Abstract:There is so much written right now about data governance. Who needs data governance? In truth, some organizations (usually very small) do not need a robust data governance program. However, the rest of us do need to consider things like who is using the data, where is the data being used, and the accuracy of the data. Along with all those ‘data’ issues come business rules, data policies, and usage guidelines. Not the easiest endeavor – data governance!

The defi nition of Data Governance, and the steps required to achieve governance, has changed over the years. Organizations may have started with a step-wise approach that depended on only alignment of business and IT, but are now realizing that data governance is a lot more than just policy and procedures.

Actionable

By Joyce Norris-Montanari, Principal Architect CIBER’s Global Enterprise Integration Practice

Manish Sharma, Principal Consultant CIBER’s Global Enterprise Integration Practice

Data Governance

Talk is cheap, but can you really implement

a sustainable Data Governance Program ?

2 Actionable Data Governance

3 CIBER, Inc.

Data Governance

Definition

Everyone has a defi nition for data governance, and no good paper would start without one. CIBER defi nes data governance as the intersection of people, process, and technology using standards, policies, and guidelines to manage the corporation’s data, while bringing value to the organization.

Data Governance vs. Data Stewardship

Not to be confused with data stewardship, data governance deals with the implementation of the policies to ‘govern’ data usage, correctness, and validity. Data stewards make it happen day in and day out! Data stewards oversee the data, implement the aforementioned policies, and could be the subject matter experts (SMEs) in your organization.

Data Governance Maturity Model

– Everybody’s Got One!

Everyone seems to have a data governance maturity model that they use to tell organizations how they fare in the world of data governance. We would like to share with you our vision of data governance maturity. However, in this document, you will fi nd not only explanations surrounding people, process, technology, and value to the organization, but also what you need to do to get to the next level of maturity. Please understand that the climb to the top level of any maturity model is diffi cult, and sustaining the data governance program will prove to be a challenge.

4 Actionable Data Governance4 Actionable Data Governance

CIBER’s Data Governance

Maturity Model (Levels)

We have chosen four (4) levels of maturity for Data Governance. Each level is clearly defi ned by characteristics involving people, process, technology, and value to the organization. We have also included actions (steps) to take to get to the next level. As fi gure 1 shows, each level builds on the next level. No one can jump to the top automatically, there are actions that must be taken along the way!

Figure 1: CIBER Data Governance Maturity Model

Complexity and Value

Introductory

Usage

Adoption and Continuous Improvement

Data Management Chaos

Level of Effort

Value• Reactive• No reuse• Standards revisited every time

Technology• Tools not a part of the landscape• Policies and principles not applied• Tools without governance framework

Process• Ad Hoc• Some areas of Data Management not documented

People• Champions in Silos• No management buy-in• Applying domain specific knowledge

Acceptance

Communications

Value• Limited recognition of quality benefits• Reports emerge with measurable KPI on data quality• Business metadata is taking root

Technology• Quality tools are in use• Profiling is not mainstream• Minimal metadata in ETL tools

Process• Business rules start emerging• Data correctness is key• Process application is still siloed

People• Departmental Initiatives• Data quality group in place• No management buy- in

Value• Integrated metadata is becoming

pervasive• Reports appear with integrated metadata• Common view of KPIs is becoming

available

Technology• On - going monitoring is implemented• Real- time is partially implemented• ETL metadata is made available

Process• Enterprise integration is mainstream• Real- time governance is emerging• Metrics are measured most times

People• Data governance is strategic• Data stewards are cross enterprise• Business ownerships of data is key

Value• There is single view of the governance

process• Better decisions

Technology• Metadata is integrated from data modeling, database, ETL, profiling, data

quality, auditing , logging and usage• Dashboard or control center shows the

current state of data governance disciplines

• Metadata mining takes place to enhance future practices

Process• New policies are put into place to ensure correctness in the enterprise• Impact analysis on new initiatives is completed prior to coding

People• Data governance has executive participation and support• Data governance group works with the data stewards and the business users• Organization proactively manages its data governance policies

Incidental Reactive Preventive Proactive

5 CIBER, Inc. 5 CIBER, Inc.

ProcessThe introductory level of data governance has risks associated with every report that gets produced. No one really knows if the data is right across the silos, but they have data or what can be termed as ‘output’. There are no policies regarding how to use data, each report may have its own defi nition of the data – such as how to count revenue for the organization-- and the business rules around those metrics. No one really knows if the data is correct, and there is no standard way to address data quality. Data just gets reported the way it is meant to be reported within the silo. Usually there is no development methodology at this level other than ‘start programming’ or hero mentality, and certainly no data “awareness” or data stewardship.

TechnologyThis is a case of the cobbler’s children having no shoes. Usually, at this level of data governance, an organization has no data quality or profi ling tools. An ETL/ELT (Extraction, Transformation, and Load or Extraction, Load, and Transform) tool may exist, but is not exploited as part of any data architecture solution. It is certainly not deemed the prescribed tool to use for conversion or propagation into a data warehouse for business intelligence (BI). If the tools are not part of the solution, then metadata integration is not even

Level 1

– Introductory or Incidental

This is actually the base level of the maturity model for data governance. For the most part any data governance practices are not used extensively in the enterprise, but are more of a ‘closet’ effort. By ‘closet effort’ we mean only one or two people are considering any governance over the data used in a project.

PeopleThe people involved on the introductory level usually surround the competencies of one or two people to create successful application implementation. The people are the asset, and the key to success for level 1. There is usually no management ‘buy-in’ for data governance; in fact, upper management doesn’t even know they have data inconsistencies. There are no people to champion data quality initiatives or stewardship, except for the operational team that is responsible for the data, and their involvement is limited. People create data redundancies or silos across the organization, because they can get the application implemented sooner, and under direct control of the silo manager. People and data are both issues, because the viewpoint is narrow and focused on serving the silos!

6 Actionable Data Governance6 Actionable Data Governance

from management; without that it’s just another IT task.

Acquire data profi ling and data quality tools. Maybe just start with data profi ling this year, and add data quality next year. We can say from experience you will fi nd issues in the data, and you will want to fi x it. You will need to use the data quality tools or write the programs in your ETL/ELT tool.

Begin the effort to profi le and document all the source systems. Your organization is at the lowest level of maturity, so you probably have quite a few silos. Start the effort of integration with a plan to add profi ling into each project.

This might be the place to be! You can use the blank canvas to your advantage.

Things to do:

Get Management ‘Buy-In’

Look for tools to address data quality

Review the ETL/ELT process for intersecting with data profi ling

Look for data champions who understand the data

Evangelize the concept across business units

Make this an organizational issue – not an IT issue

Initiate a process to start understanding metadata

3.

4.

5.

1.

2.

3.

4.

5.

6.

7.

a thought at this level. This leads to problems with inconsistent defi nitions of common attributes, and lack of management of master data.

Value to the OrganizationThe organization that is at the introductory or incidental level of data governance maturity is usually in reactive mode, and prone to fi re fi ghting issues around data. They work on what is the highest priority today. There is usually no real process reuse or repeatability on any of the projects. Each time there is a new project, everything is usually recreated from scratch.

Actions to Get to the Next LevelIf you want to get to the next level of maturity in data governance, do the following:

Get management ‘buy-in’ based on assessing the benefi ts of compliance and integration. We suggest showing them their own dirty laundry (data), and look for a reaction! This usually gets their attention, especially the fi nancial people. Use data profi ling tools to help! Otherwise, write SQL.

Create a stewardship program to handle everyday issues about data. For instance, this could be an added task in the data management group. Or consider hiring another person to implement the tasks and develop and manage the procedures involved in a data stewardship program. See 1 above – it still requires ‘buy-in’

1.

2.

7 CIBER, Inc. 7 CIBER, Inc.

performance indicators (KPI) on the quality of the data. Management receives the reports, but is still not sure what to do with them.

Actions to Get to the Next LevelTo get from Acceptance to Usage and Analysis will require making profi ling and quality tools part of the day-to-day processes. Integration of the data is a big concern for management. We must now determine a path to compliance for the data. Funding of the data governance program or group is now a reality, and must take place. Now, we are not saying you need a group of 12 to do data governance. We suggest starting with a few good people (you may already have them), and management sponsorship. Stewardship must be understood, and implemented as a day-to-day process. Again, stewardship is a role, not necessarily a job. Most likely, stewards already exist in your organization. They know data!

Things to do:Start working at an inter-departmental level to educate about data governanceNormalize the understanding of KPIsEstablish metrics around data quality, correctness and validityDocument and use business metadata, using your data modeling toolUse data profi ling and data quality tools across a major part of data collection and dissemination

Level 3

– Usage and Analysis

(Preventive)

At level 3 we really start using the people, process, and technology together to bring value to the organization. An enterprise awareness of data governance is happening quickly and is on the minds of many people in the organization. PeopleExecutive level management starts to view data governance as strategic. Data stewards are now the mechanism to implement data quality and evangelize data discipline across the enterprise. We are a group of people across the organization with our priorities direct toward data quality, data correctness, and data integration. These people might even be organized

1.

2.3.

4.

5.

Level 2

– Acceptance or Reactive

Acceptance (Level 2) in the data governance maturity model has a few successes. It is truly an acceptance that the organization has got to change its practices to continue to be effective and effi cient, which usually means ‘buy-in’ from business and IT.

PeopleAt this level we have groups of people who fi nd success in their implementations. The success is probably found in an ERP or a BI implementation. A data quality group starts to emerge because they found all the dirty data during conversion of the ERP or BI implementation. There are still no real standards or procedures, but we are sure thinking about them. At this point we still do not have management ‘buy-in’ for corporate data governance, because they are not quite sure how to address the whole ball of wax. So management continues to avoid the issue.

ProcessAcceptance means we are starting to create business rules. The business rules live in our data models and ETL/ELT processes. We are not sure what to do with the business rules, but we know they are important. So, we collect the business rules, maybe even document them appropriately. Data quality and correctness becomes crucial for success of the organization. This is understood by all the data people in the organization, but data is still spread across the enterprise. The entire data problem is hard to work around, but we accept it, and continue. At this point the scale and vastness of the issue is apparent, but the solutions seem complex and overwhelming.

TechnologyAcceptance brings technology changes. Quality tools are used within the enterprise for customer relationship management (CRM) or ERP. Data profi ling is not accepted as a day-to-day practice, but is used prior to conversion of data in some projects. ETL/ELT tools exist, but the metadata capabilities are not used as part of the corporate metadata strategy.

Value to the OrganizationAcceptance by the workers still limits management recognition for the data quality achievements. Management is still not with us all the way. So, reports start emerging with measurable key

8 Actionable Data Governance8 Actionable Data Governance

into committees or working groups, because their outreach into the organization is increasing.

ProcessData integration is mainstream; it is understood that this has to happen for this organization to prosper. Data governance is included in ‘real-time’ data efforts, and included as tasks in those projects. Metrics are measured some of the time, and our shift is in the direction of prevention, not reaction. Some of the processes that are producing results at this stage are:

Data Architecture

Data Policies and Standards

Data Quality and Correction Plans

Metadata Management

Information Lifecycle Management

TechnologyWe got the tools! On-going monitoring, based on a few KPI, is conducted consistently. Real-time data governance is partially implemented, but not quite complete. A metadata strategy is started that takes advantage of the metadata in the profi ling/quality, ETL,

•

•

•

•

•

and data modeling tools. Some of this metadata is now available. Security, auditing, and usage of the metadata is recognized as useful, but not yet implemented.

Value to the OrganizationThe organization has integrated the metadata, but is not quite using all of it the way it could. Reports emerge with integrated metadata about data quality, data usage, and auditing information. The organization sees the nugget, but not the gold mine!

Actions to Get to the Next LevelTo get to the next level (Adoption and Continuous Improvement) takes a bigger effort with metadata. A complete corporate metadata strategy has to be created. This requires us to understand all the sources of metadata, and how they should integrate to be useful to the organization. A metadata strategy is easy to create, and hard to implement (much like Data Governance). A data governance dashboard that indicates the health of the organization should be considered. The team now needs to start looking at how to audit the systems, and what technology will help that effort. This is a step towards creating value through data and risk compliance.

9 CIBER, Inc. 9 CIBER, Inc.

Things to do:

Make data governance a part of the overall Enterprise Architecture governance landscape

Work on the integration of tools and processes that address data modeling, data movement, data management, data quality and data profi ling

Make sure operational, administrative and business metadata is used wherever applicable within the various processes

Look for a data czar to control the overall data, and choose that set of people from the business

Ensure KPIs are documented, accepted and now implemented consistently

Level 4

– Adoption and Continuous

Improvement (Proactive)

Nirvana! Or so you think! This is the highest level in the Data Governance Maturity Model for today. This is the vision that we have had all along this process, climbing from one level to the next.

PeopleData governance has executive participation, and support. The data governance group and data stewards work together to continually involve and educate the business users. The organization proactively manages their data governance policies as part of any project, and continues to be involved in the success of the organization. A clear indication that you have reached the top is when the business knows where to turn in case they have a question related to quality of data or its use, and does not necessarily mean tapping “Bob” on the shoulder.

ProcessNew policies are put into place to ensure correctness of the data for the enterprise. Impact analysis on new initiatives is completed before coding begins, to address who and how the data get used, correctness of the data, and business rules surrounding the data.

TechnologyMetadata is integrated from all products, including auditing and usage tools. The data governance dashboard shows the current state of all the data

1.

2.

3.

4.

5.

governance KPI in the organization. People now start to mine the metadata. Oh, the joy of analysis, and learning what you don’t know (or wanted to know)!

Value to the OrganizationData governance is viewed as a control center for the organization. The data, business rules, and policies are in place and continually monitored. Improvements are demonstrated based on the monitoring process, and fi ltered back into the data governance disciplines. There is defi nitely a better corporate understanding of the data, and the practices surrounding the corporate data. The organization sees that they are making better decisions.

Actions to Get to the Next LevelWhere do you go from the top? On-going monitoring will yield improvements for the organization. Mining the metadata will shed more insight into what the ‘future’ level of Data Governance will become. As with any continuous improvement process you will be better positioned to adjust to changes in demand or environment, because most (if not all) of what you do is documented.

Things you can still do:

Make data governance a part of the IT governance landscape

Ensure data governance has a seat at every touch point with data, which includes data modeling, data architecture, data management, metadata, data quality, data profi ling, data archiving and data analytics

Institute a review process for the governance program

Create and maintain a dashboard to display the activities and metrics around the data governance program

1.

2.

3.

4.

10 Actionable Data Governance10 Actionable Data Governance

Where to Start!

Some organizations have been doing parts of Data Governance for years. For example, if the organization has implemented master data management (MDM), BI, and/or customer data integration (CDI) solutions, some standards, policies, data defi nitions, and business rules around the data have already been created. By implementing those types of projects successfully, you have created parts of stewardship committees, business rules, and part of the entire corporate data policies. If you haven’t started, consider it during any master data management (MDM) or data integration initiative.

Summary

Data Governance does not happen overnight. In fact, it cannot happen within three months, and may take a few years! But what you can do is bite off a small piece and continue working toward the goal at Level 4 (Adoption, Continuous Improvement and Proactive). If every organization continues towards that goal, who knows, soon Data Governance may truly become another service in a service-oriented architecture (SOA).

References:

The 7 Stage of Highly Effective Data Governance: Advanced Methodologies for Implementation – Martha Dember, CIBER, Inc. 2006

Data Governance and Content Management Frameworks, CIBER, Inc. November, 2002

Alpha Males and Data Disasters – The Case for Data Governance, Gwen Thomas

The Importance of Data Governance and Stewardship in Enterprise Data Management, DataFlux, Ann Marie Smith – EWSolutions

IBM Data Governance Council Maturity Model: Building a roadmap for effective data governance, October 2007

The Data Governance Maturity Model, DataFlux Corporation, 2007

11 CIBER, Inc. 11 CIBER, Inc.

About the Authors

Joyce Norris-Montanari, CBIP, is a Principal Architect for CIBER’s Global Enterprise Integration Practice. Joyce assists clients with all aspects of architectural integration, business intelligence, and data management. She advises clients about technology, including tools like extract-transfer-load (ETL), profi ling, database, data quality, and metadata.

Joyce has managed and implemented integration, data warehouses and operational data stores in a variety of industries including education, pharmaceutical, restaurants, telecommunications, government, healthcare, fi nancial services, oil and gas, insurance, research and development, and retail.

Joyce speaks frequently at data warehouse conferences, and is a regular contributor to several trade publications, including DM Review. She co-authored Data Warehousing and E-Business (John Wiley & Sons, 2001) with W.H. Inmon and others. She is a member of the Boulder (CO) Brain Trust and is Program Director of the Denver branch of DAMA.

Joyce can be reached at jnorris-montanari@ciber.com.

Manish Sharma, Principal Consultant for CIBER’s Global Enterprise Integration Practice. Manish assists customers in all aspects of enterprise architecture, application integration and data architecture. Manish has worked on a number of data and application integration initiatives for clients in the public and private sector, with an emphasis on data in motion, canonical models and integration of information repositories. He has worked with organizations in public sector, health care, retail and software product development.

Manish can be reached at msharma@ciber.com.

Joyce Norris-MontanariPrincipal ArchitectGlobal Enterprise Integration Practice

Manish SharmaPrincipal ConsultantGlobal Enterprise Integration Practice

CIBER, Inc. (NYSE: CBR) is a pure-play international system integration consultancy with superior value-priced services and reliable delivery for both private and government sector clients. CIBER’s services are offered globally on a project- or strategic-staffi ng basis, in both custom and enterprise resource planning (ERP) package environments, and across all technology platforms, operating systems and infrastructures.

Founded in 1974 and headquartered in Greenwood Village, Colo., CIBER now serves client businesses from over 60 U.S. offi ces, 25 European offi ces and seven offi ces in Asia/Pacifi c. Operating in 18 countries, with more than 8,000 employees annual revenue over $1 billion, CIBER and its IT specialists continuously build and upgrade clients’ systems to “competitive advantage status.” CIBER is included in the Russell 2000 Index and the S&P Small Cap 600 Index.

CIBER, Inc. • 5251 DTC Parkway • Suite 1400 • Greenwood Village, CO 80111 • 800.242.3799

www.ciber.com

© 2008 CIBER, Inc. All rights reserved. CIBER and the CIBER logo are registered trademarks of CIBER, Inc.

CIBER stock is publicly traded under the symbol “CBR” on the NYSE.