Data Governance Demystified – Lessons from the Trenches

By on

by Jay Zaidi

Data Governance has become a top priority in the Data Management industry lately due to a renewed focus on Big Data, Data Security, Data Privacy, Master Data Management (MDM), Reference Data Management, Regulatory Compliance, and Data Quality Management.  Many companies have some form of Data Governance in place, via data controls (e.g. SOX controls), structured development life cycle (SDLC) check points, design and code review boards, and architecture.  However, these data controls and governance activities tend to lie within business silos and may not be handled consistently across all Lines of Business (LOB).  Governing data across an enterprise in a standard and consistent manner is non-trivial and companies frequently attempt it a few times before they get it right. Some of the reasons for the limited success are a corporate culture that is resistant to change, poor change management practices, lack of sponsorship from the top, lack of education about benefits of the program, scope creep, poor strategy and execution, or budgetary challenges.

Before embarking on a new program or addressing the deficiencies in an existing one, the following four fundamental concepts related to Data Governance must be understood and agreed upon by key stakeholders:

  • Data Ownership
  • Accountability
  • Organization
  • Transparency

In addition, to ensure success, the following questions must be addressed at the outset:

  • Which data entities and data elements should be governed at the enterprise level?
  • What roles do the business, operations and technology organizations play in implementing Data Governance?
  • What is the best model for Data Governance?
  • What aspects of data should be governed?
  • How should data-related issues be logged and addressed?
  • How do organizations sustain Data Governance processes over the long haul?

Like any enterprise-wide initiative, there are no simple solutions to the Data Governance challenges faced by firms.  However, if governing data is treated as a strategic priority and the Data Governance program is built systematically, sustainable Data Governance is achievable.  While the overall strategy and execution steps will vary for each firm, based on the maturity of its data management practices and Data Governance processes (if initiated), the “data challenges” that it is facing, its appetite for change, the fundamental program-level components, and best practices that must be implemented remain the same.

Data-related Challenges

Data pervades every aspect of a firm’s business ecosystem and is a strategic asset; therefore, it must be managed to deliver business value. The organic growth of data stores within corporations introduces challenges with respect to multiple definitions for a data element, multiple versions of the truth (i.e. lack of master and reference data sets), lack of integration of data between different data sources, inconsistent application of data security and privacy policies/standards, inconsistent data types and data precision, and lack of formality for governing data across the enterprise.  The increasing rate of data acquisition, coupled with its complexity (structured and unstructured data – text, documents, graphics, video, audio, emails, social media feeds, etc.) compounds this problem.  Most firms are grappling with these challenges and trying to bring “order out of chaos.” Investing in a Data Governance program or strengthening an existing one will enable them to overcome the challenges listed above.

Four Fundamental Concepts

Before embarking on a governance program or revamping an existing one, four fundamental concepts must be understood and bought into by key stakeholders.

1.     Data Ownership

The question of data ownership is critical to governing data, since it deals directly with data accountability.  If you ask the question “Who owns data?” across your firm, you will receive many interesting answers, including:

  • Data producers own data
  • Data consumers own data
  • Business units that typically manage it (e.g. product line) own data
  • The owner of the system where this data resides (system-of-record or trusted source) owns the data
  • The first system that receives the data and processes it owns it
  • The owner of the corporate data warehouse owns it

You will discover that none of these answers is correct on an individual basis. Data is neither owned by a single business area nor an individual system owner, but is an enterprise asset that is owned by the corporation. However, to govern and manage data appropriately, organizations must identify and assign certain roles and responsibilities to staff members.  Traditionally, roles such as Data Trustee, Data Steward and Data Custodian have been used for this purpose.  Some firms may choose to assign different titles to these roles – to better align with their organizational dynamics.  These people are the front line people who, likely, already make the key decisions regarding data.  They need to be empowered to make the decisions and their actions must be coordinated in such a way as to deliver business value.

2.     Accountability

Having established the fact that data is a strategic asset owned by the corporation, three roles (or their equivalent) are typically defined: Data Trustee, Data Steward and Data Custodian.  These staff members play a critical role in governing data, in collaboration with other members within their organization.  They should be empowered to make decisions and drive change and are ultimately accountable for ensuring that governance procedures are followed and their team members comply with enterprise data management policies and standards.

Data Trustee:  A Data Trustee (Officer-level staff member) is from the Business or Operations area and sits on one or more Data Governance Boards.  Data Trustees are accountable for the security, privacy, data definitions, data quality and compliance to data management policies and standards for a specific data domain.  They collaborate with other Trustees and the Enterprise Data Governance team to define and approve data-related policies and procedures.  Data Trustees typically delegate the day-to-day Data Governance responsibilities to Data Stewards and Data Custodians within their organization.

Data Steward:  Data Stewards are subject matter experts in their respective data domains and consult with and support business unit staff, the Data Trustee and Data Custodians in their day-to-day data management responsibilities.  Some of the Data Stewards responsibilities are:  defining data definitions, data security requirements, data privacy requirements, allowable values, and data quality requirements.   Data Stewards are also responsible for monitoring compliance to enterprise data management policies and standards, addressing data related issues and governing data belonging to their data domain.  Data Stewards also play a critical role in certifying the quality of data for their specific business domain.

Data Custodian:  Data Custodians (Officer or Director-level staff) typically belong to the Information Technology or Operations area and will manage access rights to data they oversee.  In addition, Data Custodians implement controls to ensure the integrity, security, and privacy of their data. Data Stewards and Data Custodians work closely to ensure that their organization complies with the enterprise data management standards/policies and that critical data-related issues are escalated to the appropriate Data Governance boards, in a timely manner.

3.     Organization

Data-related issues arise during the course of regular business. They could be related to data definitions, data consistency, data quality, alignment with industry standards or a disagreement between business units on their use. All such issues should be captured and escalated from the local level (business unit) to one or more enterprise governance bodies for resolution. These governance boards are cross-functional and typically composed of representatives of the business, operations and technology teams.  The specific number and structure of the governance councils will vary, depending on the size, culture and preference of the firm’s leadership.

4.     Transparency

Complete transparency into data quality and Data Governance related Key Value Indicators (KVI) and Key Performance Indicators (KPI) across the information supply chain are essential for the success of a governance program. This provides two major benefits: first, measuring quality and process efficiency enables organizations to find and address material weaknesses; and second, providing every stakeholder a view into such metrics gives them the ability to not only become aware of hotspots and operational issues, but to have fact-based discussions about their impacts and resolution with other stakeholders. It is uncomfortable for Trustees, Custodians and Stewards to have their dirty laundry aired in public, so expect some pushback. But, if they truly view data as a corporate asset and appreciate their role in proactively managing it, this should not be an issue.

The Mechanics of Governing Data

Having discussed the four fundamental aspects of governance, we have laid the foundation and can now discuss the mechanics.

1.     Which data entities and data elements should be governed at the enterprise level?

To conduct business operations, enterprises consume and process thousands of data elements associated with dozens of data entities (e.g. Product, Party, Customer, Asset, Payment, Orders, etc.).  It is impractical to govern every data element, hence focus should be on those that are deemed critical for business operations (e.g. financial reporting, various external disclosures, risk management, accounting etc.), decision-making and reporting purposes.  It is necessary to engage subject matter experts within each line-of-business (e.g. product lines or functional areas) and corporate support function (risk, audit, procurement, customer support, finance, accounting, corporate reporting, etc.) to identify the key business processes and the associated critical data elements. Focus must be on governing this set of enterprise critical data at the enterprise level and to not boil the ocean.

Individual business units should set up local Data Governance organizations and Data Governance processes (utilizing the policies, standards and procedures developed by the enterprise Data Governance team) to govern their line-of-business critical data. Local governance efforts should talk to each other in a stewardship council, so that questions related to data ownership, data issues, and other such items can be settled.

To ensure ease of deployment and compliance to enterprise standards, LOBs should leverage the metadata, data quality and compliance tools that are utilized by the enterprise data management team.  If such tools are not available or there is no enterprise standard, then LOBs should engage with the appropriate enterprise team to evaluate and select them.

2.     What roles do the business, operations and technology organizations play in implementing Data Governance?

In many companies technology tends to drive Data Governance or asserts that it should own it.  Experience indicates otherwise.  Business organizations have a deeper understanding of data, its definition and usage with respect to business operations, decision support, modeling, risk management and reporting, the nuances of data from a semantic perspective, industry standards and alignment, and other such aspects.  Business is also aware of the ramifications of data quality issues and inconsistencies in its application to the bottom line.  Therefore, as subject matter experts they should be assigned the role of Data Trustees and Data Stewards, with technology and operations teams playing a critical Data Custodian, trusted adviser and implementation role, to ensure that the right systems, infrastructure and processes are deployed to support and sustain Data Governance.  This includes the capability to monitor compliance to data standards and policies, business intelligence into quality outliers and hotspots, data certification processes and underlying components, transparency into data inconsistencies, and data forensics’ capability to analyze data and support root cause analysis when issues are identified.

3.     What is the best model for Data Governance?

This is an extremely important topic, since the success of the program hinges on this. Governance should not be perceived as a “big brother” or a top-down program – stakeholders within business units resent this. A bottom-up approach, with the business units driving governance doesn’t work either, since business unit staff does not have a holistic view of data across the enterprise. A combination of top-down and bottom-up approaches works best. The industry term for this is Federated Data Governance – an enterprise governance team facilitates the monitoring and management of the quality of enterprise critical data, with assistance from Data Stewards, Data Custodians and Data Trustees from individual LOBs (top down).  The business unit Data Stewards, Data Custodians and Data Trustees govern LOB critical data in collaboration with the enterprise governance team (bottom up).  LOB critical data is promoted to the enterprise critical data domain if there is consensus among all Trustees that it belongs there.

4.     What aspects of data should be governed?

Data related issues mostly arise due to multiple and inconsistent data definitions (semantics) for a particular data element within data models or data stores, poor quality interface definitions that cause data corruption during data hand-offs between systems, inconsistent data types, incomplete or inconsistent set of allowable values for a data element, lack of basic data quality rules that must be applied, and the inability to trace the data element from a downstream system to its source.  There are many other aspects of data that can be governed, but those are the more important ones. These are non-trivial issues and need a concerted effort to align the entire company to a centralized repository of the single version of the truth.

5.     How should data-related issues be logged and addressed?

Proactive identification and management of data-related issues is required to lower systemic impacts. Each enterprise critical data element should be tagged with its system of record, trusted source, Data Custodian, Data Trustee, Data Steward and other pertinent metadata, to facilitate root cause analysis and remediation of issues. Issues should be logged in an enterprise issue management system and assigned to the respective Steward and Custodian, whose role is to triage the issues, drive root cause analysis, assign them to the appropriate owner (data, process or technology) and ensure that they are resolved per agreed upon service level agreements. The enterprise governance team should mine issue-related data to find patterns of data anomalies, run some predictive analytics on the impact of such issues to downstream systems and provide aging reports to management.

6.     How do organizations sustain Data Governance programs over the long haul?

Implementing the governance model, assigning roles and responsibilities, rolling out corporate-wide standards and policies related to data, creating an organizational structure and appropriate escalation mechanisms, proactively monitoring compliance to standards and policies, communicating the value of the program to all stakeholders and continuously improving the process, technology and people aspects of Data Governance will ensure its sustenance over the long haul.  Because information governance is an emerging and evolving practice, you should plan on investment in education, and occasional check points with one of the advisory firms that focuses on this niche.  There is also a need to have the right people managing and coordinating Data Governance operations: strong senior analysts with business plus technology backgrounds, and a customer orientation (customer here means the business stakeholders whose interests need to be furthered).

Lessons from the Trenches

A summary of the lessons that I learned while implementing Data Governance and Data Quality programs is provided below.  This is not an exhaustive list, but I have attempted to capture items that I felt were most important:

1.     Scope

  • Focus on enterprise critical data first; do not attempt to boil the ocean. Govern these at the enterprise level
  • Lines of Business should govern their LOB critical data, utilizing the tools, processes, standards and policies developed by the enterprise governance team
  • Promote a LOB critical data element to the enterprise critical level, if there is consensus among all Trustees and Custodians that it belongs in that category

2.     Education

  • Educate the senior leadership team on the fact that Data Governance is an ongoing process and doesn’t have an expiration date
  • Educate employees and Board Members about the importance of good Data Governance and the critical role they play in its success

3.     Communication

  • Develop a comprehensive communication plan to share status updates, educate, share compliance metrics, share lessons learned, best practices and case studies.  Regular communication targeted toward all levels of the organization is critical to the success of the program
  • Schedule brown bags, program deep dives and informational sessions multiple times during the year to communicate the message
  • Invite industry experts to share their successes and to emphasize the value of good governance with key stakeholders

4.     Staffing

  • Within each line of business and support function, identify and assign Trustees, Custodians and Stewards.  These resources should be passionate and knowledgeable about data and must be assigned clear roles, responsibilities, authority, and accountability
  • The enterprise governance team must have a clear line of communication to these resources and must collaborate with them to ensure compliance and address systemic data issues

5.     Governance Bodies

  • Define a local governance council composed of Director and Manager-level staff representing business, operations and technology departments from each line of business
  • Define a corporate governance council comprised of senior level (Officers) staff from business, operations and technology departments that will address enterprise level issues and those that are escalated by the local governance council

6.     Change Management

  • A key component of any governance program is inculcating behavioral change within every staff member, with respect to stewardship of data
  • Change management is a critical component of this program and must be utilized to affect change across all lines of business and support functions

7.     Culture

  • Emphasize continuous improvement of data definitions, data quality and governance processes, throughout the company
  • Highlight the importance of treating data as a strategic corporate asset by every employee in the company
  • Incorporate data stewardship into the DNA of the organization, through awareness, education and compliance activities

8.     Roles and Responsibilities

  • As business domain subject matter experts business organizations should be assigned the Data Trustee and Data Steward roles and must have clearly defined responsibilities and be empowered to make decisions related to data management
  • Technology and Operations teams play a critical advisory, process support, infrastructure, systems and implementation role, to sustain the program over the long term. Data Custodians typically belong to these organizations

9.     Deployment Model

  • Use a Federated Data Governance model.  Top-down and bottom-up approaches to Data Governance do not work very well, especially in medium and large enterprises

10.  Policies and Standards

  • Document and publish corporate-wide data management policies and standards.
  • Align them to industry standards (if those standards are mature and have a high level of adoption).  This will enable easier integration with business partners and facilitate standardized reporting

11.  Accountability

  • Use a carrot and stick approach to ensure compliance of LOBs to corporate policies and standards. Tie compliance to staff performance reviews and reward staff members that display the desired behaviors. Educate and take corrective action against those that don’t
  • Hold Data Trustees, Data Stewards and Data Custodians accountable for their organization’s compliance to enterprise policies and standards

12.  Procedures

  • Define procedures and repeatable processes for identifying and addressing data issues and an escalation process for those issues that can not be resolved within the first-tier governance council

13.  Metrics

  • Capture Key Performance Indicators and Key Value Indicators for the program.  Some examples are: compliance to standards, data quality measures by entity and attribute, number of critical data being monitored, number of active rules, adoption of data quality tools and processes, Data Governance maturity of each LOB, open issues, aging of open issues, etc.
  • Publish the KPIs, KVIs and salient metrics monthly to show progress and highlight key accomplishments

14.  Tools and Automation

  • Evaluate and select tools for data quality, metadata management, data policy and standards compliance monitoring, and data issue management, if there are none available within the enterprise.  Tool selection should be based on the enterprise use cases and specific requirements
  • Utilize the data quality tool to automate proactive monitoring of data quality and to remediate any issues
  • Utilize a metadata management tool to capture metadata related to business critical data, data quality rules, business processes, data stores, systems of record, trusted data sources, data lineage, etc. Use scanners to automatically scan the metadata sources for updates. Note that some manual intervention may be required to “stitch” metadata
  • Utilize a compliance monitoring tool to automate compliance checks and reporting
  • The enterprise and LOB data management teams should utilize the same set of tools, to facilitate compliance with policies and standards and for consistent enterprise and LOB-level reporting


A paradigm shift with respect to organizational structure, accountability management, metrics management, and execution strategies is required to address the best practices listed above. Executing against such a paradigm is extremely challenging due to constraints related to legacy systems, immature data management capabilities, siloed business models, siloed data management practices, lack of work flow between components of the information supply chain, internal politics and market pressures.  The right people, processes and technology and a robust change management program is required to overcome the challenges.

Deploying and sustaining an enterprise-level Data Governance program can be accomplished, provided it is given the priority it deserves and has the backing of and active participation from senior and line-level managers across Business, Technology and Operations organizations.  There are proven Enterprise Data Governance (EDG) and Holistic Data Quality Management (HDQ) frameworks (, processes, methodologies, design patterns and disruptive technical solutions that can be applied to address the Data Governance challenges discussed in this paper. It is imperative that corporations invest in them, to improve their regulatory compliance and risk management functions and the overall health of their business critical data. These are strategic programs that require sponsorship, investment and on-going political support from the Board and C-level executives.  The return on investment is significant, if the program is implemented in a systematic manner, with the proper change management processes and incentives built-in.

Leave a Reply