Data Governance: Keystone of Information Management Initiatives

Document Sample
Data Governance: Keystone of Information Management Initiatives Powered By Docstoc
					Data Governance: Keystone
of Information Management

Alan McSweeney

•   To provide an overview of the importance and relevance
    of data governance as part of an information management

    April 21, 2010                                            2

•   Data Management Issues
•   Data Governance and Data Management Frameworks
•   Approach to Data Governance
•   State of Information and Data Governance

    April 21, 2010                                   3
Data Governance

•   Provides an operating discipline for managing data and information as a key
    enterprise asset
•   Includes organisation, processes and tools for establishing and exercising decision
    rights regarding valuation and management of data
•   Elements of data governance
      −    Decision making authority
      −    Compliance
      −    Policies and standards
      −    Data inventories
      −    Full lifecycle management
      −    Content management
      −    Records management,
      −    Preservation and disposal
      −    Data quality
      −    Data classification
      −    Data security and access
      −    Data risk management
      −    Data valuation

    April 21, 2010                                                                        4
Data Management Issues

•   Discovery - cannot find the right information
•   Integration - cannot manipulate and combine information
•   Insight - cannot extract value and knowledge from
•   Dissemination - cannot consume information
•   Management – cannot manage and control information
    volumes and growth

    April 21, 2010                                            5
Data Management Problems – User View

•   Managing Storage Equipment
•   Application Recoveries / Backup Retention
•   Vendor Management
•   Power Management
•   Regulatory Compliance
•   Lack of Integrated Tools
•   Dealing with Performance Problems
•   Data Mobility
•   Archiving and Archive Management
•   Storage Provisioning
•   Managing Complexity
•   Managing Costs
•   Backup Administration and Management
•   Proper Capacity Forecasting and Storage Reporting
•   Managing Storage Growth
    April 21, 2010                                      6
Information Management Challenges

•   Explosive Data Growth
      − Value and volume of data is overwhelming
      − More data is see as critical
      − Annual rate of 50+% percent
•   Compliance Requirements
      − Compliance with stringent regulatory requirements and audit
•   Fragmented Storage Environment
      − Lack of enterprise-wide hardware and software data storage
        strategy and discipline
•   Budgets
      − Frozen or being cut

    April 21, 2010                                                    7
Information Management Issues

•   52% of users don’t have confidence in their information
•   59% of managers miss information they should have used
•   42% of managers use wrong information at least once a
•   75% of CIOs believe they can strengthen their competitive
    advantage by better using and managing enterprise data
•   78% of CIOs want to improve the way they use and
    manage their data
•   Only 15% of CIOs believe that their data is currently
    comprehensively well managed
    April 21, 2010                                              8
Data Quality

•   Poor data quality costs real money
•   Process efficiency is negatively impacted by poor data
•   Full potential benefits of new systems not be realised
    because of poor data quality
•   Decision making is negatively affected by poor data quality

    April 21, 2010                                                9

                                                            •   Information in all its forms –
                                                                input, processed, outputs – is a
                           Applications                         core component of any IT
                                                            •   Applications exist to process
                                                                data supplied by users and
                                                                other applications
 Processes                                    Information
                                                            •   Data breathes life into
                           IT Systems
                                                            •   Data is stored and managed by
                                                                infrastructure – hardware and
                                                            •   Data is a key organisation asset
                                                                with a substantial value
                  People              Infrastructure        •   Significant responsibilities are
                                                                imposed on organisations in
                                                                managing data

 April 21, 2010                                                                                    10
Data, Information and Knowledge

•   Data is the representation of facts as text, numbers, graphics,
    images, sound or video
•   Data is the raw material used to create information
•   Facts are captured, stored, and expressed as data
•   Information is data in context
•   Without context, data is meaningless - we create meaningful
    information by interpreting the context around data
•   Knowledge is information in perspective, integrated into a viewpoint
    based on the recognition and interpretation of patterns, such as
    trends, formed with other information and experience
•   Knowledge is about understanding the significance of information
•   Knowledge enables effective action

    April 21, 2010                                                         11
Data, Information, Knowledge and Action

 Knowledge                                Action


 April 21, 2010                                    12
Information is an Organisation Asset

•   Tangible organisation assets are seen as having a value and are
    managed and controlled using inventory and asset management
    systems and procedures
•   Data, because it is less tangible, is less widely perceived as a real
    asset, assigned a real value and managed as if it had a value
•   High quality, accurate and available information is a pre-requisite to
    effective operation of any organisation
•   Information is a high-value asset of any enterprise
•   What do you do when you have something valuable
      − Retain it
      − Protect it
      − Manage it

    April 21, 2010                                                           13
Data Management and Project Success

•   Data is fundamental to the effective and efficient
    operation of any solution
      − Right data
      − Right time
      − Right tools and facilities
•   Without data the solution has no purpose
•   Data is too often overlooked in projects
•   Project managers frequently do not appreciate the
    complexity of data issues

    April 21, 2010                                       14
Generalised Information Management Lifecycle

 Enter, Create, Acquire,                                    •    Generalised lifecycle that
Derive, Update, Capture
                                                                 differs for specific
                                                                 information types
                         Store, Manage,                 M
                     Replicate and Distribute              ag
                                          Protect and Recover                               mi
                                                                                                 n is
                                                                                                     t er

•   Design, define and implement
    framework to manage                                          Archive and Recall
    information through this

    April 21, 2010                                                                                                          15
Generalised Information Management Lifecycle

•   Need to implement management frameworks and
    associated solutions to automate the information lifecycle

                     Data Governance

                                       Data Architecture to
                                        Implement Data

                                                         Data Infrastructure to
                                                           Implement Data

                                                                                  Data Operations to
                                                                                    Manage Data
    April 21, 2010                                                                                     16
Expanded Generalised Information Management
    Plan, Design and
                         Implement                               sig
                         Underlying                                  n,
                       Infrastructure                                        ple
                                                                                 m   en
                                         Enter, Create,                                   t, M
                                        Acquire, Derive,                                      an
                                        Update, Capture                                           e,
                                                           Store, Manage,                                   ro
                                                            Replicate and                                             nd
                                                             Distribute                                                    Ad
                                                                                                                                   ni   ste
•   Include phases for information                                            Protect and Recover
    management lifecycle design
    and implementation of                                                                               Archive and Recall
    appropriate hardware and
    software to actualise lifecycle

    April 21, 2010                                                                                                                                      17
Objectives of Implementing Solutions to Deliver
Generalised Information Management Lifecycle
•   Establish effective policies for lifecycle enterprise information management to
    control data growth and lower information management costs
•   Meet service level goals to ensure the timely completion of key business
    processes for mission-critical applications
•   Support appropriate data retention compliance initiatives and mitigate risk for
    compliance, audits and legal discovery requests
•   Support appropriate data retention compliance requirements and mitigate risk for
    compliance, audits and legal discovery requests that keep historical transaction
    records accessible until legal retention periods expire
•   Implement scalable archiving strategies that easily adapt to ongoing business
•   Improve application portfolio management to decommission redundant
    applications and simplify the IT infrastructure
•   Manage application information growth and its impact on service levels,
    operational costs and risks as well as storage requirements
•   Manage data quality, consistency, security, privacy and accuracy

    April 21, 2010                                                                     18
Data and Information Management

•   Data and information management is a business process
    consisting of the planning and execution of policies,
    practices, and projects that acquire, control, protect,
    deliver, and enhance the value of data and information

    April 21, 2010                                            19
Data and Information Management

                        To manage and utilise information as a strategic asset

                   To implement processes, policies, infrastructure and solutions to
                           govern, protect, maintain and use information

                   To make relevant and correct information available in all business
                  processes and IT systems for the right people in the right context at
                     the right time with the appropriate security and with the right

                      To exploit information in business decisions, processes and

 April 21, 2010                                                                           20
Data Management Goals

•   Primary goals
      − To understand the information needs of the enterprise and all its
      − To capture, store, protect, and ensure the integrity of data assets
      − To continually improve the quality of data and information,
        including accuracy, integrity, integration, relevance and
        usefulness of data
      − To ensure privacy and confidentiality, and to prevent
        unauthorised inappropriate use of data and information
      − To maximise the effective use and value of data and information

    April 21, 2010                                                            21
Data Management Goals

•   Secondary goals
      − To control the cost of data management
      − To promote a wider and deeper understanding of the value of
        data assets
      − To manage information consistently across the enterprise
      − To align data management efforts and technology with business

    April 21, 2010                                                      22
Triggers for Data Management Initiative

•   When an enterprise is about to undertake architectural
    transformation, data management issues need to be
    understood and addressed
•   Structured and comprehensive approach to data
    management enables the effective use of data to take
    advantage of its competitive advantages

    April 21, 2010                                           23
Data Management Principles

•   Data and information are valuable enterprise assets
•   Manage data and information carefully, like any other
    asset, by ensuring adequate quality, security, integrity,
    protection, availability, understanding and effective use
•   Share responsibility for data management between
    business data owners and IT data management
•   Data management is a business function and a set of
    related disciplines

    April 21, 2010                                              24
Organisation Data Management Function

•   Business function of planning for, controlling and
    delivering data and information assets
•   Development, execution, and supervision of plans,
    policies, programs, projects, processes, practices and
    procedures that control, protect, deliver, and enhance the
    value of data and information assets
•   Scope of the data management function and the scale of
    its implementation vary widely with the size, means, and
    experience of organisations
•   Role of data management remains the same across
    organisations even though implementation differs widely
    April 21, 2010                                               25
Scope of Complete Data Management Function
                                     Metadata         Data
                         Data       Management     Governance
                     and Business
                     Intelligence                                     Data
                     Management                                   Development


                                                                  Reference and
                                                                   Master Data

                                        Data       Document and
                                    Architecture      Content
                                    Management     Management

 April 21, 2010                                                                     26
Data Governance

•   Capstone of
                                           Data Governance
                                       Database Architecture Management

                            Data Warehousing and Business Intelligence Management

                       Data Quality Management                 Metadata Management

                      Data Security Management                      Data Development

                     Data Operations         Reference and Master       Document and Content
                      Management              Data Management               Management

    April 21, 2010                                                                             27
Objectives of Data Governance

•   Guide information management decision-making
•   Ensure information is consistently defined and well
•   Increase the use and trust of data as an organisation asset
•   Improve consistency of projects across the organisation
•   Ensure regulatory compliance
•   Eliminate data risks

    April 21, 2010                                                28
Shared Role Between Business and IT

•   Data management is a shared responsibility between data
    management professionals within IT and the business data
    owners representing the interests of data producers and
    information consumers
•   Business data ownership is the concerned with
    accountability for business responsibilities in data
•   Business data owners are data subject matter experts
•   Represent the data interests of the business and take
    responsibility for the quality and use of data

    April 21, 2010                                             29
Why Develop and Implement a Data Management
•   Improve organisation data management efficiency
•   Deliver better service to business
•   Improve cost-effectiveness of data management
•   Match the requirements of the business to the management of the
•   Embed handling of compliance and regulatory rules into data
    management framework
•   Achieve consistency in data management across systems and
•   Enable growth and change more easily
•   Reduce data management and administration effort and cost
•   Assist in the selection and implementation of appropriate data
    management solutions
•   Implement a technology-independent data architecture
    April 21, 2010                                                    30
Data Governance and Data Management

 April 21, 2010                       31
Data Governance and Data Management
•   DMBOK - Data Management Book of Knowledge
•   TOGAF - The Open Group Architecture Framework
•   COBIT - Control Objectives for Information and related

    April 21, 2010                                           32
                             Can be a                              DMBOK Is a Specific and
                           Precursor to                             Comprehensive Data
                          Implementing                              Oriented Framework
                          Management        DMBOK Provides Detailed
                                                for Definition,
                                              Implementation and
TOGAF Defines the Process                      Operation of Data
    for Creating a Data                    Management and Utilisation
 Architecture as Part of an
     Overall Enterprise
                                                                  Can Provide a Maturity
                                                                   Model for Assessing
                                                                    Data Management

                                          COBIT Provides Data
                                          Governance as Part of
                                          Overall IT Governance

 April 21, 2010                                                                              33
DMBOK, TOGAF and COBIT – Scope and Overlap
                                              Data Development
                                        Data Operations Management
                                   Reference and Master Data Management
                            Data Warehousing and Business Intelligence Management
              TOGAF                  Document and Content Management
                                           Metadata Management
                                          Data Quality Management

                      Data Architecture Management
                            Data Management
                              Data Migration

                                                      Data Security                 COBIT

 April 21, 2010                                                                             34
Data Management Book of Knowledge (DMBOK)

•   DMBOK is a generalised and comprehensive framework for
    managing data across the entire lifecycle
•   Developed by DAMA (Data Management Association)
•   DMBOK provides a detailed framework to assist
    development and implementation of data management
    processes and procedures and ensures all requirements
    are addressed
•   Enables effective and appropriate data management
    across the organisation
•   Provides awareness and visibility of data management
    issues and requirements
    April 21, 2010                                           35
Data Management Book of Knowledge (DMBOK)

•   Not a solution to your data management needs
•   Framework and methodology for developing and
    implementing an appropriate solution
•   Generalised framework to be customised to meet specific
•   Provide a work breakdown structure for a data
    management project to allow the effort to be assessed
•   No magic bullet

    April 21, 2010                                            36
Data Management-Related Frameworks

•   TOGAF (and other enterprise architecture standards) define a
    process for arriving an at enterprise architecture definition, including
•   TOGAF has a phase relating to data architecture
•   TOGAF deals with high level
•   DMBOK translates high level into specific details
•   COBIT is concerned with IT governance and controls:
      − IT must implement internal controls around how it operates
      − The systems IT delivers to the business and the underlying business processes
        these systems actualise must be controlled – these are controls external to IT
      − To govern IT effectively, COBIT defines the activities and risks within IT that
        need to be managed
•   COBIT has a process relating to data management
•   Neither TOGAF nor COBIT are concerned with detailed data
    management design and implementation

    April 21, 2010                                                                        37
TOGAF and Data Management
                                                                     •    Phase C1 (subset of
                                                                          Phase C) relates to
                                   Phase A:
                                 Architecture                             defining a data
                    Phase H:
                                                   Phase B:
                                                                                 Phase C1:
     Phase G:                                                Phase C:
                                 Requirements              Information
                                 Management                  Systems
    Governance                                             Architecture
                                                                                   Phase C2:
                                                                                 Solutions and
                   Phase F:                        Phase D:                       Architecture
                   Migration                     Technology
                   Planning                      Architecture
                                   Phase E:
                                 and Solutions

 April 21, 2010                                                                                  38
TOGAF Phase C1: Information Systems Architectures
- Data Architecture - Objectives
•   Purpose is to define the major types and sources of data
    necessary to support the business, in a way that is:
      − Understandable by stakeholders
      − Complete and consistent
      − Stable
•   Define the data entities relevant to the enterprise
•   Not concerned with design of logical or physical storage
    systems or databases

    April 21, 2010                                             39
TOGAF Phase C1: Information Systems Architectures
- Data Architecture - Overview
                                                               Phase C1: Information Systems
                                                              Architectures - Data Architecture

   Approach Elements                                 Inputs                                          Steps                                   Outputs

                       Key Considerations for Data             Reference Materials External to the               Select Reference Models,
                              Architecture                                Enterprise                              Viewpoints, and Tools

                                                                                                             Develop Baseline Data Architecture
                        Architecture Repository                      Non-Architectural Inputs

                                                                                                             Develop Target Data Architecture
                                                                       Architectural Inputs

                                                                                                                   Perform Gap Analysis

                                                                                                               Define Roadmap Components

                                                                                                                Resolve Impacts Across the
                                                                                                                 Architecture Landscape

                                                                                                                Conduct Formal Stakeholder

                                                                                                               Finalise the Data Architecture

                                                                                                               Create Architecture Definition
 April 21, 2010                                                                                                                                        40
TOGAF Phase C1: Information Systems Architectures - Data
Architecture - Approach - Key Considerations for Data
•   Data Management
      − Important to understand and address data management issues
      − Structured and comprehensive approach to data management enables the
        effective use of data to capitalise on its competitive advantages
      − Clear definition of which application components in the landscape will serve as
        the system of record or reference for enterprise master data
      − Will there be an enterprise-wide standard that all application components,
        including software packages, need to adopt
      − Understand how data entities are utilised by business functions, processes, and
      − Understand how and where enterprise data entities are created, stored,
        transported, and reported
      − Level and complexity of data transformations required to support the
        information exchange needs between applications
      − Requirement for software in supporting data integration with external

    April 21, 2010                                                                        41
TOGAF Phase C1: Information Systems Architectures - Data
Architecture - Approach - Key Considerations for Data
•   Data Migration
      − Identify data migration requirements and also provide indicators
        as to the level of transformation for new/changed applications
      − Ensure target application has quality data when it is populated
      − Ensure enterprise-wide common data definition is established to
        support the transformation

    April 21, 2010                                                         42
TOGAF Phase C1: Information Systems Architectures - Data
Architecture - Approach - Key Considerations for Data
•   Data Governance
      − Ensures that the organisation has the necessary dimensions in
        place to enable the data transformation
      − Structure – ensures the organisation has the necessary structure
        and the standards bodies to manage data entity aspects of the
      − Management System - ensures the organisation has the
        necessary management system and data-related programs to
        manage the governance aspects of data entities throughout its
      − People - addresses what data-related skills and roles the
        organisation requires for the transformation

    April 21, 2010                                                         43
TOGAF Phase C1: Information Systems Architectures
- Data Architecture - Outputs
•   Refined and updated versions of the Architecture Vision phase deliverables
      − Statement of Architecture Work
      − Validated data principles, business goals, and business drivers
•   Draft Architecture Definition Document
      − Baseline Data Architecture
      − Target Data Architecture
              •      Business data model
              •      Logical data model
              •      Data management process models
              •      Data Entity/Business Function matrix
              •      Views corresponding to the selected viewpoints addressing key stakeholder concerns
      − Draft Architecture Requirements Specification
              •      Gap analysis results
              •      Data interoperability requirements
              •      Relevant technical requirements
              •      Constraints on the Technology Architecture about to be designed
              •      Updated business requirements
              •      Updated application requirements
      − Data Architecture components of an Architecture Roadmap
    April 21, 2010                                                                                        44
COBIT Structure

Plan and Organise (PO)                     Acquire and Implement (AI)                     Deliver and Support (DS)                    Monitor and Evaluate (ME)

                                                                                                             DS1 Define and manage service                ME1 Monitor and evaluate IT
                   PO1 Define a strategic IT plan             AI1 Identify automated solutions
                                                                                                                         levels                                 performance

                    PO2 Define the information                   AI2 Acquire and maintain                                                                  ME2 Monitor and evaluate
                                                                                                            DS2 Manage third-party services
                          architecture                             application software                                                                        internal control

                   PO3 Determine technological                   AI3 Acquire and maintain                    DS3 Manage performance and                      ME3 Ensure regulatory
                            direction                            technology infrastructure                            capacity                                    compliance

                    PO4 Define the IT processes,
                                                               AI4 Enable operation and use                  DS4 Ensure continuous service                 ME4 Provide IT governance
                   organisation and relationships

                  PO5 Manage the IT investment                    AI5 Procure IT resources                    DS5 Ensure systems security

                  PO6 Communicate management
                                                                    AI6 Manage changes                       DS6 Identify and allocate costs
                        aims and direction

                                                              AI7 Install and accredit solutions
                  PO7 Manage IT human resources                                                               DS7 Educate and train users
                                                                         and changes

                                                                                                              DS8 Manage service desk and
                          PO8 Manage quality

                  PO9 Assess and manage IT risks                                                             DS9 Manage the configuration

                         PO10 Manage projects                                                                   DS10 Manage problems

                                                                                                              DS11 Manage data
                                                                                                               DS12 Manage the physical

                                                                                                                DS13 Manage operations

 April 21, 2010                                                                                                                                                                      45
COBIT and Data Management

•   COBIT objective DS11 Manage Data within the Deliver and
    Support (DS) domain
•   Effective data management requires identification of data
•   Data management process includes establishing effective
    procedures to manage the media library, backup and
    recovery of data and proper disposal of media
•   Effective data management helps ensure the quality,
    timeliness and availability of business data

    April 21, 2010                                              46
COBIT and Data Management

•   Objective is the control over the IT process of managing data that
    meets the business requirement for IT of optimising the use of
    information and ensuring information is available as required
•   Focuses on maintaining the completeness, accuracy, availability and
    protection of data
•   Involves taking actions
      − Backing up data and testing restoration
      − Managing onsite and offsite storage of data
      − Securely disposing of data and equipment
•   Measured by
      − User satisfaction with availability of data
      − Percent of successful data restorations
      − Number of incidents where sensitive data were retrieved after media were
        disposed of

    April 21, 2010                                                                 47
COBIT Process DS11 Manage Data
•   DS11.1 Business Requirements for Data Management
      − Establish arrangements to ensure that source documents expected from the business are received, all data received from the
        business are processed, all output required by the business is prepared and delivered, and restart and reprocessing needs are
•   DS11.2 Storage and Retention Arrangements
      − Define and implement procedures for data storage and archival, so data remain accessible and usable
      − Procedures should consider retrieval requirements, cost-effectiveness, continued integrity and security requirements
      − Establish storage and retention arrangements to satisfy legal, regulatory and business requirements for documents, data, archives,
        programmes, reports and messages (incoming and outgoing) as well as the data (keys, certificates) used for their encryption and
•   DS11.3 Media Library Management System
      − Define and implement procedures to maintain an inventory of onsite media and ensure their usability and integrity
      − Procedures should provide for timely review and follow-up on any discrepancies noted
•   DS11.4 Disposal
      − Define and implement procedures to prevent access to sensitive data and software from equipment or media when they are
        disposed of or transferred to another use
      − Procedures should ensure that data marked as deleted or to be disposed cannot be retrieved.
•   DS11.5 Backup and Restoration
      − Define and implement procedures for backup and restoration of systems, data and documentation in line with business
        requirements and the continuity plan
      − Verify compliance with the backup procedures, and verify the ability to and time required for successful and complete restoration
      − Test backup media and the restoration process
•   DS11.6 Security Requirements for Data Management
      − Establish arrangements to identify and apply security requirements applicable to the receipt, processing, physical storage and
        output of data and sensitive messages
      − Includes physical records, data transmissions and any data stored offsite

    April 21, 2010                                                                                                                           48
COBIT Data Management Goals and Metrics
         Activity Goals                      Process Goals                           Activity Goals

•Backing up data and testing           •Maintain the completeness,             •Backing up data and testing
restoration                            accuracy, validity and                  restoration
•Managing onsite and offsite           accessibility of stored data            •Managing onsite and offsite
storage of data                        •Secure data during disposal            storage of data
•Securely disposing of data            of media                                •Securely disposing of data
and equipment                          •Effectively manage storage             and equipment

       Are Measured                         Are Measured                            Are Measured
            By                 Drive             By                    Drive             By

      Key Performance                      Process Key Goal                      IT Key Goal Indicators
         Indicators                           Indicators
                                       •% of successful data                   •Occurrences of inability to
                                       restorations                            recover data critical to
•Frequency of testing of               •# of incidents where                   business process
backup media                           sensitive data were retrieved           •User satisfaction with
•Average time for data                 after media were disposed of            availability of data
restoration                            •# of down time or data                 •Incidents of noncompliance
                                       integrity incidents caused by           with laws due to storage
                                       insufficient storage capacity           management issues

 April 21, 2010                                                                                               49
Approach to Data Governance

 April 21, 2010               50
Data Governance

•   Core function of Data Management
•   Interacts with and influences each of the surrounding ten data
    management functions
•   Data governance is the exercise of authority and control (planning,
    monitoring, and enforcement) over the management of data assets
•   Data governance function guides how all other data management
    functions are performed
•   High-level, executive data stewardship
•   Data governance is not the same thing as IT governance
•   Data governance is focused exclusively on the management of data

    April 21, 2010                                                        51
Data Governance

•   Shared decision making is the hallmark of data governance
•   Requires working across organisational and system boundaries
•   Some decisions are primarily business decisions made with input and guidance from IT
•   Other decisions are primarily technical decisions made with input and guidance from
    business data stewards at all levels
             Decisions Made                                            Decisions Made
               by Business                                                  by IT
              Management                                                Management

          Business Operating    Enterprise Information   Information Management   Database Architecture
                Model                   Model                    Strategy

               IT Leadership     Information Needs       Information Management     Data Integration
                                                                  Policies           Architecture

          Capital Investments        Information         Information Management    Data Warehousing
                                    Specifications              Standards            Architecture
           Research and         Quality Requirements     Information Management   Metadata Architecture
        Development Funding                                       Metrics

      Data Governance Model        Issue Resolution      Information Management    Technical Metadata
    April 21, 2010                                                                                        52
Data Governance

•   Data governance is accomplished most effectively as an
    on-going program and a continual improvement process
•   Every effective data governance program is unique, taking
    into account distinctive organisational and cultural issues,
    and the immediate data management challenges and
•   Data governance is not the same thing as IT governance

    April 21, 2010                                                 53
Data Governance and IT Governance

•   IT Governance makes decisions about       •   Data Governance is focused
      − IT investments                            exclusively on the management of
      − IT application portfolio                  data assets
      − IT project portfolio                  •   Data Governance is at the heart of
•   IT Governance aligns the IT strategies        managing data assets
    and investments with enterprise goals
    and strategies
•   COBIT (Control Objectives for
    Information and related Technology)
    provides standards for IT governance
      − Only a small portion of the COBIT
        framework addresses managing
•   Some critical issues, such as Sarbanes-
    Oxley compliance, span the concerns
    of corporate governance, IT
    governance, and data governance

    April 21, 2010                                                                     54
Data Governance – Definition and Goals

•   Definition
      − The exercise of authority and control (planning, monitoring, and
        enforcement) over the management of data assets
•   Goals
      − To define, approve, and communicate data strategies, policies,
        standards, architecture, procedures, and metrics
      − To track and enforce regulatory compliance and conformance to
        data policies, standards, architecture, and procedures
      − To sponsor, track, and oversee the delivery of data management
        projects and services
      − To manage and resolve data related issues
      − To understand and promote the value of data assets

    April 21, 2010                                                         55
Data Governance - Overview
                    Inputs                                     Primary Deliverables

•Business Goals                                          •Data Policies
•Business Strategies                                     •Data Standards
•IT Objectives                                           •Resolved Issues
•IT Strategies                                           •Data Management Projects and
•Data Needs                                              Services
•Data Issues                                             •Quality Data and Information
•Regulatory Requirements                                 •Recognised Data Value

                   Suppliers    Data Governance                     Consumers

•Business Executives                                     •Data Producers
•IT Executives                                           •Knowledge Workers
•Data Stewards                                           •Managers and Executives
•Regulatory Bodies                                       •Data Professionals

               Participants                 Tools                     Metrics

•Executive Data Stewards       •Intranet Website         •Data Value
•Coordinating Data Stewards    •E-Mail                   •Data Management Cost
•Business Data Stewards        •Metadata Tools           •Achievement of Objectives
•Data Professionals            •Metadata Repository      •# of Decisions Made
•DM Executive                  •Issue Management Tools   •Steward Representation / Coverage
•CIO                           •Data Governance KPI      •Data Professional Headcount
                               •Dashboard                •Data Management Process Maturity

  April 21, 2010                                                                              56
Data Governance Function, Activities and Sub-
                                        Data Governance

       Data Management Planning                                   Data Management Control

                            Understand Strategic Enterprise Data                    Supervise Data Professional Organisations
                                          Needs                                                     and Staff

                           Develop and Maintain the Data Strategy                     Coordinate Data Governance Activities

                            Establish Data Professional Roles and
                                                                                     Manage and Resolve Data Related Issues

                             Identify and Appoint Data Stewards                     Monitor and Ensure Regulatory Compliance

                                  Establish Data Governance and                       Monitor and Enforce Conformance with
                                    Stewardship Organisations                        Data Policies, Standards and Architecture

                             Develop and Approve Data Policies,                      Oversee Data Management Projects and
                                 Standards, and Procedures                                         Services

                                                                                     Communicate and Promote the Value of
                           Review and Approve Data Architecture
                                                                                                 Data Assets

                            Plan and Sponsor Data Management
                                   Projects and Services

                          Estimate Data Asset Value and Associated
 April 21, 2010                                                                                                                  57
Data Governance

•   Data governance is accomplished most effectively as an
    on-going program and a continual improvement process
•   Every data governance programme is unique, taking into
    account distinctive organisational and cultural issues, and
    the immediate data management challenges and
•   Data governance is at the core of managing data assets

    April 21, 2010                                                58
Data Governance - Possible Organisation Structure

                                                   Data Governance Structure

                         Organisation Data Governance

     Data Governance Office                       Data Management Executive

                         Business Unit Data Governance
                                                                               Data Technologists

                         Data Stewardship Committees

                              Data Stewardship Teams

 April 21, 2010                                                                                     59
Data Governance Shared Decision Making
      Business Decisions                 Shared Decision Making             IT Decisions

     Business Operating        Enterprise                    Information       Database
           Model           Information Model                 Management       Architecture
                           Information Needs                 Information    Data Integration
          IT Leadership                                      Management      Architecture
                                                              Enterprise   Data Warehousing
                              Information                    Information     and Business
    Capital Investments      Specifications                  Management       Intelligence
                                                              Standards      Architecture

         Research and                                         Enterprise
                                Quality                      Information       Metadata
         Development         Requirements                    Management       Architecture
           Funding                                             Metrics

      Data Governance       Issue Resolution                 Information   Technical Metadata
           Model                                             Management

 April 21, 2010                                                                                 60
Data Stewardship

•   Formal accountability for business responsibilities ensuring effective
    control and use of data assets
•   Data steward is a business leader and/or recognised subject matter
    expert designated as accountable for these responsibilities
•   Manage data assets on behalf of others and in the best interests of
    the organisation
•   Represent the data interests of all stakeholders, including but not
    limited to, the interests of their own functional departments and
•   Protects, manages, and leverages the data resources
•   Must take an enterprise perspective to ensure the quality and
    effective use of enterprise data

    April 21, 2010                                                           61
Data Stewardship - Roles

•   Executive Data Stewards – provide data governance and
    make of high-level data stewardship decisions
•   Coordinating Data Stewards - lead and represent teams of
    business data stewards in discussions across teams and
    with executive data stewards
•   Business Data Stewards - subject matter experts work
    with data management professionals on an ongoing basis
    to define and control data

    April 21, 2010                                             62
Data Stewardship Roles Across Data Management
Functions - 1
                            All Data Stewards            Executive Data Stewards   Coordinating Data           Business Data Stewards
Data Architecture           Review, validate, approve,   Review and approve the    Integrate specifications,   Define data requirements
Management                  maintain and refine data     enterprise data           resolving differences       specifications
                            architecture                 architecture
Data Development            Validate physical data                                                             Define data requirements
                            models and database                                                                and specifications
                            designs, participate in
                            database testing and
Data Operations                                                                                                Define requirements for
Management                                                                                                     data recovery, retention
                                                                                                               and performance
                                                                                                               Help identify, acquire, and
                                                                                                               control externally sourced
Data Security Management                                                                                       Provide security, privacy
                                                                                                               and confidentiality
                                                                                                               requirements, identify and
                                                                                                               resolve data security
                                                                                                               issues, assist in data
                                                                                                               security audits, and classify
                                                                                                               information confidentiality
Reference and Master Data                                                                                      Control the creation,
Management                                                                                                     update, and retirement of
                                                                                                               code values and other
                                                                                                               reference data, define
                                                                                                               master data management
                                                                                                               requirements, identify and
                                                                                                               help resolve issues

    April 21, 2010                                                                                                                             63
Data Stewardship Roles Across Data Management
Functions - 2
                          All Data Stewards            Executive Data Stewards   Coordinating Data   Business Data Stewards
Data Warehousing and                                                                                 Provide business
Business Intelligence                                                                                intelligence requirements
Management                                                                                           and management metrics,
                                                                                                     and they identify and help
                                                                                                     resolve business
                                                                                                     intelligence issues
Document and Content                                                                                 Define enterprise
Management                                                                                           taxonomies and resolve
                                                                                                     content management
Metadata Management       Create and maintain
                          business metadata (names,
                          meanings, business rules),
                          define metadata access
                          and integration needs and
                          use metadata to make
                          effective data stewardship
                          and governance decisions
Data Quality Management                                                                              Define data quality
                                                                                                     requirements and business
                                                                                                     rules, test application edits
                                                                                                     and validations, assist in
                                                                                                     the analysis, certification,
                                                                                                     and auditing of data
                                                                                                     quality, lead clean-up
                                                                                                     efforts, identify ways to
                                                                                                     solve causes of poor data
                                                                                                     quality, promote data
                                                                                                     quality awareness
   April 21, 2010                                                                                                                    64
Data Strategy

•   High-level course of action to achieve high-level goals
•   Data strategy is a data management program strategy a
    plan for maintaining and improving data quality, integrity,
    security and access
•   Address all data management functions relevant to the

    April 21, 2010                                                65
Elements of Data Strategy

•   Vision for data management
•   Summary business case for data management
•   Guiding principles, values, and management perspectives
•   Mission and long-term directional goals of data management
•   Management measures of data management success
•   Short-term data management programme objectives
•   Descriptions of data management roles and business units along
    with a summary of their responsibilities and decision rights
•   Descriptions of data management programme components and
•   Outline of the data management implementation roadmap
•   Scope boundaries
    April 21, 2010                                                   66
Data Strategy

                                     Data Management
                                     Programme Charter
      Data Management                                                    Data Management
       Scope Statement               Overall vision, business case,
                                       goals, guiding principles,         Implementation
                                      measures of success, critical          Roadmap
     Goals and objectives for a     success factors, recognised risks
 defined planning horizon and the
                                                                         Identifying specific programs,
      roles, organisations, and
                                                                        projects, task assignments, and
  individual leaders accountable
                                                                              delivery milestones
   for achieving these objectives

 April 21, 2010                                                                                           67
Data Policies

•   Statements of intent and fundamental rules governing the
    creation, acquisition, integrity, security, quality, and use of
    data and information
•   More fundamental, global, and business critical than data
•   Describe what to do and what not to do
•   Should be few data policies stated briefly and directly

    April 21, 2010                                                    68
Data Policies

•   Possible topics for data policies
      − Data modeling and other data development activities
      − Development and use of data architecture
      − Data quality expectations, roles, and responsibilities
      − Data security, including confidentiality classification policies,
        intellectual property policies, personal data privacy policies,
        general data access and usage policies, and data access by
        external parties
      − Database recovery and data retention
      − Access and use of externally sourced data
      − Sharing data internally and externally
      − Data warehousing and business intelligence
      − Unstructured data - electronic files and physical records

    April 21, 2010                                                          69
Data Architecture

•   Enterprise data model and other aspects of data
    architecture sponsored at the data governance level
•   Need to pay particular attention to the alignment of the
    enterprise data model with key business strategies,
    processes, business units and systems
•   Includes
      − Data technology architecture
      − Data integration architecture
      − Data warehousing and business intelligence architecture
      − Metadata architecture

    April 21, 2010                                                70
Data Standards and Procedures

•   Include naming standards, requirement specification
    standards, data modeling standards, database design
    standards, architecture standards and procedural
    standards for each data management function
•   Must be effectively communicated, monitored, enforced
    and periodically re-evaluated
•   Data management procedures are the methods,
    techniques, and steps followed to accomplish a specific
    activity or task

    April 21, 2010                                            71
Data Standards and Procedures

•   Possible topics for data standards and procedures
      − Data modeling and architecture standards, including data naming conventions,
        definition standards, standard domains, and standard abbreviations
      − Standard business and technical metadata to be captured, maintained, and
      − Data model management guidelines and procedures
      − Metadata integration and usage procedures
      − Standards for database recovery and business continuity, database
        performance, data retention, and external data acquisition
      − Data security standards and procedures
      − Reference data management control procedures
      − Match / merge and data cleansing standards and procedures
      − Business intelligence standards and procedures
      − Enterprise content management standards and procedures, including use of
        enterprise taxonomies, support for legal discovery and document and e-mail
        retention, electronic signatures, report formatting standards and report
        distribution approaches

    April 21, 2010                                                                     72
Regulatory Compliance

•   Most organisations are is impacted by government and
    industry regulations
•   Many of these regulations dictate how data and
    information is to be managed
•   Compliance is generally mandatory
•   Data governance guides the implementation of adequate
    controls to ensure, document, and monitor compliance
    with data-related regulations.

    April 21, 2010                                          73
Regulatory Compliance

•   Data governance needs to work the business to find the best
    answers to the following regulatory compliance questions
      −    How relevant is a regulation?
      −    Why is it important for us?
      −    How do we interpret it?
      −    What policies and procedures does it require?
      −    Do we comply now?
      −    How do we comply now?
      −    How should we comply in the future?
      −    What will it take?
      −    When will we comply?
      −    How do we demonstrate and prove compliance?
      −    How do we monitor compliance?
      −    How often do we review compliance?
      −    How do we identify and report non-compliance?
      −    How do we manage and rectify non-compliance?
    April 21, 2010                                                74
Issue Management

•   Data governance assists in identifying, managing, and resolving data
    related issues
      −    Data quality issues
      −    Data naming and definition conflicts
      −    Business rule conflicts and clarifications
      −    Data security, privacy, and confidentiality issues
      −    Regulatory non-compliance issues
      −    Non-conformance issues (policies, standards, architecture, and procedures)
      −    Conflicting policies, standards, architecture, and procedures
      −    Conflicting stakeholder interests in data and information
      −    Organisational and cultural change management issues
      −    Issues regarding data governance procedures and decision rights
      −    Negotiation and review of data sharing agreements

    April 21, 2010                                                                      75
Issue Management, Control and Escalation

•   Data governance implements issue controls and
      − Identifying, capturing, logging and updating issues
      − Tracking the status of issues
      − Documenting stakeholder viewpoints and resolution alternatives
      − Objective, neutral discussions where all viewpoints are heard
      − Escalating issues to higher levels of authority
      − Determining, documenting and communicating issue resolutions.

    April 21, 2010                                                       76
Data Management Projects

•   Data management roadmap sets out a course of action for
    initiating and/or improving data management functions
•   Consists of an assessment of current functions, definition
    of a target environment and target objectives and a
    transition plan outlining the steps required to reach these
    targets including an approach to organisational change
•   Every data management project should follow the project
    management standards of the organisation

    April 21, 2010                                                77
Data Asset Valuation

•   Data and information are truly assets because they have
    business value, tangible or intangible
•   Different approaches to estimating the value of data assets
•   Identify the direct and indirect business benefits derived
    from use of the data
•   Identify the cost of data loss, identifying the impacts of not
    having the current amount and quality level of data

    April 21, 2010                                                   78
State of Information and Data Governance

•   Information and Data Governance Report, April 2008
      − International Association for Information and Data Quality (IAIDQ)
      − University of Arkansas at Little Rock, Information Quality Program
•   Ponemon Institute 2009 Annual Study Cost of a Data

    April 21, 2010                                                           79
Terms Used by Organisations to Describe the
Activities Associated with Governing Data
                    Data Management                                                           62.7%

                      Data Governance                                                 55.4%

                     Data Stewardship                                         46.6%

          Information Management                                            43.6%

            Information Governance                      17.2%

                        Data Resource

           Information Stew ardship             10.3%

                  Information Resource

                                Other               13.7%

                                         0%   10%       20%     30%   40%      50%      60%       70%

 April 21, 2010                                                                                         80
Your Organisation Recognises and Values Information as a
Strategic Asset and Manages it Accordingly

             Strongly Disagree          3.4%

                       Disagree                             21.5%

                        Neutral                      17.1%

                          Agree                                            39.5%

                  Strongly Agree                      18.5%

                                   0%          10%    20%           30%   40%      50%

 April 21, 2010                                                                          81
Direction of Change in the Results and Effectiveness of the
Organisation's Formal or Informal Information/Data
Governance Processes Over the Past Two Years

      Results and Effectiveness Have Significantly

          Results and Effectiveness Have Improved                                          50.0%

         Results and Effectiveness Have Remained
                   Essentially the Same

         Results and Effectiveness Have Worsened          3.9%

      Results and Effectiveness Have Significantly

                                      Don’t Know           5.4%

                                                     0%      10%     20%   30%      40%   50%   60%   70%

 April 21, 2010                                                                                             82
Perceived Effectiveness of the Organisation's Current
Formal or Informal Information/Data Governance Processes

          Excellent (All Goals are

            Good (Most Goals are

      OK (Some Goals are Met)                                                      51.5%

      Poor (Few Goals are Met)                          19.1%

        Very Poor (No Goals are

                     Don’t Know           2.0%

                                     0%          10%   20%       30%   40%   50%           60%   70%

 April 21, 2010                                                                                        83
Actual Information/Data Governance Effectiveness
vs. Organisation's Perception

      It is Better Than Most
            People Think

      It is the Same as Most
            People Think

      It is Worse Than Most
            People Think

                  Don’t Know                   11.8%

                               0%   5%   10%    15%    20%   25%   30%    35%    40%   45%   50%

 April 21, 2010                                                                                    84
Current Status of Organisation's Information/Data
Governance Initiatives
       Started an Information/Data Governance Initiative, but
                       Discontinued the Effort
           Considered a Focused Information/Data Governance
                     Effort but Abandoned the Idea

                  None Being Considered - Keeping the Status Quo                        7.4%

                             Exploring, Still Seeking to Learn More                                        20.1%

            Evaluating Alternative Frameworks and Information
                          Governance Structures

                                 Now Planning an Implementation                                  13.2%

                      First Iteration Implemented the Past 2 Years                                       19.1%

                    First Interation"in Place for More Than 2 Years                       8.8%

                                                       Don’t Know                      6.4%

                                                                      0%          5%     10%     15%     20%     25%     30%

 April 21, 2010                                                                                                                85
Expected Changes in Organisation's Information/Data
Governance Efforts Over the Next Two Years

        Will Increase Significantly                                               46.6%

           Will Increase Somewhat                                         39.2%

              Will Remain the Same                   10.8%

         Will Decrease Somewhat            1.0%

       Will Decrease Significantly     0.5%

                       Don’t Know           2.0%

                                      0%           10%       20%   30%   40%       50%    60%
 April 21, 2010                                                                                 86
Focus of Information / Data Governance Efforts
                               Customers                                                                  70.2%

                                Financials                                                      57.6%

                  Products and Production                                               46.6%

                                 Services                                            41.9%

                                    Sales                                     35.6%

                               Employees                                  31.4%

      Supply Chain, Vendors, Suppliers                             25.1%

                        Items / Materials                       20.4%

                  Equipment and Facilities                16.2%

                             Maintenance                13.1%

       Environment, Health and Safety               10.5%

                                    Other          9.5%

                                             0%   10%       20%         30%    40%      50%     60%     70%       80%

 April 21, 2010                                                                                                         87
Overall Objectives of Information / Data Governance
                                                Improve Data Quality                                            80.2%

                    Establish Clear Decision Rules and Decisionmaking
                                 Processes for Shared Data

                                    Increase the Value of Data Assets                                59.4%

                           Provide Mechanism to Resolve Data Issues                                 56.8%

                  Involve Non-IT Personnel in Data Decisions IT Should
                                   not Make by Itself
                  Promote Interdependencies and Synergies Between
                            Departments or Business Units

                           Enable Joint Accountability for Shared Data                      45.3%

                  Involve IT in Data Decisions non-IT Personnel Should
                                 not Make by Themselves

                                                                Other       5.2%

                                                     None Applicable      1.0%

                                                          Don't Know       2.6%

                                                                         0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100
 April 21, 2010                                                                                                         88
Primary Activities of Organisation's Information /
Data Governance Efforts
                                             Standardise Data Definitions Across The Organisation                                                                          70.5%

       Provide Common Information Strategies, Processes, Policies, And Standards On Behalf Of The

                                     Support Data Warehouse And Business Intelligence Initiatives                                                          58.4%

                           Define And Standardise Common Business Rules Across The Organisation                                                       53.7%

                                    Select And Charter Specific Data Quality Improvement Projects                                                  49.5%

  Provide Oversight And Enforcement Of Data Standards On Every Project That Involves Information
                                    Systems And Technology

      Establish A Common Vocabulary And Culture Around The Deployment Of Data That Ensures Its
                                 Privacy, Compliance, And Security
      Support The Access And Use Of Common Corporate Data Through A Focus On Architecture And

                                   Support The Development Of An Enterprise Logical Data Model                                             43.7%

                                             Guide The Management Of Master Or Reference Data                                             42.6%

   Support Information Management Problem-Solving And Decision-Making And Providing Processes
                                    For Strategic Alignment.

                                                                   Manage Information Products                              27.9%

                                                          Measure The Costs Of Low Quality Data                          25.3%

                                                          Measure The Value Of High Quality Data                        23.2%

                                              Implement Internal Information Chain Management                  13.2%

                                                  Implement External Data Supplier Management             10.0%

                                                    Implement Information Product Management              10.0%

                                                                                           Other          10.0%

                                                                                                    0%   10%      20%      30%      40%       50%          60%           70%       80%

 April 21, 2010                                                                                                                                                                          89
Primary Drivers for Organisation's Information /
Data Governance Efforts
            General Desire To Improve The Quality Of Our Data                                                                                      65.6%

                       Data Warehousing / Business Intelligence                                                                            57.7%

                                               Compliance / Risk                                                                   46.6%

                                         Enterprise Architecture                                                     33.3%

                                   Information Security / Privacy                                                   32.3%

                       Master Data Management (MDM) Project                                                        31.2%

                              Applications / Systems Integration                                                 30.2%

                         Customer Data Integration (CDI) Project                                         25.9%

        Suffered Major Negative Impact From Bad Data Quality                                         22.2%

                     Service-Oriented Architecture (SOA) Project                               18.0%

                      Enterprise Resource Planning (ERP) Project                           16.4%

          Merger And Acquisition Planning Or Implementation                            12.7%

                  Product Information Management (PIM) Project                    10.1%

                               Reaction To Competitors' Activity         3.7%

                                                           Other                8.5%

                                                                    0%          10%            20%           30%             40%    50%    60%       70%   80%

 April 21, 2010                                                                                                                                                  90
Category of Tools Currently Used in Organisation
          Data Quality Analysis, Assessment Or
        Extract-Transform-Load (ETL) And Other
                 Data Integration Tools
     Data Modeling (Computer-Aided Software
       Data Matching And Reconciliation (Data

                      Data Quality Monitoring                                                             45.5%

                         Metadata Repository                                                             44.4%

            Data Remediation / Cleansing Tools                                                   39.0%

    Data Relationship Discovery And Mappings                                             28.9%

                               Workflow Tools                                        25.7%

                       Business Rules Engines                                20.3%

       Master Data Management (MDM) Tools                                  18.7%

         Customer Data Integration (CDI) Tools                     13.4%

       Product Information Management (PIM)

                         Rules Discovery Tools        4.3%

                                        Other           5.9%

                                                 0%          10%           20%          30%      40%             50%      60%      70%   80%

 April 21, 2010                                                                                                                                91
 Functional Area to Which the Leader of the Organisation's
 Information / Data Governance Effort Reports

              Information Technology                                                                                43.1%

Senior / Executive Management Team                                                              31.0%

                               Finance                                     17.2%

                      Compliance / Risk                       8.6%

         Operations / Manufacturing                           8.6%

                            Marketing                  5.2%

                            Purchasing         1.7%

                                  Legal        1.7%

                                 Other                        8.6%

                                          0%          5%      10%    15%      20%   25%   30%           35%   40%    45%    50%

     April 21, 2010                                                                                                         92
Number of Levels Between the Organisation's Most Senior
Leader and the Person Most Directly in Charge of the
Information / Data Governance Effort

           5 Levels or More                             12.3%

                    4 Levels                                    14.0%

                    3 Levels                                                            26.3%

                    2 Levels                                                  22.8%

                     1 Level                                    14.0%

They are the Same Person            3.5%

                  Don't Know               7.0%

                               0%     5%          10%           15%     20%       25%           30%

 April 21, 2010                                                                                 93
Membership of Senior Information / Data
Governance Body within an Organisation
      The Senior / Executive Management Team is the Top
             Information / Data Governance Body

                                   C-Level non-IT Executives                           26.8%

                                       C-Level IT Executives                           26.8%

                              Middle-Level non-IT Managers                                                      51.8%

                                  Middle-Level IT Managers                                       33.9%

                   Junior-Level non-IT Supervisors/Managers         7.1%

                      Junior-Level IT Supervisors / Managers               14.3%

My Organisation Does Not Have any Governance Body for
             Information and Data Assets

                                                               0%   10%      20%           30%      40%   50%           60%
  April 21, 2010                                                                                                        94
Relationship Between Information / Data
Governance and Data Quality Leadership
Information Governance and Data Quality Are Led by the Same

Information Governance and Data Quality Are Led by Different
          People Who Report to the Same Manager

Information Governance and Data Quality Are Led by Different
         People Who Report to Different Managers

  There is No Specific Individual in Charge of Our Data Quality

                                                        Other           8.8%

                                                                  0%   10%     20%      30%   40%     50%   60%

   April 21, 2010                                                                                             95
Change In Organisation's Information / Data Quality
Over the Past Two Years
                  Information / Data Quality
                  Has Significantly Improved

                  Information / Data Quality
                        Has Improved

                  Information / Data Quality
                   Has Remained Essentially                      15.8%
                          the Same

                  Information / Data Quality
                        Has Worsened

                  Information / Data Quality
                  Has Significantly Worsened

                                Don’t Know          1.8%

                                               0%          10%       20%   30%   40%   50%   60%   70%     80%

 April 21, 2010                                                                                                  96
Maturity Of Information / Data Governance Goal
Setting And Measurement In Your Organisation

                  5 - Optimised         3.7%

                    4 - Managed                      11.8%

                     3 - Defined                                         26.7%

                  2 - Repeatable                                            28.9%

                      1 - Ad-hoc                                            28.9%

                                   0%   5%     10%     15%   20%   25%     30%      35%   40%   45%   50%

 April 21, 2010                                                                                             97
Maturity Of Information / Data Governance
Processes And Policies In Your Organisation
                  5 - Optimised         1.6%

                    4 - Managed                4.8%

                     3 - Defined                                          24.5%

                  2 - Repeatable                                                                          46.3%

                      1 - Ad-hoc                                        22.9%

                                   0%      5%         10%   15%   20%   25%       30%   35%   40%   45%      50%

 April 21, 2010                                                                                                    98
Maturity Of Responsibility And Accountability For
Information / Data Governance Among Employees In Your
                  5 - Optimised                6.9%

                    4 - Managed         3.2%

                     3 - Defined                                               31.7%

                  2 - Repeatable                                     25.4%

                      1 - Ad-hoc                                                32.8%

                                   0%    5%      10%   15%   20%   25%   30%     35%    40%   45%   50%

 April 21, 2010                                                                                           99
Average Per Record Cost of a Data Breach 2005 –
2009 USD

                                $197   $202   $204
      $200               $182

      $150        $138



                  2005   2006   2007   2008   2009

 April 21, 2010                                      100
Average Organisational Cost of a Data Breach 2005 –
2009 USD

                                                              $6,655,758   $6,751,451
        $7,000,000                               $6,355,132
        $5,000,000     $4,514,429





                         2005         2006         2007         2008         2009

 April 21, 2010                                                                         101
More Information

           Alan McSweeney

 April 21, 2010                     102

Description: To provide an overview of the importance and relevance of data governance as part of an information management initiative