provides some examples of data governance metrics for readers
to choose from, and track their data governance program. It is important to give a
relevant and compelling view of the data to the top management and stakeholders
to communicate the metrics and progress of data governance in an effective manner.
Dashboards and scorecards have been discussed briefly in this chapter too.
You have a data governance strategy in place, you have set up organizational struc-
tures to implement data governance and you are to set to embark on the journey
of implementing data governance. Now what you need is to define the right data
governance metrics to track the progress and effectiveness of your data governance
program!
In legendary mananagement thinker, Peter Drucker’s words, “You cannot manage
what you can’t measure,” applies to data governance too, and this view is also
resonated by Tony Epler, Chief Data Strategist, PricewaterhouseCoopers, and Dr.
© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2021 167
R. Mahanti, Data Governance Success,
https://doi.org/10.1007/978-981-16-5086-4_6
168 6 Data Governance—Metrics
A metric refers to a standard for measuring something. It has roots in the Greek
word “metron”, which relates to measurement. The management axiom “what gets
measured gets managed” (Willcocks and Lester 1996) applies to data governance
too. Gartner analyst Ted Friedman states (TechTarget and RSD)
Organizations have to develop data quality metrics and scorecards, and they have to have a
repeatable approach for measuring the degree to which data conforms to their policies, and
they need to make the results visible to people so they can take action.
This is because data governance like data is intangible. With respect to the data
governance metrics, it is important to understand what to measure, why you are
measuring it, how to measure it, and how these metrics would help the organization
to take adequate preventive or corrective actions to stay on course to attain business
objectives.
There needs to be an agreement on the metrics to be measured from all the data
governance stakeholders. The metrics should be driven by the goals that data gover-
nance is set to achieve and the context in which they are applied. Metric measurement
and review should be a periodic process and not a one-off event. At the heart of metrics
is data. Metrics are derived from data either already sitting in repositories or gathered
through surveys.
In Chap. 2, we established “Data Governance Metrics” as one of the critical
success factors for successfully implementing data governance in an organization.
A data governance program is a systematic and continuous improvement program,
and measurement not only establishes the effectiveness, impact as well as value, and
6.1 Data Governance Metrics—Introduction 169
enables the reporting progress of the program to your senior management and key
stakeholders, but also maintains control over the data governance processes.
In order to show that the data governance program is benefiting the business,
you need appropriate metrics—both to measure the results of the data governance
program as well as activities of those involved in data governance- for example, data
stewards and data management professionals.
A single metric rarely gives you a complete picture in relation to the progress
or value of data governance; generally, a set of metrics is required to collectively
evaluate the progress and impacts. Data governance is often seen as a lot of overhead
and hence, you need meaningful metrics to show progress periodically, and when
senior management asks questions like (also see Fig. 6.1)
Where are we at with data governance?
Is the data governance program working?
Is the data governance program making a difference?
What have we achieved so far?
How close are we to attaining our business goals?
How will we know that we have achieved our business goals?
Is the data governance progress being measured?
How is the data governance progress being measured?
Are we heading in the right direction?
While a lot of things can be measured, it is important to keep in mind that not
all measurements are value-adds, and hence, you should not measure everything.
As stated by Kelle O’Neal, Founder and CEO of First San Francisco Partners in a
How will we know that
170
Fig. 6.1 Data governance questions to which metrics can provide answers
6.2 Desired Characteristics of Data Governance Metrics 171
Metrics should be related to the business objectives and at the same time be able
to provide meaningful insights that management can relate to and understand.
Data governance metrics should have the following characteristics (see Fig. 6.2).
Meaningful
A data governance metric should be meaningful, and assist stakeholders to understand
important aspects of their processes. It is important to ensure that measurements are
translated into a value statement that the stakeholders can use as key performance
indicators.
Measurable
Meaningful Relevant
Aligned Owned
DG Metrics
Characteristics
Time
Trackable,
Actionable Repeatable,
&
Comparable
Transparent Accessible
Auditable
Auditable
A data governance metric should be auditable. Auditable means that it should be
possible to examine and verify the metric. In order for a metric to be auditable, it
should be easy to find and examine the source data, the metadata, and the calculations
involved in producing the metric results. Metrics that can stand inspection result in
greater trust and confidence.
174 6 Data Governance—Metrics
Often, the data governance teams do not realize that they are measuring the wrong
metrics. Below are a few indicators that serve as warning signs, and tell you that you
need to revisit and reevaluate your data governance metrics.
• Metrics are difficult to measure and require a lot of effort.
• Metrics are ambiguous and misinterpreted by the stakeholders.
• Metrics collection is a time consuming and costly exercise.
• You have too many metrics, and you cannot figure out what is important, and if
and how these metrics are linked.
• Measurements are either inaccurate or inconsistent, or the underlying data used
to derive the metrics are inaccurate or inconsistent.
• Metrics involves complex calculations and are difficult to understand or use by
stakeholders.
• While metrics do show progress, they are not aligned with the business goals or
are not within the business context.
• Stakeholders cannot relate to the metrics.
• Absence of common understanding of a particular metric amongst the different
stakeholders.
• There is no clarity as to how metrics are calculated.
• Metrics do not influence outcomes; that is, you cannot control the outcomes, as
there is no action plan for improvement, if the metrics show a downwards trend.
If you cannot drive any improvements, then there is no use measuring it.
• Metrics are not easily accessible.
• Metrics are not driving the intended action.
• Metrics are not linked to decision making.
An organization should outline the objectives and requirements for measuring and
reporting on the statistics and progress of the data governance program. The data
6.5 Data Governance Metrics Identification and Selection 175
governance metrics should be identified based on the business goals you want to
achieve, and the metrics should be agreed with the stakeholders, before implementing
the data governance program. There are several methodogies that tie goal with metrics
such as Goal Question Metric (GQM) and FAST Goals approach [adapted from the
Function Analysis Systems Technique (FAST)], for alignment, prioritization and
value (Basili et al. 1994; Siviy et al. 2008; Siviy; McAllister; Siviy and Ismail).
The metrics identified should directly or indirectly be able to measure the health
and progress of the data governance program. This is because you need to know where
you are at, before implementing the data governance program, in order to define where
you want to be, and what is the threshold for the metric—as in the minimum and/or
maximum value the metric can have without adverse impacts. Hence, data governance
metrics should be defined at the beginning of the data governance program.
The data stewards who are subject matter experts and analysts with detailed knowl-
edge of the data should generate ideas for quantitative and qualitative metrics. The
data stewards can propose metrics to the data governance council. The data gover-
nance council should review and approve the metrics. Steps should be taken to
ensure that all business units or departments in the organization have a common
understanding of the metric. There should be documented standards for the metrics,
which should be shared with the stakeholders to avoid confusion and misleading
decisions arising from false assumptions.
The threshold should be established for each metric in the approved list of metrics
keeping in mind that business units or departments have different thresholds and
weightings.
Metrics should be captured and tracked regularly to review progress against the
threshold. You need to analyze the gap, as in the difference between the actual
value and the threshold value, perform root cause analysis to understand underlying
causes, and accordingly outline an action plan consisting of a mix of tactical, strategic,
corrective, preventive, short term, and long-term activities to attain the desired metric
results.
While the corrective activities are reactive and are used to resolve the problem
after the occurrence, preventive actions are focused on preventing the problem from
surfacing in the first place. Figure 6.3 shows the high-level steps involved in the data
governance metric measurement.
Six Sigma is a quality improvement technique that was adopted by Motorola in
1985, to improve its product quality and improve customer satisfaction.
If we look at Fig. 6.3 carefully, then we can say that it very closely aligns with
the Six Sigma DMAIC methodology that has 5 phases- define, measure, analyze,
improve, and control.
As the names suggest, the define phase involves defining the problem, the future
desired state, and the dimensions for measurement (in this case metrics); the measure
phase involves measuring the current state, and the gap between the current state and
future state for the metrics defined in the define phase; the analyze phase involves
using techniques like root cause analysis and pareto charts to analyze the gaps to
understand and prioritize the causes of the problem, and propose recommendations
and solutions; the improve phase involves implementing solution options; and the
control phase involves implementing controls to sustain the solution, through moni-
toring and measurement, creating a cyclic process. If the controls are not effective,
1
176
Monitor and
Get Establish measure
Identify metric at
stakeholder metric
metrics regular
agreement threshold
intervals YES
Does metric
meet
threshold
requirements
?
1
NO
Perform root
Execute action Devise action
cause Analyse gap
plan plan
analysis
6 Data Governance—Metrics
the root causes need to be investigated and addressed, with control improvement
plans defined, agreed, and implemented.
Once you have identified all the metrics, you would also need to establish the
frequency with which you need to capture and monitor these metrics, and publish
and store all the metrics in a secure and centralized repository, to track the progress
with the metrics over an extended period of time and for audit purposes. If the metric
trends downward and falls below the defined threshold, you would need to investigate
and find the underlying causes and have action items to address the same. It is also
important to identify which metrics contain confidential or sensitive information,
and the audience who should be exposed to the metric, and who should be restricted
from having access to the metric.
The data governance metrics will continue to evolve as the data governance
program gains momentum, evolves, and/or its scope changes. Metrics need to be
reviewed from time to time for appropriateness and uniqueness, so that the metrics
that are no longer needed, and the ones that are duplicate or similar, can be removed
from the repository. A data governance program will have different components, and
metrics need to be categorized and prioritized. Figure 6.4 shows the high-level steps
in the maintenance of data governance metrics.
When selecting a data governance metric, it is important to consider whether the
metric covers a single business unit, multiple business units, or the entire organization,
or parts of a process, or end to end processes. It is recommended to focus on the
complete process rather than the parts of a process. When you choose data governance
metrics, it is important to consider, whether the metric is addressing a high-risk area,
Store all
metrics in a
secure
repository
Categorize
and prioritize
metrics
Data governance metrics can be classified into different group sets with an overlap
of metrics between these categories as shown in Fig. 6.6. These group sets are as
follows:
• Quantitative and Qualitative.
• Progress, Verification, and Impact/Value.
• People, Process, Technology, and Data.
• Efficiency, Enablement, and Enforcement.
These are two basic broad categories of data governance metrics based on objective
versus subjective measurements as summarized in Fig. 6.7.
People
Metrics
Process Data
Metrics Metrics
Technology
Metrics
Efficiency
Metrics
Enablement Enforcement
Metrics Metrics
Qualitative Quantitative
Metrics Metrics
Fig. 6.7 Data governance quantitative and qualitative metrics with examples
There are three broad categories of metrics to measure the development of the
data governance program—the extent to which the data governance program is
functioning as per the design, the value being generated by the data governance
program, the impact it is making, and the extent to which the data governance
program is achieving business goals as summarized in Fig. 6.8. This metrics cate-
Fig. 6.8 Data governance progress, verification, and impact/value metrics with example metrics
182 6 Data Governance—Metrics
gory is in line with Jeannine Siviy’s FAST Goals approach which uses progress,
technical/operational/quality, and success metrics (Siviy 2017).
Data governance progress metrics track the development of the data governance
program (Mahanti 2021), as in how much is accomplished when compared to a
targeted value. Some examples include:
• Number of domains that have data owners identified versus the targeted number
of domains.
• Number of standards developed versus target (as per Dr. John Talburt’s interview
statement in Mahanti 2021).
• Number of lines of business/functional areas/departments/system areas that
have committed stewardship resources versus the targeted number of lines of
business/functional areas/departments/system areas.
• Number of processes with RACI defined versus the targeted number of processes.
• Number of datasets/ data elements catalogued (as per Dr. John Talburt’s interview
statement in Mahanti 2021).
There may have been milestones that you have set at the beginning of the program,
and you might want to see how you are tracking on these milestones at defined
intervals.
As stated by Dr. John Talburt, Acxiom Chair of Information Quality at the University
of Arkansas at Little Rock, and Lead Consultant for Data Governance and Data
Integration with Noetic Partners Inc., data governance verification metrics track the
degree to which the data governance program is actually working as designed. “These
are usually measured by policy and standards reviews and the degree to which they are
enforced and adhered to. The extent to which employees and processes are compliant
to policies and standards and deviations from the policies and standards is the key
here. Examples of verification metrics would include the number or percentage of
employees and processes not compliant with policies and standards (Mahanti 2021).”
In Dr. John Talburt’s words, verification metrics are very much DG quality measure-
ments in the sense that they measure the degree to which the data management
processes conform to the DG policy and standards, just as data quality is the degree
to which the data conform to the data quality requirements (Mahanti 2021).
6.6 Data Governance Metrics—Categories and Examples 183
Data governance impact/value metrics measure the value the data governance
program is generating, the impact it is making, and the extent to which the data
governance program is helpful in achieving business goals (Mahanti 2021). These
are also known as validation or success metrics. The business goal should be tracked
and measured (Mahanti 2021). As stated by Dr. John Talburt—“Validation metrics
are some of the most important but the ones often left out.”
Some examples of these metrics include:
• Increase or decrease in customer attrition.
• Customer retention rates.
• Percentage increase or decrease in regulatory compliance (as per Dr. John Talburt’s
interview statement in Mahanti 2021).
As data governance revolves around people, process, technology, and data, you
should have quantitative and/or qualitative metrics to measure the progress and effect
of data governance along each of these dimensions. Figure 6.9 summarizes these
metrics.
There is often a misconception as data governance is related to data, having
a data centric metric is sufficient, but that is not the case. This is because data
enables business, hence, people, processes, decisions, and interactions that the data
is enabling, and the technology and systems that support the same also need to be
taken into consideration when considering data governance metrics.
Example Metrics
• Number of people trained on
data governance
• Customer satisfaction index
score
Data Technology
Example Metrics
• % of critical data elements that
cannot be traced to the source
of origin
• % of missing customer address
data Process
Example metrics
• Number of standards and
processes linked to a policy
• % of processes with RACI
defined
Fig. 6.9 Data governance metrics—people, process, technology, and data with example metrics
• Number of people that participate actively as business data stewards (Smith 2016).
• Number of lines of business/functional areas/departments/system areas that have
committed stewardship resources.
While the above metrics may not exhibit business value, they will aid early stage
data governance efforts, show progress and adoption to its sponsors, and battle
cultural issues as they work to operationalize data governance. The above metrics
can be also thought of as implementation metrics with people as metadata.
The following qualitative people metrics can give an insight into the impact of
data governance:
• Increase or decrease in the customer satisfaction index score—via surveys.
The following quantitative people metrics can give an insight into the impact of
data governance:
• Increase or decrease in customer attrition.
• Customer retention rates.
The following qualitative people metrics can provide an insight into the progress
of data governance:
6.6 Data Governance Metrics—Categories and Examples 185
An effective data governance program leads to improved data quality. Data metrics
are operational metrics related to data issues, and usually revolve around the data
quality dimensions. When related to data quality dimensions, they are also known
as data quality metrics. Table 6.2 shows some of these metrics.
The coverage of data quality metrics (as per Laura Sebastian-Coleman’s interview
statement in Mahanti 2021) is also an important metric that can help gauge the extent
of data whose quality is being assessed/ monitored. While the data quality metrics in
Table 6.2 gives an indication of data quality, there is a need to convert these metrics
into business outcomes to show the business value. Table 6.3 shows examples of
business outcomes related to some of the data quality metrics discussed in Table 6.2.
6.6 Data Governance Metrics—Categories and Examples 187
While objective data quality dimensions (for example, completeness and duplica-
tion) can be measured quantitatively, subjective data quality dimensions (for example,
trustworthiness and believability) can be measured qualitatively through surveys.
188 6 Data Governance—Metrics
Mahesh Krishnan in his article for data governance for financial institutions groups
data governance metrics into three broad categories as follows (Krishnan 2013) (see
Fig. 6.10).
• Efficiency metrics;
• Enablement metrics; and
• Enforcement metrics.
Metrics that illustrate how data governance programs help improve the effectiveness
of your organization. Examples of efficiency metrics include:
• Percentage of customer attrition.
• Customer retention rates.
• Percentage reduction in time spent on manual adjustments and reconciliations.
• Data quality metrics.
• Data model quality metrics.
Example Metrics:
• Percentage of customer attrition
• Customer retention rates
Efficiency
Metrics
DQ
Metrics
Enablement Enforcement
6.6 Data Governance Metrics—Categories and Examples
Metrics Metrics
Example Metrics: Example Metrics:
• Percentage of critical data and • Accuracy and timeliness of risk
processes with ownership calculations and aggregations
• Percentage of critical data • Percentage of conformance to
elements with no lineage and data management standards
traceability captured
189
Fig. 6.10 Data governance metrics—efficiency, enablement, and enforcement metrics with example metrics
190 6 Data Governance—Metrics
Metrics that illustrate what data governance program allows organizations to do now,
that could not be done before. Examples of enablement metrics include:
• Percentage of critical data and processes with ownership.
• Data quality metrics.
• Data model quality metrics.
• Percentage of critical data elements with no lineage and traceability captured.
These are the metrics that illustrate how a data governance program helps to impose
corporate mandates and standards. Examples of enforcement metrics include:
• Percentage of critical data elements with no lineage and traceability captured.
• Accuracy and timeliness of risk calculations and aggregations.
• Percentage of conformance to data management standards.
• Percentage of critical data and processes with ownership.
• Data quality metrics.
• Data model quality metrics.
As we see there is an overlap, with data quality metrics and data model quality
metrics serving as efficiency, enablement and enforcement metrics.
to understand the extent, data contributes to customer centric issues and role data
governance plays in resolving those issues and achieving better customer outcomes.
For example, a customer survey revealed low customer satisfaction due to delayed
deliveries and bad quality products. 75% of the dissatisfied customers cited delayed
deliveries whereas 25% cited bad quality products. Root cause analysis revealed the
following:
• Bad quality product was a result of a manufacturing problem and not related to
data.
• Majority of delayed deliveries were caused due to data issues (for example,
outdated or missing address data) and the rest were caused due to issues external
to the organization (for example, shipments lost in transit or delayed by customs).
Implementing data governance and data quality initiatives to resolve address data
quality issues would typically result in improved address data quality that could be
tracked through data quality metrics, which in turn would lead to improved customer
satisfaction.
This section provides a large number of metrics. Depending on the focus of an
organization’s data governance program and business requirements related to the
data assets, the relevant metrics need to tracked. Some metrics will not be relevant
for a given scenario. For example, if the compliance is the data governance program
driver, customer attrition and retention metrics will not be relevant.
It is important to document the details related to data governance metrics. Table 6.4
shows the parameters that should be documented, reviewed, and approved by the
relevant stakeholders. Any changes to the data governance metric parameters should
be agreed upon amongst the stakeholders, and updated in the data governance metric
documentation, so that it is up-to-date. For example, if a decision is made to change
the data governance metric measurement frequency and the metric formula, the data
governance metric documentation should be revised to reflect the same, after all
stakeholders have agreed upon it.
It is important to give a relevant and compelling view of the data to the top
management and stakeholders to communicate the metrics and progress of data
governance in an effective manner.
192 6 Data Governance—Metrics
Dashboards and scorecards can be used to measure, monitor and report the
progress of an organization’s data governance program to the data governance
stakeholders at periodic intervals, for example, quarterly or bi-annually.
A dashboard is a visual representation tool that visually tracks, analyses, consol-
idates, and displays metrics and key data points in a way, that is easy for the end
user to understand and use. It can help monitor the progress and effectiveness of data
governance in your organization. Dashboards are interactive and have filtering, drill-
down functionalities, and show different slices and dices of data that can improve
decision making.
6.8 Dashboard and Scorecards 193
Dashboards is a presentation layer that gives the summarized view and drill down
facilities allow you to drill down into the greater level of details and more granular
data. They are customizable to meet the explicit needs of a department and organiza-
tion. For example, you might design a dashboard to report on the data quality metrics
say for instance completeness of key data entities, such as customer or product, and
provide drill down facility to go to the data element level of each entity.
While dashboards and scorecards are sometimes used interchangeably, a scorecard
is a tabular visualization of the measures and their respective targets with visual
indicators, to see how each measure is performing against their targets at a glance
(Chiang 2011).
Scorecards typically consist of several characteristics in the form of 8 to 15 ques-
tions, answers to these questions, and scores assigned to the answers. Generally, the
greater the score, the lesser is the risk.
Scorecards keep a tally of the score against the target. They provide a snapshot of
performance, but they do not explain the reasons that led to the final score. This is
the purpose of a dashboard. While a dashboard displays several metrics, it does not
intrinsically tell the user whether the results are positive or negative; this is left up to
the user’s own interpretation of the data.
Dashboards offer attractive charts and graphs on the status of data compliance
(Sarsfield 2009). There are a number of dashboard platform options as shown in
Fig. 6.11. Depending on the functional and non-functional requirements, budget,
and tool capabilities, you can choose an option that best suits your business needs,
to automate reporting the progress and impacts of data governance.
There are a number of dashboard vendors in the market, for example, Tableau,
QlikView, IBM, DataFlux, Informatica, and Trillium Software. Dashboard develop-
ment is a project in itself, and once the appropriate tool and technology for dash-
board have been identified, the data stewards, SMEs, and IT need to work together
to develop the dashboards with a project manager overseeing the project, the data
Microsoft • Excel
Office • PowerPoint
Suite • Word
• Tableau, Informatica
Vendor tools • QlikView, IBM
• Business Objects
• Customizable
Custom • Better detail
built tools • Better access control and security
Fig. 6.11 Dashboard platform options. Adapted from Rajan and Hertzler (2017)
194 6 Data Governance—Metrics
stewards and SMEs providing the business requirements, and the IT teams converting
them into technical requirements, and building the dashboards. Dashboards generally
display a set of metrics and demonstrate patterns and trends for these metrics using
technology and data, which in turn provides an insight into the risks and opportunities
that aid decision making.
However, constructing an effective dashboard does not inherently come from
technology only. It is important to locate the right data, understand the key data
characteristics, define the most effective means for visualizing the results in the form
of summarization and correlation, trends, and implications, defining business rules
for computing the dashboard metrics, and lastly designing a captivating layout in
which to present the content to the audience.
The dashboards results need to be communicated, distributed, and monitored,
and if a metric does not satisfy the threshold, then the underlying causes need to be
investigated, and an action plan consisting of corrective action needs to be devised
and implemented. As highlighted by Christopher Butler, Chief Data Officer, HSBC,
UK in his interview statement (Mahanti 2021)—“…The information, dashboards,
and processes must all fit within a holistic environment and be adapted to demonstrate
value.”
When asked about how the effectiveness of a data governance program is
measured, Tony Epler, Chief Data Strategist, PricewaterhouseCoopers states the
following (Mahanti 2021):
Like many organizations, we believe that programs, projects, and initiatives cannot be effec-
tively managed unless they are measured. Consequently, we rigorously develop, assign, and
track metrics and KPIs for all of our data governance actions and activities. We communicate
these through dashboards built on high-end data visualization techniques and technologies.
These dashboards are used internally by the CDO staff to manage the projects and initiatives.
They are also accessed by the C-suite and executive staff to monitor and demonstrate ROI,
organizational success, and compliance with overall firm strategy and business objectives.
Governance requires more than merely having policies, processes, standards, rules,
procedures, and establishing roles and responsibilities. Effective governance also
requires enforcement of the policies, processes, standards, and rules.
Metrics provide checkpoints along the data governance implementation to ensure
that the processes that have been defined in theory are effective in practice too.
Metrics also help in making mid-course corrections for making improvements to the
existing data governance model.
If metrics are not measured, then it is unlikely that you will discover what is
not working and hence, be unable to limit potential adverse outcomes by making
adjustments or improvements. Metrics create a culture of transparency and account-
ability. The right combination of quantitative and qualitative metrics, and relating
them to business outcomes can help gain continued executive support for your data
governance program. However, identifying, prioritizing, tracking, reporting metrics,
6.9 Concluding Thoughts 195
and creating dashboards is a time taking endeavor, and requires management and
financial support.
While data governance programs with no metrics to track value and progress
are generally doomed for failure, as you do not know where you are at with your
data governance implementation, having too many metrics can be overwhelming,
and obscure the important ones and not set you up for success. You should also be
careful to not select vanity metrics that sound and look nice, but add little value.
When it comes to metrics, Scott M. Graffius statement applies –
If you don’t collect any metrics, you’re flying blind. If you collect and focus on too many,
they may be obstructing your field of view.
There is no fixed number that defines the right number of metrics, or too few, or too
many metrics. Organizations differ and one organization’s business needs, objectives,
culture, action plan, and business drivers for data governance is most likely to differ
from another organization’s; hence, the metrics themselves and the approximate
number of metrics that are suitable for one organization for measuring, tracking, and
improving data governance, and demonstrating value may not be suitable for another
organization.
While sample metrics are extremely useful, and can serve as a reference for
organizations venturing into the world of data governance, metrics may have to
be customized or completely new ones may have to be established to deal with an
organization’s unique situation, business needs, and objectives. Also, metric creation
and selection is not a one-off process; it is repetitive and needs to be monitored
and reviewed. As an organization’s business objectives change, its data governance
program will also need to evolve, requiring metrics to be re-assessed and revised,
retired, or even result in the creation of new metrics. The combined set of metrics
that you choose when implementing data governance should create a balanced focus
and direction, while aligning to your desired end objectives defined in your business
case.
References
Ajilitee (2011) Ultimate guide to data governance metrics for health payers. Last accessed 1
June 2018. https://www.ajilitee.com/wp-content/uploads/2011/11/Ultimate-Guide-to-Data-Gov
ernance-Metrics-for-Health-Payers-Ajilitee-November-2011.pdf
Basili V, Caldiera VR, Rombach HD (1994) The goal question metric approach. Last accessed on
10 June 2019 from http://www.cs.umd.edu/~mvz/handouts/gqm.pdf
Chiang Alexander ‘Sandy’ (2011) What is a dashboard? Dashboard in sight. Last accessed 1 Jun,
2018. http://www.dashboardinsight.com/articles/digital-dashboards/fundamentals/what-is-a-das
hboard.aspx
Dennis AL (2017) Data governance program effectiveness by the numbers. Last accessed on 26
Dec 2018 from http://www.dataversity.net/data-governance-program-effectiveness-numbers/
Henderson L (2015) 35 metrics you should use to monitor data governance. DataFloq. Last accessed
1 Jan 2019. https://datafloq.com/read/35-metrics-monitor-data-governance/1601
196 6 Data Governance—Metrics
Jena D (2011) The need for data governance metrics to measure success. Launch Point Blog. https://
launchpointcorporation.com/the-need-for-metrics-based-data-governance/
Krishnan M (2013) Data governance for financial institutions. Capgemini. https://www.capgemini.
com/wp-content/uploads/2017/07/data_governance_for_financial_institutions.pdf
Mahanti R (2021) Data governance and compliance, Springer Books, Springer, number 978-981-
33-6877-4
McAllister Chad TEI 293: FAST Goals for better aligned product projects—with Jeannine Siviy.
The Everyday Innovator Podcast, Last accessed Jan 1, 2021. https://productinnovationeducators.
com/blog/tei-293-fast-goals-for-better-aligned-product-projects-with-jeannine-siviy/
O’Neal K (2017) Measuring data governance- progress vs. real impact, enterprise data governance
online, First San Francisco Partners, DataGovernanceOnline.com
Ries E (2010) Entrepreneurs: beware of vanity metrics. Harvard Business Review. Last accessed
on 18 Sept 2019 from https://hbr.org/2010/02/entrepreneurs-beware-of-vanity-metrics
Rajan S, Hertzler M (2017) Developing program metrics to demonstrate IG maturity. KPMG.
Last accessed on 27 Dec 2018 from http://armagg.org/images/downloads/2017_Presentations/
kpmg_pge_sf_arma_presentation_on_ig_metrics___nov_15_2017_rajan_and_hert....pdf
Sarsfield S (2009) The data governance imperative, it governance ltd, ISBN: 1849280126
9781849280129
Siviy J, Ismail N, What is your strategy? The FAST Goals© Methodology. SDLC Partners Insight
Siviy J, Kirwan P, Marino L, Morley J (2008) Strategic technology selection and classification in
multimodel environments. White Paper, Copyright 2008 Carnegie Mellon University
Siviy J (2017) Healthcare solutions: innovation vs. efficiency. SDLC Webinar
Smith A-M (2016) Identifying business value for data governance and data stewardship. EW Solu-
tions. Last accessed 1 Jun 2018. https://www.ewsolutions.com/identifying-business-value-data-
governance-data-stewardship/
TechTarget and RSD. Information governance strategy: Developing a roadmap and structure
for improving corporate information management, SearchContentManagement.com E-Book,
TechTarget. Last accessed on 22 Dec 2018. Information governance strategy: http://docs.media.
bitpipe.com/io_25x/io_25448/item_394579/RSD_sContentManagement_SO%23033718_E-
Book_053111.pdf
Willcocks L, Lester S (1996) Beyond the IT productivity paradox. Eur Manage J 14(3):279–290.
https://EconPapers.repec.org/RePEc:eee:eurman:v:14:y:1996:i:3:p:279-290
Chapter 7
Data Governance Success—Concluding
Thoughts and the Way Forward
If you can’t fly then run, if you can’t run then walk, if you can’t
walk then crawl, but whatever you do you have to keep moving
forward.
—Martin Luther King Jr.
Abstract Data governance is transpiring as a key success factor in not only data
centric organizations such as finance and professional services, but also in organi-
zations that seem to be less data centric, such as manufacturing and utilities. This is
because data is important in every organization irrespective of the industry sector,
and data governance ensures that data is treated as an asset. This chapter discusses
data governance as a key success factor and the various aspects of data governance
success in a nutshell.
Data governance is transpiring as a key success factor in not only data centric organi-
zations such as finance and professional services, but also in organizations that seem
to be less data centric, such as manufacturing and utilities. This is because data is
important in every organization irrespective of the industry sector, and data gover-
nance ensures that data is treated as an asset. As reinforced by Christopher Butler,
CDO, HSBC, UK and George Firican, Director of Data Governance & Business
Intelligence at UBC DAE and Founder of www.lightsondata.com.
Christopher Butler: “The one thing for certain is that data will become more and
more important as a differentiator for businesses going forward. Data governance is
at the heart of whether an organization will be in a position to benefit from its data.”
George Firican: “Data is an important asset and always needs to be treated and
managed as such. Data governance programs are essential in managing this asset.
After all, the engine for economic growth is no longer fueled by gasoline but more
and more by data.”
© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2021 197
R. Mahanti, Data Governance Success,
https://doi.org/10.1007/978-981-16-5086-4_7
198 7 Data Governance Success—Concluding …
However, many organizations still fail to realize the strategic value of data and
hence, also fail to realize the value of investing in data governance. A key to over-
coming this challenge is to map the corporate objectives to the underlying data in
the organization, and outline the data requirements to meet these corporate objec-
tives. It is important to assess the current state of data and data governance, outline
the future state, craft a solid business case for data governance, and create a data
strategy and data governance strategy to ensure executive buy-in of data governance
implementation.
Figure 7.1 shows various aspects of data governance and the relations between these
aspects in a page. Data governance objectives is driven by the business objectives.
Business drivers for data governance vary from organization to organization, which
in turn drive the data governance approach. However, business driver is not the only
factor that drives data governance approach, which consists of people, process, and
technology components.
Data governance approach needs to be tailored depending on characteristics
such as organization size, industry sector, geography, organizational goals, business
strategy, business drivers, context, scope, organizational structures, organizational
hierarchies, interactions between different organization teams and groups including
IT and business, data management challenges and opportunities, data landscape with
varying complexities and data volumes, organizational culture, maturity levels, and
circumstances. Hence, the data governance approach is not a “one size fits all”
approach, and needs to be tailored for the specific organization. Essentially the
people, process, and tools and technology components, need to be tailored to the
specific needs of the organization.
It is important to understand the current state, determine the future state, and do
a gap analysis to understand what needs to be done to jump from a lower level of
data governance maturity to a higher level of data governance maturity in line with
satisfying the organization’s strategic business objectives.
Data governance along with other data management functions and initiatives have
an enterprise wide impact. Data governance ties together other data management
functions and initiatives such as data architecture management, data modeling
and design, data quality management (DQM), data security management, data
warehousing and business intelligence (BI) management, data integration and
interoperability (DII), document and content management, metadata management,
reference data management, master data management, data storage and operations,
and big data, data lake and data analytics (Mahanti, 2021b) as shown in Fig. 7.1.
While data governance drivers such as compliance, reputation management,
improving customer satisfaction, better decision making, improving data quality,
data security, data privacy, data analytics, big data, improving operational efficiency,
revenue growth, mergers and acquisitions (M&A), partnering and outsourcing drive
DG key factors
DG drivers
enables
DG
Business Maturity
Case DG
• Cost Future
DG
• Value
Gap benefits
Leads to
• Risk
Analysis
DG results in
DG
Current
Lowest BLOCK
Maturity OR
SLOW
DG Challenges Ties together
With respect to data governance, an organization can have one of the following
scenarios-
1. An organization does not have formal data governance in place.
2. An organization has formal data governance in place, but are uncertain of the
efficiency or benefit.
In the first scenario, an organization that does not have formal data governance,
may still be governing data to some extent informally. In both the scenarios, it is
important to understand what business objectives data governance is expected to
meet, and the data governance maturity. In the first scenario, the organization will
embark on a formal data governance journey based on the business drivers of data
governance and what needs to be done to attain the future state; whereas in the second
scenario, the organization would need to evaluate the data governance metrics too,
in order to assess the DG effectiveness and then adjust its current data governance
direction if needed.
Data governance is a long journey and needs lots of patience, careful planning,
definition and enforcement of roles and responsibilities, processes, and metrics to
define progress and success.
Organizations have struggled to implement data governance in the past, mostly
because of DG challenges, DG misconceptions, limited understanding of the risks
associated with data in organizations, and a lack of knowledge and understanding of
7.3 Evaluating Data Governance–The Journey Ahead 201
the key factors in the successful implementation of data governance. However, data
governance is maturing.
I will conclude this book and this series with the following statement of Dr. John
R. Talburt, Acxiom Chair of Information Quality at the University of Arkansas at
Little Rock, and Lead Consultant for Data Governance and Data Integration with
Noetic Partners Inc. (Mahanti 2021a):
Data governance is clearly growing in adoption and maturing in practice… The first adopters
usually had to make 2, or even 3, attempts before seeing any success. However, like any new
paradigm it takes time to iron out the wrinkles. As more and more organizations imple-
ment DG and share their “lessons learned,” DG practice is improving and success rates are
increasing. We now have good models to follow. It is still a very difficult undertaking but I
see things beginning to get better with fewer failures and restarts.
References
Mahanti R (2021a) Data governance and compliance, Springer Books, Springer, ISBN 978-981-
33-6877-4
Mahanti R (2021b) Data governance and data management, Springer Books, Springer, ISBN 978-
981-16-3583-0
Appendix A
Glossary of Terms
© The Editor(s) (if applicable) and The Author(s), under exclusive license 203
to Springer Nature Singapore Pte Ltd. 2021
R. Mahanti, Data Governance Success,
https://doi.org/10.1007/978-981-16-5086-4
204 Appendix A: Glossary of Terms
When embarking on a data governance program, you will encounter a rocky road
embedded with both real problems and perceived problems (perceptions). We have
discussed these in the different chapters of this book. It is important to be able to
distinguish between the real problems and the virtual problems to steer the data
governance program in the right direction.
To clarify some of the confusing and conflicting points of understanding on data
governance, we have provided a summarized version of the prevalent perceptions
around data governance alongside an explanation of the facts and realities in the
Table B.1, to provide clarification, better understanding, and guide the reader to
make the right decisions when pursuing a data governance program.
© The Editor(s) (if applicable) and The Author(s), under exclusive license 205
to Springer Nature Singapore Pte Ltd. 2021
R. Mahanti, Data Governance Success,
https://doi.org/10.1007/978-981-16-5086-4
206 Appendix B: Data Governance—Perceptions Versus Realities
© The Editor(s) (if applicable) and The Author(s), under exclusive license 209
to Springer Nature Singapore Pte Ltd. 2021
R. Mahanti, Data Governance Success,
https://doi.org/10.1007/978-981-16-5086-4
Index
A C. Lwanga Yonke, 43
Activity matrix, 139 CMM model. See Capability Maturity
Amitech, 8 Model
Analise Polsky, 144 Collaboration challenges, 14
Analytics, 3 Communication and collaboration, 50
Andres Perez, 19, 30, 36, 45, 57, 143 Communication plan, 50, 52, 57
Anne Marie Smith, 144, 149 Communication strategy and plan, 50
Aristotle, 62 Complex data landscape, 14
Ashish Haruray, 17 Complexity of the data landscape, 10
Compliance, 3, 24, 49, 61, 164
GDPR, 136
B Conflicting requirements, 58, 59
Becky Metivier, 150 Connotations, 16
Benchmarking tool, 117 Controls, 21
Big bang, 26, 27 Corporate objectives, 68, 75–77
Big bang approach, 39 Corporate strategy, 68, 69, 75, 76
Big data, 2 Cost, 86
Business case, 84 Cost buckets, 86
Business glossary, 159 Cost estimation, 86
Business involvement, 15 Costs and budgets, 18
Critical assets, 76
Critical data, 8, 13
C Critical data domains, 88, 89
Cannae, 74 Critical data elements, 13, 88–90
Capability Maturity Model.. See also CMM Critical data sets, 88, 89
model Cross-functional, 38
Carnegie Mellon University, 102 Crowdsourcing, 164
CDO role, 93 Cultural changes, 19, 43, 124
Change, 19, 28 Culture, 13, 31, 42–44
Change management, 26, 43, 44 Culture change, 19, 43
Change management models, 45 Current state, 72
Change obstacles, 19 CVS Health, 19, 20, 43, 169
Chief data office, 91
Chief Data Officer (CDO), 91–94
Chief Information Officer (CIO), 92 D
Christopher Butler, 8, 94, 194, 197 Daniell, 72
© The Editor(s) (if applicable) and The Author(s), under exclusive license 211
to Springer Nature Singapore Pte Ltd. 2021
R. Mahanti, Data Governance Success,
https://doi.org/10.1007/978-981-16-5086-4
212 Index
Dan Power, 16, 30, 142 Data governance maturity models, 70, 81,
Dashboard, 192–194 102, 116, 125
Dashboards and scorecards, 192 DataFlux, 105, 106
Dashboard vendors, 193 dimensions, 118, 120
Data, 3, 67, 76, 168, 197 IBM, 105, 116
Data access, 153, 154 Data governance council maturity
Data architecture—data access and security, model, 116
122 Informatica, 105, 113
maturity, 122 Kalido, 104, 105
Data architecture and modeling, 2 metamodel, 102
Data centric, 197 elements, 102
Data compliance, 121 Microsoft, 105, 108
maturity, 121 Oracle, 105, 115
Data consumer, 135 Data governance metrics, 168, 175, 177
Data custodians, 136 Data governance metrics – health check, 174
Data domain, 88 Data governance model, 42
Data driven culture, 31 Data Governance Office (DGO), 27, 139
Data facilitator, 136 Data governance lead, 139
Data governance, 1, 3, 5, 7, 8, 13–15, 21, 22, structure, 139
24, 28, 30, 31, 35–37, 41, 43, 50, 59, Data governance operating models, 36, 55,
68, 69, 78, 93, 127, 149, 197, 200, 160
203 definition, 160
benefits, 200 factors to consider, 160
types, 161
challenges, 200
Centralized model, 162
drivers, 198
Crowdsourced model, 164
high level components, 133
Decentralized model, 163
impacts, 129
Federated model, 163
interactions and relationships, 133
Hybrid model, 163
scenarios, 200
Top down model, 161
Data governance and change management,
Data governance or information governance,
25
16
Data governance business case, 82, 83 Data governance people metrics, 183
Data governance capabilities, 88 Data governance perceptions, 21
Data governance challenges and barriers, 11 Data governance pilot, 90
Data governance communication plan, 50 Data governance policies, 37
Data governance council, 137 Data governance process metrics, 185
Data governance failures, 7 Data governance progress metrics, 182
Data governance framework, 36, 131, 132 Data governance roadmap, 87, 88
DGI data governance framework Data governance roles, 58
components, 132 Data governance semantics, 16
factors to consider, 131 Data governance stakeholders, 168
Data governance implementation Data governance steering committee, 81
one size fits all approach, 198 Data governance strategy, 33, 34, 68, 79–81
Data governance in a page, 199 Data governance strategy creation, 81
Data Governance Institute, The, 50, 132 Data governance strategy map, 81
Data governance key factors model, 29 Data governance strategy – the five Ws and
Data governance maturity, 100, 120, 190, how, 80
198. See also DG maturity Data governance success
Data governance maturity assessment, 70, key factors, 200
119, 125 Data Governance Success: Growing and
example, 123 Sustaining Data Governance, xiii
Data governance maturity levels, 72 Data governance technology metrics, 186
Index 213
G L
Gartner, 7, 168 Laura Sebastian-Coleman, 19, 20, 43, 77,
George Firican, 36, 96, 126, 136, 161, 197 169
Gillette, 74, 75 Leaders and management, 31
GlaxoSmithKline, 93 Leadership, 28, 30
Governance operating model, 160 Leadership and management, 28, 30
definition, 160 Legislations, 54
Governance organization structures, 36 Lessons learned, 57
Gray Matter Analytics, 19, 95, 125, 141 Lestoil, 74
Gwen Thomas, 50, 139 Lewis Carroll, 87
Liddell and Scott, 72
Lightsondata.com, 136
H Linguistic barriers, 14
Hannibal, 74 LinkedIn, 17
Henry Mintzberg, 72
High priority scope items, 90
HIPAA, 89
M
HSBC, UK, 8, 94, 194, 197
Mahesh Krishnan, 188
Mark Ramsey, 93
Master data management, 2
I
single version of truth, 2
Impact/value metrics, 183
Importance of strategy, 74 Master Systems Inc., 9
Incremental approach, 39 Maturity, 99
Inderpal Bhandari, 93 Maturity assessment exercise, 72
Information governance survey, 7 Maturity level, 47
Information Technology Partners, 139 Maturity models, 100
IRM Consulting, Ltd. Co., 19, 30, 36, 45, 57, structure, 101
143 Measurement, 39, 168
Measurement framework, 40
Memorial Sloan Kettering Cancer Center, 93
J Metadata, 2
Jacob Borowsky, 74 definition, 122
Jeannine Siviy, 182 maturity, 122
Jeff Howe, 164 Metrics, 39, 40, 60, 62, 168
Jill Dyché, 35, 36, 42, 60, 68, 77, 96, 161 Mission translation, 75
Jill Dyché, LLC., 35, 36, 42, 161 Morris Chang, 96
John A. Zachman, 125. See also John Multiple versions of truth, 14
Zachman Mustimuhw Information Solutions Inc., 132
John Gallant and Kevin Fleet, 77 MySpace, 74
John R. Talburt, 201. See also John Talburt
John Talburt, 57, 63, 81, 91, 94, 168, 182,
183 N
John Zachman, 75 Nancy Couture, 8
Nicola Askham, 150
Noetic Partners Inc., 15, 57, 81, 168, 182,
K 201
Kelle O’Neal, 168, 169 Non-disruptive, 55
Kimberley Nevala, 60 Non-invasive, 55
Index 215
O Regulations, 61
OCM factors, 41 Regulators, 61
Once bitten, twice shy syndrome, 17 Regulatory requirements, 61
One size fits all, 45, 53, 95, 178 Resistance to change, 19
Operating model, 160 Responsible, Accountable, Consulted,
Organizational, 36 Informed (RACI), 57
Organizational change management, 28, 41 Richard Inserro, 78
Organizational conflict, 20 Ries, 173
Organizational culture, 20, 95 Risk, 84
Overlapping functions, 41 Risk factors, 84
Ownership, 140 Roadmap, 39, 77, 87, 88
Oxford dictionary, 131 Robert S. Seiner, 60, 85
Rob Karel, 157
Root cause, 13
P
Paul Barth, 78
Personally Identifiable information, 47 S
Peter Drucker, 39, 43, 44, 167 Scope of the chief data office, 91
Philip Russom, 52 Scorecards, 193
Phil Watt, 50, 164 Scott Baret, 160
Pilot phase, 88 Secondary domains, 89
Plug and play, 38 Segregation of duties, 57
Porsche, 74 Senior management, 31
PricewaterhouseCoopers, 78, 194. See also Shannon Fuller, 19, 20, 95, 125, 141
PwC Soft skills, 34, 35
Proactive communication, 52 Software Engineering Institute, 102
Processes, 156 Software process maturity, 99
controls, 156 Stakeholder coverage, 41
automated controls, 157 Stakeholder engagement and managment,
manual controls, 156 28, 41
validation controls, 156 Stakeholders, 37, 41, 42, 50
data principles, 149 Stanford University, 132
examples, 149 Stan Rifkin, 9
guidelines, 155 Stephen Covey, 78
processes versus procedures, 157 Strategic enterprise asset, 13
risk, 156 Strategic roadmap, 34
rules, 159 Strategy, 28, 68, 72, 74, 75
Project, 22 Strategy and execution, 28, 33
Proof of concept, 56 Strategy execution, 68
Providence St. Joseph Health, 128 Strategy mapping technique, 68, 77
PwC. See PricewaterhouseCoopers Stu Gardos, 93
Subject matter experts, 14
Success stories, 57
Q Sunil Soares, 93
Qualitative metrics, 180 Support and commitment, 30
Qualitative people metrics, 184 Svetlana Sicular, 32, 39
Quantitative metrics, 180 Swati Consultancy Pty Ltd, 21
Symantec’s 2014, 7
R
Ramesh Dontha, 77 T
Readiness assessment, 70 Target state, 72
Reference data, 2 Teamwork, 52, 53
Reference data management, 2 Technical business analyst, 13
216 Index