If you have considered deploying a Data Governance program at your organization, the chances are that you have asked the following question:
This question appears to have two answers. “In Business” or “In IT”. The answer I get most often when I ask the question is … “In Business”. Or “Business should own Data Governance”.
I wish it was that simple.
What exactly does it mean for Data Governance to fit “In Business”?
- By stating that it fits in the business are we saying that business manages the program? Well, possibly. It is also possible for an IT area, with proper amounts of cooperation and coordination with the business areas, to manage a successful program.
- Are we saying that all of the data stewards are in the business? Well, not exactly. The IT area also has data needs to manage and has data stewards, both for technical and tactical meta-data and potentially business data.
- Are we saying that since business “owns” (cringe) the data, that they are responsible for data quality? Well, kind of. The organization really “owns” the data and the business areas should take significant responsibility to be good caretakers and sharers of the definition, production and usage of the data in order to improve quality, understandability and decision making capability.
When I get asked if Data Governance should “reside” in the business areas or the IT area, my answer is always, … “Yes”. It should reside in both. The discipline of Data Governance will not be effective if it is managed in the business areas without the coordination with and cooperation with the IT areas. The same is true in reverse. Data Governance is a “universal thing”. Data Governance is a cross-organization and organization-wide initiative that requires that any barriers between IT and business are brought down and that they are replaced with well-defined roles and responsibilities for both the business areas and the technical areas of the organization. The “who does what and when” are much more important then the “where” question.
Which Part of the Business?
This is such a simple statement. Being “In business” itself poses numerous questions. Once it is determined that the Data Governance program will be managed out of the business areas (if that is what you decide), the question becomes “Which part of the business?”. Should the area that is responsible for compliance run the program? How about the enterprise risk area, or the legal department, or the finance department, or the human resources area, or the … and so on and so on. There is not a simple answer to the question of “which area?”.
The best consultant answer the I can give the the question of “which area?” is “it depends”. A good consultant will always follow that question with the statement “it depends on …” and here is my list of what it depends on (in question format):
- Does the selected business area and the management of that area have the respect of the other business and IT areas and the management of those areas?
- Does this area have the ability to gain cooperation and coordination of other business and IT areas and the management of those areas?
- Does this area have the ability to put the “data wellness” of the organization in front of their own “business area” interests?
- Does the business area and the management of that area have responsibility for priority cross-business area activities (ERP implementation, data warehousing, CDI-MDM, …)?
Notice that the terms, “have authority” and “are empowered”, are not included in these questions. The reason these words are left out is because they represent all that is “dangerous” in answering the question about who will be responsible for managing the program. These words raise the perception that the business area managing the program will tell people what to do, how to do it, and be the decision making body of the program. From my experience, this could not be further from the truth. The potential or likelihood of a single business unit being empowered for the organization may not be a reality for your organization and the perception that a single business area will have the authority over the rest of the organization can ruin the possibility of success for a Data Governance program. In practical, “non-invasive”© and do-able data governance solutions, there is not a single business area that has authority or can be empowered over the rest of the organization. Again, think back to the basic concept of coordination and cooperation.
Authority and empowerment are still important words to a Data Governance program. “Authority” and “Empowerment” should defined into the Data Governance Organization particularly when speaking in terms of the Data Governance Council, a body made up of representatives of each business area and IT, that has the authority and is empowered to make decisions on a cross-business area and strategic basis. The role of the Data Governance Council has been debated by many organizations and will be the topic of a future article. If you would like to discuss the role of the Data Governance Council before the article is published, feel free to contact me at the address listed below.
Can Data Governance Reside “In IT”?
I have worked with several clients recently that started their Data Governance programs “In IT”. In one situation, the company was focusing on “running their IT area as a business unit”. This meant that they intended to manage all of IT’s data (including meta-data, data about hardware, software, configuration, licenses, phones, data security, login ids, … you get the picture). In this case they implemented a data governance program within the IT area to become more disciplined in how they managed IT’s data. Data Governance for IT and managed by IT – The point here is that there is no need to limit the govern-able data to just business data. And that there certainly can be data stewards in the IT area. Go back and review the first article in this series. The data, not even IT data or meta-data, will not manage itself.
In another scenario, a large financial institution initiated an enterprise-wide Data Governance program that was managed by IT. Data Governance was accepted (however weakly) by the business leaders of the organization but the consensus was that the IT area did not “own the data”. This precipitated a well thought-out transition of the program from the management control of IT to the management control of a business area (Enterprise Risk at this organization).
In both situations, the clients agreed that the placement of the program was not the over-riding factor. They both agreed that the design of the data governance organization, the use of the data governance council, the ability to get people across organizational boundaries to coordinate their efforts and cooperate in pro-active and reactive data governance processes, … were the most important factors.
Summary: The Best Answer
The best answer to the question “Where does Data Governance fit into the Organization?” is “It doesn’t matter”. Data Governance can be successful when managed by a business area or by an IT area.
The decision of who will manage the Data Governance program can be very important to the success of the program. However, it will not necessarily make or break a well-defined Data Governance program’s likelihood of success. As long as the business areas and IT areas coordinate their efforts, use a Data Governance Council as a strategic resource, cooperate in strategic data management activities, and act in the best interests of the organization (data-wise), the placement of the management of the Data Governance program is not nearly the most important question that needs to be answered.