Data Governance was introduced over 20 years ago. The discipline evolved from Enterprise Data Management, with a focus on managing data quality and the desire to simplify data projects and analysis. The topic remains popular at leading Data Governance conferences with the major players represented year after year. The conference attendees travel far in hopes of finding solutions to their chronic data problems, “pain points” as some would say. In reality, the only way to permanently solve chronic data pain is with a holistic approach that looks at Data Governance in an entirely new way. It’s time to change the conversation.
Data Governance is a core aspect of Enterprise Risk Management (ERM). ERM has the difficult task of mitigating risk across the organization. When it comes to data risk, it is impossible to manage that which they cannot see. We call this phenomenon “What Lies Beneath.” Risk officers deploy color coded Key Risk Indicator (KPI) dashboards that show the status of various risks to stakeholders. However, these KPI measurements are only as good as the underlying data. Anomalies in the data can, and often do, provide misleading information.
Data Governance can be recast to provide a new awareness into the complex puzzle of any organization, including the data they create and utilize within the technology and data landscape across the organization. This awareness can be defined a series of governance metadata and their relationships, called business rules. Governance metadata removes the shroud of mystery behind hidden data risks. Virtually all areas of risk including financial, data loss, competitor, environmental, and personnel all have a data component to them. Risk Management, not IT, are the rightful owners of this powerful metadata relationship.
Accurate data leads to better strategy and tactics. Bad data can render Risk Management ineffective. Data Governance can improve data quality and provide business glossaries describing the company data, but the discipline of Risk Management is required to put these findings into the larger context of the corporation’s risk appetite. It’s no surprise that some of the most effective Data Governance efforts are spearheaded by the Chief Risk Officer.
Everyone fears negative reviews and compliance warnings from their regulators. It’s been our experience that remediation efforts are most effective by tearing down the silos that often separate Data Governance and Information Governance. The typical setup is one in which Data Governance focuses on data in spreadsheets and databases, and Information Governance focuses on documents and corporate “records.” One group exists in the world of structured data and the other in the world of unstructured data. But it is all the same data. When you separate the logical from the physical data architecture, it is possible to clearly see both groups should rally around the simple business attribute, which is a key component of corporate governance metadata. Data Governance requires a precise data classification system. And people in the Information Governance world can adopt the same classification to gain the most from Data Risk management.
If you want to change the old conversation about Data Governance, start with the lessons learned from manufacturers over the decades to improve quality and profits, referred to as Total Quality Management (TQM). In many respects your organization is a data factory. Lean Manufacturing revolutionized the automobile industry by reducing defects, eliminating costly delays, and increasing customer satisfaction. Lean Manufacturing focused heavily on the capital tied up inventory. This included raw materials, work-in-process and finished goods stored in warehouses or across the factory floor. This required a new type of classification system that altered workers and managers to the relative risk and waste associated with any item.
The concept of Lean Governance was founded on the disciplines and lessons learned around data management and waste reduction. And it’s catching on. Lean Governance looks at data as inventory. Information, reports, dashboards, financial models are the finished goods. The goal of Lean Governance is to produce quality finished goods with the least amount of cost, risk, and waste. Lean Governance practitioners classify and label data, including confidential, PII, Sensitive, Internal, and Public. It only takes a small percentage of any one confidential or PII data sets to pose a huge risk. Lean Governance reveals the key risk areas in short order. More advanced groups have classification schemes that label the profitability potential inherent in different data. And this classification applies to all occurrences of the data, regardless of being structured or not.
Total Quality Management is based on conforming to minimum quality standards as defined by the consumer. In the data world, the consumers include scientists, business operations, and external regulators. The cost of quality problems in automobiles turned into excessive warranty claims and loss of market share. In data, quality problems can turn into lost business opportunities, regulatory fines, or other situations that will damage the corporate reputation. One of the most significant changes of Lean Manufacturing was to empower workers on the factory line to halt operations at the first sign of a problem. It was much more economical to replace a defective bolt during assembly than to find it at final inspection. The same is true with your data. Why not repair bad data in the source system before it gets distributed internally across the organization, or externally to a regulator? For a start, let’s stop relying so heavily on spreadsheets to manage data quality.
Data Governance and Data Risk Management are pieces of the same puzzle. We advocate that Enterprise Risk Management should take the lead in breaking down the silos around Data Governance and Information Governance through shared use of governance metadata. We touched on the key areas of classification and quality management. The old solutions will not produce better results. Lean Governance is the new way forward. As risk practitioners, we can begin the process by changing the conversation.