The document emphasizes the significance of data governance in enhancing information management initiatives, detailing its components such as compliance, data quality, and lifecycle management. It identifies challenges faced in data management, including explosive data growth and regulatory compliance, while outlining goals and frameworks for effective data management. Ultimately, it advocates for a structured approach to data governance, emphasizing the shared responsibilities between IT and business data owners to optimize the value of data as a strategic asset.

1. Data Governance: Keystone
of Information Management
Initiatives
Alan McSweeney

2. Objectives
• To provide an overview of the importance and relevance
of data governance as part of an information management
initiative
April 21, 2010 2

3. Agenda
• Data Management Issues
• Data Governance and Data Management Frameworks
• Approach to Data Governance
• State of Information and Data Governance
April 21, 2010 3

4. Data Governance
• Provides an operating discipline for managing data and information as a key
enterprise asset
• Includes organisation, processes and tools for establishing and exercising decision
rights regarding valuation and management of data
• Elements of data governance
− Decision making authority
− Compliance
− Policies and standards
− Data inventories
− Full lifecycle management
− Content management
− Records management,
− Preservation and disposal
− Data quality
− Data classification
− Data security and access
− Data risk management
− Data valuation
April 21, 2010 4

5. Data Management Issues
• Discovery - cannot find the right information
• Integration - cannot manipulate and combine information
• Insight - cannot extract value and knowledge from
information
• Dissemination - cannot consume information
• Management – cannot manage and control information
volumes and growth
April 21, 2010 5

6. Data Management Problems – User View
• Managing Storage Equipment
• Application Recoveries / Backup Retention
• Vendor Management
• Power Management
• Regulatory Compliance
• Lack of Integrated Tools
• Dealing with Performance Problems
• Data Mobility
• Archiving and Archive Management
• Storage Provisioning
• Managing Complexity
• Managing Costs
• Backup Administration and Management
• Proper Capacity Forecasting and Storage Reporting
• Managing Storage Growth
April 21, 2010 6

7. Information Management Challenges
• Explosive Data Growth
− Value and volume of data is overwhelming
− More data is see as critical
− Annual rate of 50+% percent
• Compliance Requirements
− Compliance with stringent regulatory requirements and audit
procedures
• Fragmented Storage Environment
− Lack of enterprise-wide hardware and software data storage
strategy and discipline
• Budgets
− Frozen or being cut
April 21, 2010 7

8. Information Management Issues
• 52% of users don’t have confidence in their information
• 59% of managers miss information they should have used
• 42% of managers use wrong information at least once a
week
• 75% of CIOs believe they can strengthen their competitive
advantage by better using and managing enterprise data
• 78% of CIOs want to improve the way they use and
manage their data
• Only 15% of CIOs believe that their data is currently
comprehensively well managed
April 21, 2010 8

9. Data Quality
• Poor data quality costs real money
• Process efficiency is negatively impacted by poor data
quality
• Full potential benefits of new systems not be realised
because of poor data quality
• Decision making is negatively affected by poor data quality
April 21, 2010 9

10. Information
• Information in all its forms –
input, processed, outputs – is a
Applications core component of any IT
system
• Applications exist to process
data supplied by users and
other applications
Processes Information
• Data breathes life into
applications
IT Systems
• Data is stored and managed by
infrastructure – hardware and
software
• Data is a key organisation asset
with a substantial value
People Infrastructure • Significant responsibilities are
imposed on organisations in
managing data
April 21, 2010 10

11. Data, Information and Knowledge
• Data is the representation of facts as text, numbers, graphics,
images, sound or video
• Data is the raw material used to create information
• Facts are captured, stored, and expressed as data
• Information is data in context
• Without context, data is meaningless - we create meaningful
information by interpreting the context around data
• Knowledge is information in perspective, integrated into a viewpoint
based on the recognition and interpretation of patterns, such as
trends, formed with other information and experience
• Knowledge is about understanding the significance of information
• Knowledge enables effective action
April 21, 2010 11

12. Data, Information, Knowledge and Action
Knowledge Action
Information
Data
April 21, 2010 12

13. Information is an Organisation Asset
• Tangible organisation assets are seen as having a value and are
managed and controlled using inventory and asset management
systems and procedures
• Data, because it is less tangible, is less widely perceived as a real
asset, assigned a real value and managed as if it had a value
• High quality, accurate and available information is a pre-requisite to
effective operation of any organisation
• Information is a high-value asset of any enterprise
• What do you do when you have something valuable
− Retain it
− Protect it
− Manage it
April 21, 2010 13

14. Data Management and Project Success
• Data is fundamental to the effective and efficient
operation of any solution
− Right data
− Right time
− Right tools and facilities
• Without data the solution has no purpose
• Data is too often overlooked in projects
• Project managers frequently do not appreciate the
complexity of data issues
April 21, 2010 14

15. Generalised Information Management Lifecycle
Enter, Create, Acquire, • Generalised lifecycle that
Derive, Update, Capture
differs for specific
information types
Store, Manage, M
an
Replicate and Distribute ag
e,
Co
nt
ro
la
nd
Ad
Protect and Recover mi
n is
t er
• Design, define and implement
framework to manage Archive and Recall
information through this
lifecycle
Delete/Remove
April 21, 2010 15

16. Generalised Information Management Lifecycle
• Need to implement management frameworks and
associated solutions to automate the information lifecycle
Data Governance
Framework
Data Architecture to
Implement Data
Governance
Data Infrastructure to
Implement Data
Architecture
Data Operations to
Manage Data
Infrastructure
April 21, 2010 16

17. Expanded Generalised Information Management
Lifecycle
Plan, Design and
Specify
De
Implement sig
Underlying n,
Im
Infrastructure ple
m en
Enter, Create, t, M
Acquire, Derive, an
ag
Update, Capture e,
Co
nt
Store, Manage, ro
la
Replicate and nd
Distribute Ad
mi
ni ste
r
• Include phases for information Protect and Recover
management lifecycle design
and implementation of Archive and Recall
appropriate hardware and
software to actualise lifecycle
Delete/Remove
April 21, 2010 17

18. Objectives of Implementing Solutions to Deliver
Generalised Information Management Lifecycle
• Establish effective policies for lifecycle enterprise information management to
control data growth and lower information management costs
• Meet service level goals to ensure the timely completion of key business
processes for mission-critical applications
• Support appropriate data retention compliance initiatives and mitigate risk for
compliance, audits and legal discovery requests
• Support appropriate data retention compliance requirements and mitigate risk for
compliance, audits and legal discovery requests that keep historical transaction
records accessible until legal retention periods expire
• Implement scalable archiving strategies that easily adapt to ongoing business
requirements
• Improve application portfolio management to decommission redundant
applications and simplify the IT infrastructure
• Manage application information growth and its impact on service levels,
operational costs and risks as well as storage requirements
• Manage data quality, consistency, security, privacy and accuracy
April 21, 2010 18

19. Data and Information Management
• Data and information management is a business process
consisting of the planning and execution of policies,
practices, and projects that acquire, control, protect,
deliver, and enhance the value of data and information
assets
April 21, 2010 19

20. Data and Information Management
To manage and utilise information as a strategic asset
To implement processes, policies, infrastructure and solutions to
govern, protect, maintain and use information
To make relevant and correct information available in all business
processes and IT systems for the right people in the right context at
the right time with the appropriate security and with the right
quality
To exploit information in business decisions, processes and
relations
April 21, 2010 20

21. Data Management Goals
• Primary goals
− To understand the information needs of the enterprise and all its
stakeholders
− To capture, store, protect, and ensure the integrity of data assets
− To continually improve the quality of data and information,
including accuracy, integrity, integration, relevance and
usefulness of data
− To ensure privacy and confidentiality, and to prevent
unauthorised inappropriate use of data and information
− To maximise the effective use and value of data and information
assets
April 21, 2010 21

22. Data Management Goals
• Secondary goals
− To control the cost of data management
− To promote a wider and deeper understanding of the value of
data assets
− To manage information consistently across the enterprise
− To align data management efforts and technology with business
needs
April 21, 2010 22

23. Triggers for Data Management Initiative
• When an enterprise is about to undertake architectural
transformation, data management issues need to be
understood and addressed
• Structured and comprehensive approach to data
management enables the effective use of data to take
advantage of its competitive advantages
April 21, 2010 23

24. Data Management Principles
• Data and information are valuable enterprise assets
• Manage data and information carefully, like any other
asset, by ensuring adequate quality, security, integrity,
protection, availability, understanding and effective use
• Share responsibility for data management between
business data owners and IT data management
professionals
• Data management is a business function and a set of
related disciplines
April 21, 2010 24

25. Organisation Data Management Function
• Business function of planning for, controlling and
delivering data and information assets
• Development, execution, and supervision of plans,
policies, programs, projects, processes, practices and
procedures that control, protect, deliver, and enhance the
value of data and information assets
• Scope of the data management function and the scale of
its implementation vary widely with the size, means, and
experience of organisations
• Role of data management remains the same across
organisations even though implementation differs widely
April 21, 2010 25

26. Scope of Complete Data Management Function
Metadata Data
Data Management Governance
Warehousing
and Business
Intelligence Data
Management Development
Data
Data
Security
Quality
Management
Management
Data
Reference and
Operations
Master Data
Management
Management
Data Document and
Architecture Content
Management Management
April 21, 2010 26

27. Data Governance
• Capstone of
Data
Management
Data Governance
initiatives
Database Architecture Management
Data Warehousing and Business Intelligence Management
Data Quality Management Metadata Management
Data Security Management Data Development
Data Operations Reference and Master Document and Content
Management Data Management Management
April 21, 2010 27

28. Objectives of Data Governance
• Guide information management decision-making
• Ensure information is consistently defined and well
understood
• Increase the use and trust of data as an organisation asset
• Improve consistency of projects across the organisation
• Ensure regulatory compliance
• Eliminate data risks
April 21, 2010 28

29. Shared Role Between Business and IT
• Data management is a shared responsibility between data
management professionals within IT and the business data
owners representing the interests of data producers and
information consumers
• Business data ownership is the concerned with
accountability for business responsibilities in data
management
• Business data owners are data subject matter experts
• Represent the data interests of the business and take
responsibility for the quality and use of data
April 21, 2010 29

30. Why Develop and Implement a Data Management
Framework?
• Improve organisation data management efficiency
• Deliver better service to business
• Improve cost-effectiveness of data management
• Match the requirements of the business to the management of the
data
• Embed handling of compliance and regulatory rules into data
management framework
• Achieve consistency in data management across systems and
applications
• Enable growth and change more easily
• Reduce data management and administration effort and cost
• Assist in the selection and implementation of appropriate data
management solutions
• Implement a technology-independent data architecture
April 21, 2010 30

31. Data Governance and Data Management
Frameworks
April 21, 2010 31

32. Data Governance and Data Management
Frameworks
• DMBOK - Data Management Book of Knowledge
• TOGAF - The Open Group Architecture Framework
• COBIT - Control Objectives for Information and related
Technology
April 21, 2010 32

33. DMBOK, TOGAF and COBIT
Can be a DMBOK Is a Specific and
Precursor to Comprehensive Data
Implementing Oriented Framework
Data
Management DMBOK Provides Detailed
for Definition,
Implementation and
TOGAF Defines the Process Operation of Data
for Creating a Data Management and Utilisation
Architecture as Part of an
Overall Enterprise
Architecture
Can Provide a Maturity
Model for Assessing
Data Management
COBIT Provides Data
Governance as Part of
Overall IT Governance
April 21, 2010 33

34. DMBOK, TOGAF and COBIT – Scope and Overlap
DMBOK
Data Development
Data Operations Management
Reference and Master Data Management
Data Warehousing and Business Intelligence Management
TOGAF Document and Content Management
Metadata Management
Data Quality Management
Data Architecture Management
Data Management
Data Migration
Data
Governance
Data Security COBIT
Management
April 21, 2010 34

35. Data Management Book of Knowledge (DMBOK)
• DMBOK is a generalised and comprehensive framework for
managing data across the entire lifecycle
• Developed by DAMA (Data Management Association)
• DMBOK provides a detailed framework to assist
development and implementation of data management
processes and procedures and ensures all requirements
are addressed
• Enables effective and appropriate data management
across the organisation
• Provides awareness and visibility of data management
issues and requirements
April 21, 2010 35

36. Data Management Book of Knowledge (DMBOK)
• Not a solution to your data management needs
• Framework and methodology for developing and
implementing an appropriate solution
• Generalised framework to be customised to meet specific
needs
• Provide a work breakdown structure for a data
management project to allow the effort to be assessed
• No magic bullet
April 21, 2010 36

37. Data Management-Related Frameworks
• TOGAF (and other enterprise architecture standards) define a
process for arriving an at enterprise architecture definition, including
data
• TOGAF has a phase relating to data architecture
• TOGAF deals with high level
• DMBOK translates high level into specific details
• COBIT is concerned with IT governance and controls:
− IT must implement internal controls around how it operates
− The systems IT delivers to the business and the underlying business processes
these systems actualise must be controlled – these are controls external to IT
− To govern IT effectively, COBIT defines the activities and risks within IT that
need to be managed
• COBIT has a process relating to data management
• Neither TOGAF nor COBIT are concerned with detailed data
management design and implementation
April 21, 2010 37

38. TOGAF and Data Management
• Phase C1 (subset of
Phase C) relates to
Phase A:
Architecture defining a data
Vision
Phase H:
Phase B:
architecture
Architecture
Business
Change
Architecture
Management
Phase C1:
Data
Architecture
Phase G: Phase C:
Requirements Information
Implementation
Management Systems
Governance Architecture
Phase C2:
Solutions and
Application
Phase F: Phase D: Architecture
Migration Technology
Planning Architecture
Phase E:
Opportunities
and Solutions
April 21, 2010 38

39. TOGAF Phase C1: Information Systems Architectures
- Data Architecture - Objectives
• Purpose is to define the major types and sources of data
necessary to support the business, in a way that is:
− Understandable by stakeholders
− Complete and consistent
− Stable
• Define the data entities relevant to the enterprise
• Not concerned with design of logical or physical storage
systems or databases
April 21, 2010 39

40. TOGAF Phase C1: Information Systems Architectures
- Data Architecture - Overview
Phase C1: Information Systems
Architectures - Data Architecture
Approach Elements Inputs Steps Outputs
Key Considerations for Data Reference Materials External to the Select Reference Models,
Architecture Enterprise Viewpoints, and Tools
Develop Baseline Data Architecture
Architecture Repository Non-Architectural Inputs
Description
Develop Target Data Architecture
Architectural Inputs
Description
Perform Gap Analysis
Define Roadmap Components
Resolve Impacts Across the
Architecture Landscape
Conduct Formal Stakeholder
Review
Finalise the Data Architecture
Create Architecture Definition
Document
April 21, 2010 40

41. TOGAF Phase C1: Information Systems Architectures - Data
Architecture - Approach - Key Considerations for Data
Architecture
• Data Management
− Important to understand and address data management issues
− Structured and comprehensive approach to data management enables the
effective use of data to capitalise on its competitive advantages
− Clear definition of which application components in the landscape will serve as
the system of record or reference for enterprise master data
− Will there be an enterprise-wide standard that all application components,
including software packages, need to adopt
− Understand how data entities are utilised by business functions, processes, and
services
− Understand how and where enterprise data entities are created, stored,
transported, and reported
− Level and complexity of data transformations required to support the
information exchange needs between applications
− Requirement for software in supporting data integration with external
organisations
April 21, 2010 41

42. TOGAF Phase C1: Information Systems Architectures - Data
Architecture - Approach - Key Considerations for Data
Architecture
• Data Migration
− Identify data migration requirements and also provide indicators
as to the level of transformation for new/changed applications
− Ensure target application has quality data when it is populated
− Ensure enterprise-wide common data definition is established to
support the transformation
April 21, 2010 42

43. TOGAF Phase C1: Information Systems Architectures - Data
Architecture - Approach - Key Considerations for Data
Architecture
• Data Governance
− Ensures that the organisation has the necessary dimensions in
place to enable the data transformation
− Structure – ensures the organisation has the necessary structure
and the standards bodies to manage data entity aspects of the
transformation
− Management System - ensures the organisation has the
necessary management system and data-related programs to
manage the governance aspects of data entities throughout its
lifecycle
− People - addresses what data-related skills and roles the
organisation requires for the transformation
April 21, 2010 43

44. TOGAF Phase C1: Information Systems Architectures
- Data Architecture - Outputs
• Refined and updated versions of the Architecture Vision phase deliverables
− Statement of Architecture Work
− Validated data principles, business goals, and business drivers
• Draft Architecture Definition Document
− Baseline Data Architecture
− Target Data Architecture
• Business data model
• Logical data model
• Data management process models
• Data Entity/Business Function matrix
• Views corresponding to the selected viewpoints addressing key stakeholder concerns
− Draft Architecture Requirements Specification
• Gap analysis results
• Data interoperability requirements
• Relevant technical requirements
• Constraints on the Technology Architecture about to be designed
• Updated business requirements
• Updated application requirements
− Data Architecture components of an Architecture Roadmap
April 21, 2010 44

45. COBIT Structure
COBIT
Plan and Organise (PO) Acquire and Implement (AI) Deliver and Support (DS) Monitor and Evaluate (ME)
DS1 Define and manage service ME1 Monitor and evaluate IT
PO1 Define a strategic IT plan AI1 Identify automated solutions
levels performance
PO2 Define the information AI2 Acquire and maintain ME2 Monitor and evaluate
DS2 Manage third-party services
architecture application software internal control
PO3 Determine technological AI3 Acquire and maintain DS3 Manage performance and ME3 Ensure regulatory
direction technology infrastructure capacity compliance
PO4 Define the IT processes,
AI4 Enable operation and use DS4 Ensure continuous service ME4 Provide IT governance
organisation and relationships
PO5 Manage the IT investment AI5 Procure IT resources DS5 Ensure systems security
PO6 Communicate management
AI6 Manage changes DS6 Identify and allocate costs
aims and direction
AI7 Install and accredit solutions
PO7 Manage IT human resources DS7 Educate and train users
and changes
DS8 Manage service desk and
PO8 Manage quality
incidents
PO9 Assess and manage IT risks DS9 Manage the configuration
PO10 Manage projects DS10 Manage problems
DS11 Manage data
DS12 Manage the physical
environment
DS13 Manage operations
April 21, 2010 45

46. COBIT and Data Management
• COBIT objective DS11 Manage Data within the Deliver and
Support (DS) domain
• Effective data management requires identification of data
requirements
• Data management process includes establishing effective
procedures to manage the media library, backup and
recovery of data and proper disposal of media
• Effective data management helps ensure the quality,
timeliness and availability of business data
April 21, 2010 46

47. COBIT and Data Management
• Objective is the control over the IT process of managing data that
meets the business requirement for IT of optimising the use of
information and ensuring information is available as required
• Focuses on maintaining the completeness, accuracy, availability and
protection of data
• Involves taking actions
− Backing up data and testing restoration
− Managing onsite and offsite storage of data
− Securely disposing of data and equipment
• Measured by
− User satisfaction with availability of data
− Percent of successful data restorations
− Number of incidents where sensitive data were retrieved after media were
disposed of
April 21, 2010 47

48. COBIT Process DS11 Manage Data
• DS11.1 Business Requirements for Data Management
− Establish arrangements to ensure that source documents expected from the business are received, all data received from the
business are processed, all output required by the business is prepared and delivered, and restart and reprocessing needs are
supported
• DS11.2 Storage and Retention Arrangements
− Define and implement procedures for data storage and archival, so data remain accessible and usable
− Procedures should consider retrieval requirements, cost-effectiveness, continued integrity and security requirements
− Establish storage and retention arrangements to satisfy legal, regulatory and business requirements for documents, data, archives,
programmes, reports and messages (incoming and outgoing) as well as the data (keys, certificates) used for their encryption and
authentication
• DS11.3 Media Library Management System
− Define and implement procedures to maintain an inventory of onsite media and ensure their usability and integrity
− Procedures should provide for timely review and follow-up on any discrepancies noted
• DS11.4 Disposal
− Define and implement procedures to prevent access to sensitive data and software from equipment or media when they are
disposed of or transferred to another use
− Procedures should ensure that data marked as deleted or to be disposed cannot be retrieved.
• DS11.5 Backup and Restoration
− Define and implement procedures for backup and restoration of systems, data and documentation in line with business
requirements and the continuity plan
− Verify compliance with the backup procedures, and verify the ability to and time required for successful and complete restoration
− Test backup media and the restoration process
• DS11.6 Security Requirements for Data Management
− Establish arrangements to identify and apply security requirements applicable to the receipt, processing, physical storage and
output of data and sensitive messages
− Includes physical records, data transmissions and any data stored offsite
April 21, 2010 48

49. COBIT Data Management Goals and Metrics
Activity Goals Process Goals Activity Goals
•Backing up data and testing •Maintain the completeness, •Backing up data and testing
restoration accuracy, validity and restoration
•Managing onsite and offsite accessibility of stored data •Managing onsite and offsite
storage of data •Secure data during disposal storage of data
•Securely disposing of data of media •Securely disposing of data
and equipment •Effectively manage storage and equipment
media
Are Measured Are Measured Are Measured
By Drive By Drive By
Key Performance Process Key Goal IT Key Goal Indicators
Indicators Indicators
•% of successful data •Occurrences of inability to
restorations recover data critical to
•Frequency of testing of •# of incidents where business process
backup media sensitive data were retrieved •User satisfaction with
•Average time for data after media were disposed of availability of data
restoration •# of down time or data •Incidents of noncompliance
integrity incidents caused by with laws due to storage
insufficient storage capacity management issues
April 21, 2010 49

50. Approach to Data Governance
April 21, 2010 50

51. Data Governance
• Core function of Data Management
• Interacts with and influences each of the surrounding ten data
management functions
• Data governance is the exercise of authority and control (planning,
monitoring, and enforcement) over the management of data assets
• Data governance function guides how all other data management
functions are performed
• High-level, executive data stewardship
• Data governance is not the same thing as IT governance
• Data governance is focused exclusively on the management of data
assets
April 21, 2010 51

52. Data Governance
• Shared decision making is the hallmark of data governance
• Requires working across organisational and system boundaries
• Some decisions are primarily business decisions made with input and guidance from IT
• Other decisions are primarily technical decisions made with input and guidance from
business data stewards at all levels
Decisions Made Decisions Made
by Business by IT
Management Management
Business Operating Enterprise Information Information Management Database Architecture
Model Model Strategy
IT Leadership Information Needs Information Management Data Integration
Policies Architecture
Capital Investments Information Information Management Data Warehousing
Specifications Standards Architecture
Research and Quality Requirements Information Management Metadata Architecture
Development Funding Metrics
Data Governance Model Issue Resolution Information Management Technical Metadata
Services
April 21, 2010 52

53. Data Governance
• Data governance is accomplished most effectively as an
on-going program and a continual improvement process
• Every effective data governance program is unique, taking
into account distinctive organisational and cultural issues,
and the immediate data management challenges and
opportunities
• Data governance is not the same thing as IT governance
April 21, 2010 53

54. Data Governance and IT Governance
• IT Governance makes decisions about • Data Governance is focused
− IT investments exclusively on the management of
− IT application portfolio data assets
− IT project portfolio • Data Governance is at the heart of
• IT Governance aligns the IT strategies managing data assets
and investments with enterprise goals
and strategies
• COBIT (Control Objectives for
Information and related Technology)
provides standards for IT governance
− Only a small portion of the COBIT
framework addresses managing
information
• Some critical issues, such as Sarbanes-
Oxley compliance, span the concerns
of corporate governance, IT
governance, and data governance
April 21, 2010 54

55. Data Governance – Definition and Goals
• Definition
− The exercise of authority and control (planning, monitoring, and
enforcement) over the management of data assets
• Goals
− To define, approve, and communicate data strategies, policies,
standards, architecture, procedures, and metrics
− To track and enforce regulatory compliance and conformance to
data policies, standards, architecture, and procedures
− To sponsor, track, and oversee the delivery of data management
projects and services
− To manage and resolve data related issues
− To understand and promote the value of data assets
April 21, 2010 55

56. Data Governance - Overview
Inputs Primary Deliverables
•Business Goals •Data Policies
•Business Strategies •Data Standards
•IT Objectives •Resolved Issues
•IT Strategies •Data Management Projects and
•Data Needs Services
•Data Issues •Quality Data and Information
•Regulatory Requirements •Recognised Data Value
Suppliers Data Governance Consumers
•Business Executives •Data Producers
•IT Executives •Knowledge Workers
•Data Stewards •Managers and Executives
•Regulatory Bodies •Data Professionals
•Customers
Participants Tools Metrics
•Executive Data Stewards •Intranet Website •Data Value
•Coordinating Data Stewards •E-Mail •Data Management Cost
•Business Data Stewards •Metadata Tools •Achievement of Objectives
•Data Professionals •Metadata Repository •# of Decisions Made
•DM Executive •Issue Management Tools •Steward Representation / Coverage
•CIO •Data Governance KPI •Data Professional Headcount
•Dashboard •Data Management Process Maturity
April 21, 2010 56

57. Data Governance Function, Activities and Sub-
Activities
Data Governance
Data Management Planning Data Management Control
Understand Strategic Enterprise Data Supervise Data Professional Organisations
Needs and Staff
Develop and Maintain the Data Strategy Coordinate Data Governance Activities
Establish Data Professional Roles and
Manage and Resolve Data Related Issues
Organisations
Identify and Appoint Data Stewards Monitor and Ensure Regulatory Compliance
Establish Data Governance and Monitor and Enforce Conformance with
Stewardship Organisations Data Policies, Standards and Architecture
Develop and Approve Data Policies, Oversee Data Management Projects and
Standards, and Procedures Services
Communicate and Promote the Value of
Review and Approve Data Architecture
Data Assets
Plan and Sponsor Data Management
Projects and Services
Estimate Data Asset Value and Associated
Costs
April 21, 2010 57

58. Data Governance
• Data governance is accomplished most effectively as an
on-going program and a continual improvement process
• Every data governance programme is unique, taking into
account distinctive organisational and cultural issues, and
the immediate data management challenges and
opportunities
• Data governance is at the core of managing data assets
April 21, 2010 58

59. Data Governance - Possible Organisation Structure
Data Governance Structure
Organisation Data Governance
CIO
Council
Data Governance Office Data Management Executive
Business Unit Data Governance
Data Technologists
Councils
Data Stewardship Committees
Data Stewardship Teams
April 21, 2010 59

60. Data Governance Shared Decision Making
Business Decisions Shared Decision Making IT Decisions
Enterprise
Business Operating Enterprise Information Database
Model Information Model Management Architecture
Strategy
Enterprise
Information Needs Information Data Integration
IT Leadership Management Architecture
Policies
Enterprise Data Warehousing
Information Information and Business
Capital Investments Specifications Management Intelligence
Standards Architecture
Research and Enterprise
Quality Information Metadata
Development Requirements Management Architecture
Funding Metrics
Enterprise
Data Governance Issue Resolution Information Technical Metadata
Model Management
Services
April 21, 2010 60

61. Data Stewardship
• Formal accountability for business responsibilities ensuring effective
control and use of data assets
• Data steward is a business leader and/or recognised subject matter
expert designated as accountable for these responsibilities
• Manage data assets on behalf of others and in the best interests of
the organisation
• Represent the data interests of all stakeholders, including but not
limited to, the interests of their own functional departments and
divisions
• Protects, manages, and leverages the data resources
• Must take an enterprise perspective to ensure the quality and
effective use of enterprise data
April 21, 2010 61

62. Data Stewardship - Roles
• Executive Data Stewards – provide data governance and
make of high-level data stewardship decisions
• Coordinating Data Stewards - lead and represent teams of
business data stewards in discussions across teams and
with executive data stewards
• Business Data Stewards - subject matter experts work
with data management professionals on an ongoing basis
to define and control data
April 21, 2010 62

63. Data Stewardship Roles Across Data Management
Functions - 1
All Data Stewards Executive Data Stewards Coordinating Data Business Data Stewards
Stewards
Data Architecture Review, validate, approve, Review and approve the Integrate specifications, Define data requirements
Management maintain and refine data enterprise data resolving differences specifications
architecture architecture
Data Development Validate physical data Define data requirements
models and database and specifications
designs, participate in
database testing and
conversion
Data Operations Define requirements for
Management data recovery, retention
and performance
Help identify, acquire, and
control externally sourced
data
Data Security Management Provide security, privacy
and confidentiality
requirements, identify and
resolve data security
issues, assist in data
security audits, and classify
information confidentiality
Reference and Master Data Control the creation,
Management update, and retirement of
code values and other
reference data, define
master data management
requirements, identify and
help resolve issues
April 21, 2010 63

64. Data Stewardship Roles Across Data Management
Functions - 2
All Data Stewards Executive Data Stewards Coordinating Data Business Data Stewards
Stewards
Data Warehousing and Provide business
Business Intelligence intelligence requirements
Management and management metrics,
and they identify and help
resolve business
intelligence issues
Document and Content Define enterprise
Management taxonomies and resolve
content management
issues
Metadata Management Create and maintain
business metadata (names,
meanings, business rules),
define metadata access
and integration needs and
use metadata to make
effective data stewardship
and governance decisions
Data Quality Management Define data quality
requirements and business
rules, test application edits
and validations, assist in
the analysis, certification,
and auditing of data
quality, lead clean-up
efforts, identify ways to
solve causes of poor data
quality, promote data
quality awareness
April 21, 2010 64

65. Data Strategy
• High-level course of action to achieve high-level goals
• Data strategy is a data management program strategy a
plan for maintaining and improving data quality, integrity,
security and access
• Address all data management functions relevant to the
organisation
April 21, 2010 65

66. Elements of Data Strategy
• Vision for data management
• Summary business case for data management
• Guiding principles, values, and management perspectives
• Mission and long-term directional goals of data management
• Management measures of data management success
• Short-term data management programme objectives
• Descriptions of data management roles and business units along
with a summary of their responsibilities and decision rights
• Descriptions of data management programme components and
initiatives
• Outline of the data management implementation roadmap
• Scope boundaries
April 21, 2010 66

67. Data Strategy
Data Management
Programme Charter
Data Management Data Management
Scope Statement Overall vision, business case,
goals, guiding principles, Implementation
measures of success, critical Roadmap
Goals and objectives for a success factors, recognised risks
defined planning horizon and the
Identifying specific programs,
roles, organisations, and
projects, task assignments, and
individual leaders accountable
delivery milestones
for achieving these objectives
April 21, 2010 67

68. Data Policies
• Statements of intent and fundamental rules governing the
creation, acquisition, integrity, security, quality, and use of
data and information
• More fundamental, global, and business critical than data
standards
• Describe what to do and what not to do
• Should be few data policies stated briefly and directly
April 21, 2010 68

69. Data Policies
• Possible topics for data policies
− Data modeling and other data development activities
− Development and use of data architecture
− Data quality expectations, roles, and responsibilities
− Data security, including confidentiality classification policies,
intellectual property policies, personal data privacy policies,
general data access and usage policies, and data access by
external parties
− Database recovery and data retention
− Access and use of externally sourced data
− Sharing data internally and externally
− Data warehousing and business intelligence
− Unstructured data - electronic files and physical records
April 21, 2010 69

70. Data Architecture
• Enterprise data model and other aspects of data
architecture sponsored at the data governance level
• Need to pay particular attention to the alignment of the
enterprise data model with key business strategies,
processes, business units and systems
• Includes
− Data technology architecture
− Data integration architecture
− Data warehousing and business intelligence architecture
− Metadata architecture
April 21, 2010 70

71. Data Standards and Procedures
• Include naming standards, requirement specification
standards, data modeling standards, database design
standards, architecture standards and procedural
standards for each data management function
• Must be effectively communicated, monitored, enforced
and periodically re-evaluated
• Data management procedures are the methods,
techniques, and steps followed to accomplish a specific
activity or task
April 21, 2010 71

72. Data Standards and Procedures
• Possible topics for data standards and procedures
− Data modeling and architecture standards, including data naming conventions,
definition standards, standard domains, and standard abbreviations
− Standard business and technical metadata to be captured, maintained, and
integrated
− Data model management guidelines and procedures
− Metadata integration and usage procedures
− Standards for database recovery and business continuity, database
performance, data retention, and external data acquisition
− Data security standards and procedures
− Reference data management control procedures
− Match / merge and data cleansing standards and procedures
− Business intelligence standards and procedures
− Enterprise content management standards and procedures, including use of
enterprise taxonomies, support for legal discovery and document and e-mail
retention, electronic signatures, report formatting standards and report
distribution approaches
April 21, 2010 72

73. Regulatory Compliance
• Most organisations are is impacted by government and
industry regulations
• Many of these regulations dictate how data and
information is to be managed
• Compliance is generally mandatory
• Data governance guides the implementation of adequate
controls to ensure, document, and monitor compliance
with data-related regulations.
April 21, 2010 73

74. Regulatory Compliance
• Data governance needs to work the business to find the best
answers to the following regulatory compliance questions
− How relevant is a regulation?
− Why is it important for us?
− How do we interpret it?
− What policies and procedures does it require?
− Do we comply now?
− How do we comply now?
− How should we comply in the future?
− What will it take?
− When will we comply?
− How do we demonstrate and prove compliance?
− How do we monitor compliance?
− How often do we review compliance?
− How do we identify and report non-compliance?
− How do we manage and rectify non-compliance?
April 21, 2010 74

75. Issue Management
• Data governance assists in identifying, managing, and resolving data
related issues
− Data quality issues
− Data naming and definition conflicts
− Business rule conflicts and clarifications
− Data security, privacy, and confidentiality issues
− Regulatory non-compliance issues
− Non-conformance issues (policies, standards, architecture, and procedures)
− Conflicting policies, standards, architecture, and procedures
− Conflicting stakeholder interests in data and information
− Organisational and cultural change management issues
− Issues regarding data governance procedures and decision rights
− Negotiation and review of data sharing agreements
April 21, 2010 75

76. Issue Management, Control and Escalation
• Data governance implements issue controls and
procedures
− Identifying, capturing, logging and updating issues
− Tracking the status of issues
− Documenting stakeholder viewpoints and resolution alternatives
− Objective, neutral discussions where all viewpoints are heard
− Escalating issues to higher levels of authority
− Determining, documenting and communicating issue resolutions.
April 21, 2010 76

77. Data Management Projects
• Data management roadmap sets out a course of action for
initiating and/or improving data management functions
• Consists of an assessment of current functions, definition
of a target environment and target objectives and a
transition plan outlining the steps required to reach these
targets including an approach to organisational change
management
• Every data management project should follow the project
management standards of the organisation
April 21, 2010 77

78. Data Asset Valuation
• Data and information are truly assets because they have
business value, tangible or intangible
• Different approaches to estimating the value of data assets
• Identify the direct and indirect business benefits derived
from use of the data
• Identify the cost of data loss, identifying the impacts of not
having the current amount and quality level of data
April 21, 2010 78

79. State of Information and Data Governance
• Information and Data Governance Report, April 2008
− International Association for Information and Data Quality (IAIDQ)
− University of Arkansas at Little Rock, Information Quality Program
(UALR-IQ)
• Ponemon Institute 2009 Annual Study Cost of a Data
Breach
April 21, 2010 79

80. Terms Used by Organisations to Describe the
Activities Associated with Governing Data
Data Management 62.7%
Data Governance 55.4%
Data Stewardship 46.6%
Information Management 43.6%
Information Governance 17.2%
Data Resource
10.8%
Management
Information Stew ardship 10.3%
Information Resource
10.3%
Management
Other 13.7%
0% 10% 20% 30% 40% 50% 60% 70%
April 21, 2010 80

81. Your Organisation Recognises and Values Information as a
Strategic Asset and Manages it Accordingly
Strongly Disagree 3.4%
Disagree 21.5%
Neutral 17.1%
Agree 39.5%
Strongly Agree 18.5%
0% 10% 20% 30% 40% 50%
April 21, 2010 81

82. Direction of Change in the Results and Effectiveness of the
Organisation's Formal or Informal Information/Data
Governance Processes Over the Past Two Years
Results and Effectiveness Have Significantly
8.8%
Improved
Results and Effectiveness Have Improved 50.0%
Results and Effectiveness Have Remained
31.9%
Essentially the Same
Results and Effectiveness Have Worsened 3.9%
Results and Effectiveness Have Significantly
0.0%
Worsened
Don’t Know 5.4%
0% 10% 20% 30% 40% 50% 60% 70%
April 21, 2010 82

83. Perceived Effectiveness of the Organisation's Current
Formal or Informal Information/Data Governance Processes
Excellent (All Goals are
2.5%
Met)
Good (Most Goals are
21.1%
Met)
OK (Some Goals are Met) 51.5%
Poor (Few Goals are Met) 19.1%
Very Poor (No Goals are
3.9%
Met)
Don’t Know 2.0%
0% 10% 20% 30% 40% 50% 60% 70%
April 21, 2010 83

84. Actual Information/Data Governance Effectiveness
vs. Organisation's Perception
It is Better Than Most
20.1%
People Think
It is the Same as Most
32.4%
People Think
It is Worse Than Most
35.8%
People Think
Don’t Know 11.8%
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
April 21, 2010 84

85. Current Status of Organisation's Information/Data
Governance Initiatives
Started an Information/Data Governance Initiative, but
1.5%
Discontinued the Effort
Considered a Focused Information/Data Governance
0.5%
Effort but Abandoned the Idea
None Being Considered - Keeping the Status Quo 7.4%
Exploring, Still Seeking to Learn More 20.1%
Evaluating Alternative Frameworks and Information
23.0%
Governance Structures
Now Planning an Implementation 13.2%
First Iteration Implemented the Past 2 Years 19.1%
First Interation"in Place for More Than 2 Years 8.8%
Don’t Know 6.4%
0% 5% 10% 15% 20% 25% 30%
April 21, 2010 85

86. Expected Changes in Organisation's Information/Data
Governance Efforts Over the Next Two Years
Will Increase Significantly 46.6%
Will Increase Somewhat 39.2%
Will Remain the Same 10.8%
Will Decrease Somewhat 1.0%
Will Decrease Significantly 0.5%
Don’t Know 2.0%
0% 10% 20% 30% 40% 50% 60%
April 21, 2010 86

87. Focus of Information / Data Governance Efforts
Customers 70.2%
Financials 57.6%
Products and Production 46.6%
Services 41.9%
Sales 35.6%
Employees 31.4%
Supply Chain, Vendors, Suppliers 25.1%
Items / Materials 20.4%
Equipment and Facilities 16.2%
Maintenance 13.1%
Environment, Health and Safety 10.5%
Other 9.5%
0% 10% 20% 30% 40% 50% 60% 70% 80%
April 21, 2010 87

88. Overall Objectives of Information / Data Governance
Efforts
Improve Data Quality 80.2%
Establish Clear Decision Rules and Decisionmaking
65.6%
Processes for Shared Data
Increase the Value of Data Assets 59.4%
Provide Mechanism to Resolve Data Issues 56.8%
Involve Non-IT Personnel in Data Decisions IT Should
55.7%
not Make by Itself
Promote Interdependencies and Synergies Between
49.6%
Departments or Business Units
Enable Joint Accountability for Shared Data 45.3%
Involve IT in Data Decisions non-IT Personnel Should
35.4%
not Make by Themselves
Other 5.2%
None Applicable 1.0%
Don't Know 2.6%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100
%
April 21, 2010 88

89. Primary Activities of Organisation's Information /
Data Governance Efforts
Standardise Data Definitions Across The Organisation 70.5%
Provide Common Information Strategies, Processes, Policies, And Standards On Behalf Of The
Organisation
61.6%
Support Data Warehouse And Business Intelligence Initiatives 58.4%
Define And Standardise Common Business Rules Across The Organisation 53.7%
Select And Charter Specific Data Quality Improvement Projects 49.5%
Provide Oversight And Enforcement Of Data Standards On Every Project That Involves Information
Systems And Technology
47.9%
Establish A Common Vocabulary And Culture Around The Deployment Of Data That Ensures Its
46.8%
Privacy, Compliance, And Security
Support The Access And Use Of Common Corporate Data Through A Focus On Architecture And
Integration
45.8%
Support The Development Of An Enterprise Logical Data Model 43.7%
Guide The Management Of Master Or Reference Data 42.6%
Support Information Management Problem-Solving And Decision-Making And Providing Processes
For Strategic Alignment.
40.0%
Manage Information Products 27.9%
Measure The Costs Of Low Quality Data 25.3%
Measure The Value Of High Quality Data 23.2%
Implement Internal Information Chain Management 13.2%
Implement External Data Supplier Management 10.0%
Implement Information Product Management 10.0%
Other 10.0%
0% 10% 20% 30% 40% 50% 60% 70% 80%
April 21, 2010 89

90. Primary Drivers for Organisation's Information /
Data Governance Efforts
General Desire To Improve The Quality Of Our Data 65.6%
Data Warehousing / Business Intelligence 57.7%
Compliance / Risk 46.6%
Enterprise Architecture 33.3%
Information Security / Privacy 32.3%
Master Data Management (MDM) Project 31.2%
Applications / Systems Integration 30.2%
Customer Data Integration (CDI) Project 25.9%
Suffered Major Negative Impact From Bad Data Quality 22.2%
Service-Oriented Architecture (SOA) Project 18.0%
Enterprise Resource Planning (ERP) Project 16.4%
Merger And Acquisition Planning Or Implementation 12.7%
Product Information Management (PIM) Project 10.1%
Reaction To Competitors' Activity 3.7%
Other 8.5%
0% 10% 20% 30% 40% 50% 60% 70% 80%
April 21, 2010 90

91. Category of Tools Currently Used in Organisation
Data Quality Analysis, Assessment Or
66.3%
Profiling
Extract-Transform-Load (ETL) And Other
57.2%
Data Integration Tools
Data Modeling (Computer-Aided Software
48.7%
Engineering)
Data Matching And Reconciliation (Data
48.7%
De-Duplication)
Data Quality Monitoring 45.5%
Metadata Repository 44.4%
Data Remediation / Cleansing Tools 39.0%
Data Relationship Discovery And Mappings 28.9%
Workflow Tools 25.7%
Business Rules Engines 20.3%
Master Data Management (MDM) Tools 18.7%
Customer Data Integration (CDI) Tools 13.4%
Product Information Management (PIM)
5.9%
Tools
Rules Discovery Tools 4.3%
Other 5.9%
0% 10% 20% 30% 40% 50% 60% 70% 80%
April 21, 2010 91

92. Functional Area to Which the Leader of the Organisation's
Information / Data Governance Effort Reports
Information Technology 43.1%
Senior / Executive Management Team 31.0%
Finance 17.2%
Compliance / Risk 8.6%
Operations / Manufacturing 8.6%
Marketing 5.2%
Purchasing 1.7%
Legal 1.7%
Other 8.6%
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
April 21, 2010 92

93. Number of Levels Between the Organisation's Most Senior
Leader and the Person Most Directly in Charge of the
Information / Data Governance Effort
5 Levels or More 12.3%
4 Levels 14.0%
3 Levels 26.3%
2 Levels 22.8%
1 Level 14.0%
They are the Same Person 3.5%
Don't Know 7.0%
0% 5% 10% 15% 20% 25% 30%
April 21, 2010 93

94. Membership of Senior Information / Data
Governance Body within an Organisation
The Senior / Executive Management Team is the Top
21.4%
Information / Data Governance Body
C-Level non-IT Executives 26.8%
C-Level IT Executives 26.8%
Middle-Level non-IT Managers 51.8%
Middle-Level IT Managers 33.9%
Junior-Level non-IT Supervisors/Managers 7.1%
Junior-Level IT Supervisors / Managers 14.3%
My Organisation Does Not Have any Governance Body for
7.1%
Information and Data Assets
0% 10% 20% 30% 40% 50% 60%
April 21, 2010 94

95. Relationship Between Information / Data
Governance and Data Quality Leadership
Information Governance and Data Quality Are Led by the Same
36.8%
Person
Information Governance and Data Quality Are Led by Different
17.5%
People Who Report to the Same Manager
Information Governance and Data Quality Are Led by Different
19.3%
People Who Report to Different Managers
There is No Specific Individual in Charge of Our Data Quality
17.5%
Program
Other 8.8%
0% 10% 20% 30% 40% 50% 60%
April 21, 2010 95

96. Change In Organisation's Information / Data Quality
Over the Past Two Years
Information / Data Quality
10.5%
Has Significantly Improved
Information / Data Quality
68.4%
Has Improved
Information / Data Quality
Has Remained Essentially 15.8%
the Same
Information / Data Quality
3.5%
Has Worsened
Information / Data Quality
0.0%
Has Significantly Worsened
Don’t Know 1.8%
0% 10% 20% 30% 40% 50% 60% 70% 80%
April 21, 2010 96

97. Maturity Of Information / Data Governance Goal
Setting And Measurement In Your Organisation
5 - Optimised 3.7%
4 - Managed 11.8%
3 - Defined 26.7%
2 - Repeatable 28.9%
1 - Ad-hoc 28.9%
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
April 21, 2010 97

98. Maturity Of Information / Data Governance
Processes And Policies In Your Organisation
5 - Optimised 1.6%
4 - Managed 4.8%
3 - Defined 24.5%
2 - Repeatable 46.3%
1 - Ad-hoc 22.9%
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
April 21, 2010 98

99. Maturity Of Responsibility And Accountability For
Information / Data Governance Among Employees In Your
Organisation
5 - Optimised 6.9%
4 - Managed 3.2%
3 - Defined 31.7%
2 - Repeatable 25.4%
1 - Ad-hoc 32.8%
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
April 21, 2010 99

100. Average Per Record Cost of a Data Breach 2005 –
2009 USD
$250
$197 $202 $204
$200 $182
$150 $138
$100
$50
$0
2005 2006 2007 2008 2009
April 21, 2010 100

101. Average Organisational Cost of a Data Breach 2005 –
2009 USD
$8,000,000
$6,655,758 $6,751,451
$7,000,000 $6,355,132
$6,000,000
$4,787,637
$5,000,000 $4,514,429
$4,000,000
$3,000,000
$2,000,000
$1,000,000
$0
2005 2006 2007 2008 2009
April 21, 2010 101

102. More Information
Alan McSweeney
alan@alanmcsweeney.com
April 21, 2010 102