IT Is Not the Only Starter. All-Star Picks for Data Governance Wins.

IT Is Not the Only Starter. All-Star Picks for Data Governance Wins.

Data mismanagement is expensive. Recent research suggests that bad data—meaning low quality data and poor data governance—within an organization comes at a cost of 15-25% of revenue. And findings published in Harvard Business Review suggest that only 3% of companies are meeting basic standards in how they manage their data. In an economy wherein data has become the highest value and riskiest business asset, it’s striking that so few have executed a comprehensive and results-oriented data governance program. 

Largely to blame for this lack of progress is a misalignment of roles and responsibilities—most organizations simply don’t know which departments and stakeholders should be responsible for managing company data and rolling out new programs. In most cases, data governance defaults to IT. Yet the activities involved in executing a data governance and data management program do not naturally fit into the typical IT job description. This is because data governance is a business problem (and opportunity) first and foremost. 

As a business issue, data governance requires a clear strategy, processes and a foundation of key people to drive the project forward. Without these, it’s impossible for IT, or technology solutions, to deliver results. The first step then, is to properly assign roles and responsibilities for every phase and objective of a project. 

A successful starting line-up for data governance will include “all-stars” from across the organization. A team effort, across business functions and across borders, is needed to create a foundational structure for immediate and future compliance. These key players, and their ideal contributions include: 

  • Security, legal and compliance. Working in close partnership, these groups define corporate data governance efforts and obligations. They set the criteria for other stakeholders to build upon. Security leaders will implement measures that protect the integrity of the organization’s data and maintain trust of the user base. In parallel, in-house and/or outside counsel will examine the organization’s needs through the lens of legal obligations and litigation, to establish data governance thresholds that reduce legal exposure and regulatory risk. Compliance stakeholders then develop controls, policies, procedures and systems that keep data-related activities aligned with legal counsel’s guidance.

Data privacy is another likely key group, generally nested under compliance or legal, but sometimes operating as a standalone governing body overseeing adherence to data protection and data privacy laws. At most organizations, a data privacy officer will need to be involved in the design of governance programs to ensure any sensitive and personal information the company processes or stores is handled in compliance with local, regional, national and international requirements.

  • IT. The IT department is responsible for technical implementation of the data governance effort, as well as maintaining a delicate balancing act between compliance and business functionality. Using the criteria established by legal, security, compliance and privacy, IT creates the environment that will meet data governance and compliance parameters, while also maintaining system stability and usability across the organization. Within the IT organization, numerous roles will be needed at various stages of a data governance project. Enterprise architects are needed to help operationalize strategic business mandates for long-term sustainability, while database administrators (DBAs) must support the creation and maintenance of the environments in which applications and users operate. With the architecture and environment in place, developers will design and manage the applications that enable functionality and meet requirements across the business. 

Common challenges for IT leaders include addressing competing demands and deadlines between their core responsibilities and data governance needs, as well as identifying, filling and/or escalating gaps between legal and compliance directives and technical realities. In light of this, it’s critical for data governance program leaders to maintain a close and collaborative partnership with IT throughout an initiative. 

  • Business users. As mentioned earlier, data governance programs must meet the needs of the business and ensure ongoing business continuity, with minimal disruption to end users. Achieving this requires input and collaboration with the business users who interact with company data and the systems that manage it. In many cases, the end users are the only people in the organization who know how a certain tool or data type is actually used in the field. Thus, their input and buy-in is critical when putting new data management controls and systems in place. 

  • Executive owner. This is often the CIO but can be any executive-level leader positioned to settle and resolve disputes resulting from competing priorities and resources. A single executive leader will make the final call about where limited resources and budget is spent, and what is included in the final scope of a project. 

  • The deep bench. Depending on the needs of the program and the organization’s structure, additional players may be needed to support data governance. For example, unstructured data managers will become involved if and when the data governance initiative includes remediation or protection of unstructured data sources such as email, file shares, SharePoint, etc. Most organizations also have an executive-level steering committee that will oversee project direction and provide budget approvals. Maintaining regular updates, benchmarking and progress reporting to this group will help avoid project delays or budget reductions. 

  • Third-party experts. Once key players and their roles are established, an organization can determine its needs for additional, external support. Third-party experts can be instrumental in supplementing internal knowledge gaps, serving as a bridge between cross-functional teams, facilitating change management, measuring progress and keeping projects on track from start to finish. This may include supporting teams in understanding security standards for new regulatory requirements, such as the U.S. Department of Defense’s recently implemented Cybersecurity Maturity Model Certification (CMMC) or advising compliance and privacy teams on the newest laws and standards. Similarly, legal departments often rely on outside experts when specialized guidance is needed, as with aligning standards to industry best practices, reducing costs, selecting technology, refreshing legal hold policies or simply providing strategic project oversight.  

Outside providers can provide much-needed staff augmentation for understaffed and overloaded IT teams that are struggling to make time for data governance work. Independent providers can also help ensure effective communication between groups not accustomed to collaborating, identify shortcomings in technology deployments and help rationalize competing business priorities.     

Paramount to successful data governance is a strategy and collective buy-in. Investments in shiny new technology, in-depth assessments and ambitious programs will inevitably fall short if the organization does not first have a clear plan of action supported by the right line-up of key players. It’s common for data governance projects to reveal unexpected risks and deficiencies within an organization’s data management practices. These findings often breed tension between various groups or may stifle progress without a clear escalation process. With the support of an aligned team of stakeholders and outside experts, organizations will be positioned to deal with these issues when they arise and ensure progress for the program even amid competing priorities.

Rebecca Elias is a Director within the Information Governance, Privacy & Security practice in FTI Consulting’s Technology segment. She specializes in project management of large-scale remediation in the face of acquisitions, CMMC compliance and GDPR requirements.

Jesse Jimenez is a Senior Consultant within the Information Governance, Privacy & Security practice in FTI Consulting’s Technology segment.

Related Stories

No stories found.
CDO Magazine