Three Fundamentals for Building a Solid Data Governance Program

Matt McGivern, Managing Director Data Management and Advanced Analytics
Josh Hewitt, Director Data Management and Advanced Analytics

Time and again, we talk with clients who are neglecting perhaps the most important feature in a solid data strategy: data governance. With the explosion of data resulting from an increasing adoption of digital initiatives and the undeniable fact that we are now living in a data-driven world, it is more important than ever for organizations to recognize the importance of protecting data as a key asset. From regulatory challenges in the U.S. driving a need for better data governance programs and a trend in hiring chief data officers to the imminent General Data Protection Regulation (GDPR) in the European Union, the pressure is growing on organizations across all industries to recognize the need for better maturity in managing and governing data assets.

Data governance as a practice has been around for some time, but many organizations continue to struggle to incorporate basic data governance processes into their overarching data strategies. Those who fail do not always do so from a lack of effort. Where to start and how to build a data governance plan is still a significant issue for most companies, and we have seen many firms have multiple false starts before they are able to gain the needed traction.

During a recent webinar we hosted, we asked the audience – primarily IT, audit, finance, and risk and compliance professionals ­– to weigh in on how well their organizations are doing with data governance. A full 39 percent of this group told us they have no idea whether their data governance programs are effective. Even more startling, just short of 20 percent admitted their enterprise has no data governance program in place.

These numbers may appear surprising, but they are typical of what we see across all industries – although certain groups, such as financial services, do have a higher maturity when it comes to data governance due to specific regulatory and compliance requirements that include anti-money laundering (AML) and Dodd-Frank regulations, and the fact that many banks have a global presence, making them subject to GDPR for their EU clients. Many organizations recognize the need for strong governance but often find it takes years to work through the complexities involved in establishing workable governance functions.

We understand the situation. We also know there is a way for organizations to build an outstanding data governance program that fits their needs, without the frustration. Here are just three tips to help get a data governance program started:

  1. Begin with an assessment of the organization’s current state. At Protiviti, we leverage multiple assessment models, including the Enterprise Data Management (EDM) Council’s Data Management Capability Assessment Model (DCAM) for financial services companies, and the Data Management Association (DAMA) International’s Guide to the Data Management Body of Knowledge (DMBOK®) across other industries. The DCAM framework includes eight core components ranging from data management strategy, data and technology architecture, and data quality to the rules of engagement for data governance programs. Whatever the model used, it should be matched to the organization’s needs and not applied generically.
  2. Establish a pragmatic operating model. Data governance programs must combine functional expertise, industry knowledge and technology in a well-organized and coordinated way that is planned, holistic, actionable, simple and efficient. We call that our PHASE approach, and it sets a solid foundation for future data governance by bringing together these three key components and identifying tactical steps to execute and operationalize data governance.
  3. Have simple guiding principles. We recommend that organizations:
    • Establish clear goals and purpose
    • Only put governance where needed
    • Keep the plan simple
    • Design from the top down, but implement from the bottom up
    • Be flexible
    • Communicate, communicate, communicate.

One of the most critical success factors in establishing a data governance program is to identify the value it will deliver to the organization. There is a risk this focus on value may get lost in compliance situations, where meeting a specific requirement is unquestionably the goal. Therefore, it is important for organizations to also ask: What real business problem are we addressing through our governance strategy? How will the organization be better off tomorrow than today as a result of our governance work?  What are our data problems costing us – both in opportunity costs (not being able to pursue something) as well as real monetary costs?  And how can we do all of this with a smaller spend, showing quick value?

As chief data officers join the executive suite in increasing numbers, the importance of maturing data governance is confirmed. Ensuring that the data governance team has a seat at the table for all major business decisions and key projects – both business and technology – is proving to be a best practice and a critical success factor for the future of the organization’s data strategy. Data governance is a process, not a project. By making it a core competency, organizations will be ready to take on the data-driven future.

Add comment