ArticlePDF Available

Abstract and Figures

Data governance refers to the exercise of authority and control over the management of data. The purpose of data governance is to increase the value of data and minimize data-related cost and risk. Despite data governance gaining in importance in recent years, a holistic view on data governance, which could guide both practitioners and researchers, is missing. In this review paper, we aim to close this gap and develop a conceptual framework for data governance, synthesize the literature, and provide a research agenda. We base our work on a structured literature review including 145 research papers and practitioner publications published during 2001-2019. We identify the major building blocks of data governance and decompose them along six dimensions. The paper supports future research on data governance by identifying five research areas and displaying a total of 15 research questions. Furthermore, the conceptual framework provides an overview of antecedents, scoping parameters, and governance mechanisms to assist practitioners in approaching data governance in a structured manner.
Content may be subject to copyright.
Data Governance: A conceptual framework, structured review, and
research agenda
1
Abstract
Data governance refers to the exercise of authority and control over the management of data. The purpose
of data governance is to increase the value of data and minimize data-related cost and risk. Despite data
governance gaining in importance in recent years, a holistic view on data governance, which could guide
both practitioners and researchers, is missing. In this review paper, we aim to close this gap and develop
a conceptual framework for data governance, synthesize the literature, and provide a research agenda.
We base our work on a structured literature review including 145 research papers and practitioner
publications published during 2001-2019. We identify the major building blocks of data governance and
decompose them along six dimensions. The paper supports future research on data governance by
identifying five research areas and displaying a total of 15 research questions. Furthermore, the conceptual
framework provides an overview of antecedents, scoping parameters, and governance mechanisms to
assist practitioners in approaching data governance in a structured manner.
Keywords: Data governance; information governance; conceptual framework; literature review; research
agenda
1 Introduction
Data governance is the exercise of authority and control over the management of data (DAMA
International 2009, p. 19). It aims at implementing a corporate-wide data agenda (Dyché & Levy 2006, pp.
150), maximizing the value of data assets in an organization (e.g. Carretero et al. 2017, p. 143; Otto 2011a,
p. 241), and managing data-related risks (e.g. DAMA International 2009, p. 41; Morabito 2015, p. 99).
While data governance used to be a nice to have in the past, today it is taking on a higher level of
importance in enterprises and governmental institutions (Haneem et al. 2019, pp. 37). This is due to some
key trends. The amount of data created annually on the whole planet is expected to increase from 4.4
zettabytes in 2013 to 44 zettabytes in 2020 (IDC 2014, p. 2). The growing data volumes from diverse
sources cause data inconsistencies that need to be identified and addressed before decisions are made
based on incorrect data. Companies introduce more self-service reporting and analytics, which create the
need for a common understanding of data across the organization. The continuing impact of regulatory
requirements such as the General Data Protection Regulation (GDPR) increases the pressure on companies
to have a strong handle on what data is stored where, and how the data is being used. Organizations are
forced to overcome their challenges regarding inaccurate and incomplete data (Kim & Cho 2018, p. 386;
Morabito 2015 p. 97), fragmented enterprise architecture and legacy systems (Nielsen et al. 2018, p. 22),
and compliance issues related to regulations (Khatri & Brown 2010, p. 151).
Despite the growing importance of data governance, the current view on this topic is fragmented.
Publications either address data governance with a focus on specific decision domains such as data quality,
data security, and data lifecycle (e.g., Donaldson & Walker 2004, p. 281; IBM 2014, p. 26; Otto 2011c, pp.
5; Tallon et al. 2014, p. 142) or comprise smaller reviews to corroborate the conceptual or empirical
1
Cite as: Abraham, R., vom Brocke, J., Schneider, J. (2019), Data Governance: A conceptual framework, structured
review, and research agenda, in: International Journal of Information Management (IJIM), forthcoming.
content (e.g., Brous et al. 2016a, pp. 304; Lee et al. 2017, p. 1; Neff et al. 2013, p. 3; Rasouli et al. 2016c,
p. 1356). We identified six existing literature reviews related to data governance (Al-Ruithe et al. 2018a;
Alhassan et al. 2016; Alhassan et al. 2018; Brous et al. 2016c; Lillie & Eybers 2019; Nielsen 2017). Though
they aim to advance the knowledge base regarding data governance, they have some limitations. Three
literature reviews focus on narrowly defined areas of data governance, i.e. cloud data governance (Al-
Ruithe et al. 2018a, p. 16), data governance principles (Brous et al. 2016c, p. 3), and agile capabilities of
data governance (Lillie & Eybers 2019). Nielsen (2017) conducts a classification of research disciplines,
methods, and units of analysis concerning data governance with only a minor focus on conceptual areas.
Both literature reviews conducted by Alhassan et al. present a frequency count of data governance
activities. However, they do not provide a detailed description of the underlying data governance
concepts. Furthermore, the authors do not describe the antecedents and consequences of data
governance, which are necessary to understand the factors that motivate the adoption of different data
governance practices and the effects of those practices. To overcome these deficiencies, we attempt to
methodologically analyze and synthesize the literature on data governance and provide a firm foundation
for future research. The following two questions frame our structured literature review of 145 research
papers and practitioner publications covering data governance published up to April 2019: What are the
building blocks of data governance? Where do we lack in knowledge about data governance?
The remainder of this paper is structured as follows. First, we explain our literature search and review
method. Second, we describe the conceptual framework of data governance that served as the structure
for our review of the state of knowledge. Third, we present the results of the actual review and synthesis
of the data governance literature. Fourth, we highlight gaps in our understanding of data governance and
propose a research agenda, which contains insightful questions for future research. Fifth, we conclude
with a summary.
2 Literature search and review
Similar to other existing literature reviews such as Gong & Janssen (2019) and Senyo et al. (2019), our
approach comprised a structured, topic-centric literature review. We aimed to better describe the domain
of data governance and synthesize the relevant knowledge as available in peer-reviewed scientific
literature as well as in selected practitioner publications. In doing so, we followed best practices for
literature reviews (Rowe 2014; vom Brocke et al. 2009; Webster & Watson 2002; Zorn & Campbell 2006).
Figure 1 summarizes the search process.
Figure 1 Literature review sea rch process
First, we conducted a keyword-based search (Ismagilova et al. 2019, p. 89; Olanrewaju et al. 2020, p. 91;
Rowe 2014, p. 247). The keyword-based search helped us to avoid bias towards well-known authors or
well-cited papers. Through an initial step of probing searches, we identified “data governance” and
“information governance” as search terms. We included “information governance” as a search term since
it is often used interchangeably with “data governance” (e.g. In et al. 2019, p. 508; Rasouli et al. 2016c, p.
1357; Tallon et al. 2014, p. 142). We used the databases in Table 1 that provide access to peer-reviewed
IS journals as well as proceedings of leading conferences such as the European Conference on Information
Systems and the Americas Conference on Information Systems. We included conference papers since
recent research may not yet have been, or may never be, published in journals. We conducted the final
keyword-based search in April 2019 covering the period from 2002 to 2019. This step resulted in a total of
483 hits across all databases. Next, we conducted a qualitative assessment consisting of two steps. First,
we filtered articles based on their titles and abstracts and removed those which did not focus on data or
information governance. We also removed duplicate articles. This step reduced the number of hits to 88.
Second, we read those remaining 88 articles and excluded non-scientific journal articles and papers that
referred to data governance only in passing. This left 55 papers to be included in the review.
Second, we conducted a backward and forward search of the above 55 papers (vom Brocke et al. 2009, p.
8). We again applied the two-step qualitative assessment described above to exclude non-relevant papers.
However, we expanded the assessment to include seminal books on data governance and publications by
industry associations such as the International Organization for Standardization (ISO) and inter-
governmental organizations such as the Organisation for Economic Co-operation and Development
(OECD). We added these publications to obtain a comprehensive view of data governance and reduce
systematic biases by simply choosing a set of scientific journals and conference papers (Boell & Cecez-
Kecmanovic 2015, p. 166). The backward search resulted in 41 relevant papers. For the forward search,
we used Google Scholar. We reviewed an additional 44 relevant papers.
Third, we considered selected publications not identified through either the keyword-based search or the
backward and forward search. These included one scientific paper recommended during the review
process and four practitioner publications. The latter comprised publications by the European Foundation
for Quality Management (EFQM), the Information Systems Audit and Control Association (ISACA), and by
leading data governance tooling vendors IBM and Informatica (Peyret & Goetz 2014, pp. 7). The third step
resulted in 5 additional publications.
In total, we reviewed 145 publications on data governance. Table 1 summarizes the search process and
results. Figure 2 provides an overview of the number of publications found per year.
Figure 2 Number of publications per year
12 2 2
5 5 3
676
18
911
24
16 18
10
0
5
10
15
20
25
30
2001 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019
Number of publications per year
Database
AIS Electronic
Library
EBSCOhost
Emerald Insight
IEEE Xplore
ProQuest
ScienceDirect
Website
aisel.aisnet.org
search.ebscohost.co
m
www.emeraldinsigh
t.com
ieeexplore.ieee.org
search.proquest.co
m
www.sciencedirect.c
om
Search function
Advanced search
Advanced search
Advanced search
Advanced search
Advanced search
Advanced search
Search options
Search in title,
abstract, subject
Search in title,
abstract, keywords
Search in title,
abstract, keywords
Search in title,
abstract, keywords
Search in title,
abstract
Search in title,
abstract, keywords
Period
2002 2019
2002 2019
2002 2019
2002 2019
2002 2019
2002 2019
Publication type
Journals and
conference papers
(peer reviewed)
Scholarly (peer
reviewed) journals
Articles and
Chapters
Journals and
conference papers
Journals and
conference papers
(peer reviewed)
Journals
Search date
15.04.2019
15.04.2019
15.04.2019
21.04.2019
15.04.2019
15.04.2019
Gross hits
8
137
51
99
107
81
Relevant hits
keyword-based
search
2
27
4
10
3
9
Relevant hits
backward search
Relevant hits
forward search
Other
Total
Table 1 Overview of the literature search characteristics
2
The total of 145 publications does not contain two publications, since they could not be accessed (one journal paper found via the keyword-based search in EBSCOhost and one
dissertation found via the forward search).
All relevant publications were categorized according to their nature (scientific or practice-oriented) and
format (papers in journals and conference proceedings, theses, publications by industry associations and
inter-governmental organizations, publications by software vendors and consultants, books). Table 2
presents an overview of the publications within the scope of this literature review.
Nature of
contribution
Format
Sources
Scientific
Papers in
journals and
conference
proceedings
(Aisyah & Ruldeviyani 2018), (Al-Badi et al. 2018), (Al-Ruithe &
Benkhelifa 2017), (Al-Ruithe & Benkhelifa 2017b), (Al-Ruithe &
Benkhelifa 2017c), (Al-Ruithe & Benkhelifa 2018), (Al-Ruithe et al.
2016a), (Al-Ruithe et al. 2016b), (Al-Ruithe et al. 2016c), (Al-Ruithe et
al. 2018a), (Al-Ruithe et al. 2018b), (Alhassan et al. 2016), (Alhassan et
al. 2018), (Alhassan et al. 2019), (Allen et al. 2014), (Becker 2007),
(Begg & Caira 2011), (Begg & Caira 2012), (Borgman et al. 2016),
(Brooks 2019), (Brous et al. 2016a), (Brous et al. 2016b), (Brous et al.
2016c), (Brown & Toze 2017), (Bruhn 2014), (Carretero et al. 2017),
(Cheng et al. 2017), (Cheong & Chang 2007), (Choi & Kroeschel 2015),
(Cousins 2016), (Coyne et al. 2018), (Dahlberg & Nokkala 2015),
(Daneshmandnia 2019), (de Abreu Faria et al. 2013), (Donaldson &
Walker 2004), (Evans et al. 2019), (Felici et al. 2013), (Fu et al. 2011),
(Gillies 2015), (Gillies & Howard 2005), (Grimstad & Myrseth 2011),
(Guetat & Dakhli 2015), (Hagmann 2013), (Heredia-Vizcaíno & Nieto
2019), (Hovenga 2013), (Hovenga & Grain 2013), (In et al. 2019), (Jim
& Chang 2018), (Kamioka et al. 2016), (Khatri 2016), (Khatri & Brown
2010), (Kim & Cho 2017), (Kim & Cho 2018), (Koltay 2016), (Kooper et
al. 2011), (Korhonen et al. 2013), (Kravets & Zimmermann 2012),
(Kusumah & Suhardi 2014), (Lajara & Maçada 2013), (Lăzăroiu et al.
2018), (Lee et al. 2017), (Lee et al. 2014), (Lemieux et al. 2014), (Lillie
& Eybers 2019), (Lomas 2010), (Malik 2013), (Marchildon et al. 2018),
(Mikalef et al. 2018), (Mlangeni & Ruhode 2017), (Neff et al. 2013),
(Ng et al. 2015), (Nguyen et al. 2014), (Nielsen 2017), (Nielsen et al.
2018), (Niemi & Laine 2016), (Nwabude et al. 2014), (Otto 2011a),
(Otto 2011b), (Otto 2011c), (Otto 2012), (Otto 2013), (Palczewska et
al. 2013), (Panian 2010), (Permana & Suroso 2018), (Prasetyo 2016),
(Prasetyo & Surendro 2015), (Proença et al. 2016), (Proença et al.
2017), (Rasouli et al. 2016a), (Rasouli et al. 2016b), (Rasouli et al.
2016c), (Rasouli et al. 2017), (Renaud 2014), (Rifaie et al. 2009),
(Rosenbaum 2010), (Saputra et al. 2018), (Silic & Back 2013), (Tallon
2013), (Tallon et al. 2013), (Tallon et al. 2014), (Thammaboosadee &
Dumthanasarn 2018), (Thiarai et al. 2019), (Thompson et al. 2015),
(Traulsen & Troebs 2011), (Tse et al. 2018), (van den Broek & van
Veenstra 2015), (van Helvoirt & Weigand 2015), (Vilminko-Heikkinen
& Pekkola 2019), (Waltl et al. 2015), (Watson et al. 2004), (Weber et
al. 2009), (Weller 2008), (Wende 2007), (Wende & Otto 2007), (Were
& Moturi 2017), (Wilbanks & Lehman 2012), (Winter & Davidson
2017), (Winter & Davidson 2018), (Wright 2013), (Young & McConkey
2012), (Yu & Foster 2017), (Yulfitri 2016), (Zhang et al. 2017)
Theses
(Barker 2016), (Cave 2017), (Nguyen 2016), (Randhawa 2019), (Rasouli
2016)
Practice-
oriented
Publications
by industry
associations
and inter-
governmental
organizations
(DAMA International 2009), (EFQM 2011), (ISO 2001), (ISO/IEC 2005),
(ISACA 2013), (NASCIO 2008), (OECD 2017), (Pierce et al. 2008)
Publications
by software
vendors and
consultants
(IBM 2007), (IBM 2014), (Informatica 2012), (Soares 2013), (Thomas
2006)
Books
(Dreibelbis et al. 2008), (Dyché & Levy 2006), (Loshin 2008), (Morabito
2015)
Table 2 Sources for state-of-the-art analysis
3 Data governance definition and framework
As proposed by Zorn & Campbell (2006, p. 175), we provide a working definition of the key term “data
governance”. Furthermore, we present a conceptual framework for data governance to structure the
review. The conceptual framework builds on the rich data we have collected during our literature search
process.
We did not find a standard definition of data governance in scholarly literature or in the set of practitioner
publications. Hence, we analyzed every definition of data governance in our set of papers and used open
coding to find common characteristics. The analysis led us to the following definition of data governance:
Data governance specifies a cross-functional framework for managing data as a strategic enterprise
asset. In doing so, data governance specifies decision rights and accountabilities for an organization’s
decision-making about its data. Furthermore, data governance formalizes data policies, standards, and
procedures and monitors compliance.
This definition (bold text) is our own but corresponds to the characterization of data governance in the
reviewed literature. Our definition of data governance has six parts. First, data governance is a cross-
functional effort. It enables collaboration across functional boundaries and data subject areas. Second,
data governance is a framework, which provides structure and formalization for the management of data.
Third, data governance focuses on data as a strategic enterprise asset. Data is the representation of facts
in different formats. Fourth, data governance specifies decision rights and accountabilities for an
organization’s decision-making about its data. It determines what decisions need to be made about data,
how these decisions are made, and who in the organization has the rights to make these decisions. Fifth,
data governance develops data policies, standards, and procedures. These artifacts should be consistent
with the organization’s strategy and promote desirable behavior in the use of data. Finally, data
governance monitors compliance. It includes the implementation of controls to ensure that data policies
and standards are followed. This definition also considers the differentiation between data governance
and data management made by several authors. Data governance refers to what decisions must be made
and who makes those decisions, whereas data management is about making those decisions as part of the
day-to-day execution of data governance policies (Dyché et al. 2006, pp. 150, Hagmann 2013, pp. 234,
Khatri & Brown 2010, p. 148; Otto 2013, p. 96). Table 3 shows how the characteristics of data governance
in our definition correspond to the reviewed set of papers. We performed the analysis for all data
governance definitions in the papers, and the table provides selected excerpts for illustration.
Definition
elements
Excerpts
Source
Cross-
functional
It pervades the enterprise, crossing lines of
business, data subject areas, and individual skill sets
(…)”
Dyché & Levy 2006, p. 145
“(…) encompassing professionals from both business
and IT departments.”
Weber et al. 2009, p. 2
“A decision-making and cross-functional charter (…)”
Informatica 2012, p. 4
Framework
Data governance specifies the framework for
decision rights and accountabilities (…)”
Weber et al. 2009, p. 6
A good data governance framework typically
answers questions about (…)”
Rifaie et al. 2009, p. 588
Data governance programs provide a framework for
setting data-usage rules (…)”
Morabito 2015, p. 99
Data as a
strategic
enterprise
asset
“(…) accountable for an organization’s decision-
making about its data assets.
Khatri & Brown 2010, p. 149
“(…) exercise of decision-making and authority for
data-related matters.
Thomas 2006, p. 3
“(…) operating discipline for managing data and
information as a key enterprise asset.”
NASCIO 2008, p. 1
Decision rights
and
accountabilities
for an
organization’s
decision-
making about
“(…) who holds the decision rights and is held
accountable for an organization’s decision-making
about its data assets.
Khatri & Brown 2010, p. 149
“(…) answers questions about how decisions related
to data are made, who makes the decisions, who is
held accountable (…)”
Rifaie et al. 2009, p. 588
its data
“(…) who in a company is allowed to make what
decisions regarding the handling of data (rights), and
what the tasks related to this decision-making are
(duties).
Otto 2011b, p. 47
Data policies,
standards, and
procedures
“(…) to create data management policies, processes,
and standards (…)”
Informatica 2012, p. 4
“(…) that formalizes a set of policies and procedures
to encompass (…)”
Korhonen et al. 2013, p. 11
“(…) develops and implements corporate-wide data
policies, guidelines, and standards (…)”
Weber et al. 2009, p. 6
Compliance
monitoring
Key aspects of data governance include decision
making authority, compliance monitoring (…)”
NASCIO 2008, p. 1
“(…) along with the processes for monitoring
conformance to those information policies.”
Loshin 2008, p. 68
The exercise of authority and control (planning,
monitoring, and enforcement) over the management
of data assets.
DAMA International 2009, p.
19
Table 3 Definition elements of data governance
We aimed to synthesize the literature according to a conceptual framework that allows us to structure the
review of important concepts of data governance. A conceptual framework “explains, either graphically or
in narrative form, the main things to be studied the key factors, constructs or variables and the
presumed relationships among them” (Miles & Huberman 1994, p. 18). It brings together the different
currents of thought and helps identify directions for future research (Marshall & Rossman 2011, p. 58).
The process of creating this conceptual framework was as follows: We applied open coding analysis
techniques suggested by Corbin & Strauss (2015, pp. 220) to identify the concepts regarding data
governance. We used a concept matrix as described by Webster & Watson (2002, p. xvii) to synthesize and
document the concepts. We then mapped these concepts against existing frameworks and found that the
IT governance cube of Tiwana et al. (2014) and the framework for data decision domains of Khatri & Brown
(2010) provided useful starting points for grouping these concepts. We used the dimensions proposed in
those frameworks to create our conceptual framework for data governance. However, we made several
changes to the dimensions to suit the needs of our review. Among others, we divided the content
dimension of Tiwana et al. into traditional data and big data, and we added data architecture and data
storage and infrastructure to the decision domain dimension of Khatri & Brown. Figure 3 shows the final
framework that we use in this paper.
The conceptual framework for data governance in Figure 3 encompasses six dimensions. Governance
mechanisms represent the core dimension of the framework and encompass structural, procedural, and
relational mechanisms. The organizational scope determines the organizational expansiveness of data
governance and roughly corresponds to the unit of analysis. We differentiate between the intra-
organizational and the inter-organizational scope. The data scope pertains to the data asset an
organization needs to govern. We distinguish between traditional data and big data. The domain scope
covers the data decision domains, to which governance mechanisms are applied. They comprise data
quality, data security, data architecture, data lifecycle, meta data, and data storage and infrastructure.
Antecedents cover the contingency factors, which impact the adoption and implementation of data
governance. We differentiate between internal and external antecedents. Finally, consequences contain
the effects of data governance. We distinguish between intermediate performance effects and risk
management.
Figure 3 Conceptual framework for data governance
4 Analysis and review
In this section, we discuss the state of knowledge regarding data governance as documented in the set of
reviewed papers. In doing so, we use the structure of the conceptual framework shown in Figure 3. We
break down each dimension of the conceptual framework and provide an overview of findings and insights.
We begin with the description of the core dimension of the framework, namely the governance
mechanisms. We then present the organizational, data, and domain scope, to which the governance
mechanisms are applied. We continue with the antecedents that influence the setup and configuration of
data governance. We conclude this section with the consequences, which describe the effects of data
governance. Figure 4 provides an overview of the concepts per dimension of the conceptual framework.
Figure 4 Concepts within the conceptual framework for data governance
4.1 Governance mechanisms
As part of their data governance approach, companies utilize a mixture of various governance
mechanisms. These mechanisms help to plan and control data management activities (DAMA International
2009, p. 21; Informatica 2012, pp. 17). Governance mechanisms comprise formal structures connecting
business, IT, and data management functions, formal processes and procedures for decision-making and
monitoring, and practices supporting the active participation of and collaboration among stakeholders.
Following the literature on information technology governance (De Haes & Van Grembergen 2005, pp. 4;
De Haes & Van Grembergen 2009, pp. 123; Peterson 2004, pp. 14; Weill & Ross 2005, p. 28), we distinguish
between (a) structural; (b) procedural; and (c) relational governance mechanisms.
4.1.1 Structural mechanisms
Structural governance mechanisms determine reporting structures, governance bodies, and
accountabilities (Borgman et al. 2016, p. 4903). They encompass (i) roles and responsibilities and (ii) the
allocation of decision-making authority.
The main roles and governance bodies comprise the executive sponsor, data governance leader, data
owner, data steward, data governance council, data governance office, data producer, and the data
consumer. The executive sponsor provides strategic direction, business prioritization, and funding for data
management initiatives (Informatica 2012, p. 8; NASCIO 2008, p. 7; Weber et al. 2009, p. 11). He or she is
ideally one of the highest-level executives, i.e. the C-level (Dreibelbis et al. 2008, p. 492; Informatica 2012,
p. 8; Loshin 2008, p. 83; Weber et al. 2009, p. 11). The data governance leader is responsible for the day-
to-day management of the data governance program (Loshin 2008, p. 83). He or she provides guidance
concerning the design, delivery, and maintenance of data and oversees compliance with data policies
(Dyché & Levy 2006, pp. 156; Loshin 2008, p. 83). Furthermore, the data governance leader coordinates
tasks for data stewards and provides periodic reports on data governance performance (Informatica 2012,
p. 8; Loshin 2008, p. 83). Data owners are often line-of-business executives and accountable for the data
assets in their business unit (Cheong & Chang 2007, pp. 1004; IBM 2014, pp. 194; Otto 2011c, p. 7). They
communicate broad data requirements and risks (IBM 2014, pp. 194). Data stewards are business leaders
or designated subject matter experts, who have detailed knowledge about the business and data
requirements and who can translate those requirements into technical specifications (e.g., Cheong &
Chang 2007, pp. 1004; DAMA International 2009, pp. 39; Informatica 2012, p. 8). Business data stewards
are subject matter experts from specific business areas (e.g., Dyché & Levy 2006, pp. 156; Informatica
2012, p. 8). Technical data stewards are professionals within IT that act as the counterparts of business
data stewards (e.g., DAMA International 2009, pp. 5; Weber et al. 2009, p. 11). The data governance
council is a hierarchy-overarching, cross-functional governance body (Otto 2011b, p. 49; Watson et al.
2004, p. 437). It establishes the strategic direction for the entire data governance program and aligns it
with organizational goals (e.g., Cheong & Chang 2007, pp. 1004; Watson et al. 2004, p. 443). Moreover,
the data governance council monitors the program including ongoing improvement activities (Dyché &
Levy 2006, pp. 156; Loshin 2008, p. 83; Thomas 2006, p. 17). The data governance office is a staff
organization that supports the governance and decision-making activities of the data stewardship teams
and the data governance council (DAMA International 2009, pp. 44; Thomas 2006, p. 18). The data
governance office establishes communication channels, prepares meetings, coordinates issue resolution,
and educates stakeholders (DAMA International 2009, pp. 31; Thammaboosadee & Dumthanasarn 2018,
p. 2; Thomas 2006, p. 18). The data producer creates the data or aggregates and maintains the data
created by others (ISACA 2013, pp. 27; Kooper et al. 2011, pp. 197; DAMA International 2009, pp. 31;
Thomas 2006, p. 17). The data consumer is the user of the data (ISACA 2013, pp. 27; Kooper et al. 2011, p.
197; Thomas 2006, p. 17). He or she specifies requirements and reports data-related issues (Cheong &
Chang 2007, pp. 1004).
The allocation of decision-making authority determines, which organizational unit has the mandate for
action related to data governance (Khatri & Brown 2010, p. 151; Otto 2011b, p. 62). We distinguish
between hierarchical positioning, functional positioning, and the positioning of decision-making authority
on a continuum ranging from centralized to decentralized (Otto 2011c, p. 6; Wende & Otto 2007, p. 9).
Hierarchical positioning defines at which hierarchical level of an organization the decision-making
authority is situated (Otto 2011c, p. 6). Functional positioning determines which department holds the
decision-making authority (e.g., DAMA International 2009, p. 38; Otto 2011c, p. 6; Watson et al. 2004, pp.
436). The positioning of decision-making authority on a continuum determines whether decisions are
taken by a central unit, by decentral units, or by both (e.g., Barker 2016, pp. 70; Begg & Caira 2012, p. 10;
Tallon et al. 2014, p. 147; Weber et al. 2009, p. 5).
4.1.2 Procedural mechanisms
Procedural governance mechanisms aim to ensure that data is recorded accurately, held securely, used
effectively, and shared appropriately (Borgman et al. 2016, p. 4903). They comprise (i) the data strategy,
(ii) policies, (iii) standards, (iv) processes, (v) procedures, (vi) contractual agreements, (vii) performance
measurement, (viii) compliance monitoring, and (ix) issue management.
The data strategy represents a high-level course of action based on strategic business objectives (e.g.,
Cheng et al. 2017, p. 518; DAMA International 2009, pp. 45; Guetat & Dakhli 2015, p. 1091). It consists of
a vision statement (Al-Ruithe & Benkhelifa 2017, p. 226; Barker 2016, pp. 68; Informatica 2012, p. 7), a
business case (e.g., Al-Ruithe et al. 2018a, pp. 13; Weber et al. 2009, p. 10), guiding principles (e.g., Brous
et al. 2016c, p. 5; Fu et al. 2011, p. 3; Khatri & Brown 2010, p. 149), long-term and short-term objectives
(Alhassan et al. 2019, p. 107; DAMA International 2009, pp. 45; Weber et al. 2009, p. 10), and an
implementation roadmap (DAMA International 2009, pp. 45; Prasetyo & Surendro 2015, p. 51).
Data policies provide high-level guidelines and rules regarding the creation, acquisition, storage, security,
quality, and permissible use of data (e.g., Alhassan et al. 2019, p. 106; DAMA International 2009, pp. 47;
Thompson et al. 2015, p. 320). Organizations use data policies to communicate key objectives, data
accountabilities, roles, responsibilities, and data retention periods (e.g., DAMA International 2009, pp. 47;
Donaldson & Walker 2004, p. 283; Morabito 2015, p. 89). Enterprises enforce, monitor, evaluate, and
revise data policies (e.g., Brous et al. 2016c, p. 10; Cheong & Chang 2007, p. 1002; Donaldson & Walker
2004, p. 283).
Data standards ensure that the data representation and the execution of data-related activities are
consistent and normalized throughout the organization (e.g., DAMA International 2009, pp. 48; Kim & Cho
2017, p. 387; Palczewska et al. 2013, p. 576). They facilitate interoperability within and across
organizations and ensure their fit for purpose (e.g., Cheong & Chang 2007, p. 1002; DAMA International
2009, p. 185; Otto 2012, p. 274). Data standards are defined internally by data stewards and data
architects, or externally by standardization organizations such as ISO (DAMA International 2009, pp. 48;
Dreibelbis et al. 2008, pp. 493; Hovenga & Grain 2013, pp. 82; Otto 2012, p. 274).
Clear data processes are considered a fundamental element of a successful data governance
implementation (Alhassan et al. 2019, p. 105). Processes are standardized, documented, and repeatable
methods used to govern data (Al-Ruithe et al. 2018b, p. 10; Thomas 2006, pp. 18). Examples include
processes for developing and maintaining rules for data handling as well as modeling and documenting
the data lifecycle (EFQM 2011, pp. 17; Khatri 2016, p. 675; Kim & Cho 2018, p. 40). Further examples
comprise processes for the assessment of the current state, processes for the alignment and validation of
policies, processes for decision-making, performance measurement, and issue resolution (Dreibelbis et al.
2008, pp. 484; Loshin 2008, p. 77; Rifaie et al. 2009, p. 588; Thomas 2006, pp. 18).
Procedures are “the documented methods, techniques, and steps followed to accomplish a specific activity
or task” (DAMA International 2009, pp. 48). They vary widely across companies. For example, procedures
describe how to establish accountabilities and decision rights (Thomas 2006, pp. 18), develop a data model
(DAMA International 2009, pp. 48; Thomas 2006, pp. 18), or identify and resolve data errors (Rifaie et al.
2009, p. 588; Thomas 2006, pp. 18).
Data provisioning and data sharing settings require contractual agreements between participating internal
departments or external organizations. Examples of such agreements are service level agreements (SLA)
and data sharing agreements (DSA). An SLA defines what data services will be provided by an internal team
or a third-party provider, how the services will be provided, and what happens if expectations are not met
(Al-Ruithe et al. 2018b, p. 16; Barker 2016, pp. 44). A DSA determines the legal and data governance
aspects before two or more organizations start sharing data (Allen et al. 2014, pp. 1).
Performance measurement aims at assessing the effectiveness of data governance by measuring the level
of goal attainment (e.g., Al-Ruithe et al. 2018a, pp. 13; Carretero et al. 2017, p. 143; Otto 2011b, p. 62;
Weber et al. 2009, pp. 10). Performance measures on firm-level are based on strategic business goals such
as revenue growth, increased profitability, and cost savings (e.g., EFQM 2011, p. 24; Tallon et al. 2014, p.
166; Thomas 2006, pp. 14). Performance measures on intermediate-level are based on operational
business goals or decision domain specific goals, both derived from strategic business goals on firm-level
(Otto 2011b, p. 62; Panian 2010, pp. 944; Pierce et al. 2008, p. 31). Performance measures on program-
level focus on the progress and impact of the data governance program (EFQM 2011, pp. 25; Informatica
2012, pp. 13; Thomas 2006, pp. 14).
Compliance monitoring aims at tracking and enforcing conformance with regulatory requirements and
organizational policies, standards, procedures, and SLAs (e.g., Al-Ruithe et al. 2018a, pp. 13; Bruhn 2014,
p. 3; ISACA 2013, p. 24). This includes the supervision of data professionals and the oversight of data
management projects and services (DAMA International 2009, p. 21). Compliance monitoring
encompasses auditing, which aims at providing stakeholders with objective, unbiased assessments and
recommendations for improvement (DAMA International 2009, pp. 159). Based on audit results,
companies can take corrective and preventive actions (ISO/IEC 2005, p. vi).
Issue management refers to the identification, management, and resolution of data-related issues (DAMA
International 2009, pp. 50). It includes processes for the standardization of data issues and for issue
resolution (DAMA International 2009, pp. 303; Thomas 2006, pp. 18) and the identification of persons,
who are accountable to resolve issues (DAMA International 2009, p. 307). In addition, an escalation
process helps to address issues to higher levels of authority (DAMA International 2009, pp. 50; IBM 2014,
p. 40). This enables stakeholders to give feedback, e.g. concerning policy changes to meet new business
requirements.
4.1.3 Relational mechanisms
Relational governance mechanisms facilitate collaboration between stakeholders (Borgman et al. 2016, p.
4903). They encompass (i) communication, (ii) training, and (iii) the coordination of decision-making.
Communication aims at continuously generating awareness for the data governance program among
stakeholders (e.g., Begg & Caira 2012, p. 10; Cheong & Chang 2007, p. 1002; Lomas 2010, p. 188; Watson
et al. 2004, p. 443). Creating awareness is an essential step in establishing shared commitment (Rifaie et
al. 2009, p. 589), ensuring buy-in and active participation of stakeholders (DAMA International 2009, p.
294; EFQM 2011, p. 17; Young & McConkey 2012, p. 72), and eliminating resistance to required changes
(EFQM 2011, p. 17; Guetat & Dakhli 2015, p. 1092; Otto 2012, pp. 287). A communication plan can help by
determining stakeholders, communication channels, supporting tools, and initiatives to retain
commitment (Al-Ruithe et al. 2018a, pp. 13; EFQM 2011, p. 31; NASCIO 2008, p. 6; Thomas 2006, p. 19).
Training programs ensure that stakeholders have the necessary knowledge and qualifications to support
the implementation of data governance (EFQM 2011, p. 17; Tallon et al. 2013, p. 196). In addition,
continuous training helps them act according to data policies, processes, and procedures (Alhassan et al.
2019, p. 104; Randhawa 2019, pp. 119). Training can be conducted in form of computer-based training,
classroom training, job-specific and project-related training, and one-on-one coaching (Cave 2017, p. 125;
Watson et al. 2004, pp. 444). Communication and training facilitate the creation of an organizational
culture that values data assets (Informatica 2012, p. 16).
The coordination of decision-making describes practices for the alignment across functions. The
hierarchical (or vertical) approach is characterized by a pyramid-like structure with decision-making
authority located at top-level. The main elements of the hierarchical approach include steering and control
(Hagmann 2013, p. 237; Kooper et al. 2011, p. 199). The cooperative (or horizontal) approach makes use
of collaborative behavior to clarify differences and solve problems (Wende & Otto 2007, pp. 10). It utilizes
formal coordination mechanisms such as working groups, committees, task forces, and integrator roles,
but also informal coordination mechanisms such as interdepartmental events, performance reviews across
business units, and job rotation (Bruhn 2014, p. 6; Borgman et al. 2016, p. 4903; Tallon et al. 2014, p. 147;
Weber et al. 2009, p. 15).
4.2 Organizational scope
The organizational scope represents the expansiveness of data governance and roughly corresponds to
the unit of analysis. We subdivide the organizational scope into (a) intra-organizational and (b) inter-
organizational.
The intra-organizational scope determines data governance within a single organization. It comprises data
governance on the project- or on firm-level (Tiwana et al. 2013, p. 8). Data governance on project-level
focuses on managing the quality and integrity of project-related data (DAMA International 2009, pp. 52).
Data governance on firm-level covers the entire enterprise and coordinates the interests and demands of
different stakeholder groups such as business and IT departments (DAMA International 2009, p. 41; Dyché
& Levy 2006, p. 151; Otto 2011b, p. 47; Pierce et al. 2008, p. 26; Weber et al. 2009, p. 2).
The inter-organizational scope encompasses data governance between firms or even for an ecosystem of
firms (Tiwana et al. 2013, p. 8). Companies increasingly partner with external collaborators such as
vendors, industry peers, and public-sector organizations to create new information products (Bruhn 2014,
p. 5; Cheong and Chang 2007, p. 1002; Lee et al. 2014, pp. 7; Rasouli et al. 2016c, pp. 1362; Winter &
Davidson 2018, pp. 5). Although this enables companies to exploit environmental opportunities, it can also
result in loss of control on data, unsecured information access, and low-quality information products (e.g.,
Al-Ruithe et al. 2018a, p. 2; Rasouli et al. 2016c, p. 1357). To counteract these issues, companies need to
set up governance mechanisms such as data integration and usage policies (Bruhn 2014, pp. 6; Morabito
2015, p. 86), data exchange standards (Lee et al. 2014, pp. 6; Rasouli et al. 2016c, pp. 1362), processes for
interaction and collaboration (Panian 2010, p. 942), service level agreements (Al-Ruithe et al. 2016b, pp.
382; IBM 2014, pp. 26), and data sharing agreements (Allen et al. 2014, p. 1; Bruhn 2014, p. 3; ISO 2005,
p. 14).
4.3 Data scope
Data is the representation of facts in the form of text, numbers, images, sound or video (DAMA
International 2009, p. 2). Every data governance program must specify, which type of data is in focus
(Weller 2008, p. 254). Most data governance articles we analyzed focus on the traditional data space as
described by Lee et al. (2014). However, a few articles also describe data governance in the context of big
data, having partially different requirements on data governance than traditional data. Corresponding to
Lee et al. (2014), we cluster data into the following two categories: (a) traditional data; (b) big data.
Traditional data builds the basis for an organization’s operations (Lee et al. 2014, p. 4). It comprises master
data, transactional data, and reference data. Master data describes the key business objects within an
organization (e.g., Loshin 2008, pp. 6; Otto 2012, p. 274; Soares 2013, p. 57). Typical domains of master
data are customer, employee, finance, patient, product, location, material, and supplier data (e.g.,
Dreibelbis et al. 2008, p. 2; Khatri 2016, p. 681; Loshin 2008, pp. 6). Transactional data represents records
about business transactions in different domains (Dreibelbis et al. 2008, p. 35; IBM 2014, p. 221). Examples
include customer orders, shipments, product invoices, bills, guest visits, or patient stays (Dreibelbis et al.
2008, p. 35; EFQM 2011, p. 9; IBM 2014, p. 221). Reference data refers to an agreed-upon set of common
values used throughout an organization (Dreibelbis et al. 2008, pp. 34). Product codes and order status
are examples for internally defined reference data whereas postal code abbreviations for U.S. states and
ISO currency codes are examples for externally defined reference data (Dreibelbis et al. 2008, pp. 34;
EFQM 2011, p. 9). Data governance with a focus on traditional data often aims to ensure the consistent
use of traditional data across the organization (Dreibelbis 2008, p. 483). To achieve this, organizations
specify data policies and processes for monitoring conformance to those policies (Loshin 2008, p. 68).
Big data possesses multiple definitions comprising diverse nuances in current literature (De Mauro et al.
2014, p. 97). The Meta Group report from 2001 presents one of the more prominent definitions of big data
comprising data variety, velocity, and volume as the three main dimensions of big data (Laney 2001, pp.
1). Variety refers to the data format, which may be structured, semi-structured, or unstructured (e.g., IBM
2014, pp. 198; ISACA 2013, p. 46; Tallon 2013, p. 37). Velocity refers to the high processing rate, which
enables organizations to quickly respond to events as they happen (ISACA 2013, p. 46; Malik 2013, p. 1).
Volume refers to high growth rates of big data (Laney 2001, p. 1; Tallon 2013, p. 37). This definition has
been expanded to include further dimensions such as veracity and value (Khatri 2016, p. 677; Lee et al.
2014, pp. 1). In addition, broader definitions of big data have emerged stating big data as a “common term
for a set of problems and techniques concerning the management and exploitation of very large sets of
data” (ISACA 2013, p. 46). Examples of big data comprise web and social media data (e.g., Brous et al.
2016b, p. 575; Tallon 2013, p. 37), machine-generated data (e.g., Brous et al. 2016b, p. 575; Dahlberg &
Nokkola 2015, p. 32), streaming data (e.g., IBM 2014, p. 16; Tallon 2013, p. 37), and biometric data (Malik
2013, p. 1; Soares 2013, pp. 6). Though the analysis of big data promises potential benefits, it also comes
along with risks such as privacy infringements and data inconsistencies (Kim & Cho 2018, pp. 37; Tse et al.
2018, p. 1633). Data governance focusing on big data needs to address these new risks without hampering
innovation. It needs to consider new privacy requirements regarding sensitive data (Morabito 2015, p. 89;
Soares 2013, pp. 2) and find new ways to measure and monitor big data quality (Al-Badi et al. 2018, p.
275). This includes updated data quality criteria such as timeliness, trustfulness, meaningfulness, and
sufficiency (Kim & Cho 2017, p. 388). Data governance also needs to assess value and costs of big data and
update retention and deletion requirements accordingly (Morabito 2015, pp. 89; Soares 2013, p. 2; Tallon
2013, p. 35). Finally, data governance needs to include new stakeholders such as data scientists and adjust
the responsibilities of existing data stewards (Al-Badi et al. 2018, p. 275; Morabito 2015, p. 89; Soares
2013, p. 2).
4.4 Domain scope
Many data governance programs address goals in two or three areas (Thomas 2006, pp. 6). Corresponding
with Khatri & Brown (2010, p. 149), we name these focus areas data decision domains. Based on our
analysis, we classify the main data decision domains as follows: (a) data quality; (b) data security; (c) data
architecture; (d) data lifecycle; (e) meta data; (f) data storage and infrastructure.
Data quality refers to the ability of data to satisfy its usage requirements in a given context (e.g., de Abreu
Faria et al. 2013, p. 4439; Khatri & Brown 2010, p. 150). Data governance with a focus on data quality
comprises the development of a data quality strategy (e.g., EFQM 2011, p. 10; Thomas 2006, p. 8), the
definition of roles and responsibilities, and the determination of data quality management processes (e.g.,
EFQM 2011, p. 10; Loshin 2008, p. 72; Malik 2013, pp. 8). Monitoring data quality includes the definition
of data quality metrics (e.g., Brous et al. 2016a, p. 305; Dyché & Levy 2006, pp. 156; Malik 2013, pp. 8) and
the continuous measurement of data quality levels (e.g., DAMA International 2009, p. 303; Dreibelbis et
al. 2008, p. 498; Weber et al. 2009, pp. 10). Further tasks include the management of data quality issues
(DAMA International 2009, p. 303; Dreibelbis et al. 2008, pp. 498; Rifaie et al. 2009, p. 588).
Data security refers to the preservation of security requirements concerning the accessibility, authenticity,
availability, confidentiality, integrity, privacy, and reliability of data (e.g., Carretero et al. 2017, p. 142;
Donaldson & Walker 2004, p. 281; de Abreu Faria et al. 2013, p. 4439; ISACA 2013, p. 31). Data governance
with a focus on data security includes the execution of risk assessments (e.g., de Abreu Faria et al. 2013,
p. 4439; IBM 2014, pp. 140; Khatri & Brown 2010, p. 151), the setup of data security roles (DAMA
International 2009, pp. 153; Khatri & Brown 2010, p. 151), and the definition of data security policies,
standards, and procedures (e.g., Khatri & Brown 2010, p. 149; Morabito 2015, p. 89). Furthermore, data
governance comprises the definition of data security controls (DAMA International 2009, p. 22; IBM 2014,
pp. 140; Palczewska et al. 2013, p. 573; Tallon et al. 2014, p. 166) and auditing to ensure that the
implemented procedures and practices comply with security policies, standards, and guidelines (DAMA
International 2009, pp. 159; Palczewska et al. 2013, p. 571).
Data architecture comprises the definition of enterprise data objects (e.g., Dyché & Levy 2006, pp. 156;
EFQM 2011, p. 19; Thomas 2006, p. 9) and the development of an enterprise data model on a conceptual,
logical, and physical level (e.g., DAMA International 2009, p. 21; Watson et al. 2004, pp. 437). Data
governance with a focus on data architecture contains the determination of enterprise data requirements
(DAMA International 2009, p. 19; IBM 2014, p. 31) and the definition of architectural policies, standards,
and guidelines (e.g., DAMA International 2009, pp. 48; EFQM 2011, p. 19; Thomas 2006, p.9). Furthermore,
data governance determines the responsibilities of data architects and the data governance council
concerning the enterprise data model (DAMA International 2009, p. 48; Dreibelbis et al. 2008, pp. 493).
The data lifecycle represents the approach of defining, collecting, creating, using, maintaining, archiving,
and deleting data (e.g., Khatri & Brown 2010, p. 149; Morabito 2015, pp. 89). Data governance with a focus
on data lifecycle comprises the identification of business processes that use data (Carretero et al. 2017, p.
143; EFQM 2011, pp. 17; Informatica 2012, pp. 16; ISACA 2013, p. 34) and the analysis of the information
flow to identify potential overlaps in data storage (IBM 2014, p. 38; Weller 2008, p. 252). This step further
encompasses the derivation of data retention requirements from business needs, regulatory
requirements, and accountability demands (e.g., Cousins 2016, p. 355; ISO 2001, p. 11; Khatri & Brown
2010, p. 149). In addition, organizations need to specify when data is authorized for deletion (DAMA
International 2009, p. 246; ISO 2001, p. 16).
Meta data is used to classify data sensitivity levels (Cousins 2016, p. 349), data provenance (Lee et al. 2017,
p. 6; Were & Moturi 2017, p. 582), and data retention periods (Weller 2008, pp. 256). Data governance
with a focus on meta data comprises the delineation of a meta data strategy (DAMA International 2009,
pp. 23; Grimstad & Myrseth 2011, p. 2; ISO 2001, p. 6), the definition of common meta data standards
(e.g., de Abreu Faria et al. 2013, p. 4439; Khatri & Brown 2010, p. 149), and the specification of processes
to build a meta data repository (e.g., Grimstad & Myrseth 2011, p. 3; Rasouli et al. 2016c, p. 1367).
Furthermore, data governance defines the roles such as enterprise data architects and data modelers, who
are responsible for meta data management (Informatica 2012, p. 10; Khatri & Brown 2010, pp. 150).
Data storage and infrastructure focus on IT artifacts that enable effective data management across the
organization (Dreibelbis et al. 2008, p. 484; Tallon et al. 2014, p. 149). Companies must consider various
hardware and software requirements such as functionality, cost, reliability, complexity, capacity,
scalability, and maintainability (Al-Ruithe et al. 2018a, pp. 12; Panian 2010, p. 946; Tallon et al. 2014, p.
149). Data governance with a focus on data storage and infrastructure comprises the initial assessment of
the application and storage landscape (Dreibelbis et al. 2008, p. 493; Randhawa 2019, pp. 117) and the
planning of software applications and storage capacity to support data quality, data security, and data
lifecycle (EFQM 2011, p. 10; Tallon 2013, p. 35). Further governance mechanisms include the definition of
policies, standards, processes, and procedures regarding storage and distribution of data (e.g., ISO 2001,
p. 14; Palczewska et al. 2013, p. 572; Tallon et al. 2014, p. 163; Weber et al. 2009, p. 12), the control of
storage costs (e.g., Soares 2013, p. 10; Tallon et al. 2014, pp. 164), and the education of stakeholders
regarding storage utilization (Tallon 2013, p. 35).
4.5 Antecedents
Antecedents describe the external and internal factors that precede or predict the adoption of data
governance practices (Tallon et al. 2014, p. 143). They have an impact on the implementation and the level
of adoption of data governance (Tallon et al. 2014, p. 168; Wende & Otto 2007 p. 11). In the following, we
present the main antecedents categorized into (a) external and (b) internal.
External antecedents comprise legal and regulatory requirements (e.g., Al-Ruithe et al. 2018b, p. 18; Dyché
& Levy 2006, pp. 156; Tallon 2013, p. 36). They vary by industry (DAMA International 2009, p. 153) or by
region (IBM 2014, pp. 17; Tallon 2013, p. 36). Examples include the Health Information Protection and
Portability Act (HIPPA) (e.g., Khatri & Brown 2010, p. 149; Tallon et al. 2014, p. 156) and the Sarbanes-
Oxley Act (SOX) (e.g., Cheong & Chang 2007, p. 1000; Khatri & Brown 2010, p. 149). Legal and regulatory
requirements have an impact on the business use and control of data (Khatri & Brown 2010, p. 149; Kooper
et al. 2011, p. 198; Tallon et al. 2014, p. 156), data security and data quality (e.g., Cheong & Chang 2007,
p. 1000; ISO 2001, pp. 4; Watson et al. 2004, p. 439), as well as data retention and archiving (e.g., Cousins
2016, p. 355; ISO 2001, pp. 4; Khatri & Brown 2010, p. 149). Furthermore, highly regulated markets require
a more centralized organizational structure than markets with less or no regulations (e.g., Weber et al.
2009, p. 18). Further external factors encompass market volatility (Otto 2011b, p. 61), the industry the
company operates in (Dreibelbis et al. 2008, p. 488; Otto 2011b, p. 61; Tallon 2013, p. 36), and the country
the company is located in (Nguyen 2016, pp. 247).
Internal antecedents contain strategic, organizational, system-related, and cultural factors. On the
strategic level, internal antecedents comprise the organization strategy, IT strategy, and diversification
breadth. Companies with a profit-oriented organization strategy may adopt a centralized organizational
structure, whereas growth-oriented companies benefit from a decentralized setup (Weber et al. 2009, p.
19). Internal antecedents on the organizational level contain the corporate allocation of decision-making
authority and the degree of business process harmonization. A centralized corporate approach in business
and IT facilitates data governance adoption (Tallon et al. 2014, p. 161). Companies with globally
harmonized processes enable a centralized placement of decision-making authority in contrast to
companies with local processes (Weber et al. 2009, p. 18). Internal antecedents on the system level include
IT architecture. A high degree of IT standardization and process integration enable the adoption of data
governance, whereas the usage of legacy IT systems with its application silos and low degree of process
integration hamper data governance adoption (e.g., Tallon et al. 2014, p. 161). Internal antecedents on
the cultural level encompass the organization culture, senior management support, and active leadership
participation (e.g., Daneshmandnia 2019, pp. 30; de Abreu Faria et al. 2013, p. 4439; Randhawa 2019, pp.
107; Silic & Back 2013, pp. 82). An organization culture, which promotes the strategic use of information
and creates a business vision about data governance, enables the adoption of data governance (Hagmann
2013, p. 235; Tallon et al. 2014, p. 161).
4.6 Consequences
Consequences refer to the outcomes of data governance (Tallon et al. 2014, p. 166; Tiwana et al. 2013, p.
10). We identified two types of consequences of data governance: (a) intermediate performance effects;
(b) risk management.
Intermediate performance effects occur in different ways. Kamioka et al. (2016, p. 7) describe the positive
effect of data governance on data utilization level, which contributes to marketing performance by the
increased number of sales and customer spending. Mikalef et al. (2018, p. 4917) demonstrate the positive
effect of data governance on both a firms’ dynamic and operational capabilities by improving the existing
operational mode and leading to renewed means of competing in the market. Furthermore, data
governance is attributed to improving data quality due to increased accuracy, availability, completeness,
consistency, and timeliness of data and the limitation of errors due to data inconsistencies (Barker 2016,
pp. 165; Niemi & Laine 2016, p. 8). Otto (2013, p. 96) even defines data governance effectiveness as the
ratio of the number of preventive data quality management measures to the total number of data quality
management measures conducted by the company. The rationale behind this definition is that a higher
number of preventive measures leads to increased data quality and thus to higher effectiveness of data
governance. Companies without data governance spend more time reacting to data-related issues, which
in turn limits the time spent on running the business and making process improvements (Barker 2016, pp.
165). Then again, companies reduce the cost to clean-up data by implementing data policies (Randhawa
2019, p. 120).
The second consequence of data governance is the management of data-related risk (e.g., Dreibelbis et
al. 2008, pp. 488; Malik 2013, p. 2; Otto 2011c, p. 5; Tallon et al. 2014, p. 150). Risks may arise due to
nonconformance with information policies or the absence of oversight regarding data quality (Loshin 2008,
pp. 72). Further risks concern security and privacy breaches (Loshin 2008, pp. 72; Rifaie et al. 2009, p. 589).
Data governance reduces these risks by creating risk-mitigating policies and introducing controls for
monitoring compliance (Khatri & Brown 2010, p. 149; Loshin 2008, p. 77; Thomas 2006, p. 17).
5 Research agenda and outlook
The review above provides a conceptual framework for data governance and a comprehensive overview
of research findings and insights relevant for data governance to date. Deriving from particular aspects of
our above analysis, we briefly outline an agenda for future research on data governance. Our research
agenda comprises five major areas: (1) governance mechanisms; (2) scope of data governance; (3)
antecedents of data governance; (4) consequences of data governance; and (5) generalizability and
replicability of findings.
5.1 Governance mechanisms
Determining the data owner can be a difficult task (Vilminko-Heikkinen & Pekkola 2019, p. 77). Current
literature does not provide a common understanding of the data owner role. First, we found ambiguous
definitions regarding the ownership and accountability for data. Some definitions clearly allocate
accountability for data to a dedicated data owner role (Otto 2011c, p. 7), whereas other definitions assign
ownership and accountability to the data steward or data producer (Dreibelbis et al. 2008, p. 496; Dyché
& Levy 2006, pp. 156; NASCIO 2008, p. 10). Researchers should further analyze in which cases a dedicated
data owner role is beneficial. Second, we lack knowledge of how the data owner is identified. Do
organizations determine the data owner based on the application, where the data is stored, or based on
the process, which uses the data? Vilminko-Heikkinen & Pekkola (2019, pp. 80) describe both options in
their case study comprising two master data management projects in a Finnish municipality, but the data
owner concept and approach remains unclear during both projects. Future research should further
investigate the process of data ownership determination. Third, we know little about the scope of data
ownership. For a regulation-driven data governance program, the scope might be narrowly defined
focusing on key data elements, whereas for an analytics-driven program it might be more meaningful to
widen the scope to comprise entire data domains. Future research should conduct a richer analysis on
how to define the scope of data ownership, as it might impact the effectiveness of data governance design.
The allocation of decision-making authority also requires further research. As part of our review, we
identified basic categories regarding the allocation of decision-making authority, i.e. hierarchical
positioning, functional positioning, and the positioning of decision-making authority on a continuum
ranging from centralized to decentralized. However, we do not know which allocation of decision-making
authority is most suitable under which circumstances. In case of functional positioning, Otto (2011b, pp.
60) states that business benefits related to data governance are eventually attributed to the data
governance organization to a larger extent if the decision-making authority is allocated to a business
function. However, this proposition requires substantiation through quantitative empirical studies on a
larger and more representative sample of companies. Researchers should analyze whether allocating
decision-making authority to a business function is more effective than allocating it to an IT function or a
separate data governance organization. Weber et al. (2009, pp. 18) provide a qualitative description of the
factors that impact the allocation of decision-making authority on a continuum ranging from centralized
to decentralized. However, they do not provide empirical evidence of this contingency approach.
Researchers should conduct further studies to analyze under which circumstances a centralized,
decentralized, or hybrid allocation of decision-making authority is most suitable. Understanding how to
allocate decision-making authority could greatly improve the effectiveness of data governance.
Furthermore, data governance is an ongoing program and a continuous improvement process (Cheng et
al. 2017, p. 518; DAMA International 2009, p. 38). New internal data needs and changing external demands
such as legal and regulatory requirements force data governance to evolve and adapt (Tallon et al. 2014,
p. 171; Weber et al. 2009, p. 23). However, most of the reviewed publications take a “one-off” perspective
on data governance and do not reflect how data governance arrangements might need to change over
time. We identified a few publications which focus on the evolution of specific data governance concepts
such as the evolution of the data governance strategy (Tallon et al. 2013), data ownership (Vilminko-
Heikkinen & Pekkola 2019), and data governance effectiveness (Otto 2013). Future research should build
on these results and conduct further qualitative, quantitative, and longitudinal studies to deepen the
knowledge about data governance evolution. The findings could provide a better understanding of which
governance mechanisms should be applied during different phases of a data governance program.
5.2 Scope of data governance
Data governance for ecosystems of public and private organizations is another promising research area.
Firms increasingly collaborate with partnering companies, outsourcing vendors, and cloud service
providers to manage parts of the data value chain (Bruhn 2014, pp. 4; Panian 2010, p. 942). Research
institutions team up and form distributed research networks which allow researchers to use data from
multiple institutions (Kim et al. 2014, p. 714). Current research has started investigating data governance
for specific types of inter-organizational settings such as cloud computing (Al-Ruithe et al. 2016a), platform
ecosystems (Lee et al. 2017), dynamic business networking (Rasouli et al. 2016c), supply chains (In et al.
2019), and inter-organizational data collaborations (Broek & Veenstra 2015). However, we do not know
much about how organizations ensure data ownership and control in inter-organizational relationships.
Especially the exchange of sensitive data such as personal health information raises new concerns about
privacy (Winter & Davidson 2018, p. 2). Future research should investigate which data governance
mechanisms can help organizations to retain control over their data in inter-organizational settings.
Researchers should also explore governance practices that support individuals and groups in effectively
co-determining how their data is governed and (re)used. For example, additional governance bodies might
be required to monitor compliance and balance interests in inter-organizational settings. Furthermore,
companies need to create a standardized and trustworthy data exchange environment (Cohn 2015, p. 821;
Rasouli 2016, p. 97; Rasouli et al. 2016c, pp. 1362). Future research should investigate how meta data and
other concepts can be used to facilitate interoperability between organizations and traceability of data
provenance. Finally, the complexity of ecosystems increases with the number of participating
organizations (Broek & Veenstra 2015, p. 9). Researchers should conduct further qualitative studies to
explore the most appropriate governance designs for one-to-one, one-to-many, and many-to-many inter-
organizational settings.
Data governance for big data has been a specific focus in research (e.g. Kim & Cho 2018; Malik 2013;
Winter & Davidson 2018). As organizations try to integrate and use big data, having an effective data
governance design becomes substantive. However, no general data governance approach for big data has
been agreed upon. We identified four major big data challenges and research opportunities regarding data
governance. First, data quality for big data needs to be addressed given the incomplete and often
uncertain nature of big data (Lemieux et al. 2014, p. 129; Malik 2013, p. 5). Data quality issues concerning
big data could become an increasing risk, as organizations keep on applying data-driven decision-making
(Kim & Cho 2018, p. 386; Morabito 2015 p. 97). Future research should determine how data quality metrics
should be defined for big data and how accurate big data needs to be. Second, big data raises concerns
regarding privacy infringements (e.g. Tallon 2013, p. 37; Winter & Davidson 2018, p. 2). The extent to
which organizations can act upon big data insights is still an unresolved issue (Tallon 2013, p. 37). For
example, combining data sources to reveal new patterns could cause unanticipated exposure of personal
habits (IBM 2014, p. 6). Researchers should explore governance mechanisms that enable innovation
through big data analytics with simultaneous consideration of privacy requirements. This could include
policies determining the ethical and permissible use of big data without violating privacy rights. Third, not
all data is equally useful, but have varying degrees of value (Malik 2013, p. 6). However, the definition of
the intrinsic data value and the methods of how to measure it still prompt questions (Kooper et al. 2011,
pp. 199; Malik 2013, p. 11). Future research should investigate how to quantify the intrinsic data value.
The results could help companies to adjust data retention policies and determine when to migrate data to
low-cost storage tiers and when to delete data. Finally, integrating big data with traditional enterprise data
poses challenges (Malik 2013, pp. 4). Data is often fragmented and stored in incompatible IT systems
(Lemieux et al. 2014, p. 129; Morabito 2015 p. 98). The reason for these data silos is often a lack of cross-
organizational collaboration (Nielsen et al. 2018, p. 23). Researchers should investigate how governance
mechanisms can be applied to foster cross-organizational collaboration to deconstruct data silos.
5.3 Antecedents of data governance
We found that organizations need to design data governance considering contextual factors. Research
informing these design decisions will be useful as it helps organizations to tailor data governance according
to their specific environment and needs. Although these antecedents have received some attention (Tallon
et al. 2014; Weber et al. 2009), we do not know much about their relative importance, their interrelations,
and their causal chains. We found in the review that many data governance approaches do not consider
contextual factors, which seems reductionist and unrealistic. For future research, rather than ignoring the
context, it would be useful if researchers analyzed contextual factors and their impact on data governance
design and implementation. This includes the investigation of additional antecedents such as specific
industries, firm size, and corporate culture (Begg & Caira 2012, p. 12; Cave 2017, pp. 152; NASCIO 2008, p.
6; Neff et al. 2013, p. 8; Yu & Foster 2017, p. 345), but also the impact of antecedents on data governance
implementation. Based on those findings, organizations could decide upon the amount of structure and
formality for their data governance design. Tallon et al. (2014, p. 170) state that some antecedents
facilitate the adoption of data governance practices, while others inhibit the adoption. Future research
should determine which antecedents are likely to dominate if organizations concurrently possess both
enabling and inhibiting antecedents.
5.4 Consequences of data governance
Another relevant but under-researched area comprises the effectiveness of data governance. Current
research only provides brief evidence of the intermediate performance effects and the ways how to
measure those effects (Kamioka et al. 2016, p. 7; Mikalef et al. 2018, p. 4917; Otto 2013, p. 96; Tallon et
al. 2014, p. 166). On the other hand, organizations still struggle to provide a compelling use case that links
data governance to value generation (Nielsen et al. 2018, p. 24). To fully comprehend data governance,
we need to understand how intermediate performance effects impact strategic business outcomes such
as revenue growth, cost reduction, and regulatory compliance. Future research should conduct a richer
analysis of intermediate-level performance effects and their impact on strategic business outcomes. This
could be achieved by identifying the causal links between intermediate-level and firm-level performance
effects. The findings could help organizations to quantify the benefits of data governance and to derive
the business case. Furthermore, we presently cannot define the point beyond which users can feel
constrained by data governance. If organizations use too bureaucratic, complex, and restrictive data
governance mechanisms, this over-governancecould lead to a performance decrease by limiting data-
led innovations and motivating users to bypass policies and take unnecessary risks with their data. Tallon
et al. (2014, p. 168) describe this as the curvilinear relationship between data governance and firm
performance. Future research should conduct a richer analysis of this curvilinear relationship and the
inflection point, which determines the optimal data governance design. In doing so, researchers should
consider the influence of antecedents as well as the organizational, data, and domain scope.
5.5 Generalizability and replicability
In addition to the research areas described above, the use of further research methods could unveil new
findings. Prior research mainly conducted single and multiple case studies. This may pose limitations in
making controlled observations and deductions as well as limitations concerning the replicability and
generalizability of the findings (Lee 1989, p. 35; Tallon et al. 2014, p. 171). Transforming the propositions
developed in the case studies into testable hypotheses could lay the foundation for further quantitative
research (Otto 2011b, p. 61). Researchers should aim at substantiating the propositions on data
governance through quantitative empirical studies on a larger and more representative sample of
companies (e.g., Otto 2011b, p. 62; Tallon et al. 2014, p. 171; Weber et al. 2009, p. 23). In addition,
researchers should broaden the sample of study participants. Prior case studies selected primarily IT and
data management executives as interview partners (Neff et al. 2013, p. 8; Otto 2011b, p. 51; Tallon et al.
2014, p. 171; Weber et al. 2009, p. 24). Future research should include additional stakeholders such as the
legal counsel, data architects, application and process owners, and data stewards. In doing so, researchers
could improve internal validity and gain a holistic understanding concerning the effectiveness, limitations,
and challenges of data governance.
Table 4 outlines the research areas for data governance and lists potential research questions for future
research.
Research area
Topics of interest
Research questions
Governance
mechanisms
Data ownership
Allocation of decision-
making authority
Data governance
evolution
RQ 5.1.1: How do organizations determine the data
owner and his/her responsibilities?
RQ 5.1.2: How does the allocation of decision-making
authority impact data governance effectiveness?
RQ 5.1.3: How do data governance mechanisms evolve
over time?
Scope of data
governance
Application of
governance
mechanisms on the
organizational, data,
and domain scope
Data quality
measurement for big
data
Data value
measurement
RQ 5.2.1: How do organizations retain control over their
data in inter-organizational settings?
RQ 5.2.2: How do companies facilitate interoperability
and traceability of data?
RQ 5.2.3: Which data governance designs are effective
in one-to-one/one-to-many/many-to-many inter-
organizational relationships?
RQ 5.2.4: How do organizations define data quality
metrics for big data?
RQ 5.2.5: How do organizations enable innovation
through big data analytics with simultaneous
consideration of privacy requirements?
RQ 5.2.6: How do organizations quantify the intrinsic
value of data?
RQ 5.2.7: How do companies foster cross-organizational
collaboration to deconstruct data silos?
Antecedents of
data governance
Impact of antecedents
on data governance
Relationship between
antecedents
RQ 5.3.1: How do industry/firm size/corporate culture
impact data governance design?
RQ 5.3.2: Which antecedents are likely to dominate if
companies concurrently possess both enabling and
inhibiting antecedents?
Consequences of
data governance
Measurement of data
governance
effectiveness
RQ 5.4.1: What are the effects of data governance
mechanisms on intermediate-level performance?
RQ 5.4.2: What is the relationship between
intermediate-level performance effects of data
governance and strategic business outcomes?
RQ 5.4.3: How does the amount of applied governance
mechanisms correlate with intermediate-level
performance effects?
Table 4 Research agenda for data governance
6 Conclusion
In this study, we conducted a structured literature review, provided an overview of the state-of-the-art of
data governance, and identified a research agenda. Two research questions framed our literature review:
What are the building blocks of data governance? Where do we lack in knowledge about data governance?
We answered the first question by developing a conceptual framework for data governance comprising
six dimensions: Governance mechanisms, organizational scope, data scope, domain scope, antecedents,
and consequences of data governance. We answered the second question by analyzing gaps within the
dimensions of the conceptual framework and deriving areas for which further research is required. We
identified five promising fields for future research: Governance mechanisms, the scope of data
governance, antecedents of data governance, consequences of data governance, and further research
strengthening the generalizability and replicability of findings.
From the perspective of the practitioners’ community, the results of the literature review can be
considered valuable as the conceptual framework supports practitioners to approach data governance in
a structured manner. For example, practitioners could first identify the antecedents that affect their
organization. Second, they could determine the organizational scope, data scope, and domain scope for
their data governance design. Data governance with a focus on data quality for master data is likely to be
different than data governance with a focus on data privacy in the context of big data. Based on those
previous two steps, practitioners could choose and customize the set of data governance mechanisms
most appropriate for their organization. Reflecting on these results will help to avoid approaching the topic
prematurely. The conceptual framework also builds the foundation to exploit synergies between decision
domains such as data quality and data security.
Despite the efforts we have made to present a complete review of data governance literature, the study
has its limitations. The major focus of our search process was on the term “data governance” including
synonyms, but less on the broader concept of data management. Future research should review the
literature on data management and screen for governance concepts. Moreover, we included the search
term “information governance”, as the term is often used interchangeably with the term “data
governance”. However, we identified few publications that differentiate between both terms (de Abreu
Faria et al. 2013, p. 4437; Jim & Chang 2018, p. 203; Kooper et al. 2011, p. 198). Future research should
further investigate the usage of these terms. Due to lack of access, we were not able to use certain
scientific databases such as Scopus and Web of Science. Though we are convinced that we have compiled
most of the studies carried out on this topic, future research should conduct a literature search in those
databases. The study did not validate the practical applicability of the conceptual framework. First, we did
not distinguish, which findings describe norms of data governance and which describe the actual practice.
Future research should conduct expert interviews or case studies to ascertain which data governance
concepts are applied in practice. Second, our conceptual framework does not provide the information on
which data governance mechanisms to choose for a given set of antecedents and a given organizational,
data, and domain scope. Researchers should conduct a quantitative study to identify the correlations
between antecedents, the scoping parameters, and data governance mechanisms. This could provide
further insights on how to configure data governance in a specific environment.
With our research agenda, we support the call from Tiwana et al. (2014, p. 9) for more research on the
governance of data. We provided a comprehensive overview of the topic that is valuable for both
researchers and practitioners in the field of data governance. We hope that our work facilitates future
research on data governance by providing a conceptual foundation.
7 References
Aisyah, M., & Ruldeviyani, Y. (2018). Designing Data Governance Structure Based On Data Management
Body of Knowledge (DMBOK) Framework: A Case Study on Indonesia Deposit Insurance
Corporation (IDIC). International Conference on Advanced Computer Science and Information
Systems (ICACSIS), (pp. 307-312). Yogyakarta, Indonesia.
Al-Badi, A., Tarhini, A., & Khan, A. I. (2018). Exploring Big Data Governance Frameworks. Procedia
Computer Science, 141, pp. 271-277.
Alhassan, I., Sammon, D., & Daly, M. (2016). Data governance activities: an analysis of the literature.
Journal of Decision Systems, 25(S1), pp. 64-75.
Alhassan, I., Sammon, D., & Daly, M. (2018). Data governance activities: a comparison between scientific
and practice-oriented literature. Journal of Enterprise Information Management, 31(2), pp. 300-
316.
Alhassan, I., Sammon, D., & Daly, M. (2019). Critical Success Factors for Data Governance: A Theory
Building Approach. Information Systems Management, 36(2), pp. 98-110.
Allen, C., Des Jardins, T. R., Heider, A., Lyman, K. A., McWilliams, L., Rein, A. L., . . . Turske, S. A. (2014).
Data Governance and Data Sharing Agreements for Community-Wide Health Information
Exchange: Lessons from the Beacon Communities. eGEMs, 2(1), pp. 1-9.
Al-Ruithe, M., & Benkhelifa, E. (2017). Analysis and Classification of Barriers and Critical Success Factors
for Implementing a Cloud Data Governance Strategy. Procedia Computer Science, 113, pp. 223-
232.
Al-Ruithe, M., & Benkhelifa, E. (2017b). A conceptual framework for cloud data governance-driven
decision making. International Conference on the Frontiers and Advances in Data Science (FADS),
(pp. 1-6). Xi'an, China.
Al-Ruithe, M., & Benkhelifa, E. (2017c). Cloud Data Governance In-Light of the Saudi Vision 2030 for
Digital Transformation. 14th International Conference on Computer Systems and Applications
(AICCSA), (pp. 1436-1442). Hammamet, Tunisia.
Al-Ruithe, M., & Benkhelifa, E. (2018). Determining the enabling factors for implementing cloud data
governance in the Saudi public sector by structural equation modelling. Future Generation
Computer Systems(article in press), pp. 1-16.
Al-Ruithe, M., Benkhelifa, E., & Hameed, K. (2016a). A Conceptual Framework for Designing Data
Governance for Cloud Computing. Procedia Computer Science, 94, pp. 160-167.
Al-Ruithe, M., Benkhelifa, E., & Hameed, K. (2016b). Key Dimensions for Cloud Data Governance. 2016
IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud), (pp. 379-386).
Vienna, Austria.
Al-Ruithe, M., Benkhelifa, E., & Hameed, K. (2018a). A systematic literature review of data governance
and cloud data governance. Personal and Ubiquitous Computing, pp. 1-21.
Al-Ruithe, M., Benkhelifa, E., & Hameed, K. (2018b). Data Governance Taxonomy: Cloud versus Non-
Cloud. Sustainability, 10(1), pp. 1-26.
Al-Ruithe, M., Mthunzi, S., & Benkhelifa, E. (2016c). Data Governance for Security in IoT & Cloud
Converged Environments. 2016 IEEE/ACS 13th International Conference of Computer Systems
and Applications (AICCSA) (pp. 1-8). Agadir, Morocco: IEEE.
Barker, J. M. (2016). Data Governance: The missing approach to improving data quality. ProQuest LLC.
Becker, M. Y. (2007). Information governance in NHS’s NPfIT: A case for policy specification. International
Journal of Medical Informatics, 76, pp. 432-437.
Begg, C., & Caira, T. (2011). Data Governance in Practise: The SME Quandary Reflections on the reality of
Data Governance in the Small to Medium Enterprise (SME) sector. Proceedings of the 5th
European Conference on Information Management and Innovation: ECIME 2011, (pp. 75-83).
Como, Italy.
Begg, C., & Caira, T. (2012). Exploring the SME Quandary: Data Governance in Practise in the Small to
Medium-Sized Enterprise Sector. The Electronic Journal Information Systems Evaluation, 15(1),
pp. 3-13.
Boell, S. K., & Cecez-Kecmanovic, D. (2015). On being ‘systematic’ in literature reviews in IS. Journal of
Information Technology, 30, pp. 161-173.
Borgman, H., Heier, H., Bahli, B., & Boekamp, T. (2016). Dotting the I and Crossing (out) the T in IT
Governance: New Challenges for Information Governance. 49th Hawaii International Conference
on System Sciences, (pp. 4901-4909). Koloa, Hawaii, USA.
Brooks, J. (2019). Perspectives on the relationship between records management and information
governance. Records Management Journal, 29(1/2), pp. 5-17.
Brous, P., Herder, P., & Janssen, M. (2016a). Governing Asset Management Data Infrastructures.
Procedia Computer Science, 95, pp. 303-310.
Brous, P., Janssen, M., & Herder, P. (2016b). Coordinating Data-Driven Decision-Making in Public Asset
Management Organizations: A Quasi-Experiment for Assessing the Impact of Data Governance
on Asset Management Decision Making. In D. Y. al. (Ed.), Social Media: The Good, the Bad, and
the Ugly. I3E 2016. Lecture Notes in Computer Science. 9844, pp. 573-583. Cham: Springer.
Brous, P., Janssen, M., & Vilminko-Heikkinen, R. (2016c). Coordinating Decision-Making in Data
Management Activities: A Systematic Review of Data Governance Principles. Electronic
Government. EGOVIS 2016 (pp. 115-125). Cham: Springer.
Brown, D. C., & Toze, S. (2017). Information governance in digitized public administration. CANADIAN
PUBLIC ADMINISTRATION, 60(4), pp. 581-604.
Bruhn, J. (2014). Identifying Useful Approaches to the Governance of Indigenous Data. The International
Indigenous Policy Journal, 5(2), pp. 1-32.
Carretero, A. G., Gualo, F., Caballero, I., & Piattini, M. (2017). MAMD 2.0: Environment for data quality
processes implantation based on ISO 8000-6X and ISO/IEC 33000. Computer Standards &
Interfaces, 54(3), pp. 139-151.
Cave, A. (2017). Exploring Strategies for Implementing Data Governance Practices. Walden Dissertations
and Doctoral Studies.
Cheng, G., Li, Y., Gao, Z., & Liu, X. (2017). Cloud data governance maturity model. 8th IEEE International
Conference on Software Engineering and Service Science (ICSESS), (pp. 517-520). Beijing, China.
Cheong, L. K., & Chang, V. (2007). The Need for Data Governance: A Case Study. 18th Australasian
Conference on Information System, (pp. 999-1008). Toowoomba, Australia.
Choi, S.-K. T., & Kroeschel, I. (2015). Challenges of Governing Interorganizational Value Chains: Insights
from a Case Study. Twenty-Third European Conference on Information Systems (ECIS), (pp. 1-16).
Münster, Germany.
Cohn, B. L. (2015). Data Governance: A Quality Imperative in the Era of Big Data, Open Data, and Beyond.
I/S: A JOURNAL OF LAW AND POLICY FOR THE INFORMATION SOCIETY, 10(3), pp. 811-826.
Corbin, J., & Strauss, A. (2015). Basics of Qualitative Research (4 ed.). SAGE Publications, Inc.
Cousins, K. (2016). Health IT Legislation in the United States: Guidelines for IS Researchers.
Communications of the Association for Information Systems, 39, pp. 338-366.
Coyne, E. M., Coyne, J. G., & Walker, K. B. (2018). Big Data information governance by accountants.
International Journal of Accounting & Information Management, 26(1), pp. 153-170.
Dahlberg, T., & Nokkala, T. (2015). A framework for the corporate governance of data - Theoretical
background and empirical evidence. Business, Management and Education, 13(1), pp. 25-45.
DAMA International. (2009). The DAMA Guide to The Data Management Body of Knowledge. New Jersey:
Technics Publications, LLC.
Daneshmandnia, A. (2019). The influence of organizational culture on information governance
effectiveness. Records Management Journal, 29(1/2), pp. 18-41.
de Abreu Faria, F., Maçada, A. C., & Kumar, K. (2013). Information Governance in the Banking Industry.
Proceedings of the 46th Hawaii International Conference on System Sciences, (pp. 4436-4445).
Wailea, Maui, Hawaii, USA.
De Haes, S., & Van Grembergen, W. (2005). IT Governance Structures, Processes and Relational
Mechanisms: Achieving IT/Business Alignment in a Major Belgian Financial Group. Proceedings of
the 38th Hawaii International Conference on System Sciences, (pp. 1-10). Big Island, Hawaii, USA.
De Haes, S., & Van Grembergen, W. (2009). An Exploratory Study into IT Governance Implementations
and its Impact on Business/IT Alignment. Information Systems Management, 26(2), pp. 123-137.
De Mauro, A., Greco, M., & Grimaldi, M. (2014). What is Big Data? A Consensual Definition and a Review
of Key Research Topics. International Conference on Integrated Information (IC-ININFO), (pp. 97-
104).
Donaldson, A., & Walker, P. (2004). Information governancea view from the NHS. International Journal
of Medical Informatics, 73, pp. 281-284.
Dreibelbis, A., Hechler, E., Milman, I., Oberhofer, M., & van Run, P. (2008). Enterprise Master Data
Management: An SOA Approach to Managing Core Information. IBM Press.
Dyché, J., & Levy, E. (2006). Customer Data Integration: Reaching a Single Version of the Truth. John
Wiley & Sons.
EFQM. (2011). Framework for Corporate Data Quality Management.
Evans, J., McKemmish, S., & Rolan, G. (2019). Participatory information governance: Transforming
recordkeeping for childhood out-of-home Care. Records Management Journal, 29(1/2), pp. 178-
193.
Felici, M., Koulouris, T., & Pearson, S. (2013). Accountability for Data Governance in Cloud Ecosystems.
IEEE International Conference on Cloud Computing Technology and Science, (pp. 327-332).
Fu, X., Wojak, A., Neagu, D., Ridley, M., & Travis, K. (2011). Data governance in predictive toxicology: A
review. Journal of Cheminformatics, 3(24), pp. 1-16.
Gillies, A. (2015). The role of information governance within English clinical governance: Observations
based upon the interim report from the NIGC of the Care Quality Commission. Clinical
Governance: An International Journal, 20(1), pp. 13-20.
Gillies, A., & Howard, J. (2005). An international comparison of information in adverse events.
International Journal of Health Care Quality Assurance, 18(5), pp. 343-352.
Gong, Y., & Janssen, M. (2019). The value of and myths about enterprise architecture. International
Journal of Information Management, 46, pp. 1-9.
Grimstad, T., & Myrseth, P. (2011). Information governance as a basis for cross-sector e-services in public
administration. International Conference on E-Business and E-Government (ICEE), (pp. 1-4).
Shanghai, China.
Guetat, S. B., & Dakhli, S. B. (2015). The Architecture Facet of Information Governance: The Case of
Urbanized Information Systems. Procedia Computer Science, 64, pp. 1088-1098.
Hagmann, J. (2013). Information governance beyond the buzz. Records Management Journal, 23(3), pp.
228-240.
Haneem, F., Kama, N., Taskin, N., Pauleen, D., & Abu Bakar, N. A. (2019). Determinants of master data
management adoption by local government organizations: An empirical study. International
Journal of Information Management, 45, pp. 25-43.
Heredia-Vizcaíno, D., & Nieto, W. (2019). A Governing Framework for Data-Driven Small Organizations in
Colombia. (C. Springer, Ed.) New Knowledge in Information Systems and Technologies.
WorldCIST'19 2019. Advances in Intelligent Systems and Computing, 930, pp. 622-629.
Hovenga, E. J. (2013). Impact of Data Governance on a Nation’s Healthcare System Building Blocks. In
Health Information Governance in a Digital Environment (pp. 24-66).
Hovenga, E. J., & Grain, H. (2013). Health Data and Data Governance. In Health Information Governance
in a Digital Environment (pp. 67-92).
IBM. (2007). The IBM Data Governance Council Maturity Model: Building a roadmap for effective data
governance. New York.
IBM. (2014). Information Governance Principles and Practices for a Big Data Landscape.
IDC. (2014). The DIGITAL UNIVERSE of OPPORTUNITIES.
In, J., Bradley, R., Bichescu, B. C., & Autry, C. W. (2019). Supply chain information governance: toward a
conceptual framework. The International Journal of Logistics Management, 30(2), pp. 506-526.
Informatica. (2012). Holistic Data Governance: A Framework for Competitive Advantage.
ISACA. (2013). COBIT 5: Enabling Information. Illinois.
Ismagilova, E., Hughes, L., Dwivedi, Y. K., & Raman, K. R. (2019). Smart cities: Advances in research - An
information systems perspective. International Journal of Information Management, 47, pp. 88-
100.
ISO. (2001). INTERNATIONAL STANDARD ISO 15489-1. Information and documentation Records
management Part 1: General. Switzerland.
ISO/IEC. (2005). INTERNATIONAL STANDARD ISO/IEC 27001. Information technology Security
techniques Information security management systems Requirements. Switzerland.
Jim, C. K., & Chang, H.-C. (2018). The Current State of Data Governance in Higher Education. Proceedings
of the Association for Information Science and Technology, 55(1), pp. 198-206.
Kamioka, T., Luo, X., & Tapanainen, T. (2016). An empirical investigation of data governance: The role of
accountabilities. PACIS 2016 Proceedings, (pp. 1-12).
Khatri, V. (2016). Managerial work in the realm of the digital universe: The role of the data triad. Business
Horizons, 59, pp. 673-688.
Khatri, V., & Brown, C. V. (2010, January). Designing data governance. Communications of the ACM,
53(1), pp. 148-152.
Kim, H. Y., & Cho, J.-S. (2017). Data Governance Framework for Big Data Implementation with a Case of
Korea. IEEE 6th International Congress on Big Data, (pp. 384-391). Honolulu, Hawaii, USA.
Kim, H. Y., & Cho, J.-S. (2018). Data governance framework for big data implementation with NPS Case
Analysis in Korea. Journal of Business and Retail Management Research (JBRMR), 12(3), pp. 36-
46.
Koltay, T. (2016). Data governance, data literacy and the management of data quality. IFLA Journal,
42(4), pp. 303-312.
Kooper, M., Maes, R., & Lindgreen, E. R. (2011, June). On the governance of information: Introducing a
new concept of governance to support the management of information. International Journal of
Information Management, 31(3), pp. 195-200.
Korhonen, J. J., Melleri, I., Hiekkanen, K., & Helenius, M. (2013). Designing Data Governance Structure:
An Organizational Perspective. GSTF Journal on Computing, 2(4), pp. 11-17.
Kravets, J., & Zimmermann, K. (2012). Inter-organizational Information Alignment: A Conceptual Model
of Structure and Governance for Cooperations. Proceedings of the Eighteenth Americas
Conference on Information Systems, (pp. 1-10). Seattle, Washington, USA.
Kusumah, R. T., & Suhardi. (2014). Designing Information Governance in Statistical Organization.
International Conference on Information Technology Systems and Innovation (ICITSI) 2014, (pp.
201-205). Bandung-Bali.
Lajara, T. T., & Maçada, A. C. (2013). Information Governance Framework: The Defense Manufacturing
Case Study. Proceedings of the Nineteenth Americas Conference on Information Systems, (pp. 1-
10). Chicago, Illinois.
Laney, D. (2001). 3D Data Management: Controlling Data Volume, Velocity, and Variety. META Delta
Application Delivery Strategies, pp. 1-4.
Lăzăroiu, G., Kovacova, M., Kliestikova, J., Kubala, P., Valaskova, K., & Dengov, V. V. (2018). Data
governance and automated individual decision-making in the digital privacy General Data
Protection Regulation. Administratie si Management Public, 31, pp. 132-142.
Lee, A. S. (1989, March). A Scientific Methodology For MIS Case Studies. MIS Quarterly, 13, pp. 33-50.
Lee, S. U., Zhu, L., & Jeffery, R. (2017). Data Governance for Platform Ecosystems: Critical Factors and the
State of Practice. Twenty First Pacific Asia Conference on Information Systems, (pp. 1-12).
Langkawi.
Lee, Y., Madnick, S., Wang, R., Wang, F., & Zhang, H. (2014). A Cubic Framework for the Chief Data
Officer: Succeeding in a World of Big Data. MIS Quarterly Executive, 13(1), pp. 1-13.
Lemieux, V. L., Gormly, B., & Rowledge, L. (2014). Meeting Big Data challenges with visual analytics: The
role of records management. Records Management Journal, 24(2), pp. 122-141.
Lillie, T., & Eybers, S. (2019). Identifying the Constructs and Agile Capabilities of Data Governance and
Data Management: A Review of the Literature. IDIA 2018, CCIS 933, pp. 313-326.
Lomas, E. (2010). Information governance: information security and access within a UK context. Records
Management Journal, 20(2), pp. 182-198.
Loshin, D. (2008). Master Data Management. Morgan Kaufmann.
Malik, P. (2013). Governing Big Data: Principles and practices. IBM Journal of Research and Development,
57(3/4), pp. 1-13.
Marchildon, P., Bourdeau, S., Hadaya, P., & Labissière, A. (2018). Data governance maturity assessment
tool: A design science approach. Projectics / Proyéctica / Projectique, 20, pp. 155-193.
Marshall, C., & Rossman, G. B. (2011). Designing Qualitative Research (5 ed.). SAGE Publications.
Mikalef, P., Krogstie, J., van de Wetering, R., Pappas, I. O., & Giannakos, M. N. (2018). Information
Governance in the Big Data Era: Aligning Organizational Capabilities. Proceedings of the 51st
Hawaii International Conference on System Sciences, (pp. 4911-4920). Big Island, Hawaii, USA.
Miles, M. B., & Huberman, A. M. (1994). Qualitative Data Analysis: An Expanded Sourcebook (2 ed.).
SAGE Publications.
Mlangeni, T. C., & Ruhode, E. (2017). Data Governance: A Challenge for Merged and Collaborating
Institutions in Developing Countries. 14th IFIP WG 9.4 International Conference on Social
Implications of Computers in Developing Countries, ICT4D 2017, (pp. 242-253). Yogyakarta,
Indonesia.
Morabito, V. (2015). Big Data and Analytics: Strategic and Organizational Impacts. Switzerland: Springer
International Publishing.
NASCIO. (2008). Data Governance Managing Information As An Enterprise Asset. Part I An
Introduction. Lexington.
Neff, A. A., Schosser, M., Zelt, S., Uebernickel, F., & Brenner, W. (2013). Explicating Performance Impacts
of IT Governance and Data Governance in Multi-Business Organisations. Proceedings of the 24th
Australasian Conference on Information Systems, (pp. 1-11). Melbourne, Australia.
Ng, P. M., Lo, M. F., & Choy, E. (2015). Improving China’s Corporate Governance Within the Big Data era:
Integration of Knowledge Management and Data Governance. In A. C. Limited (Ed.), 12th
International Conference on Intellectual Capital Knowledge Management and Organisational
Learning, ICICKM 2015, (pp. 183-190). Thailand.
Nguyen, C., Sargent, J., Stockdale, R., & Scheepers, H. (2014). Towards a unified framework for
governance and management of information. Proceedings of the 25th Australasian Conference
on Information Systems, (pp. 1-13). Auckland, New Zealand.
Nguyen, T. C. (2016). Information governance and management in the context of GOV 2.0.
Nielsen, O. B. (2017). A Comprehensive Review of Data Governance Literature. Selected Papers of the
IRIS, 8, pp. 120-133.
Nielsen, O. B., Persson, J. S., & Madsen, S. (2018). Why Governing Data Is Difficult: Findings from Danish
Local Government. TDIT 2018, IFIP AICT 533, pp. 15-29.
Niemi, E., & Laine, S. (2016). Designing Information Governance with a Focus on Competence
Management in a Knowledge-Intensive Project Organization. ICIQ, (pp. 1-12). Ciudad Real, Spain.
Nwabude, C., Begg, C., & McRobbie, G. (2014). Data Governance in Small Businesses Why Small
Business Framework should be Different. International Proceedings of Economics Development
and Research, 82, pp. 101-107.
OECD. (2017). Recommendation of the Council on Health Data Governance. OECD/LEGAL/0433, OECD
Legal Instruments.
Olanrewaju, A.-S. T., Hossain, M. A., Whiteside, N., & Mercieca, P. (2020). Social media and
entrepreneurship research: A literature review. International Journal of Information
Management, 50, pp. 90-110.
Otto, B. (2011a). Data Governance. Business & Information Systems Engineering, 4, pp. 241-244.
Otto, B. (2011b). Organizing Data Governance: Findings from the Telecommunications Industry and
Consequences for Large Service Providers. Communications of the Association for Information
Systems, 29(1), pp. 45-66.
Otto, B. (2011c). A morphology of the organisation of data governance. Proceedings of the 19th
European Conference on Information Systems (ECIS), (pp. 1-12). Helsinki, Finland.
Otto, B. (2012). Managing the business benefits of product data management: the case of Festo. Journal
of Enterprise Information Management, 25(3), pp. 272-297.
Otto, B. (2013). On the Evolution of Data Governance in Firms: The Case of Johnson & Johnson Consumer
Products North America. In S. S. (Ed.), Handbook of Data Quality (pp. 93-118). Springer, Berlin,
Heidelberg.
Palczewska, A., Fu, X., Trundle, P., Yang, L., Neagu, D., Ridley, M., & Travis, K. (2013). Towards model
governance in predictive toxicology. International Journal of Information Management, 33, pp.
567-582.
Panian, Z. (2010). Some Practical Experiences in Data Governance. World Academy of Science,
Engineering and Technology, (pp. 939-946).
Permana, R. I., & Suroso, J. S. (2018). Data Governance Maturity Assessment at PT. XYZ. Case Study: Data
Management Division. International Conference on Information Management and Technology
(ICIMTech), (pp. 15-20). Jakarta, Indonesia.
Peterson, R. (2004). Crafting Information Technology Governance. Information Systems Management,
21, pp. 7-22.
Peyret, H., & Goetz, M. (2014). The Forrester Wave™: Data Governance Tools, Q2 2014. Forrester
Research, Inc., Cambridge, MA 02140.
Pierce, E., Dismute, W. S., & Yonke, C. L. (2008). The State of Information and Data Governance.
Understanding How Organizations Govern Their Information and Data Assets. International
Association for Information and Data Quality (IAIDQ); University of Arkansas at Little Rock,
Information Quality Program (UALR-IQ).
Prasetyo, H. N. (2016). A review of data governance maturity level in higher education. Jurnal Ilmiah
Teknologi Informasi Terapan, 3(1), pp. 1-10.
Prasetyo, H. N., & Surendro, K. (2015). Designing a data governance model based on soft system
methodology (SSM) in organization. Journal of Theoretical and Applied Information Technology,
78(1), pp. 46-52.
Proença, D., Vieira, R., & Borbinha, J. (2016). A maturity model for information governance. 11th Iberian
Conference on Information Systems and Technologies (CISTI), (pp. 1-6). Las Palmas, Spain.
Proença, D., Vieira, R., & Borbinha, J. (2017). Information Governance Maturity Model Final Development
Iteration. (C. Springer, Ed.) Research and Advanced Technology for Digital Libraries. TPDL 2017.
Lecture Notes in Computer Science, 10450, pp. 128-139.
Randhawa, T. S. (2019). Incorporating Data Governance Frameworks in the Financial Industry. Walden
Dissertations and Doctoral Studies.
Rasouli, M. (2016). Information governance in service-oriented business networking. Eindhoven:
Technische Universiteit Eindhoven.
Rasouli, M. R., Eshuis, R., Grefen, P. W., Trienekens, J. J., & Kusters, R. J. (2017). Information Governance
in Dynamic Networked Business Process Management. International Journal of Cooperative
Information Systems, 26(1), pp. 1-37.
Rasouli, M. R., Eshuis, R., Trienekens, J. J., & Grefen, P. W. (2016a). Information Governance
Requirements for Architectural Solutions Supporting Dynamic Business Networking. In G. W.
Norta A. (Ed.), Service-Oriented Computing ICSOC 2015 Workshops. ICSOC 2015. Lecture Notes
in Computer Science. 9586, pp. 184-189. Springer, Berlin, Heidelberg.
Rasouli, M. R., Eshuis, R., Trienekens, J. J., Kusters, R. J., & Grefen, P. W. (2016b). Information
Governance as a Dynamic Capability in Service Oriented Business Networking. 17th IFIP WG 5.5
Working Conference on Virtual Enterprises, PRO-VE 2016, (pp. 457-468). Porto, Portugal.
Rasouli, M. R., Trienekens, J. J., Kusters, R. J., & Grefen, P. W. (2016c). Information governance
requirements in dynamic business networking. Industrial Management & Data Systems, 116(7),
pp. 1356-1379.
Renaud, K. (2014). Clinical and information governance proposes; human fallibility disposes. Clinical
Governance: An International Journal, 19(2), pp. 94-109.
Rifaie, M., Alhajj, R., & Ridley, M. (2009). Data Governance Strategy: A Key Issue in Building Enterprise
Data Warehouse. Proceedings of the 11th International Conference on Information Integration
and Web based Applications & Services, (pp. 587-591). Kuala Lumpur, Malaysia.
Rosenbaum, S. (2010). Data Governance and Stewardship: Designing Data Stewardship Entities and
Advancing Data Access. Health Services Research, 45(5), pp. 1442-1455.
Rowe, F. (2014). What literature review is not: diversity, boundaries and recommendations. European
Journal of Information Systems, 23, pp. 241-255.
Saputra, D. A., Handika, D., & Ruldeviyani, Y. (2018). Data Governance Maturity Model (DGM2)
Assessment in Organization Transformation of Digital Telecommunication Company: Case Study
of PT Telekomunikasi Indonesia. International Conference on Advanced Computer Science and
Information Systems (ICACSIS), (pp. 325-330). Yogyakarta, Indonesia.
Senyo, P. K., Liu, K., & Effah, J. (2019). Digital business ecosystem: Literature review and a framework for
future research. International Journal of Information Management, 47, pp. 52-64.
Silic, M., & Back, A. (2013). Factors impacting information governance in the mobile device dual-use
context. Records Management Journal, 23(2), pp. 73-89.
Soares, S. (2013). IBM InfoSphere: A Platform for Big Data Governance and Process Data Governance (1
ed.). Boise: MC Press Online.
Tallon, P. P. (2013). Corporate Governance of Big Data: Perspectives on Value, Risk, and Cost. Computer,
26(6), pp. 32-38.
Tallon, P. P., Ramirez, R. V., & Short, J. E. (2014). The Information Artifact in IT Governance: Toward a
Theory of Information Governance. Journal of Management Information Systems, 30(3), pp. 141-
177.
Tallon, P. P., Short, J. E., & Harkins, M. W. (2013). The Evolution of Information Governance at Intel. MIS
Quarterly Executive, 12(4), pp. 189-198.
Thammaboosadee, S., & Dumthanasarn, N. (2018). Proposed Amendments of Public Information Act
Towards Data Governance Framework for Open Government Data: Context of Thailand. 3rd
Technology Innovation Management and Engineering Science International Conference (TIMES-
iCON), (pp. 1-5). Bangkok, Thailand.
Thiarai, M., Chotvijit, S., & Jarvis, S. (2019). Balancing information governance obligations when accessing
social care data for collaborative research. Records Management Journal, 29(1/2), pp. 194-209.
Thomas, G. (2006). The DGI Data Governance Framework. The Data Governance Institute.
Thompson, N., Ravindran, R., & Nicosia, S. (2015). Government data does not mean data governance:
Lessons learned from a public sector application audit. Government Information Quarterly, 32,
pp. 316-322.
Tiwana, A., Konsynski, B., & Venkatraman, N. (2014). Special Issue: Information Technology and
Organizational Governance: The IT Governance Cube. Journal of Management Information
Systems, 30(3), pp. 7-12.
Traulsen, S., & Troebs, M. (2011). Implementing Data Governance within a Financial Institution.
INFORMATIK 2011, 41. Jahrestagung der Gesellschaft für Informatik, (pp. 1-15). Berlin.
Tse, D., Chow, C.-k., Ly, T.-p., Tong, C.-y., & Tam, K.-w. (2018). The Challenges of Big Data Governance in
Healthcare. 17th IEEE International Conference On Trust, Security And Privacy In Computing And
Communications/ 12th IEEE International Conference On Big Data Science And Engineering
(TrustCom/BigDataSE), (pp. 1632-1636). New York, NY, USA.
van den Broek, T., & van Veenstra, A. F. (2015). Modes of Governance in Inter-Organizational Data
Collaborations. Twenty-Third European Conference on Information Systems (ECIS), (pp. 1-12).
Münster, Germany.
van Helvoirt, S., & Weigand, H. (2015). Operationalizing Data Governance via Multi-level Metadata
Management. In J. M. al. (Ed.), Open and Big Data Management and Innovation. I3E 2015.
Lecture Notes in Computer Science. 9373, pp. 160-172. Cham: Springer.
Vilminko-Heikkinen, R., & Pekkola, S. (2019). Changes in roles, responsibilities and ownership in
organizing master data management. International Journal of Information Management, 47, pp.
76-87.
vom Brocke, J., Simons, A., Niehaves, B., Riemer, K., Plattfaut, R., & Cleven, A. (2009). Reconstructing the
Giant: On the Importance of Rigour in Documenting the Literature Search Process. Proceedings
of the 17th European Conference On Information Systems, (pp. 2206-2217). Verona, Italy.
Waltl, B., Reschenhofer, T., & Matthes, F. (2015). Data Governance on EA Information Assets: Logical
Reasoning for Derived Data. Advanced Information Systems Engineering Workshops: CAiSE 2015
International Workshops, (pp. 401-412). Stockholm, Sweden.
Watson, H. J., Fuller, C., & Ariyachandra, T. (2004). Data warehouse governance: best practices at Blue
Cross and Blue Shield of North Carolina. Decision Support Systems, 38, pp. 435-450.
Weber, K., Otto, B., & Österle, H. (2009). One Size Does Not Fit All---A Contingency Approach to Data
Governance. Journal of Data and Information Quality, 1(1), pp. 1-27.
Webster, J., & Watson, R. T. (2002). Analyzing the Past to Prepare For the Future: Writing a Literature
Review. MIS Quarterly, 26(2), pp. xiii-xxiii.
Weill, P., & Ross, J. (2005). A Matrixed Approach to Designing IT Governance. MIT Sloan Management
Review, 46(2), pp. 26-34.
Weller, A. (2008). Data governance: Supporting datacentric risk management. Journal of Securities
Operations & Custody, 1(3), pp. 250-262.
Wende, K. (2007). A Model for Data Governance Organising Accountabilities for Data Quality
Management. Proceedings of the 18th Australasian Conference on Information Systems, (pp.
417-425). Toowoomba, Australia.
Wende, K., & Otto, B. (2007). A Contingency Approach to Data Governance. 12th International
Conference on Information Quality, (pp. 1-14). Cambridge, Massachusetts, USA.
Were, V., & Moturi, C. (2017). Toward a data governance model for the Kenya health professional
regulatory authorities. The TQM Journal, 29(4), pp. 579-589.
Wilbanks, D., & Lehman, K. (2012). Data governance for SoS. International Journal of System of Systems
Engineering, 3(3-4), pp. 337-346.
Winter, J. S., & Davidson, E. (2017). Investigating Values in Personal Health Data Governance Models.
Twenty-third Americas Conference on Information Systems, (pp. 1-10). Boston, USA.
Winter, J. S., & Davidson, E. (2018). Big data governance of personal health information and challenges
to contextual integrity. The Information Society, pp. 1-16.
Wright, T. (2013). Information culture in a government organization. Examining records management
training and self-perceived competencies in compliance with a records management program.
Records Management Journal, 23(1), pp. 14-36.
Young, A., & McConkey, K. (2012). Data governance and data quality: Is it on your agenda? Journal of
Institutional Research, 17(1), pp. 69-77.
Yu, H., & Foster, J. (2017). Towards Information Governance of Data Value Chains: Balancing the Value
and Risks of Data Within a Financial Services Company. In L. W. Uden L. (Ed.), Knowledge
Management in Organizations. KMO 2017. Communications in Computer and Information
Science. 731, pp. 336-346. Cham: Springer.
Yulfitri, A. (2016). Modeling Operational Model of Data Governance in Government. International
Conference on Information Technology Systems and Innovation (ICITSI), (pp. 1-5). Bandung,
Indonesia.
Zhang, S., Gao, H., Yang, L., & Song, J. (2017). Research on Big Data Governance Based on Actor-Network
Theory and Petri Nets. IEEE 21st International Conference on Computer Supported Cooperative
Work in Design (CSCWD), (pp. 372-377). Wellington, New Zealand.
Zorn, T., & Campbell, N. (2006). Improving the Writing of Literature Reviews through a Literature
Integration Exercise. Business Communication Quarterly, 69(2), pp. 172-183.
... Thus, we enhanced the systematic search with a narrative search (King & He, 2005) to fill gaps not addressed by articles from the systematic literature review. The narrative search was guided by approaching AI governance from two complementing perspectives (i) looking at governance frameworks on IT (Tiwana et al. 2013) and data (Abraham et al. 2019) with emphasis on business-relevant aspects and investigating to what extent each aspect in this framework was covered by literature, (ii) looking at key characteristics of AI that are likely impacting their governance and investigating to what extent these characteristics have been addressed. An overview of the process is provided in Figure 1. ...
... A narrative literature review puts the burden of an adequate search procedure on the reviewer. Our search was guided by synthesizing works identified in the systematic literature review and mapping them to existing governance frameworks (Abraham et al., 2019;Tiwana et al., 2013), taking into account key characteristics of AI such as its autonomy, ability to learn and obscurity. Parts of the framework that were not covered were explicitly searched for. ...
... We defer a detailed discussion of differences to the end of the paper, presenting the final framework ( Figure 8). Abraham et al. (2019) presented a framework for data governance. It covered only the data dimension, which we expand with concepts that arise or allow for different, more specific treatments in the context of AI such as data valuation, bias, and (concept) drift. ...
Article
Full-text available
While artificial intelligence (AI) governance is thoroughly discussed on a philosophical, societal, and regulatory level, few works target companies. We address this gap by deriving a conceptual framework from literature. We decompose AI governance into governance of data, machine learning models, and AI systems along the dimensions of who, what, and how "is governed". This decomposition enables the evolution of existing governance structures. Novel, business-specific aspects include measuring data value and novel AI governance roles.
... Data governance and data management (Abraham et al., 2019;Brous et al., 2016;Janssen et al., 2020) Critical data studies (Iliadis & Russo, 2016) D. Risks and impact management -Risk and impact analysis -Risk and impact management -Risk and impact monitoring design -Risk and impact monitoring Identifying, managing, and monitoring potential risks and impacts caused by the AI system to align the system with the organization's strategic goals and values. ...
... The organizational layer involves corporate governance (Harjoto & Jo, 2011), IT governance (Tiwana & Kim, 2015;Weill, 2008), and strategic management (Brendel et al., 2021), among others. Finally, the AI system layer involves fields such as software engineering (Dennehy & Conboy, 2018), critical algorithm studies (Kitchin, 2017;Ziewitz, 2016), and data governance (Abraham et al., 2019;Brous et al., 2016;Janssen et al., 2020). Together, the layers form a multidisciplinary area of study that researchers need to understand to enable them to unpack the challenges and phenomena surrounding AI governance. ...
Preprint
Full-text available
The organizational use of artificial intelligence (AI) has rapidly spread across various sectors. Alongside the awareness of the benefits brought by AI, there is a growing consensus on the necessity of tackling the risks and potential harms, such as bias and discrimination, brought about by advanced AI technologies. A multitude of AI ethics principles have been proposed to tackle these risks, but the outlines of organizational processes and practices for ensuring socially responsible AI development are in a nascent state. To address the paucity of comprehensive governance models, we present an AI governance framework, the hourglass model of organizational AI governance, which targets organizations that develop and use AI systems. The framework is designed to help organizations deploying AI systems translate ethical AI principles into practice and align their AI systems and processes with the forthcoming European AI Act. The hourglass framework includes governance requirements at the environmental, organizational, and AI system levels. At the AI system level, we connect governance requirements to AI system life cycles to ensure governance throughout the system's life span. The governance model highlights the systemic nature of AI governance and opens new research avenues into its practical implementation, the mechanisms that connect different AI governance layers, and the dynamics between the AI governance actors. The model also offers a starting point for organizational decision-makers to consider the governance components needed to ensure social acceptability, mitigate risks, and realize the potential of AI.
... Finally, unless data, and meta-data are treasured at (or beyond) the level of first-class citizen for network AI, then much of the AI effort will likely end up being in the 80% of failing projects [2]. The complexity of meta-data management and of properly granting access to data, calls for a more systematic approach to data governance [133]: e.g., by the introduction of data stewards, beyond the roles of data owner, data engineer and data scientist. Data stewards should govern the access to data, on behalf of data owners and using the process developed by data engineers, in compliance with regulation aspects. ...
Preprint
The tremendous achievements of Artificial Intelligence (AI) in computer vision, natural language processing, games and robotics, has extended the reach of the AI hype to other fields: in telecommunication networks, the long term vision is to let AI fully manage, and autonomously drive, all aspects of network operation. In this industry vision paper, we discuss challenges and opportunities of Autonomous Driving Network (ADN) driven by AI technologies. To understand how AI can be successfully landed in current and future networks, we start by outlining challenges that are specific to the networking domain, putting them in perspective with advances that AI has achieved in other fields. We then present a system view, clarifying how AI can be fitted in the network architecture. We finally discuss current achievements as well as future promises of AI in networks, mentioning a roadmap to avoid bumps in the road that leads to true large-scale deployment of AI technologies in networks.
Article
With the surge in the number of data and datafied governance initiatives, arrangements, and practices across the globe, understanding various types of such initiatives, arrangements, and their structural causes has become a daunting task for scholars, policy makers, and the public. This complexity additionally generates substantial difficulties in considering different data(fied) governances commensurable with each other. To advance the discussion, this study argues that existing scholarship is inclined to embrace an organization-centric perspective that primarily concerns factors and dynamics regarding data and datafication at the organizational level at the expense of macro-level social, political, and cultural factors of both data and governance. To explicate the macro, societal dimension of data governance, this study then suggests the term “social data governance” to bring forth the consideration that data governance not only reflects the society from which it emerges but also (re)produces the policies and practices of the society in question. Drawing on theories of political science and public management, a model of social data governance is proposed to elucidate the ideological and conceptual groundings of various modes of governance from a comparative perspective. This preliminary model, consisting of a two-dimensional continuum, state intervention and societal autonomy for the one, and national cultures for the other, accounts for variations in social data governance across societies as a complementary way of conceptualizing and categorizing data governance beyond the European standpoint. Finally, we conduct an extreme case study of governing digital contact-tracing techniques during the pandemic to exemplify the explanatory power of the proposed model of social data governance.
Article
The effects of data governance (as a means to maximize big data value creation in fire risk management) performance on fire risk was analyzed based on multi-source statistical data of 105 cities in China from 2016 to 2018. Specifically, data governance was first quantified with ten detailed indicators, which were then selected for explaining urban fire risk through correlation analysis. Next, the sample cities were clustered in terms of major socio-economic characteristics, and then the effects of data governance were examined by constructing multivariate regression models for each city cluster with ordinary least squares (OLS). The results showed that the constructed regression models produced good interpretation of fire risk in different types of cities, with coefficient of determination (R²) in each model exceeding 0.65. Among the indicators, the development of infrastructures (e.g. data collection devices and data analysis platforms), the level of data use, and the updating of fire risk related data were proved to produce significant effects on the reduction of fire frequency and fire consequence. Moreover, the organizational maturity of data governance was proved to be helpful in reducing fire frequency. For the cities with large population, the cross-department sharing of high-value data was found to be another important determinant of urban fire frequency. In comparison with existing statistical models which interpreted fire risk with general social factors (with the highest R² = 0.60), these new regression models presented a better statistical performance (with the average R² = 0.72). These findings are expected to provide decision support for the local governments of China and other jurisdictions to facilitate big data projects in improving fire risk management.
Preprint
Full-text available
Port logistics data governance is characterized by multi-subject, multi-dimensional and dynamic interaction, which brings significant challenges for enterprises to perform the strategic value of data information. In order to maximize the potential of data information, this paper systematically and quantitatively assesses and optimizes port logistics data governance capabilities through an enhanced Meta-Network Analysis-Simulated Annealing Algorithm (MNA-SAA)-based approach. This approach first applies the MNA method to conceptualize port logistics data governance as “Data Information-Skilled People-Technology-Process” (I-A-T-P) meta-networks, which portray the dynamic interaction behavior of data information between different subjects. Then, multi-level meta-network metrics (i.e., people/process data information waste congruence, data information actual/potential load, organization people data information needs congruence, and perform as accuracy) are used to the port logistics data governance capabilities. The SAA is applied to optimize the data governance structure from the skilled people-data information interaction (AI) network. This proposed approach is validated by a generic port logistics data governance case study. Based on the optimization results of the generic port logistics data governance meta-networks, its data governance capability improvement strategies and the advantages of the enhanced MNA-SAA approach are discussed. Overall, this enhanced MNA-SAA approach promotes an understanding of port data governance by systematically conceptualizing complex data governance structures and quantifying data governance capabilities. This study provides decision-makers with implementable support to advance stakeholder collaboration and knowledge sharing to improve future port logistics data governance capabilities.
Article
For some years now, master data has become extremely relevant to business success and continuity in an increasingly competitive and global business environment. The banking sector is one example of how the implementation of well-structured and designed master data management policies and initiatives is crucial for reaching positive results. One of the areas in which banks need to ensure extremely fruitful master data management approaches and data governance procedures is when dealing with risk-related data, as it not only ensures accurate and well-supported management and decision-making, but also because banks are required to do so by imposed regulations, such as the BCBS 239. Drawing on a DSR methodology supported research project, where banking and IS-related expertise was continuously merged with existing theoretical knowledge on MDM and BCBS 239 related topics, and a permanent focus on the technical and functional complexity associated with implementing master data management and well-established data governance procedures that ensure regulatory compliance, we propose a novel, six-phase action plan that will allow banks to ensure compliance with BCBS 239 and, consequently, ensure efficient and effective risk data management and reporting.
Article
Full-text available
Data governance in organization is unique. Every organization has a form of data governance in accordance with their respective needs. In some literature most of the industry, build data governance program based on the needs of data quality in achieving the company's goals. Some research have shown that data quality management is the foundation of data governance development in the industry. Although the data quality management is an important foundation, but in the development of the industry show the form of data governance that vary according to the needs and interests of the company. To see the effectiveness that data governance has been implemented well in an organization, it is needed a measurement mechanism of maturity level. However, to determine whether the measurements were carried out in accordance with the organization's goals, it will be require a clear base in determining the dimensions of the measurement. This research tried to describe the dimensions of which will be used during the activity measurement data governance maturity level within an organization. The measurement model used as a reference is the IBM data governance and DAMA International.
Article
Full-text available
The objective of this research study is to present the critical success factors (CSFs) for data governance (DG). This paper reports on a single case study where data are gathered through semi-structured interviews following the CSF approach and analyzed by applying open, axial, and selective coding techniques. The findings are presented as seven CSFs, which are ranked in order of importance. Furthermore, we highlight the need to better understand the relationships (interconnectedness) between the CSFs.
Article
Full-text available
Purpose There is significant national interest in tackling issues surrounding the needs of vulnerable children and adults. This paper aims to argue that much value can be gained from the application of new data-analytic approaches to assist with the care provided to vulnerable children. This paper highlights the ethical and information governance issues raised in the development of a research project that sought to access and analyse children’s social care data. Design/methodology/approach The paper documents the process involved in identifying, accessing and using data held in Birmingham City Council’s social care system for collaborative research with a partner organisation. This includes identifying the data, its structure and format; understanding the Data Protection Act 1998 and 2018 (DPA) exemptions that are relevant to ensure that legal obligations are met; data security and access management; the ethical and governance approval process. Findings The findings will include approaches to understanding the data, its structure and accessibility tasks involved in addressing ethical and legal obligations and requirements of the ethical and governance processes. Originality/value The aim of this research is to highlight the potential use of use new data-analytic techniques to examine the flow of children’s social care data from referral, through the assessment process, to the resulting service provision. Data held by Birmingham City Council are used throughout, and this paper highlights key ethical and information governance issues which were addressed in preparing and conducting the research. The findings provide insight for other data-led studies of a similar nature.
Article
The rise of social media has led to changes in how entrepreneurs carry out their day-to-day activities. Studies on social media and entrepreneurship are relatively new and fragmented in their focus, however there is increasing interest from academia and practitioners for further research and investigation within this area. This study systematically reviews research carried out in the domain of social media and entrepreneurship. A total of 160 papers, published between 2002 and 2018 were synthesised to identify critical theories and research methods used in the domain. Based on the extent review, an integrative framework was developed to identify relationships amongst elucidated constructs. While most papers investigated the factors that drive social media adoption and use by entrepreneurs, it was found that the use of social media by entrepreneurs had transcended marketing and it is now used in business networking, information search and crowdfunding for their business. This has led to significant impact with improved firm performance and innovation enhancement being the essential outcomes. The literature review and framework further understanding of social media and entrepreneurship research, providing a useful basis for future studies and informs practice in this area.
Article
Nowadays, data have become strategic assets by allowing organizations to uncover unforeseen patterns and developing sharper insights about their customers and partners as well as the markets and environments in which they operate. To properly manage their data, organizations rely on a data governance framework (DGF) that defines the processes, policies, practices and structures necessary to orchestrate and optimize the collection, storage, use and dissemination of data as organizational assets. Yet, most organizations fail to implement a DGF adapted to their needs since they ignore the level of maturity of their data management practice and thus, do not know where to start when implementing a DGF. To help organizations evaluate their operations against data governance best practices as well as identify key gaps and develop, deploy and/or improve their DGF accordingly, the present paper develops, using a design science research approach, a data governance maturity assessment tool. Our proposed artifact, which includes 11 dimensions and 72 questions, allows organizations to assess where they stand in terms of data governance and, in turn, to better define and prioritize the goals, content and activities of their data governance initiatives.
Article
Smart cities employ information and communication technologies to improve: the quality of life for its citizens, the local economy, transport, traffic management, environment, and interaction with government. Due to the relevance of smart cities (also referred using other related terms such as Digital City, Information City, Intelligent City, Knowledge-based City, Ubiquitous City, Wired City) to various stakeholders and the benefits and challenges associated with its implementation, the concept of smart cities has attracted significant attention from researchers within multiple fields, including information systems. This study provides a valuable synthesis of the relevant literature by analysing and discussing the key findings from existing research on issues related to smart cities from an Information Systems perspective. The research analysed and discussed in this study focuses on number of aspects of smart cities: smart mobility, smart living, smart environment, smart citizens, smart government, and smart architecture as well as related technologies and concepts. The discussion also focusses on the alignment of smart cities with the UN sustainable development goals. This comprehensive review offers critical insight to the key underlying research themes within smart cities, highlighting the limitations of current developments and potential future directions.
Article
Master data management (MDM) is a data management practice, which attempts to increase data quality and data use across business processes throughout the organization. This paper observes how data ownership, responsibilities, and roles change during MDM development. The metaphor of imbrication was used as a theoretical lens to identify the factors that influenced the change, and to analyze the change as a result of the intertwined social and material factors. We derive ethnographical data from two MDM projects in a municipality over a time period of 32 months, and describe how data ownership and data governance roles and responsibilities were perceived, and how they evolved during the development. As a result, MDM data ownership is emphasized, and has distinct features in relation to roles and responsibilities. Ownership had on impact on how the development proceeded, and how the roles and responsibilities evolved.
Chapter
Historically, data has been seen as the result of business transactions, with a little value beyond them, but they were not treated as a valuable shared asset. From the early 1990s, business decisions and processes started to be driven increasingly by data and data analysis. Further investment in data management was the approach taken to tackle the increasing volume, velocity, and variety of data, such as complex data repositories, data warehouses, and complex information systems. Data needed to be shared between multiple systems, which gave origin to the master data management. The first attempts of Data Management and Data Governance were failed, owing that, they were conducted by Information Technology division; today, Data Governance is still an under-researched area. In Colombia, very few organizations have started to implement Data Governance programs. There are IT Governance initiatives, within which there may be some particular linings for Data Quality or Metadata Management, as well as for Information Security. In the year 2014, the Ministerio de Tecnologías de la Información (MinTIC, a national government organization) designed a guide for Data Governance, which must be followed by every public institution, as part of the national policies such as Gobierno Digital Colombia. Small organizations, generally, know little or nothing about this initiative, but are aware of the importance of exploiting the data to obtain useful knowledge for the development of their businesses.
Article
Purpose This paper aims to explore the impact of organizational culture on information governance (IG) effectiveness at higher education institutions (HEIs). IT professionals, such as chef information officers, chief technology officers, chief information security officers and IT directors at HEIs were surveyed and interviewed to learn about whether organizational culture influences IG effectiveness. Several IG activities (processes) were identified, including information security, the function of an IG council, the presence of a Record Information Management department, the role of a compliance officer and information stewards and the use of an automated system or software to identify and maintain information life-cycle management. Design/methodology/approach This study was conducted using Cameron and Quinn’s (Cameron and Quinn, 2011) competing value framework. To evaluate organizational culture, using the competing value framework, four types of organizational culture profiles were used: collaboration, creation/innovation, controlling/hierarchy, and competition/result-oriented. The methodology included quantitative and qualitative techniques through the use of content analysis of data collected from participants. IT professionals, such as chef information officers, chief technology officers, chief information security officers and IT directors at HEIs were surveyed and interviewed to learn about whether organizational culture influences IG effectiveness. Findings Findings revealed organizational culture may influence IG effectiveness positively, especially from cultures of competition/result-oriented and control/hierarchy. Qualitatively, it also emerged that competition/result-oriented and control characteristics of organizational culture were perceived by IG professionals to produce more accurate information. One of the characteristics of organizational culture that became evident in the current study, coming from more than one subject, was the challenge in IG due to the presence of information silos. Trust, on the other hand, has been highlighted as the glue which can enable and drive governance processes in an organization. Research limitations/implications The current study was conducted based on HEIs. While the current study serves as a baseline for studying IG in other institutions, its results cannot be generalized for other type of institutions. The results cannot be generalized for other types of not-for-profit or for-profit organizations. Many of the characteristics of the sample data were specific to HEIs. For instance, financial, manufacturing and health-care institutions present challenges inherent in those institutions. Originality/value Trust has been highlighted as the glue which can enable and drive governance processes in an organization. Respondents of current study have indicated that trust serving several different factors toward IG effectiveness, including freedom to speak freely in the meeting about impact of organizational culture on IG, wiliness of executives of administration, particularly the CIO, to communicate IG matters to institution, sharing information and being transparent, entrusting help desk staff and technical supervisors so users can communicate with them and share their concerns and perceiving “feeling of trust” in the organization, which would benefit the institution, allowing stakeholders to collaborate and work together to overcome issues when facing IG challenges.
Article
This article reviews and advances existing relevant literature concerning online data privacy. Using data from Adobe/Edelman Berland, Econsultancy /Demographics and Technology Adoption report, Flash Eurobarometer, HubSpot, MarketingCharts, Pew Research Center, Spiceworks, Statista, Talend, and TrustArc, we performed analyses and made estimates regarding actions organizations aim to take to lay the groundwork for the General Data Protection Regulation (GDPR), the proportion of executives whose corporations have taken diverse decisions in preparation for GDPR, enhancements required in organizations in the wake of GDPR compliance, customer positions to online data harvesting routines, the link between customer trustworthiness and retail data infringements, the percentage of grown-ups who indicate varying degrees of trust that the records of their operations preserved by various companies will still be private and secure, and the degree of accountability for protecting a person’s online privacy. Empirical and secondary data are used to support the claim that the difficult tasks for persons to have relevant management over personal data are reflected in the GDPR that is a significantly intricate piece of law taking into account risk-based assessment and analysis by the data controller. To a certain extent, data subjects may be conferred a right to be notified about the presence of automated decision-making and system performance. © 2018, Bucharest University of Economic Studies Publishing House. All rights reserved.