1. Actionable
Data Governance
Talk is cheap,
but can you really implement
a sustainable
Data Governance Program ?
By
Joyce Norris-Montanari, Principal Architect
CIBER’s Global Enterprise Integration Practice
Manish Sharma, Principal Consultant
CIBER’s Global Enterprise Integration Practice
Abstract:
There is so much written right now about data governance. Who needs data
governance? In truth, some organizations (usually very small) do not need a
robust data governance program. However, the rest of us do need to consider
things like who is using the data, where is the data being used, and the accuracy
of the data. Along with all those ‘data’ issues come business rules, data policies,
and usage guidelines. Not the easiest endeavor – data governance!
The definition of Data Governance, and the steps required to achieve governance,
has changed over the years. Organizations may have started with a step-wise
approach that depended on only alignment of business and IT, but are now
realizing that data governance is a lot more than just policy and procedures.
3. CIBER, Inc. 3
Data Governance
Definition
Everyone has a definition for data governance,
and no good paper would start without one.
CIBER defines data governance as the
intersection of people, process, and technology
using standards, policies, and guidelines to
manage the corporation’s data, while bringing
value to the organization.
Data Governance vs. Data Stewardship
Not to be confused with data stewardship, data governance deals with the
implementation of the policies to ‘govern’ data usage, correctness, and validity. Data
stewards make it happen day in and day out! Data stewards oversee the data,
implement the aforementioned policies, and could be the subject matter experts
(SMEs) in your organization.
Data Governance Maturity Model
– Everybody’s Got One!
Everyone seems to have a data governance maturity model that they use to
tell organizations how they fare in the world of data governance. We would
like to share with you our vision of data governance maturity. However, in this
document, you will find not only explanations surrounding people, process,
technology, and value to the organization, but also what you need to do to get
to the next level of maturity. Please understand that the climb to the top level
of any maturity model is difficult, and sustaining the data governance program
will prove to be a challenge.
4. 4 Actionable Data Governance
CIBER’s Data Governance
Maturity Model (Levels)
We have chosen four (4) levels of maturity for Data Governance. Each
level is clearly defined by characteristics involving people, process,
technology, and value to the organization. We have also included
actions (steps) to take to get to the next level. As figure 1 shows, each
level builds on the next level. No one can jump to the top automatically,
there are actions that must be taken along the way!
Data Management Chaos Complexity and Value
Adoption and Continuous
Level of Effort
Improvement
People
• Data governance has executive
participation and support
Usage • Data governance group works with the
data stewards and the business users
People • Organization proactively manages its
Acceptance • Data governance is strategic data governance policies
• Data stewards are cross enterprise
People • Business ownerships of data is key
• Departmental Initiatives Process
• Data quality group in place Process • New policies are put into place to
Introductory • No management buyin - ensure correctness in the enterprise
• Enterprise integration is mainstream
• Real time governance is emerging
- • Impact analysis on new initiatives is
People Process • Metrics are measured most times completed prior to coding
• Champions in Silos • Business rules start emerging
• No management buy -in • Data correctness is key Technology Technology
• Applying domain specific knowledge • Process application is still siloed • On - going monitoring is implemented • Metadata is integrated from data
• Real time is partially implemented
- modeling,database, ETL, profiling, data
Process Technology • ETL metadata is made available quality, auditing ,
logging and usage
• Ad Hoc • Quality tools are in use • Dashboard or control center shows the
• Some areas of Data Management • Profiling is not mainstream Value current state of data governance
not documented • Minimal metadata in ETL tools • Integrated metadata is becoming disciplines
pervasive • Metadata mining takes place to enhance
Technology Value • Reports appear with integrated metadata future practices
• Tools not a part of the landscape • Limited recognition of quality benefits • Common view of KPIs is becoming Value
• Policies and principles not applied • Reports emerge with measurable KPI available • There is single view of the governance
• Tools without governance framework on data quality process
• Business metadata is taking root • Better decisions
Value
• Reactive
• No reuse
• Standards revisited every time
Incidental Reactive Preventive Proactive
Communications
Figure 1: CIBER Data Governance Maturity Model
5. CIBER, Inc. 5
Level 1 Process
The introductory level of data governance has risks
– Introductory or Incidental
associated with every report that gets produced. No
This is actually the base level of the maturity model one really knows if the data is right across the silos,
for data governance. For the most part any data but they have data or what can be termed as ‘output’.
governance practices are not used extensively in There are no policies regarding how to use data,
the enterprise, but are more of a ‘closet’ effort. By each report may have its own definition of the data
‘closet effort’ we mean only one or two people are – such as how to count revenue for the organization-
considering any governance over the data used in - and the business rules around those metrics. No
a project. one really knows if the data is correct, and there is no
standard way to address data quality. Data just gets
People reported the way it is meant to be reported within the
The people involved on the introductory level usually silo. Usually there is no development methodology
surround the competencies of one or two people to at this level other than ‘start programming’ or hero
create successful application implementation. The mentality, and certainly no data “awareness” or data
people are the asset, and the key to success for stewardship.
level 1. There is usually no management ‘buy-in’ for
data governance; in fact, upper management doesn’t Technology
even know they have data inconsistencies. There This is a case of the cobbler’s children having no
are no people to champion data quality initiatives shoes. Usually, at this level of data governance, an
or stewardship, except for the operational team that organization has no data quality or profiling tools. An
is responsible for the data, and their involvement is ETL/ELT (Extraction, Transformation, and Load or
limited. People create data redundancies or silos Extraction, Load, and Transform) tool may exist, but is
across the organization, because they can get the not exploited as part of any data architecture solution.
application implemented sooner, and under direct It is certainly not deemed the prescribed tool to use
control of the silo manager. People and data are both for conversion or propagation into a data warehouse
issues, because the viewpoint is narrow and focused for business intelligence (BI). If the tools are not part
on serving the silos! of the solution, then metadata integration is not even
6. 6 Actionable Data Governance
a thought at this level. This leads to problems with from management; without that it’s just another
inconsistent definitions of common attributes, and IT task.
lack of management of master data.
3. Acquire data profiling and data quality tools.
Maybe just start with data profiling this year,
Value to the Organization and add data quality next year. We can say
The organization that is at the introductory or incidental from experience you will find issues in the data,
level of data governance maturity is usually in reactive and you will want to fix it. You will need to use
mode, and prone to fire fighting issues around data. the data quality tools or write the programs in
They work on what is the highest priority today. There your ETL/ELT tool.
is usually no real process reuse or repeatability on
any of the projects. Each time there is a new project, 4. Begin the effort to profile and document all the
everything is usually recreated from scratch. source systems. Your organization is at the
lowest level of maturity, so you probably have
Actions to Get to the Next Level quite a few silos. Start the effort of integration
If you want to get to the next level of maturity in data with a plan to add profiling into each project.
governance, do the following: 5. This might be the place to be! You can use the
1. Get management ‘buy-in’ based on assessing blank canvas to your advantage.
the benefits of compliance and integration. We
suggest showing them their own dirty laundry Things to do:
(data), and look for a reaction! This usually gets 1. Get Management ‘Buy-In’
their attention, especially the financial people.
2. Look for tools to address data quality
Use data profiling tools to help! Otherwise,
write SQL. 3. Review the ETL/ELT process for intersecting
with data profiling
2. Create a stewardship program to handle
everyday issues about data. For instance, this 4. Look for data champions who understand the data
could be an added task in the data management 5. Evangelize the concept across business units
group. Or consider hiring another person to
6. Make this an organizational issue – not an IT issue
implement the tasks and develop and manage
the procedures involved in a data stewardship 7. Initiate a process to start understanding metadata
program. See 1 above – it still requires ‘buy-in’
7. CIBER, Inc. 7
Level 2 performance indicators (KPI) on the quality of the
data. Management receives the reports, but is still
– Acceptance or Reactive
not sure what to do with them.
Acceptance (Level 2) in the data governance maturity
model has a few successes. It is truly an acceptance Actions to Get to the Next Level
that the organization has got to change its practices To get from Acceptance to Usage and Analysis will
to continue to be effective and efficient, which usually require making profiling and quality tools part of the
means ‘buy-in’ from business and IT. day-to-day processes. Integration of the data is a big
concern for management. We must now determine
People a path to compliance for the data. Funding of the
At this level we have groups of people who find data governance program or group is now a reality,
success in their implementations. The success is and must take place. Now, we are not saying you
probably found in an ERP or a BI implementation. need a group of 12 to do data governance. We
A data quality group starts to emerge because they suggest starting with a few good people (you may
found all the dirty data during conversion of the ERP already have them), and management sponsorship.
or BI implementation. There are still no real standards Stewardship must be understood, and implemented
or procedures, but we are sure thinking about them. as a day-to-day process. Again, stewardship is a
At this point we still do not have management ‘buy-in’ role, not necessarily a job. Most likely, stewards
for corporate data governance, because they are not already exist in your organization. They know data!
quite sure how to address the whole ball of wax. So
management continues to avoid the issue. Things to do:
1. Start working at an inter-departmental level to
Process educate about data governance
Acceptance means we are starting to create business 2. Normalize the understanding of KPIs
rules. The business rules live in our data models 3. Establish metrics around data quality,
and ETL/ELT processes. We are not sure what to correctness and validity
do with the business rules, but we know they are 4. Document and use business metadata, using
important. So, we collect the business rules, maybe your data modeling tool
even document them appropriately. Data quality 5. Use data profiling and data quality tools across a
and correctness becomes crucial for success of the major part of data collection and dissemination
organization. This is understood by all the data people
in the organization, but data is still spread across the
enterprise. The entire data problem is hard to work Level 3
around, but we accept it, and continue. At this point
– Usage and Analysis
the scale and vastness of the issue is apparent, but
the solutions seem complex and overwhelming. (Preventive)
At level 3 we really start using the people, process,
Technology and technology together to bring value to the
Acceptance brings technology changes. Quality organization. An enterprise awareness of data
tools are used within the enterprise for customer governance is happening quickly and is on the minds
relationship management (CRM) or ERP. Data of many people in the organization.
profiling is not accepted as a day-to-day practice, but
is used prior to conversion of data in some projects. People
ETL/ELT tools exist, but the metadata capabilities are Executive level management starts to view data
not used as part of the corporate metadata strategy. governance as strategic. Data stewards are now the
mechanism to implement data quality and evangelize
Value to the Organization data discipline across the enterprise. We are a group
Acceptance by the workers still limits management of people across the organization with our priorities
recognition for the data quality achievements. direct toward data quality, data correctness, and data
Management is still not with us all the way. So, integration. These people might even be organized
reports start emerging with measurable key
8. 8 Actionable Data Governance
into committees or working groups, because their and data modeling tools. Some of this metadata is now
outreach into the organization is increasing. available. Security, auditing, and usage of the metadata
is recognized as useful, but not yet implemented.
Process
Data integration is mainstream; it is understood that Value to the Organization
this has to happen for this organization to prosper. The organization has integrated the metadata, but is
Data governance is included in ‘real-time’ data efforts, not quite using all of it the way it could. Reports emerge
and included as tasks in those projects. Metrics are with integrated metadata about data quality, data usage,
measured some of the time, and our shift is in the and auditing information. The organization sees the
direction of prevention, not reaction. Some of the nugget, but not the gold mine!
processes that are producing results at this stage are:
• Data Architecture Actions to Get to the Next Level
To get to the next level (Adoption and Continuous
• Data Policies and Standards Improvement) takes a bigger effort with metadata.
• Data Quality and Correction Plans A complete corporate metadata strategy has to be
created. This requires us to understand all the
• Metadata Management
sources of metadata, and how they should integrate
• Information Lifecycle Management to be useful to the organization. A metadata strategy
is easy to create, and hard to implement (much like
Technology Data Governance). A data governance dashboard
We got the tools! On-going monitoring, based on a that indicates the health of the organization should be
few KPI, is conducted consistently. Real-time data considered. The team now needs to start looking at
governance is partially implemented, but not quite how to audit the systems, and what technology will help
complete. A metadata strategy is started that takes that effort. This is a step towards creating value through
advantage of the metadata in the profiling/quality, ETL, data and risk compliance.
9. CIBER, Inc. 9
Things to do: governance KPI in the organization. People now start
1. Make data governance a part of the overall to mine the metadata. Oh, the joy of analysis, and
learning what you don’t know (or wanted to know)!
Enterprise Architecture governance landscape
2. Work on the integration of tools and processes Value to the Organization
that address data modeling, data movement, data Data governance is viewed as a control center for the
management, data quality and data profiling organization. The data, business rules, and policies
3. Make sure operational, administrative and business are in place and continually monitored. Improvements
metadata is used wherever applicable within the are demonstrated based on the monitoring process,
various processes and filtered back into the data governance disciplines.
There is definitely a better corporate understanding of
4. Look for a data czar to control the overall data, and
the data, and the practices surrounding the corporate
choose that set of people from the business
data. The organization sees that they are making better
5. Ensure KPIs are documented, accepted and now decisions.
implemented consistently
Actions to Get to the Next Level
Where do you go from the top? On-going monitoring
Level 4 will yield improvements for the organization. Mining
the metadata will shed more insight into what the
– Adoption and Continuous
‘future’ level of Data Governance will become. As
Improvement (Proactive) with any continuous improvement process you will be
Nirvana! Or so you think! This is the highest level in the better positioned to adjust to changes in demand or
Data Governance Maturity Model for today. This is the environment, because most (if not all) of what you do
vision that we have had all along this process, climbing is documented.
from one level to the next.
Things you can still do:
People 1. Make data governance a part of the IT governance
Data governance has executive participation, and landscape
support. The data governance group and data stewards
2. Ensure data governance has a seat at every touch
work together to continually involve and educate the
point with data, which includes data modeling,
business users. The organization proactively manages
data architecture, data management, metadata,
their data governance policies as part of any project,
data quality, data profiling, data archiving and
and continues to be involved in the success of the
data analytics
organization. A clear indication that you have reached
the top is when the business knows where to turn in 3. Institute a review process for the governance
case they have a question related to quality of data or program
its use, and does not necessarily mean tapping “Bob” on 4. Create and maintain a dashboard to display the
the shoulder. activities and metrics around the data governance
program
Process
New policies are put into place to ensure correctness
of the data for the enterprise. Impact analysis on new
initiatives is completed before coding begins, to address
who and how the data get used, correctness of the data,
and business rules surrounding the data.
Technology
Metadata is integrated from all products, including
auditing and usage tools. The data governance
dashboard shows the current state of all the data
10. 10 Actionable Data Governance
Where to Start! References:
Some organizations have been doing parts of Data The 7 Stage of Highly Effective Data Governance:
Governance for years. For example, if the organization Advanced Methodologies for Implementation – Martha
has implemented master data management (MDM), BI, Dember, CIBER, Inc. 2006
and/or customer data integration (CDI) solutions, some
standards, policies, data definitions, and business Data Governance and Content Management Frameworks,
rules around the data have already been created. By CIBER, Inc. November, 2002
implementing those types of projects successfully, you
have created parts of stewardship committees, business Alpha Males and Data Disasters – The Case for Data
rules, and part of the entire corporate data policies. If Governance, Gwen Thomas
you haven’t started, consider it during any master data
management (MDM) or data integration initiative. The Importance of Data Governance and Stewardship
in Enterprise Data Management, DataFlux, Ann Marie
Summary Smith – EWSolutions
Data Governance does not happen overnight. In fact, it IBM Data Governance Council Maturity Model: Building
cannot happen within three months, and may take a few a roadmap for effective data governance, October
years! But what you can do is bite off a small piece and 2007
continue working toward the goal at Level 4 (Adoption,
Continuous Improvement and Proactive). If every The Data Governance Maturity Model, DataFlux
organization continues towards that goal, who knows, Corporation, 2007
soon Data Governance may truly become another
service in a service-oriented architecture (SOA).
11. CIBER, Inc. 11
About the Authors
Joyce Norris-Montanari Manish Sharma
Principal Architect Principal Consultant
Global Enterprise Integration Global Enterprise Integration
Practice Practice
Joyce Norris-Montanari, CBIP, is a Principal Architect for Manish Sharma, Principal Consultant for CIBER’s
CIBER’s Global Enterprise Integration Practice. Joyce Global Enterprise Integration Practice. Manish assists
assists clients with all aspects of architectural integration, customers in all aspects of enterprise architecture,
business intelligence, and data management. She application integration and data architecture. Manish
advises clients about technology, including tools like has worked on a number of data and application
extract-transfer-load (ETL), profiling, database, data integration initiatives for clients in the public and private
quality, and metadata. sector, with an emphasis on data in motion, canonical
models and integration of information repositories. He
Joyce has managed and implemented integration, has worked with organizations in public sector, health
data warehouses and operational data stores in a care, retail and software product development.
variety of industries including education, pharmaceutical,
restaurants, telecommunications, government, healthcare, Manish can be reached at msharma@ciber.com.
financial services, oil and gas, insurance, research and
development, and retail.
Joyce speaks frequently at data warehouse conferences,
and is a regular contributor to several trade publications,
including DM Review. She co-authored Data Warehousing
and E-Business (John Wiley & Sons, 2001) with W.H.
Inmon and others. She is a member of the Boulder
(CO) Brain Trust and is Program Director of the Denver
branch of DAMA.
Joyce can be reached at jnorris-montanari@ciber.com.