G 3 KENYA REVENUE QS) AUTHORITY Data odmaaaNRSIT fersion.t KRA DATA GOVERNANCE FRAMEWORK Version 1, July 20193 KENYA REVENUE GS) ACTHORITY 180 goo: HREHTTED Data Governance Framework Version ‘TABLE OF CONTENT Introduction Data Governance Vision, Mission and Goals, Goals. Principles... Data Governance Policies end Standards. Data Governane Structure an Accountaity Mechanisms Governance Strutite Roles f the Data Governance Committe, Roles ofthe Data Stewards Roles ofthe Data Governance Partners. Roles af the Data Governance Owner (Cosporate Data Office). Data Governance Implementation Matrix. 10 Legal Instruments es Definition nnn 6 Appendix. a 20 DATA CHALLENGES IN KRA. = 20 {Implementation Work Plan. 22G, 3 KENYA REVENUE = YS) AUTHORITY Data Governance Framework Versions, Introduetion Today, digital systems are producing more and more data with a recognized value, and data governance is becoming increasingly desired and nezessary. The Kenya Revenue Authority in its 7 Corporate Plan seeks to transform towards being a data driven revenue administration where data inform decision making and used in day-to-day risk management, compliance and Business Intelligence as-a-service is increasingly becoming important in driving compliance initiatives and understanding taxpayer habits and trends towards taxpayer base expansion. And as the use of data increases in the Authority, there is the need to have central management of data to ensure KRA has quality data that is secure, up-to-date, accessible and easily understood, Data Governance is thus instituted in KRA to oversee all issues of data ‘management including data integration and architecture, data security, data quality, data migration, business intelligence and 3 party data management. ‘This framework seeks to guide the governance of data through defined rules, data regulations and controls that ensure security, accountability and integrity of data in-flowing from internal systems, external systems and 3 party data sourees and out-flowing for use in business and decision making at the Kenya Revenue Authority,G, 3 KENYA REVENUE 9 AUTHORITY Data Goveiance Wiamework Versions ‘Data Governance Vion, Maion amd Goal KRA Vision ata Governance Vision AGlobally Trusted Revenue Agency ‘Adata driven revenue agency Facilitating Taxand Customs Compliance. facilitating Taxand custom compliance. Data Governance Mision ‘To facilitate KRA transformation foster Compliance towards being datadriven Legislation. revenue administration through, ‘quality and secure data delivered via the corporate data governance strategy. Goals 1. Develop policies and procedures to ensure consistency in how data is sourced and used across the Authority in order to ensure data quality and integrity. 2, Define roles and responsibilities that govern the management of organizational data. 3. Identify, map, document, increase access of organizational data Principles ‘The following principles guide the implementation of key Data Governance initiatives/domains in KRA: Data must be recognized and valued as a strategic organizational asset. Data must have clearly defined ownership and accountability structures. 43. Data quality must be defined & managed eonsistently across the data lifecycle. 44. Data must be managed to follow relevant policies and legislations.G C9 KENYA REVENUE Sv AUTHORITY 150 ooou2018 CHIE ‘Bovernance Framework Version. es. providing all stakeholders with a common understanding of ance Framework were achieved after analysis of current data Related Laws “The data protection and security poliey defines ‘measures and tools required to ensure data and secured to prevent privacy violations i processing and sharing of data. x, GDPR 2. Kenya Data Protection architecture. For example, a PIN is of data type Varchar and hhas 9 characters with the first and last characters being letters, Data Integration Policy “The data integration policy defines the standards for data sharing and communication between systems. Privacy and Protection of Personally Identifiable Information ‘Data Migration Policy | The data migration policy guides all data migration processes or | projets in KRA to ensure thatthe right procedures are followed ‘when moving data from one system to another. The policy will | also provide guidelines on archiving of historia information, ata Modeling Policy | The data modeling policy explains the overall structure of data | and data-related resourees as an integral part ofthe enterprise N/A3 KENYA REVENUE (WS) AUTHORITY 180 ooo1:2015 CEREEER a Data Privacy Policy "The data privacy poliey acts as a privacy statement in all KRA systems that interface with taxpayers and clients. It covers the storage, processing and sharing of data, to ensure data confidentiality x. GDPR 2. Kenya Data Protection Bill |S Pariy Data Policy Data Quality Policy “The data quality poliey seeks to guide the data quality processes ‘and explains measures to ensure that data quality is achieved at ‘the enterprise level ‘3 party data policy provides guidance to the acquisition, Storage, usage and sharing of 3" party data acquired by KRA. ‘Guides KRA's data awareness and sensitization strategy to help staff appreciate the value of data as a corporate strategic asst. “Te procedure manual provides guidance on the processes departments need to go through to acquire and use dat for ‘example generating reports and performing analytes to get ‘trends and make revenue projectionsi KENYA REVENUE = Bs) AUTHORITY acai Hatnework Version. Data Governance Structure and Accountability Mechanisms Governance Structure Data Governance Committee (Departmental Heads) Corporate Data fice [| (ata Governance Cwner) Data Stewards Data Governance Partners (8, ISO, DTD, CRBC, R, (CT, M&C, TLO) ‘KM&CP) Roles of the Data Governance Committee 1. Sponsoring, approving, and championing the enterprise strategie plan and policy. 2 Communicating with lines of business the expectations and requirements for data governance. Pushing data governance into their areas by actively promoting improved data governance practices. 4. Making decisions at a strategic level in a timely manner given the appropriate knowledge to make that decision. 5. Advising the data governance owner in applying data governance to risk management, compliance and business fuctions-specific governance interest. Roles ofthe Data Stewards The Data Stewardship program is an initiative to provide a structured framework to support organizational Data Management and Utikzation in KRA. To optimally utilize staff knowledge and expertise to furthe> the data ‘management objectives of KRA, the Data Steward will have the following roles ‘within Data Governance; 4. Champion and facilitate the appropriate use ofthe data that ‘all within ‘their business unit, 2 Acting as the point communications persons for distributing data policies and guidelines in the department, 3. Promote departmental data quality standards for data entry and reporting, 4. Build collaborative relationships with other data stewards and with users of the data they steward, 5. Creating, reviewing, and approving departmental data d:fiitions,G, 2) KENYA REVENUE ys) AUTHORITY Faindwork Versions 6, Collaborate with other data stewards to resolve issues related to standards and definitions for those data elements that cut across all business units, ‘7. Communicating concerns, issues and problems with departental data to Data Governance Committee. Roles ofthe Data Governance Partners '8. Focusing on consistent protection/classfication of data by data classification 69, ‘Technical handling of data to meet data classification requirements. 10, Securing IT infrastructure on bebalf ofthe business units that own oF have responsibilty for data. 11, Assuring that sensitive data, regardless of format, is protested at all ‘times by only using approved equipment, networks, and othe: controls. 12. Championing the integration of data governance within the standard ‘project methodology. 1g, Ensuring that standard project methodology is followed and that policies, procedures and metrics are in pace for ‘maintaining/improving data quality and the creation, capture, and intenance of metadata. 14. Ensuring that all “strategic” data is modelled, named, and defined consistently. 45. Ensuring that projects source and utilize data as much as is feasible from the designated system of record. 16, Providing technical support for ensuring data quality. 17, Providing technical support for data governance and data cleansing efforts where required. Roles of the Data Governance Owner (Corporate Data Office) 4. Overseeing enterprise data governance program developmen 2 Administering Data Governance, including facilitating the data ‘governance committee meetings. 43. Providing the agenda for the data governance committee meetings. 4 Developing and delivering data governance educational, awareness, ‘and mentoring materials. Providing quality assurance ~ oversight, monitor, and report results to governance committee. 6, Establishing, maintaining, and periodically reviewing and recommending changes to data governance policies, standards, ‘guidelines, and procedures. ‘7. Assisting in defining data quality metries for periodic release. 8, Supporting data quality issue analysis and remediation for “strategic” data. 9. Condueting assessment to ensure that policies, procedures and metres are in place for maintaining/improving the program.9 KENYA REVENUE “ee USP AUTHORITY 180 90012045 CER et Governance Framework Version. Data Governance Implementation Matrix [Data Data Quality | Data integration | Business [Data Privacy, [Data | Architecture Intelligence and | Protection and | Governance Seourity Structures and ‘Accountability | _ ‘Mechanisms Develop and Develop and Understand Data | Develop Data ‘maintain enterprise | promote data Security Needs and | governance data models Gualty awareness Regulatory framework Information Needs | Requirements Develop and Define data quality | Assess Application | Define the Data | Define Data Define Data maintain modelling | requirements | Integration Warehouse /BI | Security Policy and design Interface | Areitecture standards Est Tinplement Data | Define Data Warehousesand | Security Standards Data Marts | Profile, analyze and assess data quality Define data quality metres Define Data Develop Policies Security Controls | and standards ‘and Procedures Define data quality Manage Users, | Identify key ‘business rules Passwordsand | Projects and Group Membership | services Greate and ‘Clean and correct — [Monitor and Tine | Manage DataG 9 KENYA REVENUE = YS) AUTHORITY 150 90012015 CER Governance Framework Version.1 ‘Maintain Master — | data quality defects Data Warehousing | Access Views and Processes Permissions onitorand Tune | Monitor Uscr BI Activity and Performance _| procedures ContinuouslyG 9 KENYA REVENUE Ws) XOTHORITY eee "EN Bats Governance Framework Version.s ita Protection | snd Security| processing of daraGs ae REVENUEG 9 KENYA REVENUE Qs) AUTHORITY '*CERita Governance Framework Version.t Basiness : Intelligence and Reporting Data Arhitecureema G,) KENYA REVENUE QS) AUTHORITY Data Governance PMOL Version. Legal Instruments 1. Kenya Data Protetion Bll 2 GDPR 3 Tax Procedures Act 4. Kenya Information Actserena, G 3 KENYA REVENUE Lys) AUTHORITY Data Goverianes Fesmework Versions Definitions ‘Access Management Ensuring that only approved roles are able to ereate, read, update, or delete data ~ and only using appropriate and eontrolled methods. cRuD Create, Read, Update, Delete. Describes access rights for data, (Change Control, A formal process used to ensue that a process, product, service, or technology: component is modified only in accordance with agreed-upon miles, Compliance Means adhering to laws, regulations, standards, and contractual arrangements, They could be Regulatory compliance, contractual compliance, adherence to internal standards, policies, and architectures, and conformance to rules for data management, project management, and other disciplines. Control A means of managing a risk or ensuring that an objective is achieved. Controls can be preventative, detective, or corrective and can be fully attomated, procedural, or technology-assisted humen-initiated activities. They cat include actions, devices, procedures, techniques, or other measures, Data Integration ‘Managing multiple records containing information. Uses a combination of technologies, processes and services to align information in multiple repositories. Data Architecture Focuses on integrating sets of information. Data Dictionary A database about data and database structures. A catalog ofall data elements, containing their names, structures, and information about their usage, for the benefit of programmers and others interested in the data elements and their usage. a5INTERNAL AUTHORITY PEinework Versions G, 2) KENYA REVENUE Ly Data Governang Data Element ‘The smallest piece of information considered meaningful and usable. A single logical data fact, the basic building block of a Logical Data Model Data Governance ‘The exercise of decision-making and authority for data-related matters. The organizational bodies, rules, decision rights, and accountabilities of people and information systems as they perform information-related processes, Data Governance determines how KRA makes decisions — how we “decile how to decide.” Data Governance Framework A logical structure for organizing how KRA thinks about and communicate Data Governance concepts. Data Governance Office (DGO) A. centralized organizational entity responsible for facilitaing and coordinating Data Governance and/or Stewardship efforts for an organization It supports a decision-making group, such as a Data Stewardship Cou Data Mapping ‘The process of assigning a source data element to target data element. Data Modeling Conducting analysis of data objects used in a business or other context, entities the relationships among these data objects, and ereates medels that depict those relationships. Data Privacy ‘The assurance that a taxpayers’, employee and 3° party data :ncluding personal and private information is not inappropriately disclosed, Data Stakeholders ‘Those who use, affect, or are affected by data. Data Stakeholders may be upstream producers, gatherers, or acquirers of information; downstream consumers of information, those who manage, transform, or store data, or those who set policies, standards, architectures, or other requirements or constraints,rrenxa, G 3 KENYA REVENUE hy AUTHORITY Data CHOIR WARE Rerstona Data Steward A person with data-related responsibilities as set by a Data Governance or Data Stewardship program. Enterprise Architecture Enterprise Architecture (EA) is a comprehensive framework used to manage and align an organization's business processes, information technology (I) software and hardware, local and wide area networks, people, operations and projects with the organization's overall strategy. (Review definition) Enterprise Architecture is often subdivided into four architectural domain: Application Architecture, Business Architecture, Data Architecture, and Systems Architecture. Other types of architectures (security, eempliance, controls, ete.) may be considered as part of EA, or they may be aligned with BA. In some organizations, EA is primarily focused on Business Architectures and Business Process Management, IT Governance ITGI (The IT Governance Institute) defines Information Technology governance as “the leadership, organizational structures, and processes that ensure that the enterprise's IT sustains and extends the enterprise's strategies and objectives. IT Service Management (ITSM) ‘The implementation and management of Quality IT Services that meet the needs of the Business. IT Service Management is performed by IT Service Providers through an appropriate mix of people, Process and Information Technology. (Baseline IT definition) Information Architecture Focuses on the design and organization of data, unstructured information, ‘and documents. In is one of the four Enterprise Architectures (with Application Architecture, Business Architecture, and System Arehitesture), In the context of designing documents and web pages, itis the structuring of large sets of information, as opposed to the development of the content of any content unit within the larger se, ‘Master Data ‘Master Data are the “nouns” upon which business transactions take action. ‘Master Data describes core entities of an enterprise that are used by mi business process and IT systems. Examples are parties (eg, customers, employees, vendors, suppliers), places (e., locations, sales territories, offices), and things (e., accounts, products, assets, dacument sets). See also Reference Data, a”G 3 KENYA REVENUE “ee YS) AUTHORITY Data Governed Hamewark Version. Master Data Management (MDM) A structured approach to defining and managing an organization's Master Data. Metadata ‘Data about data. The definition and scope of metadata depends upon context. In the context of Information Management, metadata is generally thought of as providing information (what database stores it? what data type is it? how long is the field? etc.) about a data element, Within the contest of Data Governance, the term also includes “business” metadata such as the names ‘and roles of Data Stewards. Metadata repositories are employed to store and report on metadata, OLAP Online Analytical Processing prp Domestic Taxes Department cane Customs and Border Control Mac ‘Marketing and Communication 18 Investigation and Enforcement Icr-ss Information and Communication Technology ~ Information Systems Security DW-BI Data Warehouse and Business Intelligence 8INTERNAL C3 KENYA REVENUE Ay) KOTHORITY 180 ooouzo1s CERT Bovernance Framework Version.t Appendix DATA CHALLENGDS IN KRA _ CHALLENGE | CAUSES OF THE PROBLEM SOLUTION Duplieate/ shared 7. Migration of data from legacy to TNS and Tax Ted]. on data migration from one sytem to PINS to taxpayers registering for new detail 2, Lack of clear guidelines on registration ide the registration of PI companies having branches for examples ving branches/operatng in schools and societies Tncorrest E-mail & Mobile Information 1 There was no validation of mobile phones and emails 2. Lack of data validation to check on validity of information troduction ofa verification code to verify email password using a one-time password. ing in place field validation for the * Gaa/itforination ener nt the yes Taxpayer Misclassification in the Tax system Limited classification of occupation for individuals and ‘economic activity for non-individuals (eg. companies) Kenya National Occupational Classi Standard (KNOCS).G 9 KENYA REVENUE . Lys) KUTHORITY eg |] CHALLENGE | CAUSES OF THE PROBLEM ‘SOLUTION 4 Tacos Caper : 1 Data deaning find he comet Balan ; Balas and update fn Tax deed 4+ Manual and com manual systems where retusus |», Burlopmneat of Bate Mati 5 | ising Records and peyments are captired manually by staff : ‘(returns & payments) 2. iPage update in #Tax by taxpay 3. Development of Data Protection and Security ee & Tempering of files integrity polig fo guideon the storage, acs, processing, | = + nd sharing of ata |Imeonsistendesin | Tedger balances 6 Low data literay levels - Lack training and to create avareness on the importance of having dean data 7 Lack of taxpayer education on data migration and |__iPage update “Existence of multiple wansaetional aystems in operation atthe same time transactional data in KRA systems ie. Tax and ICMS, Departments use different systems for satistics, analysis and reposting. 2 Apolicy on data reporting.G ™ Lys) AUTHORITY ‘BO coon CEB ernance Framework Versions Implementation Work PlanKENYA REVENUE + Approved 3¥/Party Data proved data security Poliey PoliG, KENYA REVENUE = hy AUTHORITY Bate 8Btenaiee Framework Version.2 SIGN OFF; PREPARED BY; Amos Kiptui Supervisor Data Governance; BS vAloalacg Date; Reviewed By; amacrine Masira Silt fi i Manager Data Cleaning SGovernance; Signature; ate; 02(07 fa Approved By; pane Be oA Deputy Commissioner Corporate Data Office; Signature; Date; t This is version 1 of the Data Governance framework which will be reviewed after second ‘mission with CIAT. 2