Six steps to an effective data governance program

As data governance becomes a key benchmark of a company's responsibility to enhance and protect data, here are six simple steps that start to develop a program based on individual needs.
Written by Steve Alder , IBM, Contributor
In the past few years, dozens of high-profile incidents involving data mismanagement have gained international attention. Caught off guard by these failures, the organizations impacted by them have struggled with eroded brand confidence and lost business, as well as legal liability. As a result, data governance has taken on increasing importance as organizations attempt to provide greater transparency to their shareholders and the investment community while at the same time working to more effectively manage and control mountains of data that reside within different parts of the organization.

This new focus on data governance is only expected to intensify over the next few years. However, investors and consumers alike will benefit as data governance emerges as a required discipline, giving rise to greater trust, better transparency and reduced risk.

Data governance is a quality control discipline for assessing, managing, using, improving, monitoring, maintaining, and protecting organizational information. It is also about governing people who use data, in all its forms, and affecting organizational behavior through policy mechanisms such as architecture, standards, education and business conduct guidelines. The need for data governance results from an increase in the complexity of data and is expected to become a regulatory requirement. In the future, organizations will likely demonstrate data governance practices to regulators as part of regular audits. Meanwhile, the quality of data may also become a technical reporting metric and key IT performance indicator driving the development of new accounting and reporting practices that will emerge for measuring and assessing the value of data and to demonstrate how data quality fuels business performance.

As data governance becomes a key benchmark of fiduciary responsibility to enhance and protect data, here are six simple steps that most any organization can take to start to develop a data governance program based on their individual needs.

Step 1: Appoint a leader
The first step in a successful data-governance program is to identify an individual within the organization who carries the delegated authority of the CEO. Strong leadership is crucial in the creation of a data governance program. Once established, the governor can create a governing council composed of organizational stakeholders to formulate stewardship policies and report progress to the CEO and board of directors.

Step 2: Assess the situation
Now that the leadership team is in place, take time to survey the territory and inventory current practices across many diverse domains. The teams need to be able see across the entire organization, and an enterprise data-governance assessment methodology is imperative to help benchmark where the organization’s data-governance program is today and deliver a road map to determine where it will be tomorrow.

Step 3: Look to the future--and work backward
After the data-governance assessment, the governance council should look into creating a vision of where it wants the company’s data-governance practices to be in the next few years. The council should work backward, and create realistic milestones and project plans to fill relevant gaps by establishing key performance indicators to track progress and deliver annual reports to the CEO and the board to validate results.

Step 4: Find out what your data is worth
If companies don’t know what their data is worth, they can’t enhance, protect or measure the value it has to the bottom line. To measure the value of data, build an internal marketplace for data based on user entitlements and the utility of IT services. When everyone in an organization is paying for IT services and data directly, the value of data is part of the business P&L.

Step 5: Calculate the probability of risk
Every organization has causes, events and losses that are buried in hierarchies and business reports. Knowing how data has been used in the past is an excellent measurement tool of how it might be compromised in the future. Rather than relegating risk calculation to a select group of individuals using complicated processes. Automating the process and studying loss trends over time can help any organization transform risk management into a fact-based, business intelligence method for analyzing past events, forecasting future losses and changing current policy requirements to improve mitigation strategies.

Step 6: Evaluate effectiveness regularly
Data governance is largely about organizational behavior. Organizations are ever-changing, and therefore so is their data, its value and risk. Unfortunately, most organizations assess themselves only once a year which is not often enough to change organizational controls to meet demands on a daily or weekly basis, it isn’t governing change.

Today, progressive companies that don’t want to experience the consequences of not protecting their data are looking more attentively at what it takes to better control their policies around data management, not only today, but into the future. Safeguarding corporate information and ensuring data quality will help companies not only keep auditors and regulators satisfied, but can also play a vital role in creating new transparency for the business and driving new opportunities by improving overall data quality and business intelligence. As the role of the Chief Information Officer (CIO) changes over time, making them responsible for reporting on data quality and risk to the Board of Directors, business leaders must realize that data governance is everyone’s responsibility.

Steven B. Adler is a recognized authority and innovator on data governance, security, privacy, operational risk management, and business process transformation. Additionally, Steven is chairman of the IBM Data Governance Council, an international leadership group of over 50 executives working together to design and evaluate comprehensive data governance solutions and an adjunct professor at the Stern School of Business at New York University.

Steven developed the patented Enterprise Privacy Architecture and invented the world’s first Internet Insurance program. Steven currently serves on the Board of Directors of the International Security Trust and Privacy Alliance, the NASCIO Security & Privacy Committee, the Carnegie Mellon Privacy Lab, NCSU Privacy Place, Global Forum Steering Committee, among others.

Editorial standards