How to Achieve Good Data Governance

Data governance is kind of like baking an apple pie. Your end product will only be as good as the ingredients that go in it. And one rotten apple can spoil the whole thing.

In its simplest form, data governance is the act of securing data and identifying who in the organization can access and utilize it, but an equally important part of data governance is ensuring that the data is sanitized. In other words, making sure the data is reliable and can be trusted. In order to achieve all of these goals, it’s necessary to create and implement strong data governance protocols.

The importance of clean data

Since the primary purpose of collecting data is to use it to make decisions, it stands to reason that if the data is not in good order and sanitized, it’s not trustworthy. What does it mean to sanitize data?

It’s not uncommon for customer data to exist in numerous systems. It will be in sales from the moment engagement begins, but also in support and service, not to mention different geographic locations. Because systems are not necessarily uniform, every system has a different version of the data, and there is no one source of true data. So the systems need to be integrated and there needs to be one central authoritative copy of the record. That’s sanitized data.

Next, you need to secure the data to ensure that it’s not compromised — either inadvertently or through malicious action — which means putting processes in place to control access.

Developing your protocols

Most major business sectors (such as banking, financial services and health care) have a standard governance model that’s dictated by an institute, the industry itself or the government. For example, banking has regulatory controls dictated by the FDIC or the SEC. Other industries might choose to become certified to ISO 9001, which means they adhere to high quality management standards and principles. The standards vary depending on the business sector, but they all lay out a governing framework that encompasses data governance.

Whether using a standard protocol or building your own, it’s important that it be sponsored by executive leadership and have involvement from the entire organization. When you have issues around data governance, they’re typically big and involve a lot of risk, so it must be a top-down approach. A bank’s board of directors, for example, are legally bound to follow data governance regulations and can be prosecuted if they fail to do so

When developing your protocol, you obviously need IT involved, but they can’t build the platform in a silo or no one will use it. You need buy-in from frontline employees because they’re the ones running the business day to day. And if they don’t implement the protocol correctly and consistently, there’s no point in having one.

Lastly but crucially, data governance isn’t a project and can’t be treated as one. It’s a long-term, permanent journey that should evolve and mature over time.

The value of process automation

Process automation software can be leveraged to reduce the overall risk in data governance because it keeps workflows consistent, reduces human errors and protects against malicious acts.

Think about the process of getting an expense reimbursed. If I were in a three-person company, an employee would come to me with a receipt, I’d write the check, hand them the check and they’d be reimbursed.

Larger organizations avoid handling reimbursements that way because there’s too much risk involved without a system to track the process. Instead, they have an automated process where, for example, a manager approves the reimbursement, then their manager approves it, then someone in payroll approves it, and then someone else actually makes the payment. So we have this segregation of duties where a manager doesn’t have access to the checkbook, but they have to approve the reimbursement before the person who has access to the checkbook can write the check.

This segregation makes the process more secure because the likelihood of a malicious expense reimbursement making it all the way through each step is very low. The same principle applies to data governance, where process automation can assist in data distribution. The process can ensure that I get access to data, while automation can expedite my receipt of the data or, instead of returning an entire record, only return parts of that record I’m authorized to see.

Data governance is more than just a cost

Traditionally, data governance has been viewed strictly as a financial line item — a necessary evil. But viewing data governance as a cost and a burden is one of the biggest mistakes an organization can make. Technology is changing that approach because process automation is helping organizations produce good, clean data that increase efficiency and drive insightful, intelligent decisions that support the bottom line. So instead of it being a cost line item, data governance should be seen as a value add to the organization and a strategic part of an executive’s tool kit.

Another pitfall is choosing the wrong platform to manage data governance. This isn’t a place to economize. And if your organization isn’t mature and/or can’t pull together a data governance team with a lot of experience, consider engaging an external consultant to help you not only design and build your data governance protocol, but audit it. The consulting company can test your controls and framework and try to find places where they can breach those controls — and that feedback can be used to improve your data governance.

Whatever approach you take, remember that good data governance isn’t just about security. It’s adding value to your decision-making process and that means it’s adding value to your organization.

How ‘bout them apples?

Terry Simpson
Terry Simpson, Nintex
+ posts

Terry Simpson, Senior Solutions Engineer at Nintex, has been working with SharePoint and Nintex tools for the last 13 years. Prior to joining Nintex, he spent the majority his career on the consulting services side of the business, implementing a wide variety of SharePoint and Nintex solutions. Terry’s unique, technical-yet-business-focused background gives him the ability to help users leverage technology to drive value to their businesses.