Data Governance Shapes Enterprise Transformation In today’s rapidly evolving business world, the lines between technology and business have blurred. Organisations need to modernise and transform their technology in order to successfully compete. CIOs play a critical role in transforming the world of work using automation and technology – but they can’t do it alone. Collaboration among the C-suite is critical. In this blog series, Protiviti’s Technology Consulting leaders share insights on the key areas CIOs need to consider on the transformation journey and the impact across the C-suite and business. Topics Cybersecurity and Privacy If enterprise transformation represents a universe, data is at the center. Data is like clay that must be shaped and molded to build a transformation that brings business value. As Carly Fiorina, CEO of Hewlett-Packard, once said, “The goal is to turn data into information, and information into insights.” Data conversion and governance helps transform data into information that can be used for making insightful decisions. Data must be governed, controlled and protected so that its quality is enhanced, it is well understood, and it is fit for purpose to support end-user demands. Because data is a critical asset, organisations should design in governance from the ground up on all major projects and business objectives. Data governance consists of a collection of controls designed to increase an organisation’s knowledge of the data assets, protect the fidelity and quality of these assets, and provide controls over the use of these assets. As such, data governance is an enabling competency for the rest of the organisation, requiring coordination from many different areas of the business to enable and support the required controls. While data governance is a critical enabler, experienced CIOs understand that it is not a one-time activity. Dynamic business needs and regulatory demands require that data is continuously maintained and governed. To optimise data governance for enterprise transformation, CIOs should: Build sustainable data governance programmes by embedding processes into the upfront collection, maintenance, use and destruction of data Support compliance through automation and flexibility Align data with business objectives and understand the value or risk of the data elements Capture information to ensure data uses are ethical and align to company values as well as regulatory, contractual and compliance needs Build sustainable data governance programmes The need to understand data fully and protect usage only increases as organisations rely more on data assets for artificial intelligence, automated decisioning and other key business processes. To ensure the ability to deliver this value, data governance must be built in from the start, not as a project but rather a sustained process. Sustainable data governance helps digital transformation efforts thrive on a continuous basis through automated discovery of data definitions, compliance, and governance and management activities. One major barrier to data governance is the creation and management of data dictionaries. Once established, data definitions require continuous maintenance because they change over time, with people using them in different ways and enriching and enhancing those definitions. Data definitions must evolve with the demands of the business. CIOs must build an evergreen data governance process to avoid repetitive, iterative, expensive and time-consuming data rediscovery processes. For example, when data is not defined, the composition of the data is not understood; organisations will not know where it belongs and how it is being used. Every time data is moved to a new location, the process of discussing it with business users to understand how they are using it and redocumenting the definition must start over again. This becomes a frustrating and expensive cycle stuck on repeat between IT and business units. In contrast, building in processes to support evergreen data dictionaries enables end users to understand the data they are using from the start, propagating down the definitions into new data sources and warehouses as they are created. Support compliance through automation and flexibility Historically, compliance with data regulations has relied on a reactive approach, waiting for emerging requirements before implementing solutions. Forward-thinking CIOs anticipate compliance needs and apply built-in intelligence upfront in their data governance programmes. Much of the foundation for data governance starts through understanding the definitions of an organisation’s data, where it is housed, and how the business uses it. This knowledge can be pivoted to support any number of future compliance needs by enriching our fundamental knowledge of the asset itself. With security and privacy regulatory expectations constantly increasing, the more the risks associated with data can be understood and classified preemptively, the less reactive — and more proactive — organisations can be. To proactively address compliance issues, CIOs must have a seat at the C-suite table so they are aware of and understand upcoming business issues and regulatory challenges that may be on the horizon and can incorporate that understanding proactively as data safeguards are developed. As new compliance initiatives surface, CIOs can preemptively: Ensure there is an evergreen Enterprise Data Dictionary or catalog to describe data assets across the organisation Gain an understanding of how the data could impact, drive or prevent compliance issues Assess how the data can be applied to the compliance initiative Proactively anticipate the next compliance initiative rather than performing repetitive, full discovery exercises that drain time and money With cloud services, organisations can gain fluidity as rules are built into data for increased flexibility. To take advantage of this inherent flexibility, fully understanding the data definitions and other metadata is a must. When properly enabled through this foundational knowledge, organisations can go on the offensive with their data governance programme as opposed to remaining in the reactive, defensive stance. Align data governance with business objectives CIOs must align with the business to understand what data is most important. Data is a business asset, but it is safeguarded, provisioned and otherwise controlled with technology assets. The data asset itself must align with the business objectives and demands to drive value. While technology provides a storage place for data, it is business leaders who must help define and inform data and assign value to it. When data governance programmes are developed, it is critical for the CIO to get involvement and commitment from across the business, as governance often involves time and resource commitments from across the entire organisation. The CIO drives this mandate while giving a clear definition of how long it will take, what involvement will be needed across the organisation, and what eventual value will be delivered by governance. To enable the business’ investment in data, CIOs must work with other business leaders to evaluate: The real business problem being solved by the data, which helps to define the value or risk of the data How the organisation will be better off tomorrow than today as a result of governance The cost of data problems, both in opportunity costs (not being able to pursue something) as well as real monetary costs How the data governance programme can be aligned with business objectives with a smaller spend that produces quick value Ensure ethical use of data assets An emerging concern for CIOs is how data assets are being used and if those uses are ethical. Definitions of social and cultural norms for ethical behavior may deviate slightly across different areas, but a great rule of thumb is for the CIO to consider what reactions might result from the organisation’s specific data uses being published on the front page of the Wall Street Journal. Unfortunately, more CIOs are learning this lesson the hard way, with the repercussions including overall loss of shareholder value and confidence. Ethical data use should consider the value of the particular or planned data use case, as compared to the potential harm or downside. Organisations are increasingly creating Data Ethics panels to review new innovations or data products to help steer clear of some of these ethical issues. These committees are often asked fundamental questions, such as: Can we use our data assets for the planned purpose based on our commitments to our clients and contractual, legal and compliance restrictions on the data? Should we use the data for these purposes? Will it drive value? Will we use the data in this way if the value of the use outweighs the overall risks, which is a decision ultimately made by management? Obtain buy-in to fulfill business needs CIOs need to collaborate and obtain buy-in from business leaders using value propositions like enhancing data to increase efficiency or reduce costs for the C-suite. While it is challenging to start a data governance programme, implementing policy-based behavior is achieved through either reward or enforcement. The manner in which each C-suite member is uniquely impacted by data governance includes: Chief Operating Officer (COO), Chief Marketing Officer (CMO) and Chief Financial Officer (CFO) First-line members must provide buy-in so that departmental resources can be leveraged. Their human capital enables an understanding of how data is used, as well as performing data documentation. Chief Risk Officer (CRO) and Chief Compliance Officer (CCO) Second-line members enforce that people are performing the requests of first-line members, such as publishing policies. Chief Audit Executive (CAE) Third-line members validate that data governance programmes are working as intended. Business leaders and their employees IT will request certain data-driven tasks, such as maintaining data definitions. This requires employees to be more data-driven and alters their day-to-day responsibilities. What should companies do now? Organisations should assess and understand their maturity in data governance and clearly articulate its value proposition, which includes risk reduction, optimisation and reduced rework. Organisations that are mature in their technology transformation journey focus on continuously knowing their data, especially as new datasets are gained. However, for all organisations, it is key that they establish a strong master and transactional data governance programme that is responsive and adaptive and, most importantly, properly defines the roles and responsibilities for the data. To achieve strong governance, organisations should: Establish a governance strategy by defining policies and procedures for data maintenance, backed by data profiling to uncover areas of improvement and prioritisation for the governance road map Develop master data governance with a focus on process interactions and validations of key attributes for optimal performance of business operations across the enterprise Understand the roles that technology will play in the implementation of data governance Measure data quality metrics across master and transactional datasets and suggest corrective actions where needed The better organisations know and understand their data, the more valuable that knowledge can be used for governance, security, privacy, identity access management, change management and transformation. Next up in our Technology Modernisation and Transformation series, we’ll discuss key considerations for the CIO on Business Analytics and Reporting. Stay tuned!