Who should be responsible for data governance? Data duties have traditionally fallen to IT, but the business is held accountable for problems arising from poor data quality, says Ian Rowlands, senior director of product management at ASG Software Solutions. Ann recently interviewed Rowlands:
All: Why is data governance so important?
Rowlands: There are three main drivers: one highly tactical, one highly strategic and one kind of in between. The tactical one is data quality. I am starting to chant a little mantra: “Data dictates decisions.” If you have bad data, you make bad decisions. That can be hugely significant, of course. That’s a pointer to the fact that data governance is a framework that can encompass a wide variety of different projects.
The second big driver is compliance. We’re seeing things like Basel II, which was a driver for the project we did with HSBC. (Editor’s note: ASG and its client HSBC were named co-winners of The Data Warehousing Institute’s Best Practice Award in the category of Data Governance. HSBC uses ASG-Rochade, a metadata repository that is implemented in 10 of the world’s 20 largest banks and at other companies worldwide as an enabling technology that manages information about data and systems across the enterprise.) But compliance is now almost everywhere you turn. Every industry has its own multi-initial nightmare, HIPA in the health care space, etc. If you sign for data knowing it hasn’t been adequately derived, you can wind up in a nice, orange suit. That to me fits between the tactical and strategic.
The very strategic driver is all about business agility. Very often data governance encompasses data integration and business transformation initiatives. Clearly if you have multiple instances of effectively the same information or you have people creating their own variants of the same information, it becomes very difficult to make business changes as rapidly as you’d like. A telecommunications company we worked with had difficulty changing rate plans because they had to rush around and change so much information before they could actually change the plan.
All: Is data governance getting a higher profile now that organizations are interested in using their data to do things like analyze customer behavior patterns?
Rowlands: That’s where you get to a really interesting phenomenon. There are a whole bunch of disciplinary and technical trends which play into the notion of data governance. At the disciplinary end, there are things like master data management, there are functional capabilities like CRM, which is kind of a subset of master data management. All of those drive toward a governance notion.
Then there is the shift of power from the IT organization to the business organization, particularly the interest in business glossaries and other semantic-related concerns. That gets to be interesting. We work with a health care organization, for instance, which is having great debates about what “length of stay” means for their organization. Is it the amount of time a patient spends in a bed or the amount of time the insurance company is prepared to pay? In the end, it’s a governance question.
At the technical end is the whole SOA phenomenon. We have organizations that are moving rapidly from the idea of SOA as a functional repartitioning approach to using SOA as a way of encapsulating and exposing data objects for reuse in a wide variety of contexts. That obviously isn’t going to happen unless there’s an effective data governance approach in place.
All: You touched on the problem of different data definitions. What are some other data governance challenges?
Rowland: There is data quality, of course. That’s a technical issue, as are data definitions. But there are some straightforward, big picture challenges as well. The biggest one is all about who should own the processes. It’s a cultural thing more than anything else. Traditionally IT has owned the data, but the accountability is increasingly with the business. It’s generally the CFO who will get arrested if the data that is signed off on proves to have been constructed using a process that has caused the data to be inaccurate or unreliable.
Related to that is the whole question of who has to do the work and who gets value out of doing the work. A data governance activity can impose a significant burden on the people who are responsible for defining the business entities, defining the relationship between the business entities and the technical entities, managing the business rules that control how information may be accessed and transformed. The benefit very often does not fall on the people who have had to do the work.
Now these things aren’t strictly about data governance. They are more about information quality and the management of information in general. Governance per se is the framework, policies and organization for making hard decisions when disagreements arise. But it generally devolves into the practical kinds of activities. It all goes to this discussion of is IT supporting the business or is the business providing appropriate resources to IT.
All: Has there been a tendency to separate data management and data governance?
Rowlands: That’s a really interesting question. I don’t think there has been a tendency to keep them separate. But data management has been around for a good, long time while data governance is really an emerging practice. Sometimes (governance) comes out of the data management world, and sometimes it’s been imposed top-down by the business.
All: So should data governance be under the purview of business or IT?
Rowlands: My gut feeling is that there are a couple major considerations that need to be taken into account. Is information a key part of the organization’s value chain, or is it a supporting resource? If it’s a key part of the value chain, I think governance migrates toward the business more than toward the IT function. And the other issue is how tightly regulated is the enterprise? Again, I suspect the more tightly regulated an enterprise is, the more likely it is to have a senior business player as the sponsor or the executive owner of the governance program.
All: It would seem that you’d want business and the IT to work closely together on data governance. Is that not happening today?
Rowland: Of course that’s right. And now you’re kind of beating ASG’s drum. Our core message is that it’s been very difficult for business and IT functions to work together because they speak different languages. One of the things that ASG is striving to do with our Business Service Platform and our metadata initiative is to act as a translator, if you like.
All: So having business and IT work closely together is a best practice. Are there any others we should mention?
Rowlands: I believe data governance initiatives without executive sponsorship are doomed to fail. After a while, the business will say, “Why are we spending money on that?” and they won’t see the benefit.
All: I believe ASG recently integrated its software with a configuration management database. What are the advantages of this approach?
Rowlands: Organizations spend a lot of money on designing data and applications and business processes. They describe all of that, and hopefully they document it fairly well and they have a metadata repository at the heart of the documentation. And then you go toward practically implementing things, applications running on servers and databases on other servers, and so on and so forth. One of the critical governance questions is, “OK, is what I’ve deployed and am running in the real world the same as what I designed?”
The configuration management database discovers things that are actually deployed. If you use the same fundamental technology for your configuration management database and your enterprise metadata repository, then you have this really cool way of putting things side-by-side and saying, “Oh, that’s not really what we designed.” And because it’s not, you know you have a challenge which needs to be exposed to the governance process. Do you need to go back and correct your design because you’ve updated something, or do you have something in production which needs to be remediated?
All: Obviously, the earlier you can identify problems like this, the better?
Rowlands: Yes, there’s some research in the application development world that says if you think about the stages - design, develop, test, put into production - as you get into each stage there’s a factor of ten increase in the cost of discovering something is out of whack. I think this is an equivalent thing - maybe even more costs – in the data world. One of the nasty things about data problems is that sometimes they don’t actually reveal themselves for quite a long time. And that can be horribly expensive.
All: So what is the key takeaway about data governance?
Rowlands: Let me put data governance in a bigger framework. The way I see the management of information technology and the business is that there are multiple parallel formalizations going on. There is a formalization of IT service management and business management processes. There is a formalization of data governance. There is an emerging formalization of enterprise architecture. All of those things really play together.
There is a kind of critical success factor, which is having a consolidated information platform that all of those things are based on. Organizations may do great work at standardizing all of their processes. But if they do it in silos, they end up with a disconnect between the various pieces and they find themselves having to go around and do rework. The underlying information base is going to be the critical key to IT and business success. And that’s where data governance gets framed. It’s part of making sure that the information base is consistent.