We are in the midst of a global “data evolution and revolution.” Data has been growing exponentially in volume and type. The abundance of data in the corporate world, on social media and the Internet of Things have made information very accessible with just a few clicks. What’s more, new actors such as “machine learning” heavily rely on data to learn and execute actions on its own.
Such growth requires a new breed of tools for users to be able to manage and govern data. When not managed properly, data tend to govern us — limiting us from harnessing its infinite potential. It’s as if we’re on the brink of the digital Wild West — where without the necessary sheriffs, data become vulnerable to the schemes of law-breaking citizens, to the detriment of data subjects and owners.
As a risk and compliance practitioner in a professional services firm and for banks, I have largely focused on the “control” perspective of handling data. Whether it be for privacy of personal data or information security of corporate data, it’s been an interplay of identifying key risks and implementing necessary controls. On the other hand, my business and decision making actor-enabler mindset as a consultant drives me to assess how data can be used to sustain and grow the business. With the wealth of data waiting to be analyzed, we have yet to unlock the valuable insights and perspectives they can bring!
With these perspectives, how do we consistently adopt the “control” and “growth” mindset on data? The key is data governance, which entails a shift in mindset from “data governing us” to “us governing our data.”
Forrester defines data governance as “the process by which an organization formalizes the fiduciary duty for the management of data assets critical to its success.” While there are varying definitions that try to encapsulate these concepts in one go, this definition highlights key linkages to the main tenets of (corporate) governance: fiduciary duty, management and (long-term) success.
Data governance enables both control and growth. It is about developing organizational capabilities anchored on effective leadership, mandate and culture to manage, protect and positively exploit enterprise data to achieve business objectives. Organizations are now increasingly focused on how to grow with data — emphasizing data as a strategic and enterprise asset. Growth use cases range from leveraging data to assess customer behavior for product design and offering, to real-time decision making on whether to make an investment or trade. Extending it further, we encounter the concept of “data monetization” where we get economic value from our data from a financial, exchange or product improvement perspective — subject to appropriate parameters considering risk, privacy and ethics.
If data is the new oil given its value for strategic and tactical decision making, then how do we govern data? We are not required to reinvent the wheel but rather leverage existing infrastructure and capabilities. Wherever we are in the data governance journey, we should consider the following components of data governance:
• Roles, responsibilities and organization: Accountability and ownership of data governance initiatives must be defined. Board and management level committees provide a collective view for data oversight and management. A strong executive sponsor should champion and drive it. In more mature organizations, Chief Data Officers are appointed to lead the data governance function while maintaining strong collaboration with other units. The concepts of “data owners” and “data stewards” must be established and clarified. Roles and responsibilities of data governance stakeholders are defined. More importantly, this component should highlight that data ownership rests more on the business and operations units, rather than IT (who are more of data stewards and custodians).
• Policies, processes and standards: To ensure the consistency of understanding and implementation of data governance principles, appropriate policies supported by procedures, standards and guidelines must be developed. These cover the data life cycle (from creation/acquisition/retention to retirement/destruction), data security dimensions (confidentiality, integrity and availability), data standards and data use. In most cases, these items are covered by information security and IT documents, but more emphasis and work are required to define data quality and data use for growth. For data standards, often taken for granted attributes such as the golden and single source of truth, naming conventions, character length, acceptable values and data formats are explicitly described.
• Change management and data culture: The renewed focus on data for control and growth will require organizational and mindset change. While the default response will be resistance or mere compliance, data governance champions must be clear and transparent in communicating the changes, their impact on employees, and the expected benefits for the organization and the individuals. Hesitation stems from the fear of being replaced or the inability to adapt, so change interventions such as capability-building should endeavor to address these. Also, articulating a consistent passion for a “data-driven and enabled culture” will slowly onboard everyone to the business case of good data, and the collective and individual contributions to make it happen.
• Data architecture: What data do we hold? Where are they and how do they flow from one entity to another? What are the relationships of these data to each other? Defining the data architecture provides the blueprint simplifying internal and external data sourcing and processing. Likewise, the conceptual, logical and physical data models are articulated and maintained.
• Data quality and metrics: We define the dimensions of data quality, how it applies to the organization and how to measure it. Data quality dimensions include completeness, accuracy, timeliness, consistency and uniqueness. Metrics to measure performance are defined such as the percentage of data with identified owners, number of mapped records from source, percentage of records with complete attributes, among others.
• Tools, technology and methodology: These refer to the supporting infrastructure enabling the foregoing components — to build data repositories, define data dictionary and glossary included. Specialized software to cover data quality, management and reference data are also available, allowing organizations to digitally trace the data life cycle from source to consumption, including processing in between.
Underpinning these dimensions are the critical aspects of defining the data strategy (aligned with business and IT), risk-based data security and privacy, and regulatory compliance.
Data governance for control and growth is a journey starting from the first step of establishing the framework, and sustaining the momentum as part of “business as usual.” Good data governance fits the organizations’ purpose and context and highlights data as a key business imperative. Once in place, data governance magnifies confidence and reliance on data and enhances the decisions we make out of it.
Are you ready to start your data governance journey?
The views or opinions expressed in this article are solely those of the author and do not necessarily represent those of PricewaterhouseCoopers Consulting Services Philippines Co. Ltd. The content is for general information purposes only, and should not be used as a substitute for specific advice.
Alvin Dave M. Pusing is a senior manager with the Risk Consulting practice of PricewaterhouseCoopers Consulting Services Philippines Co. Ltd., a Philippine member firm of the PwC network.
+63 (2) 845-272