Govern your data; manage your risk!
The principles established within the organisational strategy, policies, standards and applicable regulation, should cascade down to operational level. Those who are accountable – such as board members, directors, audit and risk committees – must have oversight and feedback channels to enable them to monitor and deliver on their responsibilities. These capabilities rely on key data points: so organisations should consider how regulated information is currently curated and what further information (and requisite structures) are required by regulation. This gap analysis also helps in assessing if there any immediate remediation priorities.
Implementing Information Governance relies heavily on data and data structures, at the most granular levels. This is difficult enough in the enterprise, let alone in relation to ecosystems which involve collaborating and sharing data and processes with partners and/or suppliers.
Conceptually, the organisation must understand and control what is happening to the data within that ecosystem: for instance, capturing information about when and what data leaves the ecosystem, under what conditions, and the intended recipient. This relies on having visibility of that information, and on capturing that data in the first place. This in turn relies on a corporate ontology that sets out the required information structures, led by data requirements.
We like the approach outlined by Paul Ballew, now Vice President and Global Chief Data & Analytics Officer, Ford Motor Company, which for us, summarises genuine best practice when it comes to information governance:
- “Defining your data standards, including the metrics for adhering to those standards.
- Ensuring data quality at the point of origin and at key checkpoints as data flows through your organisation’s systems and databases.
- Adopting a unique, persistent key that identifies each entity, such as a customer, and the corresponding data that relates to that entity.
- Establishing a nomenclature and taxonomy to identify, categorise and organise your data.
- Implementing a rigorous data maintenance strategy to update constantly changing information.”
From conversations with leading technologists in the US, we would add that you may also need to think of ‘unique persistence’ at more granular levels in order to govern the data itself. This is one of the key aspects of risk locked down by US asset management and financial services organisations where the origin, raw state, transformation and entire audit trail at datum level, is an essential part of the financial record.
And just in case you think governance is something of a distraction from core business, Bernard Marr points out:
“Companies should do what they can where they can to be transparent and help consumers understand what data they are collecting and for what purpose. The Big Data ecosystem is becoming increasingly complex with the Internet of Things and connected devices. Companies who are forthright and build trust will be increasingly important to their customers.”
Ethical business practice is good business. In the long term, your adoption of good information governance, will pay off.