ArticlePDF Available

The need for data governance: A case study

  • January 2007
Authors:
Lai Kuan Cheong at WesterhnPower
Lai Kuan Cheong
  • WesterhnPower
Vanessa Chang at Curtin University
Vanessa Chang
Download full-text PDF
Read full-text
Download citation

Abstract and Figures

Data governance is an emerging trend in enterprise information management. This paper explores the relationship between IT Governance and Data Governance. Sarbanes-Oxley (SOX) compliance requires accurate financial data and to achieve this IT controls are designed to ensure that data is correct and protected from unauthorised change. Data quality is measured by its accuracy, timeliness, relevance, completeness, trustworthiness and contextual definition. Good data quality requires effective data management. The research looks at the need for Data Governance to manage data effectively. This study examines a large organisation that has adopted an ad-hoc Data Governance model to manage its data. It was found that its data management efforts were hampered mainly by the lack of clear roles and responsibilities and the lack of mandate to carry out data quality improvement initiatives. In order to promote effective data management, this research identifies a Data Governance Structure and Framework with the emphasis on collaboration between business and IT to support organisations.
Figures - uploaded by Vanessa Chang
Author content
All figure content in this area was uploaded by Vanessa Chang
Content may be subject to copyright.
Content uploaded by Vanessa Chang
Author content
All content in this area was uploaded by Vanessa Chang
Content may be subject to copyright.
18th Australasian Conference on Information System The Need for Data Governance
5-7 Dec 2007, Toowoomba Cheong
999
The Need for Data Governance: A Case Study
Lai Kuan Cheong, Vanessa Chang
School of Information Systems
Curtin Business School
Curtin University of Technology
Western Australia, Australia
Email: lkcheong@yahoo.com; vanessa.chang@curtin.edu.au
Abstract
Data governance is an emerging trend in enterprise information management. This paper explores the
relationship between IT Governance and Data Governance. Sarbanes-Oxley (SOX) compliance requires
accurate financial data and to achieve this IT controls are designed to ensure that data is correct and protected
from unauthorised change. Data quality is measured by its accuracy, timeliness, relevance, completeness,
trustworthiness and contextual definition. Good data quality requires effective data management. The research
looks at the need for Data Governance to manage data effectively. This study examines a large organisation that
has adopted an ad-hoc Data Governance model to manage its data. It was found that its data management
efforts were hampered mainly by the lack of clear roles and responsibilities and the lack of mandate to carry out
data quality improvement initiatives. In order to promote effective data management, this research identifies a
Data Governance Structure and Framework with the emphasis on collaboration between business and IT to
support organisations.
Keywords
Data Governance, Data Quality, Data Management, Enterprise Information Management
Introduction
This paper presents a research into data governance and enterprise data management. The literature review on
enterprise information management highlights that a high percentage of organisations across the world are
engaged in the management of data as an enterprise asset (Newman, 2006). Recently in the USA, the downfall of
major public companies called for the introduction of controls to certify the accuracy and credibility of financial
reports. Senior executives are being held responsible for the accuracy of an organisation’s financial reports. Due
to the prevalent use of information technology (IT) systems today, it is imperative that controls are in place to
ensure the proper use of IT applications and to protect data from unauthorised change. Issues with managing data
emerged with the implementation of various data integration projects (for example, migrating data from legacy
system to Enterprise Resource Planning systems) (Clemmons & Simon, 2001), data warehousing projects
(Watson, Fuller & Ariyachandra, 2004) and business intelligence efforts (Matney and Larson, 2004).
The conclusion from various readings is that data can be managed more effectively and successfully through the
adoption of a data governance structure and framework. To validate this conclusion, a utility company was
selected in this study to determine the justification for formal data governance. The process of implementing a
data governance structure within the company is also examined in this study.
Literature Review
The management of data is important to many organisations as advances in IT enables organisations to capture
structured and unstructured data (Lee, 2000). The literature also revealed emerging issues related to management
of data and data quality. Wright (2006) stated that the confidence of the decision maker in the data is
characterised by the quality of the data. The viewpoint that data is a valuable resource has grown increasingly
prevalent among business and IT executives. Recognition of data as corporate assets imply that some form of
data governance would be beneficial for effective data management (Wright, 2006). Lee (2000) and Newman
(2005) identified similar issues relating to data management and enterprise information management (EIM).
Newman (2006) conducted a research in EIM programs and identified EIM governance scored the lowest
compared to all other types of EIM programs. Newman (2006) concluded that organisations need guidance to
incorporate EIM governance into their software development methodology. He also found that companies
surveyed in the US, UK and Europe are more aware of EIM governance than other companies in Asia Pacific.
His research shows that there is a lack of awareness of the importance of using logical data model during
18th Australasian Conference on Information System The Need for Data Governance
5-7 Dec 2007, Toowoomba Cheong
1000
initiation phase for scoping, assessing data quality, consulting data steward, records retention policies, and
saving, cataloguing and reusing project metadata. In another study by Newman (2005), he found that the
management of information is unfocused and undisciplined. He highlighted the following problems; (1) costly,
redundant and resource hungry integration projects, (2) data and information sources that are not rationalised,
and (3) inflexible system design that does not cater for changing business needs. The above observations were
accentuated by organisations moving towards service-oriented architecture (SOA). SOA is characterised by
decoupling of data, processes and applications that magnified the need for authoritative source of the information
(master data stores); information location, structure, context and usage (metadata management); semantic
reconciliation; profiling and ensuring data quality; data integration method (data exchange); and the ability to
encapsulate an information model to support various business processes (Newman, 2005).
The importance of Data Quality
According to Bair (2004), data quality can be defined by data type and domain, correctness and completeness,
uniqueness and referential integrity, consistency across all databases, freshness and timeliness, and business
rules conformance. In order to determine that the data is ‘fit for purpose’, like Bair, Olson (2003) defines 6 data
quality dimensions of accuracy, timeliness, relevance, completeness, understood and trusted.
Data quality is important to businesses in order to leverage IT initiatives such as data mining and warehousing
for business intelligence (Freidman, 2006). Olson (2003) associated poor data quality with the increase in cost
and the complexity of developing customer relationship management (CRM), supply chain management (SCM)
and enterprise resource planning (ERP) systems. The success of such IT investments depends a lot on the quality
of the source data. The saying ‘Garbage In, Garbage Out’ is most applicable in this situation. Wadehra (2006)
also emphasised the need to create the ‘single truth’ of the data in cases where data is stored in various disparate
databases. It is apparent that effective business intelligence leads to effective decision making (Friedman, 2006)
with a trajectory to increase productivity as a result of less rework (Olson, 2003). This will also allow for
regulatory compliance by providing complete, accurate and timely data.
The effectiveness of any IT initiatives depends on the quality of the data. The reports generated and decisions
made can only be as good as the quality of data. The issues surrounding data quality or the lack of quality are
compounded by the fact that (1) data is spread across disparate systems within an organisation, (2) data is
collected, maintained and used by various levels of an organisation, and (3) many system development
methodologies do not incorporate data quality assurance.
The abovementioned data quality issues can be addressed by having an effective master data management.
Effective master data management ensures good data quality through the use of a data governance program. Data
governance program gives data managers the mandate to manage the data quality as an enterprise asset (Russom,
2006).
IT Governance and Data Governance
In recent years, publicly traded American companies are required to comply with Sarbanes-Oxley (SOX) Act of
2002. This was enacted after the collapse of Enron in 2001. It requires executives of publicly traded companies
to be held personally responsible for the creditability of the financial reporting supplied to the shareholders.
Section 302 of SOX compliance is directly related to IT (Brown and Nasuti, 2005) as most businesses engage in
e-business. This requires IT infrastructure to be managed in a transparent, accountable manner and proof that
internal controls are in place to prevent fraudulent activities. SOX compliance had brought about the
introduction of Control Objectives for Information and Related Technology (COBIT) as the generally accepted
framework for IT auditors to assess SOX compliance. The financial reporting process in COBIT is based on an
internal control of the COSO framework (Hawkins, Alhajjaj & Kelley, 2003). COSO was introduced in 1992 by
the Committee of Sponsoring Organisations of the Treadway Commission, a management framework for
internal controls. Table 1 shows the relationship between data and the five components of internal control as
stipulated by the COSO framework (Marinos, 2004b).
It can be concluded that the success of the COBIT framework depends on the quality of the underlying corporate
data. This is supported by Marinos (2004b), who states that “data quality is the hidden assumption behind
COSO”. This shows that in addition to IT governance there is a need for data governance framework for
effective data management.
18th Australasian Conference on Information System The Need for Data Governance
5-7 Dec 2007, Toowoomba Cheong
1001
Table 1: The relationship between data and the five COSO framework internal control components
(adapted from Marinos, 2004b)
Components of Internal
Control (COSO) Importance of Corporate Data
Control environment Data quality must be an explicit priority as it acts as a foundational
platform for internal control where data management is a process and the
outcome is information quality.
Risk assessment The COSO framework requires risks to be identified in association with
the business ability to achieve pre-specified objectives. The quality of
data affects the extend of the identified risks associated with achieving
the pre-specified objectives.
Control Activities Data represent the means of control. Data need to be measured in order to
be managed. Control activities are procedures and policies which are
aligned with business objectives and for carrying out risk mitigation
strategies. These control activities produce reports from the corporate
data in order to measure the achievement of pre-specified objectives.
Information and
Communication It is data that enables reporting and action. Information needs to be
accessible, consistent, accurate and complete for effective communication
and decision making.
Monitoring Data either drives or compromises its effectiveness. The monitoring
process depends on accurate, timely and secure data. This is important for
measuring actual performance against acceptable operation ranges of a
specific activity.
Data Governance
In order to address data quality issues, Friedman (2006) recommends that organisations adopt a holistic
approach, focusing on “people, processes and technology” and organisations need to constantly quantify and
measure their data quality. This implies that in order to address data quality issues, data needs to be governed.
According to Thomas (2006), “data needs to be governed as it has neither will nor intent of its own. Tools and
people shape the data and tell it where to go. Therefore, data governance is the governance of people and
technology”.
There are various definitions of data governance. Cohen (2006) defines data governance as “the process by
which a company manages the quantity, consistency, usability, security and availability of data”. Newman and
Logan (2006) define data governance as “the collection of decision rights, processes, standards, policies and
technologies required to manage, maintain and exploit information as an enterprise resource”. Thomas (2006)
states that data governance “refers to the organisational bodies, rules, decision rights, and accountabilities of
people and information systems as they perform information-related processes”. She goes on to state “data
governance sets the rules of engagement that management will follow as the organisation uses data”.
In light of the above definitions, data governance is important because it defines policies and procedures to
ensure proactive and effective data management. The adoption of a data governance framework also enables
collaboration from various levels of the organisations to manage enterprise-wide data and it provides the ability
to align various data related programs with corporate objectives.
Who should drive the Data Governance Program?
Should IT or business drive the data governance program? Should IT governance incorporate the governance of
data as well? The COBIT framework incorporates financial reporting component from the COSO framework
(Hawkins, Alhajjaj & Kelley, 2003). This implies that data quality is important for preparing accurate financial
reporting. The Chief Executive Officers and Chief Financial Officers are held accountable over the credibility of
these financial reports. Therefore, it is the business’ responsibility to ensure that the data is correct, available,
reliable, and fit for purpose. IT is responsible for the infrastructure that holds, processes and reports on the data.
These infrastructures have to be built with capabilities for preventing data being used fraudulently.
However, this only relates to financial data. What about other business related data, such as, customer data,
supplier data, or spatial data? The quality of these data is also important for the business. Therefore it seems
logical that data governance program should be driven by the business as the business uses the data to make
decisions. Therefore, the business should control the data, determine who can access the data and the context that
it should be used (Thomas, 2005).
18th Australasian Conference on Information System The Need for Data Governance
5-7 Dec 2007, Toowoomba Cheong
1002
IT governance ensures that the IT infrastructure aligns with business objectives and utilised cost effectively
(Luftman, 2004). Therefore, the governance of IT infrastructure (the pipe) should be the responsibility of IT and
the data (the information that flows through the pipe) should be the business’ responsibility. This indicates that
there is a need for IT and business to work together (the need to build the pipe to carry the data) to align data and
IT initiatives (Dember, 2006). It is imperative that organisations realise the critical success factors of data
governance.
Data Governance Critical Success Factors
Critical success factors for data governance can be determined by addressing the top 10 corporate oversights
identified by Marinos (2004a). They are:
Accountability and strategic accountability. There is a need for executive leadership to drive data
governance process. Cohen (2006) and Thomas (2006) stress that in order to implement data
governance successfully, the roles and responsibilities for various people in the organisations who are
involved in the data governance process need to be clearly defined.
Standards. Definition of data standards is important as corporate data needs to be defined and made
sure that it is ‘fit for purpose’.
Managerial blindspot. There is a need for the alignment of data specific technology, process and
organisation bodies with business objectives.
Embracing complexity. Data stakeholders are the producers and consumers of data. The data
stakeholder management is complex as data could be collected, enriched, distributed, consumed and
maintained by different data stakeholders.
Cross divisional issue. The data governance structure must be designed in such a way that it includes
participation from all levels of the organisation to reconcile priorities, expedite conflict resolution and
encourage the support of data quality.
Metrics. Definition of outcome specific data quality metrics is important for measuring data
governance success.
Partnership. When an organisation shares data with other organisations (partner) there is a
requirement for its partner to be held accountable for its data quality so that the data management
efforts of both organisations are not undermined.
Choosing strategic points of control. Controls need to be put in place to determine where and when
quality of the data is to be assessed and addressed.
Compliance monitoring. Data management policies and procedures need to be assessed periodically
in order to ensure that the policies and procedures are being followed.
Training and awareness. Data stakeholders need to be aware of the value of data governance. The
importance of data quality and the benefits of quality data need to be communicated to all data
stakeholders in order to raise their awareness.
Research Methodology
A case study research strategy was the selected method for this study as it is the most commonly known
management information systems research strategy (Ives, et al, 1980). Case study is an appropriate tool as it
allows the researcher to carry out this study in a natural setting, learn about the actual process of managing data
and generate theories from practice. This also allows the researcher to answer the ‘how’ and the ‘what’ questions
in order to understand the nature and complexity of the processes taking place. This is an appropriate research
method for an area that had few previous researches (Benbasat, et al, 1987). This is particularly true as there is
little or no publication on data governance in Australia and as highlighted by Newman (2006), data governance
is an emerging topic that needs further development and research.
The chosen utility organisation (Company A) manages data from various disparate systems or sources, and the
data involves different line of business units from multiple users and stakeholders. The current user base is more
than 100 users and data quality is the priority concern for the organisation.
The data collected from interviews with the IT Managers and Data Management Managers were primarily
qualitative in nature. The interviews were recorded and later transcribed and analysed. The interview questions
were designed to ascertain the IT view of data-related issues and problems and the business view of data-related
18th Australasian Conference on Information System The Need for Data Governance
5-7 Dec 2007, Toowoomba Cheong
1003
issues and problems within the organisation. In addition, the study also investigated the resolution and mediation
methods that the organisation employed; and the deployment of such methods. Additional information was also
gathered from reviewing data management documentation of the organisation. The documentation review
provided insight into the style of data management, methodology used for developing and enhancing application
systems, and the interaction between IT and business.
The Organisation
Company A is a large utility organisation with complex data integration issues. This organisation provides
essential services to approximately 890,000 industrial, commercial and residential customers. Its main mission is
to provide reliable supply by maintaining the network and to restore the supply in the event when the supply was
interrupted. It is also responsible for building new network to meet the demands of existing and future
customers.
It employs more than 1,850 core staff with an asset base of nearly $3 billion. It operates in a regulated market so
to ensure quality of service and that its network is accessible to all service retailer and supplier. Through its
recent restructure, it had been charged with $2.23 million of investment to increase the network reliability by
25% over the next four years.
Company A operates within a regulatory environment which requires it to report to a government regulatory
authority. The government regulatory authority requires report such as maintenance plans and proof that the
organisation had performed its duties in maintaining public safety, ensuring reliable supply and efficient
management of its network infrastructure. The building and maintenance of the network infrastructure requires
the cooperation of several divisions, namely, the asset management division (sets the strategy for managing
network assets), field services (packaging of inspection and maintenance program) and works delivery (planning
and construction of new infrastructure).
The network stretches across the state for about 89,700 kilometres. The network consists of more than 950,000
assets. These assets need to be maintained regularly in order to ensure safe, reliable and efficient supply. The
asset data is located in an asset management application system (inspection result and condition of asset) which
it tightly coupled with a Geographical Information System (GIS). The GIS contains spatially related data of the
asset. It also shows the location and the connectivity of the assets graphically along with their connectivity
details. The spatial data needs to be accurate so that assets can be easily located and that network connectivity
maintains its integrity.
A few years ago, several incidents related to the lack of maintenance on network asset affected public safety and
reliability of supply. This resulted in an inspection of the conditions of the network assets. Data for these assets
need to be current and accurate so that a maintenance program can be planned efficiently. With this maintenance
program, the condition of the assets can be accurately determined and aging assets can be targeted for
replacement ensuring the reliability of the service network.
Company A is also in the process of migrating its asset related data from its legacy asset management systems to
Ellipse (an asset management module), an ERP and is also planning to replace its GIS with an off-the-shelf GIS.
The successful migration of these legacy systems depends largely upon the quality of the asset and spatial data.
Recently a dedicated Data Management area was created to manage asset data and its related information
systems for the Asset Management division. This area is responsible for ensuring data quality and providing
strategic direction for the asset related data initiatives. This area consists of 3 teams; the Data Management team
responsible for providing strategic and tactical direction on data related issues, conducting quality assurance and
data cleansing activities; the Data Services team whose responsibility involved entering data for asset related
application systems (distribution network), providing underground asset information to external parties
conducting trenching activities; and the GIS Strategist team, responsible for the strategic direction of any spatial
data related issues (for examples, positional accuracy, graphical representation of data).
The Study – Data Management Issues
This research focuses on the activities within the Data Management team. This team acts as data stewards as it
has knowledge of the business processes and it also has an in depth knowledge of the asset related information
systems. Currently, it is facing difficulties with managing the asset related data as an enterprise asset. The
problems started from the inception of this organisation in that it was managing data in a reactive and ad hoc
manner, it has no direct access to its source database, it has difficulty obtaining consensus on data related issues,
its data improvement projects were mostly overrun and over budget; and any attempt to set any standards had not
been taken seriously by other groups of the business and IT. In light of this, the Data Management team had
begun some data governance initiatives and the following remediations were instigated to address these issues:
18th Australasian Conference on Information System The Need for Data Governance
5-7 Dec 2007, Toowoomba Cheong
1004
Reactive data management.
In order, to be more proactive, the Data Management team is establishing a data strategy to improve
and maintain data quality. This allows the Data Management team to accurately project a work plan
for IT related project and resource management.
Asset data not easily accessible.
Some of the data resides in an IMS database which is not accessible by the Data Management team.
Access is via replicated data in DB2. However not all data is replicated across to DB2. In addition,
the asset data is stored in several disparate databases. Data is spread across Oracle, Ingres, DB2 and
IMS databases and maintained by different application systems.
Data improvement project mostly overrun and over budget.
A dedicated project manager is appointed to liaise between the business and IT. The client project
manager ensures that the data stakeholders’ expectation and communication are managed effectively.
There is also a lack of IT tools for data profiling and data cleansing.
Difficulty in setting data standards.
The key to data standards adherence is that it can be communicated to the data user community. Data
standards are also important for the migration of data from legacy systems to Ellipse ERP (Clemmons
& Simon, 2001). The Data Management team is currently working on purchasing a metadata
repository.
Difficulty in obtaining consensus on data related issues.
This is a difficult and political issue to resolve. The data users are spread across the organisation,
spanning different divisions. A data custodianship policy was drawn up but was difficult to put into
action as it did not have a governance structure to endorse and mandate this policy.
According to Thomas (2006), this model of informal data governance is called ‘Governance via Stewardship’.
However, this form of stewardship is not working for the Data Management team due to the following reasons;
(1) a lack of mandate from the senior executives means that it has no power to act, (2) the lack of mandate means
that sometimes its projects are not given priority as senior executives do not understand the importance of the
projects; and (3) a lack of clear roles and responsibilities, i.e., there no clear definition of data stewards and data
owners.
As highlighted by Thomas (2006), the lack of authority and clear roles and responsibilities are common
contributors to the failure of ‘Governance via Stewardship’. In this situation, there is obviously a lack of
connection between those at the operational level who knows the problem and those who have the power to
make decision but are removed from the problem. In order to address the issue with decision making authority,
the Data Management team with the executive support of the Asset Management General Manager put together a
plan for ‘Governance via Governance’ model of Data Governance for this organisation. To this end, a Data
Governance framework for Company A was established.
The Data Governance frameworks from the Data Governance Institute (Thomas, 2006) and Informatica (2007)
were utilised to develop the Data Governance Structure for Company A. The ideals were chosen from both
framework and customised to suit Company A’s organisational structure. The components of the data
governance framework are shown in Table 2.
Table 2: Components of the Data Governance Framework
Organisational Bodies and
Policies Standards and Processes Data Governance
Technology
- Governance Structure
- Data Custodianship
- User Group Charter
- Decision Rights
- Issue Escalation Process
- Data Definition and Standard
(Meta data management)
- Third Party Data Extract
- Metrics Development and
Monitoring
- Data Profiling
- Data Cleansing
- Metadata Repository
- Data Profiling tool
- Data Cleansing tool
The Data Governance Structure
A Data Governance (DG) structure as shown in Figure 1 was developed based on the following roles and
responsibilities:
Data Governance Council.
18th Australasian Conference on Information System The Need for Data Governance
5-7 Dec 2007, Toowoomba Cheong
1005
Membership of this council consists of executives from various divisions who have an interest in the
management of asset data. They are responsible for endorsing policies, resolving cross divisional
issues, engaging the IT council at the strategic level, strategically aligning business and IT initiatives,
and reviewing budget submission for IT and non IT related projects.
Data Custodian.
Asset data is managed by the data custodian on behalf of Company A. It is responsible and
accountable for the quality of asset data. The data custodian is responsible for resolving issues raised
in user group meetings. If issues become political and impacts stakeholders from other divisions, they
are escalated to the DG council level. They are also responsible for endorsing data management plan,
endorsing data cleansing plan, ensuring data is fit for purpose, converting strategic plans into tactical
plans, change management, and stakeholder management.
Data Steward.
Data Stewards have detail knowledge of the business process and data requirements. At the same
time they also have good IT knowledge to be able to translate business requirements into technical
requirements. They are led by the Data Custodians and are responsible for carrying out the tactical
plans. They also act on behalf of the Data Custodians in stakeholder management, change
management, asset related information systems management and project management. They manage
user group meetings, train and educate data users.
User Groups.
Data stakeholders from various divisions are invited to the user group meetings. These key data
stakeholders consist of people who collect the data, process and report off the data. Technical IT staff
is also invited to these meetings so that their technical expertise is available during the meeting. This
is also a venue where urgent operational data issues can be tabled. The data users are responsible for
reporting any data related issues, requesting functionality that would help them collect data more
efficiently, and specifying reporting requirements.
The Data Governance structure as shown in Figure 1 shows the business engagement with IT at the strategic,
tactical and operational levels. This level of engagement ensures that IT and business are kept informed and IT
initiatives align with the business data governance objectives.
Figure 1: Data Governance Structure
Discussion
The Data Governance structure provides a structured framework for mitigating the risks of data management.
The Data Governance Structure is scalable to include other divisions as the data governance efforts within the
Strategic
Tactical
Operational
IT
Council
IT
Technical
Staff
Data
Governance
Council
Data
Custodian
Data Steward
User Group
18th Australasian Conference on Information System The Need for Data Governance
5-7 Dec 2007, Toowoomba Cheong
1006
Data Management team mature. The Data Custodianship and User Groups structure can be adopted by other
division (federated data governance model) with the Data Governance Council acting as the ‘organisational glue’
(see Figure 2).
Figure 2: Scalable Data Governance Structure
Company A had shown that business and IT need to work together in order to manage corporate data effectively.
Figure 3 shows the relationship between corporate, IT and Data Governance. When data governance initiatives
become more mature it should interact with the Corporate Governance framework. The IT Governance council
and the Data Governance council should report to the members of the corporate governance council as shown by
the one way arrow. The two-way arrow indicates that the IT governance council and the Data governance
council should work collaboratively. Incidentally, Dember (2006) defines Data Governance that “… provides
the framework for the intersection of IT and business working together to establish confidence and credibility in
the enterprise’s information”.
Figure 3: Relationship between Corporate, IT and Data Governance
The Data Management team had provided insights into the difficulties in managing data as corporate asset
without proper authority. The following summarises the findings of this research:
The justification for formal data governance.
This study had shown that managing the data quality of enterprise data is not effective without a
formal data governance model. The reason for this is because of the lack of clear roles and
responsibilities among data stakeholders. The ten corporate critical success factors raised by Marinos
(2004a) were issues faced by the Data Management team with informal data governance. The Data
Management team had to ensure each of the critical success factors were incorporated into the
introduced Data Governance Framework and Structure. Data Governance also assists business in
engaging IT (vice versa) to manage corporate data collaboratively.
The process of setting up a formal data governance program.
Corporate Governance
Council
IT Governance Council Data Governance Council
Data
Governance
Council
Data Custodian
(Division A)
Data Steward
User Group
Data Custodian
(Division B)
Data Steward
User Group
18th Australasian Conference on Information System The Need for Data Governance
5-7 Dec 2007, Toowoomba Cheong
1007
The first step to setting up a formal data governance program is to determine a Data Governance
structure. The structure provide escalation authority and a basis for a transparent decision making
process. Roles and responsibilities are defined so that members within the Data Governance structure
are held accountable for their actions. Company A had largely achieved this, however as this structure
was recently introduced the success of its implementation cannot be determined in this study.
Ability to carry out actions as a result of a formal data governance structure.
Given the clear structure, the Data Management team is able to purchase a data profiling and
metadata repository tool. The data profiling tool will allow the Data Management team to discover
anomalies more efficiently. The metadata repository tool captures information about data so that it
can be accessed by the whole organisation. Metrics measuring the quality of data had also been
developed. The publication of these metrics will help management to determine the success of data
improvement initiatives.
Simple data governance structure and framework.
The Data Management team did not want a cumbersome framework that could cause bottlenecks and
delays in existing and future projects. With a proper structure and framework, the Data Governance
team is able to steer strategic projects to conform to and maintain good data governance.
Conclusion and Future Work
The paper investigates whether effective enterprise wide data management can be achieved without formal data
governance. Some insights into data governance initiatives in a large utility organisation were obtained from this
study. This paper underscores the importance of a Data Governance structure together with policies and
procedures for managing data effectively. A data governance framework also enables collaboration from various
levels of the organisations and it also provides the ability to align various data related programs with corporate
objectives. This paper highlights that Data Governance provides a structured framework for mitigating the risks
of data management. Given that Company A had only recently introduced a data governance structure, a
longitudinal study would give a better indication of the benefits and success of the data governance structure
implementation.
References
Bair, J 2004. Practical Data Quality: Sophistication Levels, viewed 25 Mar 2006 <www.knightsbridge.
com/pdfs/in_the_news/ Practical_DQ_Sophistication_Levels.pdf>
Benbasat, I, Goldstein, D & Mead, M 1987. The Case Research Strategies in Studies of Information Systems,
MIS Quarterly, September.
Brown, W, & Nasuti, F 2005. What ERP Systems can tell us about Sarbanes-Oxley. Information Management
& Computer Security, vol. 13, no. 4, pp. 311-327.
Clemmons, S, & Simon, S 2001. Control and Coordination in Global ERP configuration. Business Process
Management Journal, vol. 7, no. 3, pp. 205-215.
Cohen, R 2006. BI Strategy: What's in a Name? Data Governance Roles, Responsibilities and Results Factors.
DM Review, viewed 12 Jan 2007 <http://www.dmreview.com/article_sub.cfm?article
Id=1057220>
Dember, M 2006. The 7 Stages of Highly Effective Data Governance: Advanced Methodology for
Implementation. CIBER Whitepaper, viewed 12 Jan 2007 <www.ciber.com>
Friedman, T 2006. Key Issues for Data Management and Integration, 2006, Gartner Research. ID Number:
G00138812, March.
Hawkins, K, Alhajjaj, S, & Kelley, S 2003. Using COBIT to Secure Information Assets. The Journal of
Government Financial Management, vol. 52, no. 2, pp 22-33.
Informatica. Data Governance. Why it Matters to the Business. White Paper. Informatica, viewed 13 Jun 2007
<www.computerworlduk.com/cmsdata/whitepapers/3802/infa_datagov_wp_6697_
web.pdf>.
Ives, B, Hamilton, S, & Davies, G 1982. Choosing Appropriate Information Systems Research in Computer-
Based Management Information Systems. Management Science, vol. 26, no. 9, pp 910-932.
18th Australasian Conference on Information System The Need for Data Governance
5-7 Dec 2007, Toowoomba Cheong
1008
Lee, R 2000. The Role of Data Management in Transforming an Enterprise. Auerbach Publications, viewed 27
May 2006 <www.auerbach-publications.com>.
Luftman, J 2004. Managing the Information Technology Resource. Pearson Prentice Hall, Upper Saddle River,
New Jersey, USA.
Marinos, G 2004a. We’re Not Doing What? The Top 10 Corporate Oversights in Data Governance. DM Review,
September, viewed 6 Mar 2006 < www.dmreview.com>.
Marinos, G 2004b. Data Quality: The Hidden Assumption Behind COSO, DM Review, October, p. 12.
Matney, D. & Larson, D 2004. The Four Components of BI Governance. Business Intelligence Journal, vol. 9,
no. 3, pp. 29-36.
Newman, D. 2005. Business Drivers and Issues in Enterprise Information Management. Gartner Research. ID
Number: G00129712.
Newman, D 2006. Gartner Study on EIM Highlights Early Adopter Trends and Issues. Gartner Research,
February.
Newman, D. & Logan, D. 2006. Governance Is an Essential Building Block for Enterprise Information System.
Gartner Research, May.
Olson, J 2003. Data Quality: The Accuracy Dimension. Published by Morgan Kaufmann Publishers, USA.
Russom, P 2006. Taking Data to the Enterprise Through Data Governance. TWDI Report Series, March, viewed
16 July 2006 <www.tdwi.org>.
Thomas G 2006. Alpha Males and Data Disaster. Published by Brass Cannon Press, USA.
Wahedra, A 2006. Why Customer Data Integration Projects Fail. DM Review, viewed 25 Jun 2006
<www.dmreview.com/article_sub.cfm?articleID=1048642>.
Watson H, Fuller C, & Ariyachandra T 2004. Data Warehouse Governance: Best Practices at the Blue Cross and
Blue Shield of North Carolina. Decision Support Systems. vol. 38, pp. 435-450.
Wright T. 2006. Global Research Meeting: Organizations Must Consider the Impact of IT Innovation on
Enterprise Information Management. Gartner Research, February.
Copyright
Lai Kuan Cheong and Vanessa Chang © 2007. The authors assign to ACIS and educational and non-profit
institutions a non-exclusive licence to use this document for personal use and in courses of instruction provided
that the article is used in full and this copyright statement is reproduced. The authors also grant a non-exclusive
licence to ACIS to publish this document in full in the Conference Proceedings. Those documents may be
published on the World Wide Web, CD-ROM, in printed form, and on mirror sites on the World Wide Web.
Any other usage is prohibited without the express permission of the authors.
... As with systems of governance generally (Koliba et al., 2018), data governance is properly construed as an organisational system comprised of roles and relations, each of which are defined by intersecting functions (Aisyah et al., 2018;Cheong & Chang, 2007;Otto, 2011;Sarsfield, 2009). The governance of data is realised in three such roles, including data owners, custodians, and stewards (Aisyah et al., 2018;Cheong & Chang, 2007;Laurie et al., 2018;Otto, 2011;Sarsfield, 2009), or what we refer to here as an (O)wnership, (C)ustodianship, and (S)tewarship model of data governance. ...
... As with systems of governance generally (Koliba et al., 2018), data governance is properly construed as an organisational system comprised of roles and relations, each of which are defined by intersecting functions (Aisyah et al., 2018;Cheong & Chang, 2007;Otto, 2011;Sarsfield, 2009). The governance of data is realised in three such roles, including data owners, custodians, and stewards (Aisyah et al., 2018;Cheong & Chang, 2007;Laurie et al., 2018;Otto, 2011;Sarsfield, 2009), or what we refer to here as an (O)wnership, (C)ustodianship, and (S)tewarship model of data governance. Modes of governance vary according to the functions assigned to these roles and relations by corresponding governmental authorities. ...
Indigenous Data Governance in Australia: Towards a National Framework
Article
Full-text available
  • Apr 2023
Australia's distinctive colonial administrative history has resulted in the generation and capture of large quantities of personal data about Indigenous Peoples in Australia, which is currently controlled and processed by government agencies and departments without coherent regulation. From an Indigenous standpoint, these data constitute stranded assets. Established legal frameworks for pursuing recovery of other classes of asset alienated by governments from Indigenous Peoples in Australia, including land, natural resources, and unpaid wages, have not yet been extended to the recovery of Indigenous data assets. This legacy scenario has created a disproportionate administrative burden for Indigenous organisations by sustaining their dependency on government for necessary data, while simultaneously suppressing the value of their own contemporary community-owned data assets. In this article, we outline leading international legal, economic, and scientific frameworks by which an equitable arrangement for the governance of Indigenous data might be restored to Indigenous Peoples in Australia.
View
... Authors [40]stated that data governance appears to be gaining the utmost attention, especially in the academic and professional fields of business. Data Governance effectively enables the accountant to add value to the organization [41]. ...
... Conflicts over resource allocation between stakeholders originate from creative accounting applications (Ababneh & Aga, 2019). Proponents of financial data argue that financial data are used for earnings manipulation [41]. ...
Antecedents and effect of creative accounting practices on organizational outcomes: Evidence from Bangladesh
Article
Full-text available
  • Feb 2023
This study examines the antecedents and effects of creative accounting practices (CAP) on organizational outcomes in Bangladesh. Thus, this research recognizes the antecedents of creative accounting, such as sustainable financial data (SFD), political connections (PC), corporate ethical values (CEV), future company orientations (FCO), and corporate governance practices (CGP). And also examine how the quality of financial reporting (QFR) and decision-making effectiveness (DME) are influenced by CAP. This study incorporates these fundamental antecedents of creative accounting practices on organizational outcomes by collecting survey data (n = 354) from publicly traded companies in the Dhaka Stock Exchange (DSE), Bangladesh. The study model has been tested through the “Partial Least Square- Structural Equation Modelling” (PLS-SEM) technique using Smart PLS v3.3 software. In addition, we pass various model fit measures, i.e., reliability, validity, factor analysis, and goodness of fit. This study finds that SFD does not work as an antecedent of creative accounting practices. But, the outcomes of the PLS-SEM confirm that PC, CEV, CFO and CGP work as an antecedent of CAP. Furthermore, the results of PLS-SEM also confirm that CAP influence the QFR in the positive direction and CAP influence the DME in the negative direction. Finally, QFR has a positive and significant impact on DME. Any study that has tested the impact of CAP on QFR & DME is yet to be found in the literature. However, policymakers, accounting bodies, regulators, and investors can consider these findings to formulate policy and investment decisions. Mainly, organizations can focus on PC, CEV, CFO and CGP to reduce CAP. But organizations need QFR and DME, which are critical components of organizational outcomes.
View
... DG is concerned with the apportionment of responsibilities and liabilities among the various players in a data management system with respect to the decision-makers' rights and accountability over an entity's data assets. While data governance principally relates to collection and management of data that ensures effective and efficient use for the overall productivity of an entity (Cheong & Chang, 2007), data protection, on the other hand, safeguards the collected personal data 59 from misuse, compromise and/or corruption within the confines of certain principles. It is instructive that data governance is not restricted to personal data, but data protection in this context only protects the personal data managed alongside the big data (Elgendy & Elraga, 2014) 60 under the data governance framework. ...
Data Regulation in Africa: Free Flow of Data, Open Data Regimes and Cybersecurity
Chapter
Full-text available
  • Aug 2023
This chapter seeks to address the concerns associated with data regulation on the African continent. In particular, the paper zooms in on three major aspects of data regulation that hold the reigns to the potential development of the continent. These are the free flow of data, the adoption of open data regimes and cybersecurity. This will be in the general context of Africa, with a focus on regulatory instruments from the different bodies at continental and sub-regional level as well as some national legislation from countries that have developed any legislative instruments that address the same concerns. Emphasis will also be paid to the strides that have been taken by the European Union, the first continental body that has taken a geographically concerted approach to comprehensive data regulation. The aim is to draw lessons from such efforts with the intention of determining an appropriate African centred approach to data regulation, particularly in the context of increased inter-African trade as envisaged by the Agreement on the African Free Continental Trade Area and an enhanced digital economy as motivated for in the Digital Transformation Strategy for Africa (2020–2030).
View
... DG is concerned with the apportionment of responsibilities and liabilities among the various players in a data management system with respect to the decision-makers' rights and accountability over an entity's data assets. While data governance principally relates to collection and management of data that ensures effective and efficient use for the overall productivity of an entity (Cheong & Chang, 2007), data protection, on the other hand, safeguards the collected personal data 59 from misuse, compromise and/or corruption within the confines of certain principles. It is instructive that data governance is not restricted to personal data, but data protection in this context only protects the personal data managed alongside the big data (Elgendy & Elraga, 2014) 60 under the data governance framework. ...
Data Protection Legal Regime and Data Governance in Africa: An Overview
Chapter
Full-text available
  • Aug 2023
In its simplest sense, data governance refers to the overall management of (personal and non-personal) data to facilitate organizational goals. Data protection, on the other hand, predominantly regulates the management of personal data for the protection of users’ privacy and other fundamental rights and freedoms. The Fourth Industrial Revolution has greatly increased the processing of personal data for business and social purposes in Africa, hence the imminent need to regulate dealings with such personal information for undesirable purpose(s) by setting up relevant legal framework to address. The research analyses the regional legal framework around data protection in Africa in the light of their salient provisions, adequacy, efficiency and enforceability in relation to data governance.
View
Legislative Research on Personal Information Protection: Taking Face Recognition Information as an Example
Chapter
  • Oct 2023
With the rapid advancement of technology for artificial intelligence and big data technology, face recognition technology has entered people’s lives. The wide application of personal biological information will bring serious biological information security risks, and its abuse may cause the infringement of privacy, property rights, and other rights and interests. At present, China’s relevant legislation on personal biological information has shortcomings such as decentralized content, narrow protection scope, and unclear legal responsibilities. This paper mainly conducts relevant research on the above issues. The research process mainly adopts the case analysis method, and puts forward the existing problems and legislative suggestions through the analysis of relevant cases; Secondly, the comparative study method is used to compare the current legislative status of China with the relevant legislative status of mainstream countries such as the United States and the European Union. The protection of personal biological information needs to be paid attention to. In view of the current relevant actual situation and legislative status in China, on the one hand, it is necessary to clarify the legal attributes and concepts of personal information and personal biological information. On the other hand, it is essential to appropriately strengthen the punishment and legal liability for the infringement of personal biological information, and increase the attention to criminal liability. We will improve the regulatory content of existing relevant department laws on personal biometric information, and a more complete, clear, and effective legal system for personal biometric information security protection should be built.
View
Toward Urban Data Governance: Status-Quo, Challenges, and Success Factors
Article
Full-text available
  • Jan 2023
The benefits of urban data cannot be realized without a political and strategic view of data use. A core concept within this view is data governance, which aligns strategy in data-relevant structures and entities with data processes, actors, architectures, and overall data management. Data governance is not a new concept and has long been addressed by scientists and practitioners from an enterprise perspective. In the urban context, however, data governance has only recently attracted increased attention, despite the unprecedented relevance of data in the advent of smart cities. Urban data governance can create semantic compatibility between heterogeneous technologies and data silos and connect stakeholders by standardizing data models, processes, and policies. This research provides a foundation for developing a reference model for urban data governance, identifies challenges in dealing with data in cities, and defines factors for the successful implementation of urban data governance. To obtain the best possible insights, the study carries out qualitative research following the design science research paradigm, conducting semi-structured expert interviews with 27 municipalities from Austria, Germany, Denmark, Finland, Sweden, and the Netherlands. The subsequent data analysis based on cognitive maps provides valuable insights into urban data governance. The interview transcripts were transferred and synthesized into comprehensive urban data governance maps to analyze entities and complex relationships with respect to the current state, challenges, and success factors of urban data governance. The findings show that each municipal department defines data governance separately, with no uniform approach. Given cultural factors, siloed data architectures have emerged in cities, leading to interoperability and integrability issues. A city-wide data governance entity in a cross-cutting function can be instrumental in breaking down silos in cities and creating a unified view of the city’s data landscape. The further identified concepts and their mutual interaction offer a powerful tool for developing a reference model for urban data governance and for the strategic orientation of cities on their way to data-driven organizations.
View
View
Data Governance
Chapter
  • Mar 2023
Data-intensive products and services aim to turn big data to a value or strategic asset for the organizations. However, the inherent risk and cost of storing and managing a massive amount of data undermine the value creation from such products and services. Consequently, organizations need to adopt an appropriate data governance program to establish the necessary policies and structures in order to strike a balance between value creation and risk and cost. This chapter explores the data governance in detail, focusing on data governance principles, decision domains, and organizational structures. We discuss the data governance challenges, opportunities, and practices for big data and Internet of Things (IoT) domains. We also present two industrial big data applications/products whose data needs to be governed.KeywordsData governanceData principlesData qualityData life cycleData governance structureBig dataIoT data
View
View
Hemmnisse beim Data Sharing: Empirie und Handlungsempfehlungen
Article
  • Mar 2023
Zusammenfassung Digitalisierung und Datenbewirtschaftung werden zunehmend zu bestimmenden Faktoren der wirtschaftlichen Tätigkeit von Unternehmen. Untersuchungen zeigen jedoch, dass viele Unternehmen in der Nutzung und insbesondere beim Teilen von Daten deutlich hinter den technischen Möglichkeiten zurückbleiben und die sich bietenden geschäftlichen Potenziale nicht ausnutzen. Dies liegt auch an Hemmnissen. Die bisherige Literatur zu den relevanten Hemmfaktoren ist jedoch überschaubar. Um diese Lücke zu schließen, analysieren Klaus-Heiner Röhl und Marc Scheufen Daten einer Unternehmensbefragung bezüglich verschiedener Hemmnisse. Wie sich ergibt, stuft eine überwiegende Mehrheit von Unternehmen insbesondere rechtliche Hemmnisse als relevant ein, was auf einen steigenden Bedarf an datenbezogener rechtlicher Expertise hinweist. Es zeigt sich, dass vor allem solche Firmen, die zur Datenbewirtschaftung eher fähig sind, signifikant häufiger rechtliche, aber auch andere Hemmnisse sehen. Die Autoren folgern, dass die höhere Sensibilität dieser Unternehmen für die Hürden beim Bewirtschaften von Daten im Allgemeinen und mit Bezug auf das Teilen von Daten im Besonderen ein Signal für wirtschaftspolitisches Handeln sein sollte.
View
Data warehouse governance: Best practices at Blue Cross and Blue Shield of North Carolina
Article
Full-text available
Effective governance is a key to data warehousing success. An example of a company that has excelled in data warehouse governance is Blue Cross and Blue Shield of North Carolina (BCBSNC). The data warehouse has resulted in many organizational benefits, including providing “a single version of the truth,” better data analysis and time savings for users, reductions in head count, facilitation of the development of new applications, better data, and support for customer-focused business strategies. The structures and processes used by BCBSNC for data warehouse governance represent best practices for other companies to follow. For researchers, the experiences at BCBSNC support and add to the body of knowledge about IT governance, in general, and data warehousing governance, in particular.
View
View
View
View
The Case Research Strategy in Studies of Information Systems
Article
  • Sep 1987
This article defines and discusses one of these qualitative methods--the case research strat- egy. Suggestions are provided for researchers who wish to undertake research employing this approach. Criteria for the evaluation of case research are established and several characteristics useful for categorizing the studies are identified. A sample of papers drawn from information systems journals is reviewed. The paper concludes with examples of research areas that are particularly well- suited to investigation using the case research approach.
View
Control and Coordination in Global ERP Configuration
Article
The dominant market for enterprise resource planning (ERP) vendors has traditionally been the largest of multinational corporations. Until recently, most vendors (SAP, PeopleSoft, Oracle, etc.) have promoted a “one size fits all” solution built on “industry best practices.” This approach forced organizations to either conform to the “best practices” and configurations suggested by vendors and implementation consultants or embark on extremely costly reconfiguration of their ERP package. The study reviews the concepts of control, coordination, and their trade-offs plus Bartlett and Ghoshal’s topology of firm strategy. Human resource issues are introduced as examples of organization elements that may or may not conform to the enterprise design structure within coordination and control. Finally, the concepts of control and coordination and the Bartlett and Ghoshal topology are combined to create a firm strategic orientation which is then matched to an ideal ERP configuration or enterprise information architecture.
View
A Framework For Research in Computer-Based Management Information Systems
Article
  • Sep 1980
The paper presents a comprehensive framework for research in Management Information Systems (MIS). The necessity for a more comprehensive research framework is derived from a review of past research frameworks. The new framework is validated by mapping 331 MIS doctoral dissertations into its research categories. The dissertations are also classified by research methodology employed. The comprehensive MIS research model is useful not only in understanding and classifying MIS research but also in generating potential hypotheses for future research. Hypothesis generation using the model is explained and illustrated.
View
Data Quality: The Accuracy Dimension
Book
  • Jan 2003
Data Quality: The Accuracy Dimension is about assessing the quality of corporate data and improving its accuracy using the data profiling method. Corporate data is increasingly important as companies continue to find new ways to use it. Likewise, improving the accuracy of data in information systems is fast becoming a major goal as companies realize how much it affects their bottom line. Data profiling is a new technology that supports and enhances the accuracy of databases throughout major IT shops. Jack Olson explains data profiling and shows how it fits into the larger picture of data quality.
View
What ERP systems can tell us about Sarbanes‐Oxley
Article
Purpose To provide background for senior and middle management in information technology organizations who may be in the implementation phase of compliance for Sarbanes‐Oxley (SOX). As the information technology (IT) organization looks forward to additional compliance or other IT control frameworks such as COBIT, the paper can help construct a roadmap. Other audiences include senior management, accountants, internal auditors, and academics who may wish to evaluate the impact of SOX on the information technology organization. Design/methodology/approach SOX is surveyed to understand the four major compliance areas that must be supported in the IT organization. Recently published works are integrated into an evaluation of enterprise resource planning (ERP) research to identity several ongoing themes that point to practical advice for implementing SOX. The private sector of US business is saturated with ERP applications and provides a useful benchmark of what to expect with SOX compliance. The sections of this report include: SOX and IT governance; ERP systems: recurring themes; after the initial implementation of SOX; frameworks to support SOX compliance; IT governance and SOX: where we go from here; to best practice and competitive advantage; and conclusion. Findings Competencies in several related core disciplines including project management, change management, and software integration should be the top priority for SOX implementation. Enterprise architecting and related areas such as security and outsourcing can be managed more effectively with the appropriate competencies. Research limitations/implications The authors' observations are based on several research reports but are not exhaustive, and are not specific to a particular industry. Originality/value The content is a very useful source of information for senior management, IT management, accountants, auditors, and academics to understand the impact of SOX on the IT organization and how to develop a roadmap to respond.
View
Taking Data to the Enterprise Through Data Governance
  • Russom
Russom, P 2006. Taking Data to the Enterprise Through Data Governance. TWDI Report Series, March, viewed 16 July 2006