The Data Stewardship Approach to Data Governance: Chapter 4

Published in January 2007

Editor’s note: Following are links to all of the articles in this series: Part 1, Part 2, Part 3, Part 4, Part 5, Part 6, Part 7, Part 8, Part 9 and Part 10


If you have considered deploying a Data Governance program at your organization, the chances are that you have asked the following question:

“Where does Data Governance fit into the Organization?”

This question appears to have two answers. “In Business” or “In IT”. The answer I get most often when I ask the question is … “In Business”. Or “Business should own Data Governance”.

I wish it was that simple.

What exactly does it mean for Data Governance to fit “In Business”?

  • By stating that it fits in the business are we saying that business manages the program? Well, possibly. It is also possible for an IT area, with proper amounts of cooperation and coordination with the business areas, to manage a successful program.
  • Are we saying that all of the data stewards are in the business? Well, not exactly. The IT area also has data needs to manage and has data stewards, both for technical and tactical meta-data and potentially business data.
  • Are we saying that since business “owns” (cringe) the data, that they are responsible for data quality? Well, kind of. The organization really “owns” the data and the business areas should take significant responsibility to be good caretakers and sharers of the definition, production and usage of the data in order to improve quality, understandability and decision making capability.

When I get asked if Data Governance should “reside” in the business areas or the IT area, my answer is always, … “Yes”. It should reside in both. The discipline of Data Governance will not be effective if it is managed in the business areas without the coordination with and cooperation with the IT areas. The same is true in reverse. Data Governance is a “universal thing”. Data Governance is a cross-organization and organization-wide initiative that requires that any barriers between IT and business are brought down and that they are replaced with well-defined roles and responsibilities for both the business areas and the technical areas of the organization. The “who does what and when” are much more important then the “where” question.

Which Part of the Business?

This is such a simple statement. Being “In business” itself poses numerous questions. Once it is determined that the Data Governance program will be managed out of the business areas (if that is what you decide), the question becomes “Which part of the business?”. Should the area that is responsible for compliance run the program? How about the enterprise risk area, or the legal department, or the finance department, or the human resources area, or the … and so on and so on. There is not a simple answer to the question of “which area?”.

The best consultant answer the I can give the the question of “which area?” is “it depends”. A good consultant will always follow that question with the statement “it depends on …” and here is my list of what it depends on (in question format):

  • Does the selected business area and the management of that area have the respect of the other business and IT areas and the management of those areas?
  • Does this area have the ability to gain cooperation and coordination of other business and IT areas and the management of those areas?
  • Does this area have the ability to put the “data wellness” of the organization in front of their own “business area” interests?
  • Does the business area and the management of that area have responsibility for priority cross-business area activities (ERP implementation, data warehousing, CDI-MDM, …)?

Notice that the terms, “have authority” and “are empowered”, are not included in these questions. The reason these words are left out is because they represent all that is “dangerous” in answering the question about who will be responsible for managing the program. These words raise the perception that the business area managing the program will tell people what to do, how to do it, and be the decision making body of the program. From my experience, this could not be further from the truth. The potential or likelihood of a single business unit being empowered for the organization may not be a reality for your organization and the perception that a single business area will have the authority over the rest of the organization can ruin the possibility of success for a Data Governance program. In practical, “non-invasive”© and do-able data governance solutions, there is not a single business area that has authority or can be empowered over the rest of the organization. Again, think back to the basic concept of coordination and cooperation.

Authority and empowerment are still important words to a Data Governance program. “Authority” and “Empowerment” should defined into the Data Governance Organization particularly when speaking in terms of the Data Governance Council, a body made up of representatives of each business area and IT, that has the authority and is empowered to make decisions on a cross-business area and strategic basis. The role of the Data Governance Council has been debated by many organizations and will be the topic of a future article. If you would like to discuss the role of the Data Governance Council before the article is published, feel free to contact me at the address listed below.

Can Data Governance Reside “In IT”?

I have worked with several clients recently that started their Data Governance programs “In IT”. In one situation, the company was focusing on “running their IT area as a business unit”. This meant that they intended to manage all of IT’s data (including meta-data, data about hardware, software, configuration, licenses, phones, data security, login ids, … you get the picture). In this case they implemented a data governance program within the IT area to become more disciplined in how they managed IT’s data. Data Governance for IT and managed by IT – The point here is that there is no need to limit the govern-able data to just business data. And that there certainly can be data stewards in the IT area. Go back and review the first article in this series. The data, not even IT data or meta-data, will not manage itself.

In another scenario, a large financial institution initiated an enterprise-wide Data Governance program that was managed by IT. Data Governance was accepted (however weakly) by the business leaders of the organization but the consensus was that the IT area did not “own the data”. This precipitated a well thought-out transition of the program from the management control of IT to the management control of a business area (Enterprise Risk at this organization).

In both situations, the clients agreed that the placement of the program was not the over-riding factor. They both agreed that the design of the data governance organization, the use of the data governance council, the ability to get people across organizational boundaries to coordinate their efforts and cooperate in pro-active and reactive data governance processes, … were the most important factors.

Summary: The Best Answer

The best answer to the question “Where does Data Governance fit into the Organization?” is “It doesn’t matter”. Data Governance can be successful when managed by a business area or by an IT area.

The decision of who will manage the Data Governance program can be very important to the success of the program. However, it will not necessarily make or break a well-defined Data Governance program’s likelihood of success. As long as the business areas and IT areas coordinate their efforts, use a Data Governance Council as a strategic resource, cooperate in strategic data management activities, and act in the best interests of the organization (data-wise), the placement of the management of the Data Governance program is not nearly the most important question that needs to be answered.

Copyright© 2007 Robert S. Seiner

Share this post

Robert S. Seiner

Robert S. Seiner

Robert (Bob) S. Seiner is the President and Principal of KIK Consulting & Educational Services and the Publisher of The Data Administration Newsletter ( Seiner is a thought-leader in the fields of data governance and metadata management. KIK (which stands for “knowledge is king”) offers consulting, mentoring and educational services focused on Non-Invasive Data Governance, data stewardship, data management and metadata management solutions. Seiner is the author of the industry’s top selling book on data governance – Non-Invasive Data Governance: The Path of Least Resistance and Greatest Success (Technics Publications 2014) and has hosted the popular monthly webinar series on data governance called Real-World Data Governance (w Dataversity) since 2012. Seiner recently accepted the position of an Adjunct Instructor for the Carnegie Mellon University Heinz College CDataO post-graduate program. KIK Consulting is celebrating its 20th year in business while has been actively published for close to 25 years.

scroll to top
We use technologies such as cookies to understand how you use our site and to provide a better user experience. This includes personalizing content, using analytics and improving site operations. We may share your information about your use of our site with third parties in accordance with our Privacy Policy. You can change your cookie settings as described here at any time, but parts of our site may not function correctly without them. By continuing to use our site, you agree that we can save cookies on your device, unless you have disabled cookies.
I Accept