Data governance (DG) is taking centre stage around the world again, as the European Commission proposes a Data Governance Act to support a European data economy, the G20 surfaces proposals on global data governance and interoperability, and South African businesses respond to compliance and efficiency demands.
Seeking to deal with the perpetual increase in data, information and content volumes, local businesses, ranging from financial and credit institutions, to retailing and telecommunications firms, are actively recruiting much-needed data management and governance skills to deploy and sustain DG.
Data governance job specifications are complex and wide, requiring people with knowhow of regulatory requirements, policy institution, data and process management, data architecture and design, and project planning, among others.
The rush for skills is an encouraging sign that local businesses are starting to take DG more seriously, but although many organisations have started implementing DG frameworks and programmes, the articulation “making governance real” for evidencing controls in the data and process landscapes is still not at an acceptable maturity level.
Organisations benefit from the institution of DG practice, especially in situations where there is a large portfolio of systems and complexities that cannot be properly managed using traditional management models/methods, when cross-functional programmes have to be implemented, and when regulations, compliance or contractual obligations require comprehensive control and transparency over the data assets and related components/artefacts.
However, their poor progression of maturity is mainly due to:
- Budgetary and cost constraints.
- Value product or project priorities.
- Not leveraging DG frameworks that help organisations to articulate (link, evidence) all data, processes, architectural components (technology) and people (roles) within their business landscapes.
- Agile “quick delivery” implementation methods which often ignore standards and controls.
- Ignorance about enabling practices such as metadata management.
- Adopting compliance requirements and controls as a culture, and not as un-sustained project/programme implementations.
- Executive pressure.
Making data governance real
To achieve comprehensive control and transparency, organisations need to know, within their landscapes, who is responsible and accountable for their resources (computing, people, technological, process, data, information/content) and how these resources are related. This enables monitoring, controlling and reporting of data lineages and process lifecycles from end to end.
Outside the demand for implementing and evidencing the application of PPSGs (principles, policies, procedures, standards and guidelines), the management of the data landscape can quickly become a nightmare for even the most dedicated and skilled teams, when considering the number of users, the existence of potentially hundreds of siloed/overlapping data stores/pockets and spreadsheets, and the maintenance of cross-functional departments, divisions and business units.
The rush for skills is an encouraging sign that local businesses are starting to take data governance more seriously.
The resulting chaos filters through the processes that they support where customers, stakeholders or involved parties meet the business – this has a direct negative impact on efficiencies, client experience and hence profit.
But what do businesses do to achieve effective DG; for example, making it “real” and applicable? How do they orchestrate DG throughout the organisation?
The following guidelines can be considered:
- Obtain a formal DG mandate and institute a DG framework – this is essential to position DG as a key control practice of (or service to) the organisation.
- Conduct a DG maturity assessment to identify gaps and opportunities.
- Ensure all data, process, technological and people artefacts/resources are registered, including PPSG clauses.
- Entrench a lifecycle management programme that tracks all processes that create, store, process, consume and destroy data/information/content in the business.
- Map the lifecycles to the organisation’s implementation or project methodology, the software development lifecycle, agile methods, change and release management processes, or to whatever is specifically used in the business, for new implementations and changes. This is crucial for articulating DG (making it “real” and applicable).
- The lifecycles must also map to the processes, data/information/content artefacts or assets, the relevant PPSGs and to the people (business units, roles) involved – these mappings are done at the stages of the lifecycles and control gates/checkpoints of the processes. The stages, control gates and/or checkpoints are the cross-references between the organisation’s resources/assets/artefacts. It is here where articulation is realised. The beauty of this is that the mappings and most of the controls are done once-off and can be automated so they do not place additional burdens on the personnel.
- Repeat steps 2 to 5 for each data domain or business unit/division.
This approach can be applied to both structured and unstructured data, even though unstructured information may call upon specialised technologies such as enterprise content management, for example.
Share