Data Governance Flashcards
Definition of DG:
The exercise of authority and control (Planning, Monitoring and Enforcement) over the management of data assets.
DG Program includes:
- Strategy: Defining, communicating and driving execution of Data Strategy and Data Governance Strategy
- Policy: setting and enforcing policies related to data and Metadata Management, access, usage, security, and quality
- Standards and quality: Setting and enforcing Data Quality and Data Architechture standards
- Oversight: providing hands-on observation, audit and correction in key areas of quality, policy and data management
- Compliance: Ensuring the organization can meet meet data-related regulatory compliance requirements
- Issue management: Identifying, defining, escalating and resolving issues related to data security, data access, data quality, regulatory compliance, data ownership, policy, standards, terminology, or data governance procedures.
- Data management projects: sponsoring efforts to improve data management practices
- Data asset valuation: setting standards and processes to consistently define the business value of data assets.
What is a common reason for the DG Business Driver?
Often regulatory compliance.
Regulatory compliance refers to the adherence to laws, regulations, guidelines, and specifications relevant to business processes.
What are the primary focuses of Drivers for Data Governance?
Reducing risks or improving processes
Data governance is essential for organizations to manage and protect their data effectively.
Reducing risk in Data Governance Work include the following work
- General risk management: oversight of the risks data poses to finances or reputation, including response to legal and regulatory issues
- Data Security: Protection of data assets through controls for the availability, usability, integrity, consistency, auditability and security of data.
- Privacy: Control of private/confidential/personal identifying information through policy and compliance monitoring
DG’s Improving process:
- Regulatory compliance: the ability to respond efficiently and consistently to regulatory requirements
- Data quality improvement: the ability to contribute to improved business performance by making data more reliable
- Metadata management: Establishment of a business glossary to define and locate data in the organization; ensuring the wide range of other Metadata is managed and made available to the organization.
- Efficiency in development projects: SDLC improvements to address issues and opportunities in data management across the organization, including management of data-specific technical debt through governance of the data lifecycle
- Vendor Management: Control of contracts dealing with data, such as cloud storage, external data purchase, sales of data as a product, and outsourcing data operations
What does DG do?
- DG provides principles, policy, processes, framework, metrics and oversight to manage data as an asset;
- Ensures data is properly managed without directly executing data management
What is the primary goal of Data Governance?
Enable an organization to manage data as an asset
Data governance ensures that data is accurate, available, and secure.
What are requirements to DG Program?
DG Program must be:
*Sustainable: Not a project with define end; ongoing process that requires organizational commitment. DG necessitates changes in how data is managed and used
* Embedded: Incorporated into development methods for software, use of data for analytics, management of Master Data, and risk management.
* Measured: DG dine well has positive financial impact, but demonstrating this impact requires understanding the starting point and planning for measurable improvement
* Leadership and strategy: DM activities are guided by enterprise business strategy
* Business driven:
* Shared responsibility: shared between business data stewards and technical data management professionals
* Multilayered: enterprise and local levels
* Framework-based: a framework that defines accountability and interactions
* Principle based: a core set of principles and best practices; **
Data Governance represents an inherent separation of duty between oversight and execution
DG = oversight; DM = execution
As is
General Principles of DG:
- Data should be managed as a corporate asset
- Data management best practices should be incented across the organization
- Enterprise data strategy must be directly aligned with overall business strategy
- Data management processes should be continuously improved
Data Steward focus on:
- Creating and managing core Metadata: definition and management of business terminology, valid data values, and other critical Metadata. Stewards are often responsible for an organization’s Business Glossary, which becomes the system of record of business terms related to data
- Documenting rules and standards: business rules, data standards and data quality rules.
- Managing data quality issues: Identification and resolution of data related issues.
- Executing operational data governance activities: Stewards are responsible for ensuring the policies and initiatives are adhered to. Influence the decisions to ensure that data is managed in ways that support the overall goals of the organization.
7 Types of Data Stewards?
- Chief Data Stewards:
- Executive Data Stewards
- Enterprise Data Stewards
- Business Data Stewards: Subject Matter Experts; Accountable for a subset; Work with stakeholder to define and control data
- Data Owner: a business data steward, who has approval authority for decision about data within their domain
- Technical Data Stewards
- Coordinating Data Stewards: lead and represent teams of Business/Technical data stewards in discussions across teams and with executive Data Stewards
What does data policies do?
- Directives that codify principles and management intent into fundamental rules governing the creation, acquisition, integrity, security, quality and use of data and information
- Data policies describe what to and not to do; Standards and Procedures describe HOW to DG.
- There should be relatively few data policies and stated briefly and directly.
Data Valuation’s looking at:
- Replacement cost
- Market value
- Identified opportunities
- Selling data
- Risk cost: A valuation based on potential penalties, remediation costs, and litigation expenses, derived from legal or regulatory risk from:
1. The absence of data that is required to be present
2. The presence of data that should not be present
3. Data that is incorrect, causing damage to customers, company finances, and reputation in addition to the above costs
4. Reduction in risk and risk cost is offset by the operational intervention costs to improve and certify data
What are the Activities of Data Governance
High Level Summary
- Define Data Governance for the Organization
- Perform Readiness Assessment
- Perform Discovery and Business Alignment
- Develop Organizational Touch Points
- Develop Data Governance Strategy
- Define the DG Operating Framework
- Develop goals, principles and policies
- Underwrite Data Management Projects
- Engage Change Management
What does DG Activities enable?
shared responsibility for data-related decisions
What is Readiness Assessment
Assessment that describe the** current state** of an org’s information management capabilities, maturity, and effectiveness are crucial to planning a DG program
What is included in DG Readiness Assessment
- Data Management maturity: Understand what the organisation does with data; measure its current data management capabilities and capacity.
- Capacity to change: DG requires behavioral change, it is important to measure the capacity for the organization to change behaviours required for adapting DG.
- Collaborative readiness: collab in the management and use of data.
- Business alignment: how well the organisation aligns uses of data with business strategy
What is Perform Discovery and Business Alignment doing?
- Discover specific benefits; access effectiveness of existing policies and guidelines; Identify opportunities for DG to improve the data utilization
- Data Quality analysis is part of discovery. DQ Assessment will provide insight into existing issues and obstacles, as well as the impact and risks associated with poor quality data
- Derive a list of DG requirements from the discovery and alignment activities. Requirements will derive DG strategy and tactics
What Org. Touch Point in DG?
- Procurement and Contracts: standard contract language with regard to data management contracts
- Budget and Funding: about data asset acquisition
- Regulatory Compliance: The CDO understands and works within required local, national and international regulatory environments, and how these impact the organization and their data management activities. Ongoing monitoring is performed to identify and track new and potential requirements
- SDLC/development framework: the data governance program identifies control points where enterprise policies, processes and standards can be developed in the system or application development lifecycles
What is DG Strategy Deliverable?
- Charter: Identifies the business drivers, vision, mission and principles for data governance, including readiness assessment, internal process discovery, and current issues or success criteria
- Operating framework and accountabilities: defines structure and responsibility for data governance activities
- Implementation roadmap: Timeframes for the roll out of policies and directives, business glossary, architecture, asset valuation, standards and procedures, expected changes to business and technology processes, and deliverables to support auditing activities and regulatory compliance
- Plan for operational success: Describing a target state of sustainable data governance activities
Area to consider when doing the DG Operating Framework
- Value of data to the organization
- Business Model: Decentralised business vs centralised, local vs. International, etc. are factors that influence how business occurs
- Cultural factors: such as acceptance of discipline and adaptability to change.
- Impact of regulation: highly regulated organisations will have a different mindset and operating model of DG than those less regulated.
DG Goals, Principles and Policies
- The Data Governance Office will certify data for use by the organization
- Business Owners will be approved by DGO
- Business Owners will designate Data Stewards from their business capability areas. Data Stewards will have day-to-day responsibilities for coordinating data governance areas
- Whenever possible, standardised reporting and dashboards will be made available to serve the majority of business needs
- Certified Users will be granted to access to certified data for ad hoc reporting
- All certified data will be evaluated on a regular basis to assess its accuracy, completeness, consistency, accessibility, uniqueness, compliance and efficiency
Content regarding DM Proj Underwriting
Data Governance Committee will coordinate the Project Management Office, Enterprise Resources Planning, Customer Relationship Management, and global parts lists.
Data Management must be supported by the internal SDLC, service delivery management, other IT Infrastructure Library (ITIL) components, and PMO processes. Capture data management requirements early in the SDLC planning and design phases. These include architecture, regulatory compliance, system-of-record identification and analysis, and data quality inspection and remediation.
Change Management Initiated by Organizational Change Management
- Planning: Planning change management, including performing stakeholder analysis, gaining sponsorship, and establishing a communications approach to overcome resistance to change
- Training: Creating and executing training plans for data governance programs
- Influencing system development: Engaging with the PMO to add data governance steps the SDLC
- Policy implementation: Communicating data policies and the organization’s commitment to data management activities
- Communications: Increasing awareness of the role and responsibilities of Data Stewards and other data governance professional, as well as the objectives and expectations for data management projects
OCM’s Communication includes:
- Promoting the value of Data Assets:
- Monitoring and acting on feedback about data governance activities:
- Implementing data management training
- Measuring the effects of change management on five key areas:
* Awareness of the need to change (Demand)
* Desire to participate and support the change (Desire)
* Knowledge about how to change (Discernment)
* Ability to implement new skills and behaviours (Development)
* Reinforcement to keep the change in place (Deployment) - Implementing new metrics and KPIs
DG Issue Management Definition:
The process for identifying, quantifying, prioritizing and resolving data governance-related issues
DG related Issues includes:
- Authority: Questions regarding decision rights and procedures
- Change management escalations: Issues arising from the change management process.
- Compliance: Issues with meeting compliance requirements
- Conflicts: Conflicting policies, procedures, buesiness rules, names, definitions, standards, architecture, data ownership and conflicting stakeholder interests in data and information
- Conformance: Issue related to conformance to policies, standards, architecture and procedures
- Contracts: Negotiation and review of data sharing agreements, buying and selling data, and cloud stroage.
- Data security and identity: privacy and confidentiality issues, including breach investigations
- Data Quality: Detection and resolution of data quality issues, including disasters or security breaches
DG Escalation Order
Data Stewardship Teams - Business Unit Data Governance - Data Governance Council - Data Governance Steering Committee
Control Mechanisms Required By DG
- Identifying, capturing, logging, tracking and updating issues
- Assignment and tracking of action items
- Documenting stakeholder viewpoints and resolution alternatives
- Determining, documenting and communicating issue resolutions
- Facilitating objective, neutral discussions where all viewpoints are heard
- Escalating issues to higher levels of autority
Regulatory Compliance Requirements Assessment (Global Regulations)
- Accounting Standards US
- BCBS239 and Basel II: banks
- CPG235 AU APRA provides oversight of banking and insurance
- PCI-DSS Payment Card Industry Data Security Standards
- Solvency II: EU regulalation similar to Basel II
- Privacy Law: local sovereign and international laws all apply
Data Governance Implementation: early stage
- Defining data governance procedures required to meet high priority goals (Compliance etc)
- Establishing a business glossary and documenting terminology and standards
- Coordinating with Enterprise Architechture and Data Architecture to support better understanding of the data and systems
- Assigning financial value to data assets to enable better decision-making and to increase understanding of the role that data plays in organizational success
Examples of Data Standards:
- Assertion about how a field must be populated
- Rules governing the relationships between fields
- Detailed documentation of acceptable and unacceptable values, formats etc
Data Standards practices
- Data Standards must be effectively communicated, monitored and periodically reviewed and updated.
- There should be means to enforce it.
- Data should be measured against standards
- Data management activities can be audited for standards compliance by the DGC or the data standards steering committee on a defined schedule or as part of SDLC approval processes
Data Managent Procedures
- DMP are the documented methods, techniques and steps followed to accomplish specifric activities that produce certain outcomes and supporting artifacts.
- Procedural documents capture organizational knowledge in an explicit form. Procedural documentation is usually drafted by data management professionals.
Data Management Knowledge Area standardized concepts:
- Data Architecture
- Data Modeling and Design
- Data Storage and Operations
- Data Security
- Data Integration
- Documents and Content
- Reference and Master Data
- Data Warehosing and Business Intelligence
- Metadata
- Data Quality
- Big Data and Data Science
Business Glossary
- It is particularly important to have clear definitions for data, because data represents things other than itself
- It is a means of sharing its vocabulary within the org
- Objects: Enable common understanding of core business concepts and terminology; Reduce the risk that data will be misued due to inconsistent understanding of the business concepts; Improve the alignment between technology assets (with their technical naming conventions) and the business organization; Maximize search capability and enable access to documented institutional knowledge
- Each glossary term will be associated with Metadata: Synonyms, metrics lineage business rules etc
Coordinate with Architecture Groups
- Enterprise data model should be developed and maintained jointly by data steward and data architect and subject area teams
- EDM should be reviewd approved and formally adopted by DGC. Data strategy and Data Architecture are central to coordination between the Doing things right and doing right things.
Sponsor Data Asset Valuation
DGC Orgnize effort and set standards
