DMBoK - Chapter 3 - Data Governance

Figure 1. DAMA-DMBOK Data Management Framework

Authors: Fabian Santini – Soledad Silvera – Susana Gonzalez
September 2020
 1. Introduction
• Data Governance is defined as the exercise of authority and control (planning, monitoring and
execution) over the management of data assets. All organizations make decisions about data,
regardless of whether they have a formal Data Governance function. Those who establish a formal
Data Governance program exercise authority and control with greater intentionality. These
organizations are better positioned to increase the value they derive from their data assets.

• The Data Governance function guides all other data management functions. The purpose of Data
Governance is to ensure that data is managed correctly, in accordance with policies and best
practices.

Data Management vs Data Governance

• The purpose of Data Management in general is to ensure that an

organization obtains value from its data.
 • Data Governance focuses on how decisions are made about data and
how people and processes are expected to behave in relation to data.
The scope and focus of a particular Data Governance program will
depend on the needs of the organization.

Data Governance Program

Most programs include:
• Strategy: Define, communicate and drive the execution of the Data Strategy and Data Governance Strategy.
• Policy: Establishment and implementation of policies related to data and metadata management, access, use,
security and quality.
• Standards and quality: Establishment and application of data quality standards and Data Architecture.
• Supervision: Provide hands-on observation, auditing and correction in key quality areas.
• Compliance: Ensuring that the organization can meet regulatory requirements.
• Problem Management: Identify, define, escalate and resolve issues related to data security, access, quality,
compliance, ownership, policies, standards, terminology.
• Data Management Projects: Sponsor efforts to improve data management practices. Data Asset Valuation: Establish
standards and processes to consistently define the business value of data assets.
1.1 Business Motivators
Data Governance is not an end in itself. It needs to align directly with the organization's strategy. Data
Governance drivers most often focus on risk reduction or process improvement.

• Risk reduction
• General risk management: monitoring data for risk control.
• Data security: protecting data assets through controls.
• Privacy: control of information (private, confidential), through monitoring.

• Process improvement
• Regulatory compliance: respond effectively and consistently to requirements.
• Improving data quality: helping your business with more reliable data.
• Metadata Management: Enterprise data dictionary.
• Efficiency in development projects: improvements in the software development life cycle.
• Supplier management: control of contracts and agreements regarding data.

1.2 Goals and Principles

The goal of Data Governance is to enable an organization to manage data as an asset. Provides the principles,
policies, processes, framework, metrics, and oversight to manage data as an asset and to guide data management
 activities. A data governance program should be:

• Sustainable: Data Governance is not a project with a defined goal; it is an ongoing process that requires
organizational commitment. requires changes in the way data is managed and used. Sustainable Data Governance
depends on leadership, sponsorship and ownership.

• Embedded: Data Governance is not an additional process. Data Governance activities should be incorporated into
software development methods, data use for analysis, Master Data management, and risk management.

• Measured: Well-done Data Governance has a positive financial impact, but to demonstrate this impact you need
to understand the starting point and plan for measurable improvement.

Commitment to change
The following principles can help establish a solid foundation for Data
Governance:
Leadership and strategy: Data management activities are guided by a data strategy that is driven by the company's
business strategy.
Business-driven: An enterprise program and as such should control IT decisions related to data as much as it governs
the business's interaction with data.
Shared Responsibility: Shared business responsibility between Data Stewards and Data Management technical
professionals.
Multi-layered: Enterprise level as well as local and often at intermediate levels.
Based on a reference framework: The Data Governance program must establish an operational framework that
defines responsibilities and interactions.
Principle-based: Reference to principles can mitigate potential resistance.

1.3 Essential Concepts

Just as an auditor verifies financial processes but does not actually perform financial management, Data Governance
ensures that data is managed correctly without directly performing data management. Data Governance represents
an inherent separation of duties between oversight and execution.
 Data Life
Cycles,
Data Governance Data Management
Information
Ensure that the data Managing data to
are managed achieve goals

Content

Supervision Execution

1.3.1 Data-Centric Organization

A data-centric organization values and manages data as an asset throughout all phases of its lifecycle, including
project development and ongoing operations. Data is no longer treated as a byproduct of processes and applications.
Ensuring data is of high quality is a business process objective. As organizations strive to make decisions based on
insights gained from analytics, effective data management becomes a very high priority.

Some principles that seek to obtain more value from data:

• Data should be managed as a corporate asset.
• Data Management best practices should be encouraged throughout the organization.
• The enterprise data strategy must be directly aligned with the overall business strategy.
• Data Management processes must be continuously improved.

1.3.2 Data Governance Organization

Data Governance can be understood in terms of political governance. It includes legislative functions (defining
policies, standards, and enterprise data architecture), judicial-type functions (problem management and escalation),
and executive functions (protection and service, administrative responsibilities).
 Models of Government
Each organization must adopt a governance model that supports its business strategy according to its cultural context.
Some models are organized centrally or distributed, or in multiple layers to address concerns at different levels within
an enterprise.

Typical Data Governance Bodies:

Data Governance Steering Committee: Responsible for overseeing, supporting, and funding activities.
Data Governance Council: Manages Data Governance initiatives (e.g., policy or metrics development), issues, and
escalations.
Data Governance Office: Enterprise-level data definitions and data management standards.
Data Stewardship Team: Communities of interest focused on one or more thematic areas or specific projects,
Local Data Governance Committee: Divisional or departmental Data Governance Councils that work under the auspices
of an enterprise Data Governance Council.

1.3.3 Types of Data Governance Operating Models

• Centralized model, a Data Governance organization oversees activities

across all subject areas.

• Replicated model, each business unit adopts the same operating model
and Data Governance standards.

• Federated model, a Data Governance organization coordinates with

multiple business units to maintain consistent definitions and standards.
1.3.4 Data Stewardship
Data Stewardship is the most common label to describe accountability and responsibility over data and processes
that ensure effective control and use of data assets. Some possible activities for data custody are:
• Creating and Managing Basic Metadata: Defining and managing business terminology, valid data values, and other critical Metadata.

• Rules and Standards Documentation: Definition/Documentation of business rules, data standards, and data quality rules.
Administrators help lay out these rules to ensure that there is consensus about them within the organization and that they are used
consistently.

• Data Quality Issue Management: Data Stewards are often involved in identifying and resolving data-related issues or facilitating the
resolution process.

• Execution of operational Data Governance activities: Custodians are responsible for ensuring that Data Governance policies and
initiatives are met on a day-to-day and project-by-project basis.

1.3.5 Types of Data Steward

Data custodians manage data assets on behalf of others and in the best interests of the organization (McGilvray, 2008).
Effective Data Stewards are responsible and accountable for Data Governance activities. Depending on the complexity
of the organization and the goals of its Data Governance program, formally appointed Data Stewards may be
differentiated by their place within an organization, by the focus of their work, or by both.
• Chief Data Stewards can chair Data Governance bodies in place of the CDO.
• Executive Data Stewards are senior managers who sit on a Data Governance Council.
• Enterprise Data Stewards have oversight of a data domain.
• Business Data Stewards are business professionals, recognized experts in the field.
• Data Owners are a Business Data Steward, who has approval authority.
• Technical Data Stewards are IT professionals who operate in data-driven areas.
• The Data Steward Coordinator leads and represents the technical and business Data Steward teams in cross-team
discussions with Data Steward executives.

1.3.6 Data Policies

Data policies are directives that codify management principles and intent into
fundamental rules governing the creation, acquisition, integrity, security,
quality, and use of data and information. Data policies are global. They
support data standards as well as expected behaviors related to key aspects of
data management and use. Data policies describe the “what” of Data
Governance (do’s and don’ts), while standards and procedures describe
“how” to do Data Governance. There should be relatively few data policies,
and they should be stated briefly and directly.
1.3.7 Valuation of Data Assets
Data asset valuation is the process of understanding and calculating the economic value of data to an organization.
Most phases of the data lifecycle involve costs (including data acquisition, storage, management, and deletion). Data
only adds value when it is used. When used, data also creates costs related to risk management. So value comes
when the economic benefit of using data outweighs the costs of acquiring and storing it, as well as managing the risk
associated with its use. Some other ways to measure value include:

• Replacement Cost: The cost of replacing or recovering lost data.

• Business value: The value as a business asset at the time of a merger or acquisition.

• Opportunities identified: The value of revenue that can be derived from data.

• Selling data: Some organizations package data as a product or sell information.

• Cost of risk: An assessment based on possible sanctions.

 Principles for accounting for data assets

Accountability Principle: Identify the persons responsible for the data.

Asset Principle: They must be managed, insured, and accounted for like other types of assets.
Audit Principle: The accuracy of data and content is subject to periodic audits.
Due Diligence Principle: If there is a risk, it must be reported. If possible, it should be confirmed.
Continuous Operation Principle: Data and content are critical to management and operations.
Valuation Level Principle: Value data as assets at a level that makes sense to measure.
Principle of Financial Responsibility: Based on regulatory and ethical misuse or management.
Quality Principle: Meaning and accuracy can affect the financial status of the organization.
Risk Principle: There is a risk associated with data and content that must be recognized.
Value Principle: There is value in data and content, based on its contribution to the organization.
Comments and Questions
2. Activities
 Data Governance and Custody
(Definition: The exercise of authority, control and shared decision-making (planning,

2. Activities
monitoring and implementation) over the management of data assets.
Goals:
I Enable an organization to manage its data as an asset.
2 Define, approve, communicate, and implement principles, policies, procedures, metrics, tools, and
responsibilities for data management.
3 . Monitor and guide policy compliance, data usage, and management activities.
Meovaoores of

Defining Data Governance for the Organization Tickets; Activities: Departures:

Perform the Readiness Diagnosis • Business Strategies

and Goals
1. Defining Data Governance for the Organization (P)
L.Development of a biennium Data Strategy
* Government Strategy of Data
• Data Strategy
• Business Strategist and Data

Conduct Business Discovery and Alignment • IT Strategies and Goals 2. Conduct Readiness Assessment
3. Conduct Business Discovery and Alignment Governance Roadmap
• Data Strategies and • Data Principles. Dntos Government
4. Develop Organizational Touchpoints

Develop Organizational Touchpoints

Data Management 2. Define Data Governance Strategy (P) Policies, Processes
• Organization Policies I Define the Data Governance Operational Structure • Operational reference dizziness
and Standards • Roadmap and Implementation

Developing a Data Governance Strategy

2. Develop Goals. Principles, and Policies
• Business Culture 3. Find out about ICT Data Management Projects Strategy
4. Commit b Change Management • Operational Plan
Assessment

Defining the Data Governance Operational Framework

5. Engaging in Problem Management • Business Glossary
• Data Maturity • Data Governance Dashboard
6. Assessing Regulatory Compliance Requirements
Assessment 3. Implement Data Governance (O) • Data Governance Website

Develop Goals, Principles and Policies •

•
IT practices
Require" Regulatory
I Sponsor Darns Standards and Procedures
2. Developing a Business Glossary
• Communications Plan
• Value of the recognized dates

Subscribe to Data Management projects

Icons 3. Coordinate with the Architecture Group • Maturity practices of
4. Fromover Valuation of Data Assets Data Management
4. Embed Data Governance (C,O)

Commitment to Change Management

Commitment to Problem Management
Evaluate regulatory compliance requirements Suppliers:
* Business Executives
Participants:
• Steering Committees
■ Compliance Team
Executives DM Change
Consumers:
• Data Governance Bodies
2.1 Defining Data Governance for the Organization
• Business strategy, business objectives, Data Governance, Data strategy:

○ Data Governance supports business objectives and strategy

○ The business strategy addresses:

■ The Data Strategy

■ the way in which Data Governance activities operate

■ the way in which Data Management activities operate

• Data Governance: Enables shared responsibility
• Data governance success: clear vision of what is governed, who is governed, and who governs
• Data governance: Business effort, not functional effort.
• Scope of Data Governance: What does it mean for the enterprise?
2.2 Perform the Readiness Diagnosis
• Diagnosis – Planning the Data Program – Measuring the effectiveness of a program – Managing
– Sustaining the Data Program

• Diagnosis: Current status of information management capabilities, maturity and effectiveness

• Data Management Maturity: What is done with the data? Staff perception, reporting,
use of tools, etc.
• Capacity for Change: requires formal management of organizational change, will assess the
organizational structure, perceptions about the culture and the change process itself.

• Collaboration Availability: Data custody is functionally transversal, ie is collaborative by nature.

Collaborate in management and use. Never assume that an organization knows how to
collaborate.

• Business alignment: Use of data aligned with organizational strategy? Or adhoc?

2.3 Conduct Business Discovery and Alignment

• Data Governance Program must deliver specific benefits: for example,
reduction of fines to the regulator

• Discovery: Identify and assess the effectiveness of existing policies, risks

addressed, behaviors encouraged, and level of implementation; identify
improvements in data utility; analyze data quality (identify business
processes at risk); evaluate data management practices.

• Business alignment: adds benefits

• Consolidate a list of Data Governance requirements from Discovery and

Alignment activities. (bottom up)
2.4 Develop Organizational Touchpoints
• Part of the alignment with the organizational strategy
• Example of all the points that can support the alignment and cohesion of
data governance and management in areas outside the direct authority
of the Chief Data Officer (CDO)

• Touchpoints influenced by the CDO% Procurement Budget supports data

management and increases Financing Contracts
agility to use them. Policie Gove Compl
s, rnme
Proced nt, iance
• It is a vision of how the Data Gov
ures Man
Life Cycle of
will be perceived by the
II We Development of
Asset Programs of

organization. OptimizationE Data Quality

W AI
Systems and Points of
Agile Control
Figure 18 CDO Organizational Points of Contact
2.5 Developing a Data Governance Strategy
• Data Governance Strategy: • Iterative implementation
Defines scope and focus for
governance efforts. • In general, the Data Governance
Strategy includes:
• Comprehensive and articulated
definition: ○ Charter or Constitution Act

○ Operational Framework
and Responsibility
○ Roadmap for
implementation
○ Plan for operational success
2.6 Defining the Data Governance Operational
Framework
Government Operational Framework: Creation for Adoption
Areas to consider: Value of data for the Business Model of the
Cultural Factors
organization organization

•Do you sell data? •Centralized, •Acceptance of discipline?

•Use as an input? decentralized? •Adaptability to change?
•Local, international? •Highly regulated
•Low regulation
•Link with Data Management
Group?

• Solution: Levels of government

○ Responsibility for administration activities

○ Data Owners

○ Interaction between the governing organization and project managers

○ Commitment to change management activities

○ Ways to solve problems

2.7 Develop Goals, Principles and Policies
• They derive from the Data Governance Strategy and guide towards the desired future.
• Roles:

○ They are drafted under the sponsorship of Data Governance (data management
professionals, or business policy professionals, or a combination)

○ Data Stewards and Management review and refine.

○ The Data Governance Council conducts final verification, review and adoption.

○ Data policies must be effectively communicated, monitored, enforced and periodically re-
evaluated. The Data Governance Council may delegate this authority to the Data
Stewardship Steering Committee.

• Policies can take different forms. Example: The Data Governance Office will approve business
owners.
2.8 Subscribe to Data Management projects
• Initiatives to improve data governance capabilities benefit the entire organization and require cross-
functional sponsorship or visibility from the Data Governance Council. Keys to promotion: impact on
efficiency improvement and risk reduction
• + data value -> req' improves data management capabilities
• They can be considered part of the IT project portfolio.
• The Data Governance Council in Data Management projects:

o Collaborate in defining the Business Case

o Monitor the status and progress of projects

o Coordinates efforts with the Project Management Office (PMO)

o You can coordinate Data Management improvement projects with enterprise-wide programs such as
MDM, ERP, CRM, etc.
• In other projects, Data Management must be considered by the internal Systems Development Life Cycle
(SDLC), ITIL, PMO.
• All projects should capture data management requirements early in the development cycle.
• Adopting new data governance practices requires people to change their behavior and
interactions
• Critical to driving behavioral changes to maintain Data Governance: A formal OCM program –
Organizational Change Management, and executive sponsorship
• The OCM team should be responsible for:

○ Change management planning

○ Create and execute training plans for Change Management

○ Influencing the development of systems

○ Policy implementation

○ Communications: Raise awareness of the role and responsibilities of data stewards, other
data management professionals, and objectives of Data Management projects

• Communications: Vital to the Change Management Process

• A Change Management program that supports Data Governance should focus on:

• Promoting the value of data assets

• Monitor and act on feedback from Data Governance activities
• Implement Data Management training
• Measure the effects of Change Management in 5 key areas: awareness of the need for change,
desire to participate and support the change, knowledge about how to change, ability for new
skills and behaviors, reinforcement to maintain the changes(*)
• Implementation of new metrics and KPIs (employee incentives)

(*) does not suggest metrics

 2.10 Commitment to Problem Management
Problem management is the process to: identify, quantify, prioritize, and
resolve problems related to Data Governance including:
• Authority (decision making)
• Escalation in Change Management
• Compliance (Regulations)
• Conflicts (Policies, procedures, business rules, names, standards,
architecture, data ownership, conflicts of interest in data and information)
• Compliance (Policies, standards, architecture, procedures)
• Contracts
• Data Security and Identity
• Data quality (including disasters or security breaches)
2.10 Commitment to Problem Management (cont.)
• Communications or escalation:
○ Local resolution, in the Data Custody teams

○ Issues that escalate should be documented and escalated to the Business Unit Data Governance,
or Data Governance Council (identify trends, root causes, etc.)

○ Any issues that cannot be resolved by the Data Governance Council must be addressed to the
corporate Governance Board.

• Data Governance requires specific control mechanisms and procedures

• Data Problem Management is very important: It creates credibility in the Data
Governance team, has direct and positive effects on data consumers, and lightens
the workload of production teams.
2.11 Evaluate regulatory compliance requirements

• Part of the role of Data Governance is to monitor and ensure regulatory compliance
• Several global regulations have significant implications on the practice of data
regulation: Accounting Standards, regulations for the banking industry (Basel
Committee on Banking Supervision), regulations for the insurance industry, payment
card security standards, data privacy laws.
• Data Governance organizations work with other business and technical leaders to
assess the implications of regulations.
• Data Governance oversees the organization's response to regulatory requirements
or audits of data and data practices.
2.12 Implementing Data Governance
• Create a Roadmap that shows the times and relationships between the
different activities, with priorities, and taking into account the type of
government organization.

• Activities to prioritize in the early stages are:

• Define the procedures to achieve the highest priority objectives
• Establish a business glossary (methodology and standards)
• Coordination with Enterprise Architecture and Data Architecture
• Assigning Financial Value to Data Assets
2.13 Sponsor Data Standards and Procedures
• Standards help define quality because they provide a means of comparison.
• They also provide potential to simplify processes.
• The application of standards should promote consistent results from the processes
that use them.
• Data Governance standards should be mandatory.
• Data standards:
○ are generally built by Data Management professionals

○ are reviewed, approved and adopted by the Data Governance Council (or delegated to a
Data Standards Steering Committee)
• The level of detail in standards documentation depends on the organizational
culture.
• Data standards must be effectively communicated, monitored, reviewed, and
updated periodically.
2.13 Sponsor Data Standards and Procedures
• There must be a means to enforce them. Compliance with the standards may be
audited by the Data Governance Council or Data Standards Steering Committee or
as part of approval processes in the SDLC.
• Data Management procedures are treated in the same way as data standards.
• Examples of standardizable concepts within the knowledge area of Data
Management: Data architecture, data security, data integration, Reference Data
and Master Data, Data Quality, Documents and content.
2.14 Developing a Business Glossary
A glossary is a means of sharing internal vocabulary within the organization.
Goals
• Enable common understanding of key business concepts and terminology

• Reduce the risk of data being misused due to inconsistent understanding of business concepts

• Improve alignment between technology assets (with their technical naming conventions) and the
business organization

• Maximize search capacity and enable access to documented institutional knowledge

2.15 Coordinate with the Architecture Groups
The Data Governance Council:
• Must sponsor and approve data architecture artifacts,
• You may appoint or interact with a steering committee or architecture
review board or simply a data architect.
• You must formally review, approve, and adopt the enterprise data
model.
• As business requirements evolve, data management teams must
propose changes and develop extensions to the enterprise data model.
2.16 Sponsoring Data Asset Valuation
• Data and information are assets because they have or can create value.
• Information gaps – the difference between the information needed
and what is available – represent business liabilities.
• The cost of closing or preventing that gap can be used to estimate the
business value of the missing data. From there, the organization can
develop models to estimate the value of the information that exists.
• This can be incorporated into the data strategy and can be a
justification for Quality or Governance initiatives.

2.17 Incorporating Data Governance

One goal is to incorporate processes related to data management as an
asset
Sustainability means taking action to ensure that processes and funding are
in place to enable the continued performance of data management.
Deepen the organization's understanding of Data Governance in general,
creating a community of interest
Importance of communication leveraging existing channels to keep
stakeholders informed about policies, standards and requirements.
Comments and Questions
 Tickets: Activities: Depart
YO. Define ures:
the Goby

3. Tools and Techniques

3.1 Online Presence / Websites
Must include:
• Strategy, policies and standards
• Data Management Roles and Responsibilities
• Reporting on data quality measurements
• Links to Forums, Executive Messages, Escalation Procedures and
Training.
• Data Governance Program Contact Information
3.2 Business Glossary
3.3 Workflow Tools
They connect processes to documents and can be useful in policy
administration and problem solving.
3.4 . Document Management Tools
They assist in the management of policies and procedures.
3.5 Data Governance Dashboards
Gathering metrics to monitor government activities
4. Implementation Guides
There may be resistance to change and a learning curve.
It is rarely implemented company-wide. It is generally done incrementally
and/or segmented by division.
4.1 Organization and Culture
Effective and lasting Data Governance programs require a cultural shift in
organizational thinking and behavior about data.
No matter how precise or exotic the Data Governance strategy, ignoring
culture will diminish the chances of success.
4.2 . Adjustment and Communication
• Business Map / Strategy:
Connect Data Governance activity with business needs.

• Route Map:
The roadmap should not be rigid. It must adapt to changes in the company's environment or priorities.

• Business case in progress:

It should be adjusted periodically to reflect the changing priorities and financial realities of the organization.

• Metrics:
Metrics will need to grow and change as the Data Governance program matures.
Activities:

5. Metrics
1.Defining Data Governance for the Organization (P)
I. Develop a Data Governance Strategy
2.Take Readiness Assessment

To counter the resistance or challenge of a long learning curve, a Data

Governance program must be able to measure the
progress and success through metrics that demonstrate that it has been
value
addedto the business. Tickets.
• Business
Strategies and
Goals
Departures:
• Government Strategy of

• Data Strategy
• Business Strategy / Data
• IT Strategies and Governance Roadmap
Goals • Data Principles. Data

Some examples:
• Data Strategies Business Governance Policies.
and Data 4. Develop Processes
Organizational Touchpoints • Operational reference
Management
2. Define Data framework
• Organization Governance Strategy (P) • Route Hop and Strategy
Policies and 1. Define b Operational Implementation
Standards Structure of the Government of • Operational Plan
• Business Culture • Business Glossary

• Worth
2. Develop Goals. • Data Governance
Assessment Principles, and Policies Dashboard
• Data Maturity 3. Subscribe to Data • Government Website of
Assessment Management Projects Data
• IT practices 4. Engaging Change • Communications Plan
Management • Value of the Data

Contribution to company objectives

• RequirementsRe 5. Engaging in Problem recognized

○ gulate us Management
4. Assessing
Regulatory Compliance Requirements
• Data Management
Maturity Practices

Risk reduction
3. Implement Data
Suppliers: Participants: Compliance Team Consumers:

○
Governance (O)
• Business • 1.Steering Committees Executives DM ■ Governing Bodies of
ft trotinar Data
Executives • Standards
CIO and Procedures Change Managers
• Doto Stewards • 2.CDO/Dota Steward inDeveloping
Chief Enterprise Data ■ Project Managers
a
• Data Owners Executive Stewardship ■ Compliance Team

Effectiveness-
• Business Glossary Architects
• Experts in the field Officer • Communities of
3. Coordinate with the
Project

○
• Development • Data Stewards Interest DM
Architecture Group Management
Advisors Coordinator • DM Team
4. PromoteOffice
Valuation of
• Regulators • Doto Stewards • Business Management
Data Assets Government
• Architects Business • Architecture Groups
4. Embed Data

Achievement of goals and objectives

Business • Governance
Data Governance Bodies Bodies Audit • Partner Organizations
(C,O)

○
• Professionals
of
To Data
Motivated res

○ Effectiveness in communication and Concise

Tools:
• Websites
• Business Glossary Tools
Compliance with

training
Regulatory and Internal
Messages • Workflow Tools Data Policies
Contact List • Document Management Tools Worth
Logo • Data Governance Dashboard
Effectiveness
Sustainability

• Sustainability
○ Performance of policies and processes

Comments and
Questions