Data is Risky Business: ARP – An Alternative Approach to Data Governance

15-SEPCOL03OBRIEN-edThe ARP-Method (which may not be its real name) is an approach to Data Governance that guides organizations towards “off the shelf” templates, frameworks, tools, and training that the teams tasked with implementing Governance change have to hammer home within the organization.

The ‘accelerator value’ of the ARP approach is that the organization can acquire technology, templates, and other artefacts for Data Governance without having to spend any time understanding the nature of the environment that has given rise to the information communication and alignment problems in their organization. With a little elbow grease and a committed senior management team, the APT approach can be used to quickly drive alignment up the organization for data governance activity.

I’ve actually responded recently to an RFP for precisely this approach from a public sector organization who had been told by an ARP merchant that their (very complex) data governance strategy could be defined, along with addressing (very complex) data privacy issues in eight days, with an expectation in the RFP that full templates, guidance, policies, and processes would be provided for the (very large and complex) organization within that eight-day period. My response was to provide a detailed breakdown of what could be provided within eight days and recommend they should consider an engagement of an order of magnitude longer (at least double) to actually figure out what their issues and opportunities were.

The problem with the ARP approach is that it assumes the organization will mould itself around the “sharp edges” that it will inevitably bring as part of its implementation. Management will be expected to push hard to ram the ARP framework into the organization, often against stiff resistance. The mantra of “the beatings will continue until morale improves” can become the order of the day, leading to inevitable congestion in effective delivery of outputs at best, or a recognition that the governance program that was to support growth for the future has turned into yet another barrow of fertilizer.

A key root cause of the “sharp edges” that the ARP approach can bring to the bottom line of implementation is the fact that it may be alien to the organization: they may not be aligning with the right stakeholders. They inevitably are telling skilled and diligent people that they are doing things wrong and throwing away all of their efforts, often introducing yet more meetings and discussion forums and documentation that must be complied with regardless of how relevant or effective it is in supporting day-to-day data management activity and strategic goals.

Another key reason for the sharp edges and resistance with the ARP approach is that the promoters of Data Governance in the organisation may be seeking to rectify the wrong things or focusing on the less important pain points in the organization. Also, they may be trying to force a change in the wrong way for the organization – for example. pushing even more formality onto a workforce that is over-burdened with meetings and discussion forums when an approach that inserts tailored contributions to the overall Data Governance vision into the existing governance environment might be better in the long run.

This is why it is essential to probe the organization to seek an understanding of the real pain points that exist due to ineffective data governance, identify the real internal accelerators (people, process, technologies) that can get your program moving smoothly and regularly, and ensure that there is a correct alignment of methods and approaches with the culture of the organiszation (which may have to change to make Data Governance work, but that’s not a “cookie cutter” solution – it has to be tailored).

Often the best approach is to work with the structures you have and identify the informal and ad-hoc activities and networks that are already governing data, and then figure out how to repurpose and engage the existing structures to give a scaffold and platform for the good things that might already be happening in the organization.

Of course, that can take time and requires a constancy of purpose towards a medium- and long-term goal. In such environments it can be tempting to hire in a bunch of consultants, who might as well be from another planet when it comes to the culture and personality of your organization, and have them drive the ARP method home. That will tick the box for you that things are being done about Data Governance. But it might not tick the box that data is actually being governed. I’ve seen the aftermath of such over-reliance on externally driven “off-the-shelf” approaches in organizations.

When the consultants are cut, the organization effectively finds itself waking up with a vague recollection of those aliens who introduced the ARP into the organization, who tried to push change from the bottom up in response to the mandate from the leader, often trampling on people in the process. The organization is sore from the experience, and can often struggle to make the ARP work without outside support. In such circumstances, many organizations go into denial about the whole experience and the data governance program and associated change are allowed to wither and die.

So, which would you prefer? To spend your time forcing home an ARP solution or engaging with your stakeholders to actually figure out and solve the real problems and capitalize on the actual opportunities that face your organization?

Share

submit to reddit

About Daragh O Brien

Daragh is the Founder and Managing Director of Castlebridge, a leading Information Governance, Privacy, and Strategy consultancy based in Ireland. He has a degree in Business & Legal Studies from University College Dublin, and is a Fellow of the Irish Computer Society. Prior to founding Castlebridge, Daragh worked for over a decade for a leading Irish telecommunications company in roles as diverse as Call Centre operations, Single View of Customer Programme management, and Regulatory Compliance and Governance. He a regular presenter and trainer at conferences in the UK and worldwide. Apart from his consulting and education work, Daragh is also Data Privacy Officer for DAMA International, a faculty member at the Law Society of Ireland, and a contributing research partner to the Adapt Centre in Trinity College Dublin. He lives in Wexford in the South East of Ireland and can be reached at daragh@castlebridge.ie or on twitter: @daraghobrien. In 2016, he was ranked by Onalytica as the 24th most influential person on Twitter in Information Security (including Data Governance and Data Privacy).

Top