A Data Governance Self-Assessment Test

The purpose of this article is to provide a model to conduct a self-assessment of your organization’s data environment when preparing to build your Data Governance program. The test will help you to focus on the things that are meaningful to your organization while honestly assessing how well you are addressing your organization’s needs.

Take the test! Send me your scores. If enough people send me the results, I will publish them in a future issue of TDAN.com.

[Publisher’s note: From time-to-time, the publisher reaches back in time and republishes an oldie-but-goodie from the TDAN.com archives. Recently, a reader requested an updated version of this article.]

The only way my Data Governance Test will be of use to you is if you answer the questions with an honest evaluation of the present situation at your organization. When you take this test, you will quickly discover that the questions asked are really statements of discipline. You’ll also find that the answers that you will be asked to match with the statements are unlike any answers you have seen before. The answers were written in such a way that makes it very important that you stay honest with your assessment. The goal of this exercise is to have the ability to look inward as to where there are positive aspects of your environment that can be leveraged and where there are opportunities to improve when it comes to governing data as a valued enterprise resource.

Defining Data Governance and “Governing Data”

Data Governance is the Execution and Enforcement of Authority over the Management of Data and Data-Related Resources. That is the definition that I have been using for several years. The definition is worded strongly and that is the intent. When it comes to governing data resources, this requirement is not really optional anymore. The government, our external clients, our internal clients, the regulators, the auditors, the legal department, the stock-buying public, … DO NOT believe that the management of data will take care of itself. Resolute Governance Must Be a No-Brainer.

People, these days, are A LOT more careful about how they govern and manage their personal data. Companies and organizations no longer have the choice to govern or not govern their data. Again, this is a no-brainer. The questions are – how far must we go with data governance and what is the best approach?

Before we can answer those questions, we must first understand what it means to “govern data.” I found that the FreeDictionary.com does a great job of defining ‘govern.’ I will, for the sake of this article, insert the word ‘data’ into the definitions below to further emphasize what it means to “govern data”.

1. To make and administer the public policy and affairs [of data]; exercise sovereign authority [in data].
2. To control the speed or magnitude [of data]; to regulate [data]
3. To control the actions or behavior [of data]
4. To keep under control [data]; to restrain [data]
5. To exercise a deciding or determining influence [on data]
6. To exercise political authority
7. To have or exercise a determining influence [over data]

Given this dictionary definition (with ‘data’ inserted), do you still think “Governing Data” is a good idea? Or is it a necessity? Now that we have you in the right state of mind to enter the test, read on for how the test will work.

Hopefully the statements of discipline and the self-evaluation answers will guide you toward the message that you can convey to your boss, or your bosses’ boss, or even their boss to let them know that there is an inexpensive, practical and pragmatic approach, a Non-Invasive Data Governance™ Approach, to governing your organizational data resources. There will be more on the approach after the test questions.

Things to Keep in Mind While Taking the Test

Before we get started, you should keep these two questions in mind while you are answering the questions based on the scale I provide below:

• In this day and age of increased complexities around regulatory compliance and reporting, information security, privacy, data classification, data integration complex transaction management, etc., does it make sense for us to continue to govern our data as we always have? Should we (at least) take a look at quickly and effectively formalizing how we manage those data resources?
• In this day and age, where competition in our industry is fierce and every company is looking for the data and information-based edge that will gain them competitive advantage, does it make sense for us to continue governing our data as we always have? Should we (at least) take a look at formalizing how we manage those data resources?

The Scale and Answers

If you keep these questions in mind, and you honestly assess where you are on the 1-to-5-point scale below for each of the data discipline statements, you can formulate a strategy that will help you to convince your Senior-most management that you should consider putting a Data Governance program in place. Here is the scale to match the answers against each of the data discipline statements listed as part of the test:

• Add 5 POINTS – We are perfect in the way we are handle this aspect of governing our data.
• Add 4 POINTS – We are doing okay in how we handle this aspect of governing our data, not to say that it is perfect, but it is passable for our purposes.
• Add 3 POINTS – There is room for improvement in how we handle this aspect of governing our data.
• Add 2 POINTS – There is significant room for improvement in how we handle this aspect of governing our data.
• Add 1 POINT – We are at the point where, if we do not address this discipline, we will be at an increasingly high-level of risk around how we govern our data.

The Test

Here are the statements of data discipline to match with the scale/answers above. Be honest when you evaluate your present situation in terms of these discipline statements. And for a twist, if you absolutely believe that your company falls between two of these categories, feel free to give yourself (or take away) partial points. For example — if you are somewhere between “room for improvement” and “significant room for improvement” feel free to score yourself with a 2.3 or a 2.7, or whatever. I want this to be an easy test. Give yourself the benefit of a doubt. Hint! More points are not always better.

I can almost assure you that somebody in your organization has responsibilities around each of these data discipline areas. And it may not always be the same people. I can also assure you that just because somebody somewhere has responsibility for these things, that alone does not automatically reduce your score. Is that person or group effective?  Are they really trying with conviction?  Do they have a well-thought-out plan?

The Data Discipline Statements

Risk Management

1. We manage the risks associated with our data.
2. My organization understands the need to quickly adjust to the risks associated with data and many of those rules are coming from outside of the organization.
3. We have a person, staff of people and/or council that focuses on understanding all levels of risk around the management data.
4. The person/staff/council regularly communicates information about data risk to the point that everybody understands risky behavior versus safe behavior in how we handle our data. 

SCORE _____

Data Compliance & Regulatory Control

1. As an organization, we pay a great deal of attention to compliance and regulatory concerns around the data we collect, use and share as part of making decisions and doing business.
2. Somebody has the responsibility for documenting and communicating the rules to all of the individuals in the organization that handle that data.
3. When we are audited, we can clearly demonstrate to the Feds that the rules around the data are being followed. 

SCORE _____

Information Security & Data Classification

1. As an organization, we pay a great deal of attention to Information Security, for all structure and unstructured.
2. We have Information Security Policy and/or something similar (Guidelines, Mandates).
3. At the end of the day, we feel comfortable with our ability to communicate, differentiate and manage to the rules associated with highly confidential data, confidential data, internal use data and public data.
4. People that share data in our organization also share the documented rules about that data to the point that we do not believe that Information Security is a concern. 

SCORE _____

Meta-Data Management

1. We have meta-data for the most important data we manage.
2. My organization knows what data we have, where that data resides, how that data is defined, produced and used, in shared databases and on people’s desktops.
3. The information we have about our most important data is available to anybody that needs it.
4. And just as important, we have identified and engaged people that have formal responsibility for the definition, production and usage of meta-data. 

SCORE _____

Data Quality Management

1. Our organization always focuses on Data Quality.
2. We have formal means for recording data quality issues, we have proactive and reactive methods to find issues and address them when we find them, we have people that have the responsibility for managing the issue logs, putting values to the issues and prioritizing the issues.
3. Most important, we have clear understanding as to the business standards for core pieces of data that makes it a lot easier to be able to differentiate high from low quality. 

SCORE _____

Business Intelligence & Data Integration

1. We have a data warehousing environment that is taking full advantage of the date therein, being used to its fullest capability meaning the people have easy access to the data, they understand the data, and they help us to continuously improve the quality of the data.
2. We recognize that data governance plays an important role in the success or failure of our data warehousing initiative on all sides of the data integration equation.
3. We understand that data integration is a difficult discipline but since we govern the data well on both sides, we feel very comfortable with the effective nature of our business intelligence program. 

SCORE _____

Master Data Management

1. Our organization recognizes that Master Data Management is one of the most effective and most important data disciplines being talked about today.
2. We have identified people to manage our MDM initiative(s) and have started to identify the enabling technologies that will help us to manage and share our master and reference data.
3. When we populate our MDM environment, the discipline is there to manage the decision making around the master data resource, the meta-data component and the communications and accessibility to the master data.
4. We are positioned well to complete the Master Data initiative within budget and on schedule. 

SCORE _____

Data Governance & Data Stewardship

1. We have a Data Governance Program that clearly defines roles and responsibilities at the operational, tactical, strategic and support levels.
2. Our program focuses on leveraging the existing knowledge of the data that lies within our Data Stewards.
3. The approach that we have taken has been embraced by our leadership, stewards, business and the technology individuals and addresses the governance of data in a proactive and reactive sense.
4. Our Data Governance Program is a primary contributor to our success in all of the disciplines listed in this test. 

SCORE _____

The Hard Part (Not Really) – Evaluating Your Results

Now comes the hard part of the test which is evaluating the results. There are two ways you can use the answers you provided. 

• Average Score: One is to add up your scores and determine your average score. Then use the average score to summarize how you, as an organization, govern your data.
• Individual Score: Use the score from each discipline to determine how you are governing your data.

Add up your eight scores. Enter the total here __________. Divide the total to the left by 8 and put the total here __________.

Each of the eight areas of data management discipline can stand to be evaluated on their own right. You may want to consider evaluating your organization the same way with these additional disciplines: data modeling, data mining, service-oriented architecture, cloud computing, software as a service, data mashups, whatever the next big thing is in data management. They all could be included as a discipline in this test and be evaluated in the same manner.

The following four result breakdowns are my professional opinion, given what can be gleamed from this short test as to potential next steps in Data Governance (or any single discipline) that you want to take for your organization.

• If your average score is above 4, your organization is in much better shape than most. It is very important to be able to identify what you are doing well and what areas need improvement. Continue to assess what you are doing well and spend significant time adjusting the ship and responding to changes in the landscape.
• If your average score is between 3 and 4, your organization is still in pretty good shape. Again, it is important to be able to recognize where there is room from improvement. Suggestion here is to define best practices around the areas that need improvement, leverage those things you are doing well, and address “head-on” the opportunities to improve as your organization has likely already recognized and addressed deficiencies in governing data.
• If your average score is between 2 and 3, your organization is ripe for putting a Non-Invasive Data Governance program in place. Since you state that there is room for improvement, it may make sense to identify and articulate those areas that need improvement and develop an action plan and a communications plan specifically targeting those areas.
• If your average score is between 1 and 2, your organization is well passed ripe and due for a Non-Invasive Data Governance program. In fact, if you are not already started in defining your Data Governance Program, there is likely a chance that data will continue to be a deficit to your organization rather than an asset.

What Do We Do with This Information?

There is a wide gap between the scale/answer that yields 5 point and the scale/answer that yields 1 point. At the higher end of the scale, there is very little or no work that needs to be done around data governance and the data disciplines listed in this test. Some of you may get results that vary widely across the 8 data disciplines and if that is the case, focus your attention on improving those numbers that had low scores with a focus on bringing up your overall average.

If you are at a company that yields 3 or lower for all categories, and you probably don’t need for me to tell you this, …you have significant work to do. For these organizations, and for any organization with the intent to address problem areas, I have a bunch of suggestions:

• Identify a specific data discipline(s) from the test results that require immediate attention
• Identify specific business value points that can be made about the deficiencies in the data disciplines that are interfering with your organization’s ability to drive value in that discipline
• Identify industry-proven best practices for Data Governance as they specifically apply to that data discipline(s)
• Assess your organizations present practices versus the best practices to identify leverageable components and opportunities to improve
• Articulate the gap that exists between present and best practices, the risks associated with that gap and the potential value to the organization
• Develop and deploy a proven framework of Non-Invasive Data Governance roles & responsibilities
• Use this information to deliver an actionable work plan and actionable communications plan for addressing data governance in relationship to the data discipline(s)
• Gain value from working with someone who has been down this path before

You may have found that attempting to sell the need for an over-arching, end-to-end, global, world-wide, enterprise Data Governance Program is a large pill to swallow for you as the seller or the buyer of a Data Governance program. My suggestion is that you start by putting a Non-Invasive Data Governance program in place that specifically and consistently addresses the data discipline areas that are most needing and of most interest to your organization. While building this focused program, keep in mind the overall needs of the enterprise and partner with other existing Data Governance (or similar) initiatives along the way. At some point, there may be a convergence of good ideas and the overall needs of the organization will be easier to reach.

Conclusion

You may look at this as just another self-help test or as a waste of time. I hope not. What I set out to accomplish here was a simple means of self-evaluation that can provide you with a message that connects the specific data disciplines identified in the test with your present state of ability to achieve value or avoid the risks associated with that discipline. As I stated before, there is most likely someone in your organization that has a specific interest in one or more of the data disciplines listed here. They may have more than interest. They may have accountability. Help them to help your organization to proceed and succeed with Data Governance. Introduce them to the Non-Invasive Data Governance approach and the results of this test. Hopefully it will provide you with the message that you need to start down a path to success.