Data Governance Keystone of Information Management Initiatives

Share Embed Donate


Short Description

To provide an overview of the importance and relevance of data governance as part of an information management initiativ...

Description

Data Governance: Keystone of Information Management Initiatives

Alan McSweeney

Objectives •

To provide an overview of the importance and relevance of data governance as part of an information management initiative

April 21, 2010

2

Agenda •

Data Management Issues



Data Governance and Data Management Frameworks



Approach to Data Governance



State of Information and Data Governance

April 21, 2010

3

Data Governance • • •

Provides an operating discipline for managing data and information as a key enterprise asset Includes organisation, processes and tools for establishing and exercising decision rights regarding valuation and management of data Elements of data governance − − − − − − − − − − − − −

Decision making authority Compliance Policies and standards Data inventories Full lifecycle management Content management Records management, Preservation and disposal Data quality Data classification Data security and access Data risk management Data valuation

April 21, 2010

4

Data Management Issues •

Discovery - cannot find the right information



Integration - cannot manipulate and combine information



Insight - cannot extract value and knowledge from information



Dissemination - cannot consume information



Management – cannot manage and control information volumes and growth

April 21, 2010

5

Data Management Problems – User View • • • • • • • • • • • • • • •

Managing Storage Equipment Application Recoveries / Backup Retention Vendor Management Power Management Regulatory Compliance Lack of Integrated Tools Dealing with Performance Problems Data Mobility Archiving and Archive Management Storage Provisioning Managing Complexity Managing Costs Backup Administration and Management Proper Capacity Forecasting and Storage Reporting Managing Storage Growth April 21, 2010

6

Information Management Challenges •

Explosive Data Growth − Value and volume of data is overwhelming − More data is see as critical − Annual rate of 50+% percent



Compliance Requirements − Compliance with stringent regulatory requirements and audit procedures



Fragmented Storage Environment − Lack of enterprise-wide hardware and software data storage strategy and discipline



Budgets − Frozen or being cut April 21, 2010

7

Information Management Issues •

52% of users don’t have confidence in their information



59% of managers miss information they should have used



42% of managers use wrong information at least once a week



75% of CIOs believe they can strengthen their competitive advantage by better using and managing enterprise data



78% of CIOs want to improve the way they use and manage their data



Only 15% of CIOs believe that their data is currently comprehensively well managed April 21, 2010

8

Data Quality •

Poor data quality costs real money



Process efficiency is negatively impacted by poor data quality



Full potential benefits of new systems not be realised because of poor data quality



Decision making is negatively affected by poor data quality

April 21, 2010

9

Information •

Applications •

Processes

Information IT Systems

• •



People

April 21, 2010

Infrastructure



Information in all its forms – input, processed, outputs – is a core component of any IT system Applications exist to process data supplied by users and other applications Data breathes life into applications Data is stored and managed by infrastructure – hardware and software Data is a key organisation asset with a substantial value Significant responsibilities are imposed on organisations in managing data 10

Data, Information and Knowledge • • • • • •

• •

Data is the representation of facts as text, numbers, graphics, images, sound or video Data is the raw material used to create information Facts are captured, stored, and expressed as data Information is data in context Without context, data is meaningless - we create meaningful information by interpreting the context around data Knowledge is information in perspective, integrated into a viewpoint based on the recognition and interpretation of patterns, such as trends, formed with other information and experience Knowledge is about understanding the significance of information Knowledge enables effective action April 21, 2010

11

Data, Information, Knowledge and Action

Knowledge

Information

April 21, 2010

Action

Data

12

Information is an Organisation Asset •

Tangible organisation assets are seen as having a value and are managed and controlled using inventory and asset management systems and procedures



Data, because it is less tangible, is less widely perceived as a real asset, assigned a real value and managed as if it had a value



High quality, accurate and available information is a pre-requisite to effective operation of any organisation



Information is a high-value asset of any enterprise



What do you do when you have something valuable − Retain it − Protect it − Manage it April 21, 2010

13

Data Management and Project Success •

Data is fundamental to the effective and efficient operation of any solution − Right data − Right time − Right tools and facilities



Without data the solution has no purpose



Data is too often overlooked in projects



Project managers frequently do not appreciate the complexity of data issues

April 21, 2010

14

Generalised Information Management Lifecycle Enter, Create, Acquire, Derive, Update, Capture



Store, Manage, Replicate and Distribute

M an ag

Protect and Recover



Design, define and implement framework to manage information through this lifecycle

Generalised lifecycle that differs for specific information types e,

Co nt ro

la

nd

Ad mi

n is t er

Archive and Recall

Delete/Remove

April 21, 2010

15

Generalised Information Management Lifecycle •

Need to implement management frameworks and associated solutions to automate the information lifecycle Data Governance Framework Data Architecture to Implement Data Governance Data Infrastructure to Implement Data Architecture

Data Operations to Manage Data Infrastructure April 21, 2010

16

Expanded Generalised Information Management Lifecycle Plan, Design and Specify

De

Implement Underlying Infrastructure

sig n, Im

ple m

Enter, Create, Acquire, Derive, Update, Capture Store, Manage, Replicate and Distribute



Include phases for information management lifecycle design and implementation of appropriate hardware and software to actualise lifecycle April 21, 2010

en

t, M an ag e,

Co nt ro

la

nd

Ad

mi ni

ste

r

Protect and Recover

Archive and Recall

Delete/Remove 17

Objectives of Implementing Solutions to Deliver Generalised Information Management Lifecycle • • • •

• • • •

Establish effective policies for lifecycle enterprise information management to control data growth and lower information management costs Meet service level goals to ensure the timely completion of key business processes for mission-critical applications Support appropriate data retention compliance initiatives and mitigate risk for compliance, audits and legal discovery requests Support appropriate data retention compliance requirements and mitigate risk for compliance, audits and legal discovery requests that keep historical transaction records accessible until legal retention periods expire Implement scalable archiving strategies that easily adapt to ongoing business requirements Improve application portfolio management to decommission redundant applications and simplify the IT infrastructure Manage application information growth and its impact on service levels, operational costs and risks as well as storage requirements Manage data quality, consistency, security, privacy and accuracy April 21, 2010

18

Data and Information Management •

Data and information management is a business process consisting of the planning and execution of policies, practices, and projects that acquire, control, protect, deliver, and enhance the value of data and information assets

April 21, 2010

19

Data and Information Management To manage and utilise information as a strategic asset

To implement processes, policies, infrastructure and solutions to govern, protect, maintain and use information To make relevant and correct information available in all business processes and IT systems for the right people in the right context at the right time with the appropriate security and with the right quality To exploit information in business decisions, processes and relations April 21, 2010

20

Data Management Goals •

Primary goals − To understand the information needs of the enterprise and all its stakeholders − To capture, store, protect, and ensure the integrity of data assets − To continually improve the quality of data and information, including accuracy, integrity, integration, relevance and usefulness of data − To ensure privacy and confidentiality, and to prevent unauthorised inappropriate use of data and information − To maximise the effective use and value of data and information assets

April 21, 2010

21

Data Management Goals •

Secondary goals − To control the cost of data management − To promote a wider and deeper understanding of the value of data assets − To manage information consistently across the enterprise − To align data management efforts and technology with business needs

April 21, 2010

22

Triggers for Data Management Initiative •

When an enterprise is about to undertake architectural transformation, data management issues need to be understood and addressed



Structured and comprehensive approach to data management enables the effective use of data to take advantage of its competitive advantages

April 21, 2010

23

Data Management Principles •

Data and information are valuable enterprise assets



Manage data and information carefully, like any other asset, by ensuring adequate quality, security, integrity, protection, availability, understanding and effective use



Share responsibility for data management between business data owners and IT data management professionals



Data management is a business function and a set of related disciplines

April 21, 2010

24

Organisation Data Management Function •

Business function of planning for, controlling and delivering data and information assets



Development, execution, and supervision of plans, policies, programs, projects, processes, practices and procedures that control, protect, deliver, and enhance the value of data and information assets



Scope of the data management function and the scale of its implementation vary widely with the size, means, and experience of organisations



Role of data management remains the same across organisations even though implementation differs widely April 21, 2010

25

Scope of Complete Data Management Function Data Warehousing and Business Intelligence Management

Metadata Management

Data Governance

Data Development

Data Security Management

Data Quality Management

Data Operations Management

Reference and Master Data Management Data Architecture Management

April 21, 2010

Document and Content Management 26

Data Governance •

Capstone of Data Management initiatives

Data Governance Database Architecture Management

Data Warehousing and Business Intelligence Management

Data Quality Management

Metadata Management

Data Security Management

Data Development

Data Operations Management

April 21, 2010

Reference and Master Data Management

Document and Content Management

27

Objectives of Data Governance •

Guide information management decision-making



Ensure information is consistently defined and well understood



Increase the use and trust of data as an organisation asset



Improve consistency of projects across the organisation



Ensure regulatory compliance



Eliminate data risks

April 21, 2010

28

Shared Role Between Business and IT •

Data management is a shared responsibility between data management professionals within IT and the business data owners representing the interests of data producers and information consumers



Business data ownership is the concerned with accountability for business responsibilities in data management



Business data owners are data subject matter experts



Represent the data interests of the business and take responsibility for the quality and use of data April 21, 2010

29

Why Develop and Implement a Data Management Framework? • • • • • • • • • •

Improve organisation data management efficiency Deliver better service to business Improve cost-effectiveness of data management Match the requirements of the business to the management of the data Embed handling of compliance and regulatory rules into data management framework Achieve consistency in data management across systems and applications Enable growth and change more easily Reduce data management and administration effort and cost Assist in the selection and implementation of appropriate data management solutions Implement a technology-independent data architecture April 21, 2010

30

Data Governance and Data Management Frameworks

April 21, 2010

31

Data Governance and Data Management Frameworks •

DMBOK - Data Management Book of Knowledge



TOGAF - The Open Group Architecture Framework



COBIT - Control Objectives for Information and related Technology

April 21, 2010

32

DMBOK, TOGAF and COBIT Can be a Precursor to Implementing Data Management

TOGAF Defines the Process for Creating a Data Architecture as Part of an Overall Enterprise Architecture

DMBOK Is a Specific and Comprehensive Data Oriented Framework

DMBOK Provides Detailed for Definition, Implementation and Operation of Data Management and Utilisation

Can Provide a Maturity Model for Assessing Data Management

COBIT Provides Data Governance as Part of Overall IT Governance

April 21, 2010

33

DMBOK, TOGAF and COBIT – Scope and Overlap DMBOK

TOGAF

Data Development Data Operations Management Reference and Master Data Management Data Warehousing and Business Intelligence Management Document and Content Management Metadata Management Data Quality Management

Data Architecture Management Data Management Data Migration

Data Governance

April 21, 2010

Data Security Management

COBIT

34

Data Management Book of Knowledge (DMBOK) •

DMBOK is a generalised and comprehensive framework for managing data across the entire lifecycle



Developed by DAMA (Data Management Association)



DMBOK provides a detailed framework to assist development and implementation of data management processes and procedures and ensures all requirements are addressed



Enables effective and appropriate data management across the organisation



Provides awareness and visibility of data management issues and requirements April 21, 2010

35

Data Management Book of Knowledge (DMBOK) •

Not a solution to your data management needs



Framework and methodology for developing and implementing an appropriate solution



Generalised framework to be customised to meet specific needs



Provide a work breakdown structure for a data management project to allow the effort to be assessed



No magic bullet

April 21, 2010

36

Data Management-Related Frameworks •

• • • •

TOGAF (and other enterprise architecture standards) define a process for arriving an at enterprise architecture definition, including data TOGAF has a phase relating to data architecture TOGAF deals with high level DMBOK translates high level into specific details COBIT is concerned with IT governance and controls: − IT must implement internal controls around how it operates − The systems IT delivers to the business and the underlying business processes these systems actualise must be controlled – these are controls external to IT − To govern IT effectively, COBIT defines the activities and risks within IT that need to be managed

• •

COBIT has a process relating to data management Neither TOGAF nor COBIT are concerned with detailed data management design and implementation April 21, 2010

37

TOGAF and Data Management •

Phase H: Architecture Change Management

Phase G: Implementation Governance

Phase A: Architecture Vision Phase B: Business Architecture

Phase C1 (subset of Phase C) relates to defining a data architecture Phase C1: Data Architecture

Requirements Management

Phase C: Information Systems Architecture

Phase D: Technology Architecture

Phase F: Migration Planning

Phase C2: Solutions and Application Architecture

Phase E: Opportunities and Solutions

April 21, 2010

38

TOGAF Phase C1: Information Systems Architectures - Data Architecture - Objectives •

Purpose is to define the major types and sources of data necessary to support the business, in a way that is: − Understandable by stakeholders − Complete and consistent − Stable



Define the data entities relevant to the enterprise



Not concerned with design of logical or physical storage systems or databases

April 21, 2010

39

TOGAF Phase C1: Information Systems Architectures - Data Architecture - Overview Phase C1: Information Systems Architectures - Data Architecture

Approach Elements

Inputs

Steps

Outputs

Key Considerations for Data Architecture

Reference Materials External to the Enterprise

Select Reference Models, Viewpoints, and Tools

Architecture Repository

Non-Architectural Inputs

Develop Baseline Data Architecture Description

Architectural Inputs

Develop Target Data Architecture Description

Perform Gap Analysis

Define Roadmap Components

Resolve Impacts Across the Architecture Landscape Conduct Formal Stakeholder Review

Finalise the Data Architecture

Create Architecture Definition Document April 21, 2010

40

TOGAF Phase C1: Information Systems Architectures - Data Architecture - Approach - Key Considerations for Data Architecture •

Data Management − Important to understand and address data management issues − Structured and comprehensive approach to data management enables the effective use of data to capitalise on its competitive advantages − Clear definition of which application components in the landscape will serve as the system of record or reference for enterprise master data − Will there be an enterprise-wide standard that all application components, including software packages, need to adopt − Understand how data entities are utilised by business functions, processes, and services − Understand how and where enterprise data entities are created, stored, transported, and reported − Level and complexity of data transformations required to support the information exchange needs between applications − Requirement for software in supporting data integration with external organisations

April 21, 2010

41

TOGAF Phase C1: Information Systems Architectures - Data Architecture - Approach - Key Considerations for Data Architecture •

Data Migration − Identify data migration requirements and also provide indicators as to the level of transformation for new/changed applications − Ensure target application has quality data when it is populated − Ensure enterprise-wide common data definition is established to support the transformation

April 21, 2010

42

TOGAF Phase C1: Information Systems Architectures - Data Architecture - Approach - Key Considerations for Data Architecture •

Data Governance − Ensures that the organisation has the necessary dimensions in place to enable the data transformation − Structure – ensures the organisation has the necessary structure and the standards bodies to manage data entity aspects of the transformation − Management System - ensures the organisation has the necessary management system and data-related programs to manage the governance aspects of data entities throughout its lifecycle − People - addresses what data-related skills and roles the organisation requires for the transformation

April 21, 2010

43

TOGAF Phase C1: Information Systems Architectures - Data Architecture - Outputs •

Refined and updated versions of the Architecture Vision phase deliverables − Statement of Architecture Work − Validated data principles, business goals, and business drivers



Draft Architecture Definition Document − Baseline Data Architecture − Target Data Architecture • • • • •

Business data model Logical data model Data management process models Data Entity/Business Function matrix Views corresponding to the selected viewpoints addressing key stakeholder concerns

− Draft Architecture Requirements Specification • • • • • •

Gap analysis results Data interoperability requirements Relevant technical requirements Constraints on the Technology Architecture about to be designed Updated business requirements Updated application requirements

− Data Architecture components of an Architecture Roadmap April 21, 2010

44

COBIT Structure COBIT Plan and Organise (PO)

Acquire and Implement (AI)

Deliver and Support (DS)

Monitor and Evaluate (ME)

PO1 Define a strategic IT plan

AI1 Identify automated solutions

DS1 Define and manage service levels

ME1 Monitor and evaluate IT performance

PO2 Define the information architecture

AI2 Acquire and maintain application software

DS2 Manage third-party services

ME2 Monitor and evaluate internal control

PO3 Determine technological direction

AI3 Acquire and maintain technology infrastructure

DS3 Manage performance and capacity

ME3 Ensure regulatory compliance

PO4 Define the IT processes, organisation and relationships

AI4 Enable operation and use

DS4 Ensure continuous service

ME4 Provide IT governance

PO5 Manage the IT investment

AI5 Procure IT resources

DS5 Ensure systems security

PO6 Communicate management aims and direction

AI6 Manage changes

DS6 Identify and allocate costs

PO7 Manage IT human resources

AI7 Install and accredit solutions and changes

DS7 Educate and train users

PO8 Manage quality

DS8 Manage service desk and incidents

PO9 Assess and manage IT risks

DS9 Manage the configuration

PO10 Manage projects

DS10 Manage problems

DS11 Manage data DS12 Manage the physical environment DS13 Manage operations April 21, 2010

45

COBIT and Data Management •

COBIT objective DS11 Manage Data within the Deliver and Support (DS) domain



Effective data management requires identification of data requirements



Data management process includes establishing effective procedures to manage the media library, backup and recovery of data and proper disposal of media



Effective data management helps ensure the quality, timeliness and availability of business data

April 21, 2010

46

COBIT and Data Management •

• •

Objective is the control over the IT process of managing data that meets the business requirement for IT of optimising the use of information and ensuring information is available as required Focuses on maintaining the completeness, accuracy, availability and protection of data Involves taking actions − Backing up data and testing restoration − Managing onsite and offsite storage of data − Securely disposing of data and equipment



Measured by − User satisfaction with availability of data − Percent of successful data restorations − Number of incidents where sensitive data were retrieved after media were disposed of

April 21, 2010

47

COBIT Process DS11 Manage Data •

DS11.1 Business Requirements for Data Management − Establish arrangements to ensure that source documents expected from the business are received, all data received from the business are processed, all output required by the business is prepared and delivered, and restart and reprocessing needs are supported



DS11.2 Storage and Retention Arrangements − Define and implement procedures for data storage and archival, so data remain accessible and usable − Procedures should consider retrieval requirements, cost-effectiveness, continued integrity and security requirements − Establish storage and retention arrangements to satisfy legal, regulatory and business requirements for documents, data, archives, programmes, reports and messages (incoming and outgoing) as well as the data (keys, certificates) used for their encryption and authentication



DS11.3 Media Library Management System − Define and implement procedures to maintain an inventory of onsite media and ensure their usability and integrity − Procedures should provide for timely review and follow-up on any discrepancies noted



DS11.4 Disposal − Define and implement procedures to prevent access to sensitive data and software from equipment or media when they are disposed of or transferred to another use − Procedures should ensure that data marked as deleted or to be disposed cannot be retrieved.



DS11.5 Backup and Restoration − Define and implement procedures for backup and restoration of systems, data and documentation in line with business requirements and the continuity plan − Verify compliance with the backup procedures, and verify the ability to and time required for successful and complete restoration − Test backup media and the restoration process



DS11.6 Security Requirements for Data Management − Establish arrangements to identify and apply security requirements applicable to the receipt, processing, physical storage and output of data and sensitive messages − Includes physical records, data transmissions and any data stored offsite

April 21, 2010

48

COBIT Data Management Goals and Metrics Activity Goals

Process Goals

Activity Goals

•Backing up data and testing restoration •Managing onsite and offsite storage of data •Securely disposing of data and equipment

•Maintain the completeness, accuracy, validity and accessibility of stored data •Secure data during disposal of media •Effectively manage storage media

•Backing up data and testing restoration •Managing onsite and offsite storage of data •Securely disposing of data and equipment

Are Measured By Key Performance Indicators •Frequency of testing of backup media •Average time for data restoration

April 21, 2010

Drive

Are Measured By

Drive

Are Measured By

Process Key Goal Indicators

IT Key Goal Indicators

•% of successful data restorations •# of incidents where sensitive data were retrieved after media were disposed of •# of down time or data integrity incidents caused by insufficient storage capacity

•Occurrences of inability to recover data critical to business process •User satisfaction with availability of data •Incidents of noncompliance with laws due to storage management issues 49

Approach to Data Governance

April 21, 2010

50

Data Governance •

Core function of Data Management



Interacts with and influences each of the surrounding ten data management functions



Data governance is the exercise of authority and control (planning, monitoring, and enforcement) over the management of data assets



Data governance function guides how all other data management functions are performed



High-level, executive data stewardship



Data governance is not the same thing as IT governance



Data governance is focused exclusively on the management of data assets April 21, 2010

51

Data Governance • • • •

Shared decision making is the hallmark of data governance Requires working across organisational and system boundaries Some decisions are primarily business decisions made with input and guidance from IT Other decisions are primarily technical decisions made with input and guidance from business data stewards at all levels Decisions Made Decisions Made by Business by IT Management Management

Business Operating Model

Enterprise Information Model

Information Management Strategy

Database Architecture

IT Leadership

Information Needs

Information Management Policies

Data Integration Architecture

Capital Investments

Information Specifications

Information Management Standards

Data Warehousing Architecture

Research and Development Funding

Quality Requirements

Information Management Metrics

Metadata Architecture

Data Governance Model

Issue Resolution

Information Management Services

Technical Metadata

April 21, 2010

52

Data Governance •

Data governance is accomplished most effectively as an on-going program and a continual improvement process



Every effective data governance program is unique, taking into account distinctive organisational and cultural issues, and the immediate data management challenges and opportunities



Data governance is not the same thing as IT governance

April 21, 2010

53

Data Governance and IT Governance •

IT Governance makes decisions about − IT investments − IT application portfolio − IT project portfolio





IT Governance aligns the IT strategies and investments with enterprise goals and strategies COBIT (Control Objectives for Information and related Technology) provides standards for IT governance





Data Governance is focused exclusively on the management of data assets Data Governance is at the heart of managing data assets

− Only a small portion of the COBIT framework addresses managing information •

Some critical issues, such as SarbanesOxley compliance, span the concerns of corporate governance, IT governance, and data governance April 21, 2010

54

Data Governance – Definition and Goals •

Definition − The exercise of authority and control (planning, monitoring, and enforcement) over the management of data assets



Goals − To define, approve, and communicate data strategies, policies, standards, architecture, procedures, and metrics − To track and enforce regulatory compliance and conformance to data policies, standards, architecture, and procedures − To sponsor, track, and oversee the delivery of data management projects and services − To manage and resolve data related issues − To understand and promote the value of data assets April 21, 2010

55

Data Governance - Overview Inputs

Primary Deliverables

•Business Goals •Business Strategies •IT Objectives •IT Strategies •Data Needs •Data Issues •Regulatory Requirements

Suppliers

•Data Policies •Data Standards •Resolved Issues •Data Management Projects and Services •Quality Data and Information •Recognised Data Value

Data Governance

•Data Producers •Knowledge Workers •Managers and Executives •Data Professionals •Customers

•Business Executives •IT Executives •Data Stewards •Regulatory Bodies

Participants •Executive Data Stewards •Coordinating Data Stewards •Business Data Stewards •Data Professionals •DM Executive •CIO April 21, 2010

Consumers

Tools •Intranet Website •E-Mail •Metadata Tools •Metadata Repository •Issue Management Tools •Data Governance KPI •Dashboard

Metrics •Data Value •Data Management Cost •Achievement of Objectives •# of Decisions Made •Steward Representation / Coverage •Data Professional Headcount •Data Management Process Maturity 56

Data Governance Function, Activities and SubActivities Data Governance Data Management Planning

Data Management Control

Understand Strategic Enterprise Data Needs

Supervise Data Professional Organisations and Staff

Develop and Maintain the Data Strategy

Coordinate Data Governance Activities

Establish Data Professional Roles and Organisations

Manage and Resolve Data Related Issues

Identify and Appoint Data Stewards

Monitor and Ensure Regulatory Compliance

Establish Data Governance and Stewardship Organisations

Monitor and Enforce Conformance with Data Policies, Standards and Architecture

Develop and Approve Data Policies, Standards, and Procedures

Oversee Data Management Projects and Services

Review and Approve Data Architecture

Communicate and Promote the Value of Data Assets

Plan and Sponsor Data Management Projects and Services Estimate Data Asset Value and Associated Costs April 21, 2010

57

Data Governance •

Data governance is accomplished most effectively as an on-going program and a continual improvement process



Every data governance programme is unique, taking into account distinctive organisational and cultural issues, and the immediate data management challenges and opportunities



Data governance is at the core of managing data assets

April 21, 2010

58

Data Governance - Possible Organisation Structure Data Governance Structure

Organisation Data Governance Council

Data Governance Office

CIO

Data Management Executive

Business Unit Data Governance Councils

Data Technologists

Data Stewardship Committees

Data Stewardship Teams April 21, 2010

59

Data Governance Shared Decision Making Business Decisions

Shared Decision Making

IT Decisions

Enterprise Information Model

Enterprise Information Management Strategy

Database Architecture

IT Leadership

Information Needs

Enterprise Information Management Policies

Data Integration Architecture

Capital Investments

Information Specifications

Enterprise Information Management Standards

Data Warehousing and Business Intelligence Architecture

Research and Development Funding

Quality Requirements

Enterprise Information Management Metrics

Metadata Architecture

Issue Resolution

Enterprise Information Management Services

Technical Metadata

Business Operating Model

Data Governance Model

April 21, 2010

60

Data Stewardship •

Formal accountability for business responsibilities ensuring effective control and use of data assets



Data steward is a business leader and/or recognised subject matter expert designated as accountable for these responsibilities



Manage data assets on behalf of others and in the best interests of the organisation



Represent the data interests of all stakeholders, including but not limited to, the interests of their own functional departments and divisions



Protects, manages, and leverages the data resources



Must take an enterprise perspective to ensure the quality and effective use of enterprise data April 21, 2010

61

Data Stewardship - Roles •

Executive Data Stewards – provide data governance and make of high-level data stewardship decisions



Coordinating Data Stewards - lead and represent teams of business data stewards in discussions across teams and with executive data stewards



Business Data Stewards - subject matter experts work with data management professionals on an ongoing basis to define and control data

April 21, 2010

62

Data Stewardship Roles Across Data Management Functions - 1 Data Architecture Management Data Development

Data Operations Management

Data Security Management

Reference and Master Data Management

April 21, 2010

All Data Stewards

Executive Data Stewards

Review, validate, approve, maintain and refine data architecture Validate physical data models and database designs, participate in database testing and conversion

Review and approve the enterprise data architecture

Coordinating Data Stewards Integrate specifications, resolving differences

Business Data Stewards Define data requirements specifications Define data requirements and specifications

Define requirements for data recovery, retention and performance Help identify, acquire, and control externally sourced data Provide security, privacy and confidentiality requirements, identify and resolve data security issues, assist in data security audits, and classify information confidentiality Control the creation, update, and retirement of code values and other reference data, define master data management requirements, identify and help resolve issues 63

Data Stewardship Roles Across Data Management Functions - 2 All Data Stewards Data Warehousing and Business Intelligence Management

Data Quality Management

April 21, 2010

Coordinating Data Stewards

Business Data Stewards Provide business intelligence requirements and management metrics, and they identify and help resolve business intelligence issues Define enterprise taxonomies and resolve content management issues

Document and Content Management Metadata Management

Executive Data Stewards

Create and maintain business metadata (names, meanings, business rules), define metadata access and integration needs and use metadata to make effective data stewardship and governance decisions Define data quality requirements and business rules, test application edits and validations, assist in the analysis, certification, and auditing of data quality, lead clean-up efforts, identify ways to solve causes of poor data quality, promote data quality awareness 64

Data Strategy •

High-level course of action to achieve high-level goals



Data strategy is a data management program strategy a plan for maintaining and improving data quality, integrity, security and access



Address all data management functions relevant to the organisation

April 21, 2010

65

Elements of Data Strategy • • • • • • • • • •

Vision for data management Summary business case for data management Guiding principles, values, and management perspectives Mission and long-term directional goals of data management Management measures of data management success Short-term data management programme objectives Descriptions of data management roles and business units along with a summary of their responsibilities and decision rights Descriptions of data management programme components and initiatives Outline of the data management implementation roadmap Scope boundaries April 21, 2010

66

Data Strategy

Data Management Programme Charter Data Management Scope Statement Goals and objectives for a defined planning horizon and the roles, organisations, and individual leaders accountable for achieving these objectives

April 21, 2010

Overall vision, business case, goals, guiding principles, measures of success, critical success factors, recognised risks

Data Management Implementation Roadmap Identifying specific programs, projects, task assignments, and delivery milestones

67

Data Policies •

Statements of intent and fundamental rules governing the creation, acquisition, integrity, security, quality, and use of data and information



More fundamental, global, and business critical than data standards



Describe what to do and what not to do



Should be few data policies stated briefly and directly

April 21, 2010

68

Data Policies •

Possible topics for data policies − Data modeling and other data development activities − Development and use of data architecture − Data quality expectations, roles, and responsibilities − Data security, including confidentiality classification policies, intellectual property policies, personal data privacy policies, general data access and usage policies, and data access by external parties − Database recovery and data retention − Access and use of externally sourced data − Sharing data internally and externally − Data warehousing and business intelligence − Unstructured data - electronic files and physical records April 21, 2010

69

Data Architecture •

Enterprise data model and other aspects of data architecture sponsored at the data governance level



Need to pay particular attention to the alignment of the enterprise data model with key business strategies, processes, business units and systems



Includes − Data technology architecture − Data integration architecture − Data warehousing and business intelligence architecture − Metadata architecture

April 21, 2010

70

Data Standards and Procedures •

Include naming standards, requirement specification standards, data modeling standards, database design standards, architecture standards and procedural standards for each data management function



Must be effectively communicated, monitored, enforced and periodically re-evaluated



Data management procedures are the methods, techniques, and steps followed to accomplish a specific activity or task

April 21, 2010

71

Data Standards and Procedures •

Possible topics for data standards and procedures − Data modeling and architecture standards, including data naming conventions, definition standards, standard domains, and standard abbreviations − Standard business and technical metadata to be captured, maintained, and integrated − Data model management guidelines and procedures − Metadata integration and usage procedures − Standards for database recovery and business continuity, database performance, data retention, and external data acquisition − Data security standards and procedures − Reference data management control procedures − Match / merge and data cleansing standards and procedures − Business intelligence standards and procedures − Enterprise content management standards and procedures, including use of enterprise taxonomies, support for legal discovery and document and e-mail retention, electronic signatures, report formatting standards and report distribution approaches April 21, 2010

72

Regulatory Compliance •

Most organisations are is impacted by government and industry regulations



Many of these regulations dictate how data and information is to be managed



Compliance is generally mandatory



Data governance guides the implementation of adequate controls to ensure, document, and monitor compliance with data-related regulations.

April 21, 2010

73

Regulatory Compliance •

Data governance needs to work the business to find the best answers to the following regulatory compliance questions − − − − − − − − − − − − − −

How relevant is a regulation? Why is it important for us? How do we interpret it? What policies and procedures does it require? Do we comply now? How do we comply now? How should we comply in the future? What will it take? When will we comply? How do we demonstrate and prove compliance? How do we monitor compliance? How often do we review compliance? How do we identify and report non-compliance? How do we manage and rectify non-compliance?

April 21, 2010

74

Issue Management •

Data governance assists in identifying, managing, and resolving data related issues − − − − − − − − − − −

Data quality issues Data naming and definition conflicts Business rule conflicts and clarifications Data security, privacy, and confidentiality issues Regulatory non-compliance issues Non-conformance issues (policies, standards, architecture, and procedures) Conflicting policies, standards, architecture, and procedures Conflicting stakeholder interests in data and information Organisational and cultural change management issues Issues regarding data governance procedures and decision rights Negotiation and review of data sharing agreements

April 21, 2010

75

Issue Management, Control and Escalation •

Data governance implements issue controls and procedures − Identifying, capturing, logging and updating issues − Tracking the status of issues − Documenting stakeholder viewpoints and resolution alternatives − Objective, neutral discussions where all viewpoints are heard − Escalating issues to higher levels of authority − Determining, documenting and communicating issue resolutions.

April 21, 2010

76

Data Management Projects •

Data management roadmap sets out a course of action for initiating and/or improving data management functions



Consists of an assessment of current functions, definition of a target environment and target objectives and a transition plan outlining the steps required to reach these targets including an approach to organisational change management



Every data management project should follow the project management standards of the organisation

April 21, 2010

77

Data Asset Valuation •

Data and information are truly assets because they have business value, tangible or intangible



Different approaches to estimating the value of data assets



Identify the direct and indirect business benefits derived from use of the data



Identify the cost of data loss, identifying the impacts of not having the current amount and quality level of data

April 21, 2010

78

State of Information and Data Governance •

Information and Data Governance Report, April 2008 − International Association for Information and Data Quality (IAIDQ) − University of Arkansas at Little Rock, Information Quality Program (UALR-IQ)



Ponemon Institute 2009 Annual Study Cost of a Data Breach

April 21, 2010

79

Terms Used by Organisations to Describe the Activities Associated with Governing Data Data Management

62.7%

Data Governance

55.4%

Data Stewardship

46.6%

Information Management

43.6%

Information Governance

17.2%

Data Resource Management

10.8%

Information Stew ardship

10.3%

Information Resource Management

10.3%

Other

13.7% 0%

April 21, 2010

10%

20%

30%

40%

50%

60%

70% 80

Your Organisation Recognises and Values Information as a Strategic Asset and Manages it Accordingly

3.4%

Strongly Disagree

21.5%

Disagree

17.1%

Neutral

39.5%

Agree

18.5%

Strongly Agree

0%

April 21, 2010

10%

20%

30%

40%

50%

81

Direction of Change in the Results and Effectiveness of the Organisation's Formal or Informal Information/Data Governance Processes Over the Past Two Years

Results and Effectiveness Have Significantly Improved

8.8%

50.0%

Results and Effectiveness Have Improved Results and Effectiveness Have Remained Essentially the Same

31.9%

3.9%

Results and Effectiveness Have Worsened Results and Effectiveness Have Significantly Worsened

0.0%

5.4%

Don’t Know 0%

April 21, 2010

10%

20%

30%

40%

50%

60%

70%

82

Perceived Effectiveness of the Organisation's Current Formal or Informal Information/Data Governance Processes

Excellent (All Goals are Met)

2.5%

Good (Most Goals are Met)

21.1%

51.5%

OK (Some Goals are Met)

Poor (Few Goals are Met)

19.1%

Very Poor (No Goals are Met)

3.9%

2.0%

Don’t Know 0%

April 21, 2010

10%

20%

30%

40%

50%

60%

70%

83

Actual Information/Data Governance Effectiveness vs. Organisation's Perception

It is Better Than Most People Think

20.1%

It is the Same as Most People Think

32.4%

It is Worse Than Most People Think

35.8%

11.8%

Don’t Know

0%

April 21, 2010

5%

10%

15%

20%

25%

30%

35%

40%

45%

50%

84

Current Status of Organisation's Information/Data Governance Initiatives Started an Information/Data Governance Initiative, but Discontinued the Effort

1.5%

Considered a Focused Information/Data Governance Effort but Abandoned the Idea

0.5% 7.4%

None Being Considered - Keeping the Status Quo Exploring, Still Seeking to Learn More

20.1%

Evaluating Alternative Frameworks and Information Governance Structures

23.0%

Now Planning an Implementation

13.2%

First Iteration Implemented the Past 2 Years

19.1%

First Interation"in Place for More Than 2 Years

8.8%

Don’t Know

6.4% 0%

April 21, 2010

5%

10%

15%

20%

25%

30% 85

Expected Changes in Organisation's Information/Data Governance Efforts Over the Next Two Years 46.6%

Will Increase Significantly

39.2%

Will Increase Somewhat

10.8%

Will Remain the Same

1.0%

Will Decrease Somewhat

Will Decrease Significantly

0.5%

2.0%

Don’t Know

0% April 21, 2010

10%

20%

30%

40%

50%

60% 86

Focus of Information / Data Governance Efforts 70.2%

Customers 57.6%

Financials 46.6%

Products and Production

41.9%

Services

35.6%

Sales

31.4%

Employees

25.1%

Supply Chain, Vendors, Suppliers

20.4%

Items / Materials

16.2%

Equipment and Facilities

13.1%

Maintenance

10.5%

Environment, Health and Safety

9.5%

Other 0% April 21, 2010

10%

20%

30%

40%

50%

60%

70%

80% 87

Overall Objectives of Information / Data Governance Efforts Improve Data Quality

80.2%

Establish Clear Decision Rules and Decisionmaking Processes for Shared Data

65.6%

Increase the Value of Data Assets

59.4%

Provide Mechanism to Resolve Data Issues

56.8%

Involve Non-IT Personnel in Data Decisions IT Should not Make by Itself

55.7%

Promote Interdependencies and Synergies Between Departments or Business Units

49.6%

Enable Joint Accountability for Shared Data

45.3%

Involve IT in Data Decisions non-IT Personnel Should not Make by Themselves Other None Applicable Don't Know

35.4% 5.2% 1.0% 2.6% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100 %

April 21, 2010

88

Primary Activities of Organisation's Information / Data Governance Efforts 70.5%

Standardise Data Definitions Across The Organisation Provide Common Information Strategies, Processes, Policies, And Standards On Behalf Of The Organisation

61.6% 58.4%

Support Data Warehouse And Business Intelligence Initiatives

53.7%

Define And Standardise Common Business Rules Across The Organisation

49.5%

Select And Charter Specific Data Quality Improvement Projects Provide Oversight And Enforcement Of Data Standards On Every Project That Involves Information Systems And Technology

47.9%

Establish A Common Vocabulary And Culture Around The Deployment Of Data That Ensures Its Privacy, Compliance, And Security

46.8%

Support The Access And Use Of Common Corporate Data Through A Focus On Architecture And Integration

45.8% 43.7%

Support The Development Of An Enterprise Logical Data Model

42.6%

Guide The Management Of Master Or Reference Data Support Information Management Problem-Solving And Decision-Making And Providing Processes For Strategic Alignment.

40.0% 27.9%

Manage Information Products

25.3%

Measure The Costs Of Low Quality Data

23.2%

Measure The Value Of High Quality Data

13.2%

Implement Internal Information Chain Management Implement External Data Supplier Management

10.0%

Implement Information Product Management

10.0%

Other

10.0% 0%

April 21, 2010

10%

20%

30%

40%

50%

60%

70%

80%

89

Primary Drivers for Organisation's Information / Data Governance Efforts General Desire To Improve The Quality Of Our Data

65.6%

Data Warehousing / Business Intelligence

57.7%

Compliance / Risk

46.6%

Enterprise Architecture

33.3%

Information Security / Privacy

32.3%

Master Data Management (MDM) Project

31.2%

Applications / Systems Integration

30.2%

Customer Data Integration (CDI) Project

25.9%

Suffered Major Negative Impact From Bad Data Quality

22.2%

Service-Oriented Architecture (SOA) Project

18.0%

Enterprise Resource Planning (ERP) Project

16.4%

Merger And Acquisition Planning Or Implementation

12.7%

Product Information Management (PIM) Project

10.1%

Reaction To Competitors' Activity

3.7%

Other

8.5% 0%

April 21, 2010

10%

20%

30%

40%

50%

60%

70%

80%

90

Category of Tools Currently Used in Organisation Data Quality Analysis, Assessment Or Profiling

66.3%

Extract-Transform-Load (ETL) And Other Data Integration Tools

57.2%

Data Modeling (Computer-Aided Software Engineering)

48.7%

Data Matching And Reconciliation (Data De-Duplication)

48.7% 45.5%

Data Quality Monitoring

44.4%

Metadata Repository 39.0%

Data Remediation / Cleansing Tools Data Relationship Discovery And Mappings

28.9% 25.7%

Workflow Tools 20.3%

Business Rules Engines

18.7%

Master Data Management (MDM) Tools 13.4%

Customer Data Integration (CDI) Tools Product Information Management (PIM) Tools

5.9% 4.3%

Rules Discovery Tools

5.9%

Other 0%

April 21, 2010

10%

20%

30%

40%

50%

60%

70%

80%

91

Functional Area to Which the Leader of the Organisation's Information / Data Governance Effort Reports Information Technology

43.1%

Senior / Executive Management Team

31.0%

Finance

17.2%

Compliance / Risk

8.6%

Operations / Manufacturing

8.6%

5.2%

Marketing

Purchasing

1.7%

Legal

1.7%

Other

8.6% 0%

April 21, 2010

5%

10%

15%

20%

25%

30%

35%

40%

45%

50%

92

Number of Levels Between the Organisation's Most Senior Leader and the Person Most Directly in Charge of the Information / Data Governance Effort 12.3%

5 Levels or More

14.0%

4 Levels

26.3%

3 Levels

22.8%

2 Levels

14.0%

1 Level

3.5%

They are the Same Person

7.0%

Don't Know

0% April 21, 2010

5%

10%

15%

20%

25%

30% 93

Membership of Senior Information / Data Governance Body within an Organisation The Senior / Executive Management Team is the Top Information / Data Governance Body

21.4%

C-Level non-IT Executives

26.8%

C-Level IT Executives

26.8%

51.8%

Middle-Level non-IT Managers

33.9%

Middle-Level IT Managers

7.1%

Junior-Level non-IT Supervisors/Managers

14.3%

Junior-Level IT Supervisors / Managers My Organisation Does Not Have any Governance Body for Information and Data Assets

7.1% 0%

April 21, 2010

10%

20%

30%

40%

50%

60% 94

Relationship Between Information / Data Governance and Data Quality Leadership Information Governance and Data Quality Are Led by the Same Person

36.8%

Information Governance and Data Quality Are Led by Different People Who Report to the Same Manager

17.5%

Information Governance and Data Quality Are Led by Different People Who Report to Different Managers

19.3%

There is No Specific Individual in Charge of Our Data Quality Program

17.5%

8.8%

Other

0% April 21, 2010

10%

20%

30%

40%

50%

60% 95

Change In Organisation's Information / Data Quality Over the Past Two Years Information / Data Quality Has Significantly Improved

10.5%

Information / Data Quality Has Improved

68.4%

Information / Data Quality Has Remained Essentially the Same

15.8%

Information / Data Quality Has Worsened

Information / Data Quality Has Significantly Worsened

3.5%

0.0%

1.8%

Don’t Know

0%

April 21, 2010

10%

20%

30%

40%

50%

60%

70%

80%

96

Maturity Of Information / Data Governance Goal Setting And Measurement In Your Organisation 3.7%

5 - Optimised

11.8%

4 - Managed

26.7%

3 - Defined

2 - Repeatable

28.9%

1 - Ad-hoc

28.9%

0% April 21, 2010

5%

10%

15%

20%

25%

30%

35%

40%

45%

50% 97

Maturity Of Information / Data Governance Processes And Policies In Your Organisation 1.6%

5 - Optimised

4.8%

4 - Managed

24.5%

3 - Defined

46.3%

2 - Repeatable

22.9%

1 - Ad-hoc

0% April 21, 2010

5%

10%

15%

20%

25%

30%

35%

40%

45%

50% 98

Maturity Of Responsibility And Accountability For Information / Data Governance Among Employees In Your Organisation 6.9%

5 - Optimised

3.2%

4 - Managed

31.7%

3 - Defined

25.4%

2 - Repeatable

32.8%

1 - Ad-hoc

0% April 21, 2010

5%

10%

15%

20%

25%

30%

35%

40%

45%

50% 99

Average Per Record Cost of a Data Breach 2005 – 2009 USD $250

$200

$150

$197

$202

$204

2007

2008

2009

$182 $138

$100

$50

$0 2005

April 21, 2010

2006

100

Average Organisational Cost of a Data Breach 2005 – 2009 USD $8,000,000 $7,000,000

$6,355,132

$6,655,758

$6,751,451

2008

2009

$6,000,000 $5,000,000

$4,514,429

$4,787,637

$4,000,000 $3,000,000 $2,000,000 $1,000,000 $0 2005

April 21, 2010

2006

2007

101

More Information Alan McSweeney [email protected]

April 21, 2010

102

View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF