Actionable Data Governance


Published on

  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Actionable Data Governance

  1. 1. Actionable Data Governance Talk is cheap, but can you really implement a sustainable Data Governance Program ? By Joyce Norris-Montanari, Principal Architect CIBER’s Global Enterprise Integration Practice Manish Sharma, Principal Consultant CIBER’s Global Enterprise Integration Practice Abstract: There is so much written right now about data governance. Who needs data governance? In truth, some organizations (usually very small) do not need a robust data governance program. However, the rest of us do need to consider things like who is using the data, where is the data being used, and the accuracy of the data. Along with all those ‘data’ issues come business rules, data policies, and usage guidelines. Not the easiest endeavor – data governance! The definition of Data Governance, and the steps required to achieve governance, has changed over the years. Organizations may have started with a step-wise approach that depended on only alignment of business and IT, but are now realizing that data governance is a lot more than just policy and procedures.
  2. 2. 2 Actionable Data Governance
  3. 3. CIBER, Inc. 3 Data Governance Definition Everyone has a definition for data governance, and no good paper would start without one. CIBER defines data governance as the intersection of people, process, and technology using standards, policies, and guidelines to manage the corporation’s data, while bringing value to the organization. Data Governance vs. Data Stewardship Not to be confused with data stewardship, data governance deals with the implementation of the policies to ‘govern’ data usage, correctness, and validity. Data stewards make it happen day in and day out! Data stewards oversee the data, implement the aforementioned policies, and could be the subject matter experts (SMEs) in your organization. Data Governance Maturity Model – Everybody’s Got One! Everyone seems to have a data governance maturity model that they use to tell organizations how they fare in the world of data governance. We would like to share with you our vision of data governance maturity. However, in this document, you will find not only explanations surrounding people, process, technology, and value to the organization, but also what you need to do to get to the next level of maturity. Please understand that the climb to the top level of any maturity model is difficult, and sustaining the data governance program will prove to be a challenge.
  4. 4. 4 Actionable Data Governance CIBER’s Data Governance Maturity Model (Levels) We have chosen four (4) levels of maturity for Data Governance. Each level is clearly defined by characteristics involving people, process, technology, and value to the organization. We have also included actions (steps) to take to get to the next level. As figure 1 shows, each level builds on the next level. No one can jump to the top automatically, there are actions that must be taken along the way! Data Management Chaos Complexity and Value Adoption and Continuous Level of Effort Improvement People • Data governance has executive participation and support Usage • Data governance group works with the data stewards and the business users People • Organization proactively manages its Acceptance • Data governance is strategic data governance policies • Data stewards are cross enterprise People • Business ownerships of data is key • Departmental Initiatives Process • Data quality group in place Process • New policies are put into place to Introductory • No management buyin - ensure correctness in the enterprise • Enterprise integration is mainstream • Real time governance is emerging - • Impact analysis on new initiatives is People Process • Metrics are measured most times completed prior to coding • Champions in Silos • Business rules start emerging • No management buy -in • Data correctness is key Technology Technology • Applying domain specific knowledge • Process application is still siloed • On - going monitoring is implemented • Metadata is integrated from data • Real time is partially implemented - modeling,database, ETL, profiling, data Process Technology • ETL metadata is made available quality, auditing , logging and usage • Ad Hoc • Quality tools are in use • Dashboard or control center shows the • Some areas of Data Management • Profiling is not mainstream Value current state of data governance not documented • Minimal metadata in ETL tools • Integrated metadata is becoming disciplines pervasive • Metadata mining takes place to enhance Technology Value • Reports appear with integrated metadata future practices • Tools not a part of the landscape • Limited recognition of quality benefits • Common view of KPIs is becoming Value • Policies and principles not applied • Reports emerge with measurable KPI available • There is single view of the governance • Tools without governance framework on data quality process • Business metadata is taking root • Better decisions Value • Reactive • No reuse • Standards revisited every time Incidental Reactive Preventive Proactive Communications Figure 1: CIBER Data Governance Maturity Model
  5. 5. CIBER, Inc. 5 Level 1 Process The introductory level of data governance has risks – Introductory or Incidental associated with every report that gets produced. No This is actually the base level of the maturity model one really knows if the data is right across the silos, for data governance. For the most part any data but they have data or what can be termed as ‘output’. governance practices are not used extensively in There are no policies regarding how to use data, the enterprise, but are more of a ‘closet’ effort. By each report may have its own definition of the data ‘closet effort’ we mean only one or two people are – such as how to count revenue for the organization- considering any governance over the data used in - and the business rules around those metrics. No a project. one really knows if the data is correct, and there is no standard way to address data quality. Data just gets People reported the way it is meant to be reported within the The people involved on the introductory level usually silo. Usually there is no development methodology surround the competencies of one or two people to at this level other than ‘start programming’ or hero create successful application implementation. The mentality, and certainly no data “awareness” or data people are the asset, and the key to success for stewardship. level 1. There is usually no management ‘buy-in’ for data governance; in fact, upper management doesn’t Technology even know they have data inconsistencies. There This is a case of the cobbler’s children having no are no people to champion data quality initiatives shoes. Usually, at this level of data governance, an or stewardship, except for the operational team that organization has no data quality or profiling tools. An is responsible for the data, and their involvement is ETL/ELT (Extraction, Transformation, and Load or limited. People create data redundancies or silos Extraction, Load, and Transform) tool may exist, but is across the organization, because they can get the not exploited as part of any data architecture solution. application implemented sooner, and under direct It is certainly not deemed the prescribed tool to use control of the silo manager. People and data are both for conversion or propagation into a data warehouse issues, because the viewpoint is narrow and focused for business intelligence (BI). If the tools are not part on serving the silos! of the solution, then metadata integration is not even
  6. 6. 6 Actionable Data Governance a thought at this level. This leads to problems with from management; without that it’s just another inconsistent definitions of common attributes, and IT task. lack of management of master data. 3. Acquire data profiling and data quality tools. Maybe just start with data profiling this year, Value to the Organization and add data quality next year. We can say The organization that is at the introductory or incidental from experience you will find issues in the data, level of data governance maturity is usually in reactive and you will want to fix it. You will need to use mode, and prone to fire fighting issues around data. the data quality tools or write the programs in They work on what is the highest priority today. There your ETL/ELT tool. is usually no real process reuse or repeatability on any of the projects. Each time there is a new project, 4. Begin the effort to profile and document all the everything is usually recreated from scratch. source systems. Your organization is at the lowest level of maturity, so you probably have Actions to Get to the Next Level quite a few silos. Start the effort of integration If you want to get to the next level of maturity in data with a plan to add profiling into each project. governance, do the following: 5. This might be the place to be! You can use the 1. Get management ‘buy-in’ based on assessing blank canvas to your advantage. the benefits of compliance and integration. We suggest showing them their own dirty laundry Things to do: (data), and look for a reaction! This usually gets 1. Get Management ‘Buy-In’ their attention, especially the financial people. 2. Look for tools to address data quality Use data profiling tools to help! Otherwise, write SQL. 3. Review the ETL/ELT process for intersecting with data profiling 2. Create a stewardship program to handle everyday issues about data. For instance, this 4. Look for data champions who understand the data could be an added task in the data management 5. Evangelize the concept across business units group. Or consider hiring another person to 6. Make this an organizational issue – not an IT issue implement the tasks and develop and manage the procedures involved in a data stewardship 7. Initiate a process to start understanding metadata program. See 1 above – it still requires ‘buy-in’
  7. 7. CIBER, Inc. 7 Level 2 performance indicators (KPI) on the quality of the data. Management receives the reports, but is still – Acceptance or Reactive not sure what to do with them. Acceptance (Level 2) in the data governance maturity model has a few successes. It is truly an acceptance Actions to Get to the Next Level that the organization has got to change its practices To get from Acceptance to Usage and Analysis will to continue to be effective and efficient, which usually require making profiling and quality tools part of the means ‘buy-in’ from business and IT. day-to-day processes. Integration of the data is a big concern for management. We must now determine People a path to compliance for the data. Funding of the At this level we have groups of people who find data governance program or group is now a reality, success in their implementations. The success is and must take place. Now, we are not saying you probably found in an ERP or a BI implementation. need a group of 12 to do data governance. We A data quality group starts to emerge because they suggest starting with a few good people (you may found all the dirty data during conversion of the ERP already have them), and management sponsorship. or BI implementation. There are still no real standards Stewardship must be understood, and implemented or procedures, but we are sure thinking about them. as a day-to-day process. Again, stewardship is a At this point we still do not have management ‘buy-in’ role, not necessarily a job. Most likely, stewards for corporate data governance, because they are not already exist in your organization. They know data! quite sure how to address the whole ball of wax. So management continues to avoid the issue. Things to do: 1. Start working at an inter-departmental level to Process educate about data governance Acceptance means we are starting to create business 2. Normalize the understanding of KPIs rules. The business rules live in our data models 3. Establish metrics around data quality, and ETL/ELT processes. We are not sure what to correctness and validity do with the business rules, but we know they are 4. Document and use business metadata, using important. So, we collect the business rules, maybe your data modeling tool even document them appropriately. Data quality 5. Use data profiling and data quality tools across a and correctness becomes crucial for success of the major part of data collection and dissemination organization. This is understood by all the data people in the organization, but data is still spread across the enterprise. The entire data problem is hard to work Level 3 around, but we accept it, and continue. At this point – Usage and Analysis the scale and vastness of the issue is apparent, but the solutions seem complex and overwhelming. (Preventive) At level 3 we really start using the people, process, Technology and technology together to bring value to the Acceptance brings technology changes. Quality organization. An enterprise awareness of data tools are used within the enterprise for customer governance is happening quickly and is on the minds relationship management (CRM) or ERP. Data of many people in the organization. profiling is not accepted as a day-to-day practice, but is used prior to conversion of data in some projects. People ETL/ELT tools exist, but the metadata capabilities are Executive level management starts to view data not used as part of the corporate metadata strategy. governance as strategic. Data stewards are now the mechanism to implement data quality and evangelize Value to the Organization data discipline across the enterprise. We are a group Acceptance by the workers still limits management of people across the organization with our priorities recognition for the data quality achievements. direct toward data quality, data correctness, and data Management is still not with us all the way. So, integration. These people might even be organized reports start emerging with measurable key
  8. 8. 8 Actionable Data Governance into committees or working groups, because their and data modeling tools. Some of this metadata is now outreach into the organization is increasing. available. Security, auditing, and usage of the metadata is recognized as useful, but not yet implemented. Process Data integration is mainstream; it is understood that Value to the Organization this has to happen for this organization to prosper. The organization has integrated the metadata, but is Data governance is included in ‘real-time’ data efforts, not quite using all of it the way it could. Reports emerge and included as tasks in those projects. Metrics are with integrated metadata about data quality, data usage, measured some of the time, and our shift is in the and auditing information. The organization sees the direction of prevention, not reaction. Some of the nugget, but not the gold mine! processes that are producing results at this stage are: • Data Architecture Actions to Get to the Next Level To get to the next level (Adoption and Continuous • Data Policies and Standards Improvement) takes a bigger effort with metadata. • Data Quality and Correction Plans A complete corporate metadata strategy has to be created. This requires us to understand all the • Metadata Management sources of metadata, and how they should integrate • Information Lifecycle Management to be useful to the organization. A metadata strategy is easy to create, and hard to implement (much like Technology Data Governance). A data governance dashboard We got the tools! On-going monitoring, based on a that indicates the health of the organization should be few KPI, is conducted consistently. Real-time data considered. The team now needs to start looking at governance is partially implemented, but not quite how to audit the systems, and what technology will help complete. A metadata strategy is started that takes that effort. This is a step towards creating value through advantage of the metadata in the profiling/quality, ETL, data and risk compliance.
  9. 9. CIBER, Inc. 9 Things to do: governance KPI in the organization. People now start 1. Make data governance a part of the overall to mine the metadata. Oh, the joy of analysis, and learning what you don’t know (or wanted to know)! Enterprise Architecture governance landscape 2. Work on the integration of tools and processes Value to the Organization that address data modeling, data movement, data Data governance is viewed as a control center for the management, data quality and data profiling organization. The data, business rules, and policies 3. Make sure operational, administrative and business are in place and continually monitored. Improvements metadata is used wherever applicable within the are demonstrated based on the monitoring process, various processes and filtered back into the data governance disciplines. There is definitely a better corporate understanding of 4. Look for a data czar to control the overall data, and the data, and the practices surrounding the corporate choose that set of people from the business data. The organization sees that they are making better 5. Ensure KPIs are documented, accepted and now decisions. implemented consistently Actions to Get to the Next Level Where do you go from the top? On-going monitoring Level 4 will yield improvements for the organization. Mining the metadata will shed more insight into what the – Adoption and Continuous ‘future’ level of Data Governance will become. As Improvement (Proactive) with any continuous improvement process you will be Nirvana! Or so you think! This is the highest level in the better positioned to adjust to changes in demand or Data Governance Maturity Model for today. This is the environment, because most (if not all) of what you do vision that we have had all along this process, climbing is documented. from one level to the next. Things you can still do: People 1. Make data governance a part of the IT governance Data governance has executive participation, and landscape support. The data governance group and data stewards 2. Ensure data governance has a seat at every touch work together to continually involve and educate the point with data, which includes data modeling, business users. The organization proactively manages data architecture, data management, metadata, their data governance policies as part of any project, data quality, data profiling, data archiving and and continues to be involved in the success of the data analytics organization. A clear indication that you have reached the top is when the business knows where to turn in 3. Institute a review process for the governance case they have a question related to quality of data or program its use, and does not necessarily mean tapping “Bob” on 4. Create and maintain a dashboard to display the the shoulder. activities and metrics around the data governance program Process New policies are put into place to ensure correctness of the data for the enterprise. Impact analysis on new initiatives is completed before coding begins, to address who and how the data get used, correctness of the data, and business rules surrounding the data. Technology Metadata is integrated from all products, including auditing and usage tools. The data governance dashboard shows the current state of all the data
  10. 10. 10 Actionable Data Governance Where to Start! References: Some organizations have been doing parts of Data The 7 Stage of Highly Effective Data Governance: Governance for years. For example, if the organization Advanced Methodologies for Implementation – Martha has implemented master data management (MDM), BI, Dember, CIBER, Inc. 2006 and/or customer data integration (CDI) solutions, some standards, policies, data definitions, and business Data Governance and Content Management Frameworks, rules around the data have already been created. By CIBER, Inc. November, 2002 implementing those types of projects successfully, you have created parts of stewardship committees, business Alpha Males and Data Disasters – The Case for Data rules, and part of the entire corporate data policies. If Governance, Gwen Thomas you haven’t started, consider it during any master data management (MDM) or data integration initiative. The Importance of Data Governance and Stewardship in Enterprise Data Management, DataFlux, Ann Marie Summary Smith – EWSolutions Data Governance does not happen overnight. In fact, it IBM Data Governance Council Maturity Model: Building cannot happen within three months, and may take a few a roadmap for effective data governance, October years! But what you can do is bite off a small piece and 2007 continue working toward the goal at Level 4 (Adoption, Continuous Improvement and Proactive). If every The Data Governance Maturity Model, DataFlux organization continues towards that goal, who knows, Corporation, 2007 soon Data Governance may truly become another service in a service-oriented architecture (SOA).
  11. 11. CIBER, Inc. 11 About the Authors Joyce Norris-Montanari Manish Sharma Principal Architect Principal Consultant Global Enterprise Integration Global Enterprise Integration Practice Practice Joyce Norris-Montanari, CBIP, is a Principal Architect for Manish Sharma, Principal Consultant for CIBER’s CIBER’s Global Enterprise Integration Practice. Joyce Global Enterprise Integration Practice. Manish assists assists clients with all aspects of architectural integration, customers in all aspects of enterprise architecture, business intelligence, and data management. She application integration and data architecture. Manish advises clients about technology, including tools like has worked on a number of data and application extract-transfer-load (ETL), profiling, database, data integration initiatives for clients in the public and private quality, and metadata. sector, with an emphasis on data in motion, canonical models and integration of information repositories. He Joyce has managed and implemented integration, has worked with organizations in public sector, health data warehouses and operational data stores in a care, retail and software product development. variety of industries including education, pharmaceutical, restaurants, telecommunications, government, healthcare, Manish can be reached at financial services, oil and gas, insurance, research and development, and retail. Joyce speaks frequently at data warehouse conferences, and is a regular contributor to several trade publications, including DM Review. She co-authored Data Warehousing and E-Business (John Wiley & Sons, 2001) with W.H. Inmon and others. She is a member of the Boulder (CO) Brain Trust and is Program Director of the Denver branch of DAMA. Joyce can be reached at
  12. 12. CIBER, Inc. (NYSE: CBR) is a pure-play international system integration consultancy with superior value-priced services and reliable delivery for both private and government sector clients. CIBER’s services are offered globally on a project- or strategic-staffing basis, in both custom and enterprise resource planning (ERP) package environments, and across all technology platforms, operating systems and infrastructures. Founded in 1974 and headquartered in Greenwood Village, Colo., CIBER now serves client businesses from over 60 U.S. offices, 25 European offices and seven offices in Asia/Pacific. Operating in 18 countries, with more than 8,000 employees annual revenue over $1 billion, CIBER and its IT specialists continuously build and upgrade clients’ systems to “competitive advantage status.” CIBER is included in the Russell 2000 Index and the S&P Small Cap 600 Index. CIBER, Inc. • 5251 DTC Parkway • Suite 1400 • Greenwood Village, CO 80111 • 800.242.3799 © 2008 CIBER, Inc. All rights reserved. CIBER and the CIBER logo are registered trademarks of CIBER, Inc. CIBER stock is publicly traded under the symbol “CBR” on the NYSE.