Data Governance: The Cat Herders Toolbox

Data Governance… let me introduce you to The Business

When you think of Data Governance, what’s the first thing that pops into your head? Or maybe, who pops into your head? If you said an IT person you’re not alone. Commonly in our Data Governance workshops, well over 90% of the people in attendance are part of IT. Now that’s not to say that IT doesn’t have a role in Data Governance, but if you asked those very people attending the Governance Workshop, “Who should own the Data Governance initiative?” The unanimous answer will be “the Business.” So immediately we see a problem. Successful Data Governance programs must be owned by the business but the people concerned are IT. How can we hope to bring Data Governance to Business Sponsorship and eventually Full Ownership?

Any IT professional that is looking to really make a difference is going to need to step in the shoes of a Business Person. This doesn’t just mean understanding their day to day, but understanding the tools they use for navigating their processes, politics, and people. This whitepaper shares some tools that are mostly used by “the Business” but have been tuned for effectively developing Business Ownership of a Data Governance Program. The order in which the tools are presented, are from the early inception stages towards the movement to adoption

Early Awareness

When starting a Data Governance initiative it’s important to understand what is driving the program and what forces are standing in the way. Doing some early analysis here is critical. Organizations which don’t understand their barriers to success are asking for a big disappointment when the momentum and investments have already been made. A simple tool for objectively outlining the forces that are maintaining the status quo is called a Force Field Analysis Model. While this might sound like some kind of Sci-Fi weapon, a Force Field Analysis can objectively present what, or who, is standing in the way and maintaining the status quo. This is also an effective tool for facilitating the early team meetings around Data Governance. Typically a 3rd party needs to be engaged here to ensure that politics don’t derail its accuracy.

The Process and THE PROCESS

Data Governance is really about People, Process, and Technology coming together to solve a problem. Part of developing business ownership is bringing the solution into their realm… The Process. The process drives the output and the output goes to the customer, which is the lifeblood of any company. So naturally this is an area that IT can logically bridge the conversation with the Business. And we’ll talk about tools that can be used to accomplish this. But first, I’m going to share a dirty little secret, one that will shake the very foundations of your boardroom. The actual process is not what Management thinks it is. Far too often, we in IT interview the business and run off to start implementing. But, if you sat in the circles of Process Engineers they would tell you that Management rarely has an accurate portrayal of what the process actually is. Don’t be too quick to judge, because this applies equally to IT as it does the Business.

Keep in mind that it’s important to understand both perceived and actual processes. Being aware of their discrepancies is perhaps more important than just having the actual process.

So how do we facilitate the discussion with the business around their perceived process? And how do we find out what the process actually is?

Let’s start with developing the perceived process and facilitating that discussion. An effective tool for outlining the process and its touch points is something called a SIPOC Map. This is an excellent facilitation tool for engaging with the business and outlining the process with its surrounding elements. Some of my most productive Business meetings have been in, involved the interactive development of SIPOC maps. SIPOC stands for Suppliers, Inputs, Process, Outputs, and Customer.

To fill out a SIPOC Map I’m going to use a fictitious example of Ford building a car. We’re going to develop not only the process but what comes before and after it.

Think about whom might supply raw materials to a company like Ford. These are entities that are engaged in supplying product to the process. These entities are filled in above under “Suppliers.”

Next, we consider what those entities are supplying, to the process. These are the pieces, parts, paperwork etc that the Suppliers are delivering to the Process. These are listed under “Inputs”

Now we come to the process itself. We list high level steps to start, then later we can map out more detailed SIPOC maps for individual steps in the process. All these steps are listed under “Process”

Now we list what the process produces. These are all the items which ultimately will make it to Fords customer. These are listed under “Outputs”

Finally we finish the exercise by listing who the customers are.

As stated earlier, once the SIPOC is in place you can dive into any individual steps in the process and build a dedicated SIPOC map just for that process. The power of SIPOC is in its flexibility. Regardless of whether you are in Banking or Farming, you can use it to map out the end to end. By outlining the business in this way we can start taking deeper dives into how a Data Governance program will benefit the Business and the Customer. We can start talking in real terms how abnormalities in the data can affect downstream Processes, Outputs, and Customers.

This brings us to our next point. Measuring the end customers experience and its relationship to the Data is a key factor in ensuring Business Stakeholder ownership of the Data Governance Program. Beyond the perception of the process how do we confirm the customer’s experience? This is where we have to roll up our sleeves. In this step we’re going to do something called Staple Yourself to an Order. We act as if the order was literally stapled to our sleeves and we walk the Process. If you’re process is highly complex, then focus on the Happy Path. (The path you would take if nothing went wrong with the order). This will allow you to see the actual process. However, perhaps more important, it will allow you to ask questions about throughput. At each step in the process we ask how the process might fail, and how often it does. This is where we uncover the relationship between the data and the actual process. There are two roles that data plays in a process, Input and Output. As we map the steps to the process we track not just the inputs people are placing into applications, but also Output data that is being retrieved to direct the process.

Keep in mind that we’re not here to re-engineer the process, simply to track it. Stay focused on its relationship with the data and failure rates as you step through. The relationship between data inputs/outputs and a failure in a step in the process is going to be the key in determining how data relates to customer throughput. Let’s analyze how this occurs. First imagine you have several steps in a process all of which have above 88% success rates. Now individually each of these may seem to be pretty good scores. However, don’t be fooled into thinking things are going well. If you look at throughput from the customer’s viewpoint, the performance plummets.

This is because the throughput of each step in the process must be multiplied by the next steps throughput rate. To obtain the customers end view of the process, all the steps must be multiplied against each other. This means the process above would only be successful 68% of the time. Now if we uncover how the data impacts each steps failure rate, we’re well armed to talk about the Data’s impact to the customer in Total Throughput terms. And hence, we’re able to show the business how data governance will improve the customer experience, which is a message nearly any Business User can get behind.

There’s no one way to garner business support for your data governance program. However, linking the advantages of the program to the process provides a much clearer benefit that Business Stakeholders can understand.

What ever way you build support you’re going to need a vision of how to move forward when it comes. In the next section we will provide a sample roadmap which outlines some guiding principals for establishing a program.

Vision of the Road Ahead

With the appropriate level of executive sponsorship it’s time to establish the roadmap for a program. Again there’s no one and only way to do this. Based on your organizations structure or management support level, your process may have completely different steps. However, there are some high level principals which a Data Governance Program will march towards. The triangle below is a representation of those principals which are implemented from the bottom up.

5S’s

Most organizations that are just starting their Data Governance program have a tangled mess of data sources, loose system ownership, and data quality. An organizational tool called 5S provides a good compass for a program manager, and is something that many businesses people are already familiar with. This tool provides some guidance on where to start organizing. The first “S” stands for Sort. Imagine you’re in a big warehouse with tons of stuff that you need to organize. “Sort” directs that you should first get rid of what you don’t need. This means getting rid of all the things in the warehouse that are just taking up space. Next is “Store”, we need to create a place for everything. This will allow us to know where things are located when we need them. Then comes “Shine”, in the case of the warehouse, Shine represents making the work area clean. Following Shine we have “Standardize.” This means that the work procedures and environment in the warehouse should be consistent and items should be categorized. Finally, we have “Sustain” this simply means that we measure our effectiveness and we maintain the 5S principals throughout the work environment.

These principals provide a good foundation for managing the tangled mess often found prior to implementing a Data Governance program. Let’s translate some of the stated principals into activities we can take with our data and people. In Sorting we’re going to be taking basic yes/no categorical action on data and other items. This will help us know what we can keep and what will be separated. We also include in here the definition of sensitive data, and non sensitive data. This ensures that we sort based on rules.

In storing, we are defining a framework that the data will follow. This includes: Tools, Organizational Entities, Ownership, and Data States.

In Shine, we take corrective actions against bad data. We also secure sensitive data.

In Standardize we build frameworks and policies for managing bad data. Additionally we create controls for data access, and retrieval.

Then finally we measure the effectiveness of the framework that was built.

The 5S principals will act as a compass to the Data Governance program moving forward. Issues will arise which can be placed in the scope of the 5S principals which can guide their resolution.

Sharing of Standards and Information

Next in the steps to implementation comes the sharing of information and standards. This is where the Data Governance council get’s put together, and members of the council begin to share. So who should be in the council? What kind of organizational structure should this council have? Before we share specific examples of organizations it’s probably more important to understand the mix of what must happen in the council. There are governance targets, and governance tasks. The targets are the People, Process and the Data. For example the Governance Council may decide that there needs to be a change in the way a process flow is carried out to avoid a consistent data quality error. Often when we think of data quality we limit our scope to only the data itself but the Governance Council needs to be constructed with team members that can have influence over a much wider reaching subject matter. Hence the targets of the Data Governance Council’s decisions are centered around people, process, and data. The task of the Governance Council will be to enact the Definitions, Standards, Measurement, and Ownership. Clearly one of the requirements to sit on the council, you must have a certain level of subject matter expertise combined with authority to delegate their implementation. Sometimes the authority for delegation needs to be channeled through Executive Management. This brings us to the structuring questions. How do we ensure that the Data Governance Council’s authority is established? Each organization is going to have different cultural environments which will require change how Executives are tied to the council. In some cases an Executive may be on the council itself. Others may have a line of authority to an Executive. The following examples in this white paper are two possible structures:

Executive Ownership

In this example the Executive Steering Committee is an integral part of the Governance Council which defines the mission statements, goals, and priority projects. What’s effective about this structure is that the Executive Steering Committee is commonly made up of team members which own the various divisions of the organization. This demonstrates to the rest of the organization that it’s serious about the Data Governance initiative. The down side of a structure like this is that it’s more difficult to establish a meeting. This means difficult decisions that are standing in the way of moving forward may take longer to make.

Process Ownership

This approach provides more ownership to the business process owners which make up the core of the Steering Committee. These process owners are given authority to act with the agreement of Executive Sponsorship. The obvious problem with this approach is that the executive sponsorship can seem distant, and the organization can interpret this as a lack of commitment.

The common theme that you’ll find across either ownership model is that who doesn’t own the process… IT. When you begin to build your support structure for your Data Governance Council this will need to be the central theme to making it successful. Having IT run the initiative will create the default “Us vs. Them” we’re all so familiar with.

Indeed the only way of building a successful organization is to make it business lead. This is why the early work up front on relating the problem to the business will pay off.

Your First Governance Meetings

So you have your organization in place, now what? This is the point at which we define who we are and what we’re doing. The first meetings should be able to produce:

A Mission Statement- This should be specific enough to drive action and should align to a business goal.

Success Measures- the Mission Statement should be measurable. We should be able to break it down into achievable measures.

Decision Rights- Define delegated authority early. What decisions will be made as a Council, Executive Management, and Individual. These will be important to establish with the data stewards as they will be conducting record changes.

Controls- The Security of the data needs a control description. This will be established by the governance council. This will guide later access control work in the future

Accountability- This is not just accountability within the Governance Council, but also who is responsible outside the council to get tasks done

Subsequent Meetings

In subsequent meetings the shared standards and information should uncover some quick wins and simple process changes that can be implemented. Additionally, the 5S principals should guide Governance Team members in identifying gaps and early changes that can be made in their respective processes or divisions.

Engineering Standards

Up to this point the Data governance decisions are made then propagated out to the business and IT for implementation. This process is far too slow for an organization to sustain over the long run. The implementation of decisions needs to be condensed into a much faster window in order to compete with the speed of a changing business environment. This is where we enter into the mechanization of the standards established in the Governance Council. Which means all the tools for data governance must come together to enable the Governance Council to keep up with the business. The good news is that these tools exist in the market place and can span the depth required by IT, but be driven by the business. The combination of these tools establishes the framework for the ultimate goal of any Data Governance Council: Sustaining a Golden Record.

Establish a Target Subjects Matter

To begin the process of generating the golden record, the Governance Council must first identify a Target Subject Matter. Sometimes this can be a no brainer, other times it’s the squeaky wheel that gets the attention. If we have competing requests, we can lean on the early analysis we already conducted to determine the greatest bang for our buck. We do this by identifying the business processes that use the most common data, in turn we can see how big of an impact we would have to the process, and ultimately the customer. By comparing this to the cost/difficulty to deliver we can obtain a target project which the business can agree on.

Gather the Metadata (MDM Entities, Attributes, and Owners)

This shouldn’t just be the IT people running around. The Governance Council should be making specific assignments to its members for information to be consolidated and delivered to a member of the council. IT should play the role of establishing the templates for information gathering so that it comes together in a consolidated view.

Find a Compass

If we’re expecting to establish a clean record of customer, product, or any other data type; we’re going to need a system of record. This is a source of data that, above the rest, has the most trusted records for the desired topic. The Governance Council will need to be at the forefront of that decision, and may need that decision to be supported at the Executive level. Additionally, it may be necessary to enrich the corporate data so that it has a guiding compass of correct data to reference. There are several Data Brokerage companies on the market today that provide this type of data for corporations.

Warn About Anomalies

We’re at the point now where the design of the solution should be taking place and that the deployment of the tools to mechanize the process will begin. These tools will enable the Data Governance council to create rules that will warn it of Anomalies or Irregularities in the data. The selection of the right tools is also a step that the Governance Council will need to take responsibility for. This includes:

Master Data Management- For interfacing the management of the data with the Data Stakeholders and all the underlying data management tools

Data Profiling- For conducting batch comparisons and providing Business Analysts with a view of the data patterns to track cleanliness

Data Quality- For deploying cleaning procedures against anomalies

ETL/Middleware - For conducting batch, real time, and change data capture movement of data

Data Masking- For enabling the security of sensitive data elements in the enterprise

The Governance Council should have a good handle on the processes relationship with the data at this point. This will guide the implementation of the Master Data Management Hub which will consolidate the subject matter sources and provide a platform for rules to be established. This consolidation will begin to give the Governance Council an active view of Abnormalities being produced in each system. This will produce additional opportunities to make process adjustments, which will be additional low hanging fruit the Council should act on.

Stop Abnormalities

Now we’re at the final stage of the Governance Council’s maturity where the assigned Data Stewards take ownership of record repairs, and rules. Each Data Stuart should be trained on how to manage hierarchies, duplicates, rules, and escalate questions to the Governance Council Members. The Data Stewards should be closely aligned with the Business Process Owners.

The Maturity of the Governance Council simply means that all of the foundationary tools are in place to mechanize and facilitate their Governance. At this point the Governance Council should focus on Sustaining the Change and Business Ownership of the solution. Additionally, the Governance council needs to use the Measures in place to Celebrate its accomplishments with the rest of the business. This will further establish its place in the corporate culture.

Don’t Grow Cobwebs

With the Stewards in place and the Governance Council working, you might think the Council’s job is done. Don’t be fooled, your corporate data will get ahead of you. If the Governance Council spends some time regularly to reiterate its Mission Statement, it will ensure that the Business has trusted data for the long run.