1

Chapter 3

Data Governance
1 Introduction
The purpose of Data Governance is to ensure that data is managed properly, according to policies
and best practices:

• Strategy: Defining, communicating and driving execution of Data Strategy and Data
Governance
• Policy: Setting and enforcing policies relating to data and Metadata management access,
usage, security and quality
• Standards and quality: Setting and enforcing Data Quality and Data Architecture standards
• Oversight: Providing hands-on observation, audit and correction in key areas of quality,
policy and data management (Stewardship)
• Compliance: Ensuring the organisation can meet the requirements of regulations
• Issue management: Identifying, defining, escalating and resolving issues related to data
security, data access, data quality, regulatory compliance, data ownership, policy, standards,
terminology or data governance procedures.
• Data management projects: Sponsoring efforts to improve data management practices.
• Data asset valuation: Setting standards and processes to define business value of assets

A Data Governance program develops policies and procedures, cultivates stewardship practices and
organisational change management.

Organisational culture must be changed to value data and data management activities. Formal
change management is required.

Three important things:

Summary of DAMA-DMBOK Version 2© as preparation for CDMP Exams by

Veronica Diesel (CDMP, Data Modelling & Design, Data Governance, Data Quality)
Education Director DAMA SA (March 2020)
 2
Chapter 3

Summary of DAMA-DMBOK Version 2© as preparation for CDMP Exams by

Veronica Diesel (CDMP, Data Modelling & Design, Data Governance, Data Quality)
Education Director DAMA SA (March 2020)
 3
Chapter 3

1.1 Business Drivers

Reducing risk:

• General risk management: finance, reputation, legal e-discovery, regulatory issues

• Data security: Protection of data assets
• Privacy: Control of private, confidential and Personal Identifying Information (PII) through
policy and compliance monitoring

Summary of DAMA-DMBOK Version 2© as preparation for CDMP Exams by

Veronica Diesel (CDMP, Data Modelling & Design, Data Governance, Data Quality)
Education Director DAMA SA (March 2020)
 4
Chapter 3

Improving processes:

• Regulatory compliance
• Data quality improvement
• Metadata management: Business glossary and other Metadata
• Efficiency in development projects: SDLC improvements
• Vendor management: Contracts dealing with data

Data Governance is separate from IT governance, and is ongoing.

1.2 Goals and Principles

To achieve these goals a DG program must be:

• Sustainable: Ongoing, and depends on business leadership, sponsorship and ownership

• Embedded: DG activities incorporated into development methods, use of analytics,
management of Master Data and risk management
• Measured: to show positive financial impact

Foundational principles:

• Leadership and strategy: Committed leadership, driven by enterprise business strategy

• Business-driven: DG is a business program and must govern IT decisions relating to data
• Shared responsibility: Across all Data Management Knowledge Areas
• Multi-layered: All levels from local to enterprise
• Framework-based: establish an operating framework
• Principle-based: Principles are the basis of policies. Principles can mitigate resistance.

1.3 Essential concepts

Ensuring data is managed without directly executing data management. Separation of duties
between oversight and execution.

Summary of DAMA-DMBOK Version 2© as preparation for CDMP Exams by

Veronica Diesel (CDMP, Data Modelling & Design, Data Governance, Data Quality)
Education Director DAMA SA (March 2020)
 5
Chapter 3

1.3.1 Data-centric Organisation

A data-centric organisation values data as an asset and manages data through all phases of its
lifecycle, including project development and ongoing operations.

Principles:

• Manage data as a corporate asset

• Incentivise Data management best practices across the organisation
• Enterprise data strategy is aligned to overall business strategy
• Continually improve data management processes.

1.3.2 Data Governance Organisation

Summary of DAMA-DMBOK Version 2© as preparation for CDMP Exams by

Veronica Diesel (CDMP, Data Modelling & Design, Data Governance, Data Quality)
Education Director DAMA SA (March 2020)
 6
Chapter 3

Summary of DAMA-DMBOK Version 2© as preparation for CDMP Exams by

Veronica Diesel (CDMP, Data Modelling & Design, Data Governance, Data Quality)
Education Director DAMA SA (March 2020)
 7
Chapter 3

1.3.3 Data Governance Operating Model Types

(More detail in Chapter 16)

• Centralised: One Central EIM / DG Team with Councils within the Business
• Decentralised/Replicated: One DG Team per Business Organization Structure
• Hybrid: One Central EIM and By Business Organization Structure
• Federated: Unite in a federation – individual autonomy. Centralised strategy, functions in
the BUs
• Self-organising/Network: Non-Invasive Model based on RACI

1.3.4 Data Stewardship

A steward is a person whose job it is to manage the property of another person. Effective data
stewards are accountable and responsible for data processes that ensure effective control and use
of data assets.

Activities include:

• Creating and managing core Metadata

Summary of DAMA-DMBOK Version 2© as preparation for CDMP Exams by

Veronica Diesel (CDMP, Data Modelling & Design, Data Governance, Data Quality)
Education Director DAMA SA (March 2020)
 8
Chapter 3

• Documenting rules and standards

• Managing data quality issues
• Executing operational data governance issues

1.3.5 Types of Data Steward

A steward manages the property of another person. Data stewards manage the data assets on
behalf of others and in the best interests of the organisation. (McGilvray, 2008). Data Stewards are
accountable and responsible for data governance and have a portion of their time dedicated to
these activities.

Types of Data Stewards:

• Chief Data Stewards: Chair DG bodies, act as CDO, be Executive Sponsors

• Executive Data Stewards: Senior managers who serve on the Data Governance Council
• Enterprise Data Stewards: Oversight of a data domain across business functions
• Business Data Stewards: business professionals, subject matter experts
• A Data Owner: a business data steward with approval authority for decisions within domain
• Technical Data Stewards: IT professionals operating in one of the knowledge areas e.g.
DBAs, BI Specialists, Data Integration specialists, Data Quality analysts, metadata
administrators
• Coordinating Data Stewards: Lead teams of business and technical data stewards in
discussions across teams and with Executive Data Stewards.

Data Principles: Data Stewards:

• Enterprise data must be modelled:

o modelled, named and defined according to standards across all business divisions
o Effort made by management to share data – not maintain redundant data
o Originating data stewards recognise needs of downstream processes
• Enterprise data must be maintained close to the source:
o Create and maintain as close to the source as possible
o Data Quality standards applied to approved reliability levels as defined by business
units
• Enterprise data must be safe and secured:
o In all electronic formats must be safeguarded on requirements and compliance
guidelines
o Guidelines are determined by business stewards of Enterprise data
o Backup and recovery measures
• Enterprise data must be accessible:
o Enterprise data and metadata shall be readily available and accessible to all except
where restricted
o Business stewards of enterprise data are responsible for defining the types of
individuals, and levels of access privileges
o Information Security will be responsible for the implementation of proper security
controls
• Metadata will be recorded and utilised:
o All projects utilise defined metadata for data naming, data modelling and database
design.
o Data Management is responsible for the metadata program

Summary of DAMA-DMBOK Version 2© as preparation for CDMP Exams by

Veronica Diesel (CDMP, Data Modelling & Design, Data Governance, Data Quality)
Education Director DAMA SA (March 2020)
 9
Chapter 3

1.3.6 Data Policies

• Data Policies are directives that codify principles and management intent into fundamental
rules governing the creation, acquisition, integrity, security, quality and use of data and
information.
• Global
• c ib h “Wh ” f G v n nc ( n n p c u c ib “H ”)
• Should be few data polices, and should be stated briefly and directly

1.3.7 Data Asset Valuation

The process of understanding and calculating the economic value of data to the organisation.

Data sets are not interchangeable (fungible) between organisations. How an organisation gets value
from customer data can be a competitive differentiator.

The following phases of the data lifecycle (acquiring, storing, administering and disposing) involve
costs. Data only brings value when it is used but incurs risk management costs.

Ways to measure value:

• Replacement cost: of data lost in a breach or disaster

• Market value: as a business asset at the time of a merger or acquisition
• Identified opportunities: the income to be gained
• Selling data: as a package, or the insights to be gained
• Risk cost: potential penalties, remediation costs and litigation expenses

Summary of DAMA-DMBOK Version 2© as preparation for CDMP Exams by

Veronica Diesel (CDMP, Data Modelling & Design, Data Governance, Data Quality)
Education Director DAMA SA (March 2020)
 10
Chapter 3

2 Data Governance Activities

2.1 Define Data Governance for the Organisation
• DG must support business strategy and goals
• Enterprise Data Strategy is informed by business strategy and goals
• DG enables shared responsibility for data decisions
• Clear understanding of what and who are governed and who is governing
• DG is most effective when it is an enterprise effort

2.2 Perform Readiness Assessment

• Data management maturity: Understand what the organisation does with data,
measure current management capabilities and capacity.
• Capacity to change: Measure capacity of organisation to change, and Identify possible
resistance points
• Collaborative readiness: measures collaboration across functional areas
• Business alignment: how well data use aligns with business strategy

2.3 Perform Discovery and Business Alignment

• Discovery Activity
o Identify and assess effectiveness of existing policies and guidelines (Risks,
behaviours, implementation)
o Identify opportunities for DG to improve usefulness of data
• Business Alignment attaches business benefits to DG program elements
• Data Quality analysis
o Identify issues and risks associated with poor quality data
o Identify business processes at risk from poor quality data
o Financial and other benefits from creating a DQ program as part of DG
• Assessment of data management practices
• Derive a list of DG requirements which will drive DG strategy and tactics

2.4 Develop Organisational Touch Points

Touch points that support alignment of an enterprise data governance and data management
outside the direct authority of the CDO.
Summary of DAMA-DMBOK Version 2© as preparation for CDMP Exams by
Veronica Diesel (CDMP, Data Modelling & Design, Data Governance, Data Quality)
Education Director DAMA SA (March 2020)
 11
Chapter 3

• Procurement and contracts: Enforce standard contract language

• Budget and funding: prevent duplicate acquisitions and ensure optimisation of data assets
• Regulatory compliance: CDO understands and works within regulatory requirements.
Requires ongoing monitoring
• SDLC/development framework: identifies control points where enterprise policies,
processes and standards can be developed

2.5 Develop Data Governance Strategy

Defines the scope and approach to governance efforts. Deliverables:

• Charter: Business drivers, vision, mission and principles of data governance

• Operating framework and accountabilities: Structure and responsibilities
• Implementation roadmap: Timeframes
• Plan for operational success: Describe target state

2.6 Define the DG Operating Framework

Consider the following areas when constructing the organisations operating model:

• Value of data to the organisation: Important if the organisation sells data

• Business model: Decentralised, centralised, international
• Cultural factors: Acceptance of discipline and adaptability to change
• Impact of regulation: Level of regulation of the organisation

Layers of governance: determine where accountability resides for stewardship activities and data
ownership.

The DG Operating framework defines:

• The interaction between Governance Organisation and people responsible for data
management initiatives
• Engagement of change management initiatives to introduce DG
• Model for issue resolution pathways through governance

Summary of DAMA-DMBOK Version 2© as preparation for CDMP Exams by

Veronica Diesel (CDMP, Data Modelling & Design, Data Governance, Data Quality)
Education Director DAMA SA (March 2020)
 12
Chapter 3

2.7 Develop Goals, Principles and Policies

Derived from the DG Strategy to the desired future state. They are drafted by data management
professionals and/or business policy staff. Refined by data stewards and management. Data
Governance Council conducts final review, revision and adoption.

Data policies must be effectively communicated, monitored, enforced and periodically re-evaluated.
Data Governance Council may delegate this authority to the Data Stewardship Steering Committee.

2.8 Underwrite Data Management Projects

Promote enterprise wide data management improvements by articulating the ways they improve
efficiency and reduce risk. Should be priority for organisations wanting more value from their data.

The DGC helps define the business case and oversees data management improvement project status
and progress in coordination with the Project Management Office (PMO).

Data Management projects are part of the IT Project portfolio.

The DGC coordinates projects with enterprise wide scope such as Master Data Management,
Enterprise Resource Planning (ERP) and Customer Relationship Management (CRM).

Data management requirements must be captured in the planning and design phases of the SDLC

Summary of DAMA-DMBOK Version 2© as preparation for CDMP Exams by

Veronica Diesel (CDMP, Data Modelling & Design, Data Governance, Data Quality)
Education Director DAMA SA (March 2020)
 13
Chapter 3

2.9 Engage Change Management

Organisational Change Management (OCM) - to bring ab u ch ng in h g ni i n’
and processes. A mature organisation in change management builds clear vision, leads and monitors
from the top, and designs and manages small changes with feedback. Involves collaboration in
whole organisation.

• Planning:
o stakeholder analysis
o gain sponsorship
o Communications approach to resistance to change
• Training: Influencing systems development:
• Policy implementation: C unic p ici n h g ni i n’ c i n
• Communications:
o Promoting the value of data Assets
o Monitoring and acting on feedback about DG activities
o Implementing data management training
o Measuring the effects of change management in 5 key areas:
▪ Awareness of the need to change
▪ Desire to participate and support the change
▪ Knowledge about how to change
▪ ability to implement new skills and behaviours
▪ Reinforcement to keep change in place
• Implementing new metrics and KPIs: Employee incentives

2.10 Engage in Issue Management

The process of identifying, quantifying, prioritising and resolving DG issues:

• Authority
• Change management escalations
• Compliance
• Conflicts
• Conformance
• Contracts
• Data security and identity
• Data quality

Develop control mechanisms and procedures for:

• Identifying, capturing, logging and updating issues

Summary of DAMA-DMBOK Version 2© as preparation for CDMP Exams by

Veronica Diesel (CDMP, Data Modelling & Design, Data Governance, Data Quality)
Education Director DAMA SA (March 2020)
 14
Chapter 3

• Assignment and tracking of action items

• Documenting stakeholder viewpoints and resolution alternatives
• determining, documenting and communicating issue resolutions
• Facilitating objective, neutral discussions where all viewpoints are heard
• Escalating issues to higher levels of authority

2.11 Assess Regulatory Compliance Requirements

Part of the DG Function is to monitor and ensure regulatory compliance. DG guides the
implementation of controls to monitor and document compliance with data-related regulations.

Examples of global regulations which impact data management practices.

• Accounting standards
• BCBS 239 (Basel Committee on Banking Supervision) and Basel II – for banks
• CPG 235 (Australian Prudential Regulation Authority APRA) – banks and insurance
• PCI-DSS – The Payment Card Industry Data Security Standards
• Solvency II - European Union Rules for insurance, similar to Basel II
• Privacy Laws

Evaluate the implications of the regulations

• Relevance of regulation to the organisation

• What constitutes compliance, and what policies and procedures are required?
• When is compliance achieved, and how and when is it monitored?
• Can industry standards achieve compliance?
• How is compliance demonstrated?
• Risks and penalties for non-compliance
• How is non-compliance identified and reported?
• How is non-compliance managed and rectified?

2.12 Implement DG
There are many complex activities which need to be coordinated using a roadmap with timeframes.
Schedules may differ in a federated model with different business units based on differing levels of
engagement, maturity and funding

Prioritised DG activities in the early stage:

• Define activities for high-priority goals

• Business glossary, document terminology and standards
• coordinate with Enterprise and data architecture to understand the data and systems
• Assign financial value to data assets to enable better decision making and
understandingty654

2.13 Sponsor Data Standards and Procedures

Standard: Something set up and established by authority as a rule for measure of quantity, weight,
extent, value or quality.

Standards help define DQ by providing a means of comparison.

Standards have the potential to simplify processes, as a decision is made once, and codified in a set
of assertions (the standard).

Summary of DAMA-DMBOK Version 2© as preparation for CDMP Exams by

Veronica Diesel (CDMP, Data Modelling & Design, Data Governance, Data Quality)
Education Director DAMA SA (March 2020)
 15
Chapter 3

Enforce standards to promote consistent results from the processes using them. Data can be
measured against standards. The DGC or Data standards steering Committee should audit DM
activities as part of the SDLC approval process or by schedule.

Standards difficulties in organisations: DG Standards should be mandatory

• Politicised
• Organisation not practiced at developing or enforcing DG standards
• Value of implementing standards is not recognised
• No knowledge how to implement standards

Different forms of data standards:

• How a field should be populated

• Rules governing relationships between fields
• Acceptable and unacceptable values
• Format

Process:

• Standards are drafted by data management professionals

• Reviewed, approved and adopted by the DGC or a Data Standards Steering Committee (A
delegated workgroup)
• Document with capturing organisational knowledge in mind.

Data standards must be communicated, monitored, reviewed and updated. There must be a means
to enforce them.

The DGC or DSSC should audit DM activities for standards compliance on a defined schedule or as
part of the SDLC approval processes.

Data Management Procedures: The documented methods, techniques and steps followed to
accomplish specific activities that produce certain outcomes and supporting artifacts.

Concepts can be standardised within all the Data Management Knowledge Areas.

2.14 Develop a Business Glossary

A Business Glossary is a list of terms, definitions and other Metadata such as synonyms, metrics,
lineage, business rules, the responsible steward for that term etc.

Objectives of business glossary:

• Enable common understanding of core business concepts and terminology

• Reduce the risk that data will be misused due to inconsistent understanding of the business
concepts
• Improve alignment between technology assets and the business organisation
• Maximise search capability and enable access to documented institutional knowledge

Summary of DAMA-DMBOK Version 2© as preparation for CDMP Exams by

Veronica Diesel (CDMP, Data Modelling & Design, Data Governance, Data Quality)
Education Director DAMA SA (March 2020)
 16
Chapter 3

2.15 Coordinate with Architecture Groups

The DGC sponsors and approves data architecture artefacts.

Enterprise Data model is sponsored, reviewed and approved by DGC

Enterprise Data Architecture Steering Committee or Architecture Review Board appointed by DGC to
oversee DA Program

• Enterprise Data model developed by Data Architects and Data Stewards in subject area
teams
• Changes or extensions to EDM proposed and developed by Data Steward Teams.
• EDM must align with business strategy and data strategy

The Enterprise data model must be reviewed, approved and formally adopted by the DGC. It must
align to key business strategies, processes and systems. Doing things right.

2.16 Sponsor Data Asset Valuation

DGC organises and standardises the effort to put monetary value to data

• Information gaps represent business liabilities

• Business value of the missing data can be the cost of closing the gaps
• Develop models to estimate value of information that does not exist
• Build value estimates into the data strategy road map
o Justifies business cases for root cause DQ solutions
o Business cases for other DG Initiatives

2.17 Embed DG
The organisation accepts the governance of data, and the processes and funding are in place to
enable the continued performance of the DG framework.

Goal of the DGO:

• Embed behaviours related to managing data as an asset in processes

• Operations plan to implement and operate DG activities
• Activities, timing and techniques to ensure success

Summary of DAMA-DMBOK Version 2© as preparation for CDMP Exams by

Veronica Diesel (CDMP, Data Modelling & Design, Data Governance, Data Quality)
Education Director DAMA SA (March 2020)
 17
Chapter 3

Sustainability of the DG organisational framework

• Processes and funding in place

• Organisation accepts the governance of data
• DG is measured, monitored and obstacles overcome

Create a Data Governance Community of Interest

• Deepens the understanding of DG

• Helpful in early years of governance

3 Tools and Techniques

DG is fundamentally about organisational behaviour, but tools can help with communication,
metrics and business glossary development. Requirements must be clearly defined before
purchasing a tool.

3.1 Online Presence / Websites

For collaboration, communication and sharing documents

3.2 Business Glossary

Core DG tool housing agreed-upon definitions and business terms and relates them to data.

3.3 Workflow tools

Connects processes to documents and is useful in policy admin and issue resolution.

3.4 Document management tools

3.5 Data Governance Scorecards
Collection of metrics to track DG activities. Can be automated.

4 Implementation Guidelines
4.1 Organisation and culture
The target of organisational change is sustainability (a quality of a process that measures how easy it
is for the process to continue to add value).

4.2 Adjustment and Communication

• Business / DG strategy map
• DG Roadmap
• Ongoing business case for DG
• DG Metrics

5 Metrics
DG program must be able to measure progress and success and how DG participants have added
value to business objectives.

• Value: Contributions to business objectives, reduction of risk, improved efficiency

• Effectiveness: Achievement of goals and objectives, Stewards using relevant tools,
Effectiveness of communication, education and training
• Sustainability: Policies and processes working appropriately, Staff conforming to standards
and procedures

Summary of DAMA-DMBOK Version 2© as preparation for CDMP Exams by

Veronica Diesel (CDMP, Data Modelling & Design, Data Governance, Data Quality)
Education Director DAMA SA (March 2020)
 18
Chapter 3

Summary of DAMA-DMBOK Version 2© as preparation for CDMP Exams by

Veronica Diesel (CDMP, Data Modelling & Design, Data Governance, Data Quality)
Education Director DAMA SA (March 2020)