Data Governance: A conceptual framework, structured review, and
Data governance refers to the exercise of authority and control over the management of data. The purpose
of data governance is to increase the value of data and minimize data-related cost and risk. Despite data
governance gaining in importance in recent years, a holistic view on data governance, which could guide
both practitioners and researchers, is missing. In this review paper, we aim to close this gap and develop
a conceptual framework for data governance, synthesize the literature, and provide a research agenda.
We base our work on a structured literature review including 145 research papers and practitioner
publications published during 2001-2019. We identify the major building blocks of data governance and
decompose them along six dimensions. The paper supports future research on data governance by
identifying five research areas and displaying a total of 15 research questions. Furthermore, the conceptual
framework provides an overview of antecedents, scoping parameters, and governance mechanisms to
assist practitioners in approaching data governance in a structured manner.
Keywords: Data governance; information governance; conceptual framework; literature review; research
Data governance is the exercise of authority and control over the management of data (DAMA
International 2009, p. 19). It aims at implementing a corporate-wide data agenda (Dyché & Levy 2006, pp.
150), maximizing the value of data assets in an organization (e.g. Carretero et al. 2017, p. 143; Otto 2011a,
p. 241), and managing data-related risks (e.g. DAMA International 2009, p. 41; Morabito 2015, p. 99).
While data governance used to be a nice to have in the past, today it is taking on a higher level of
importance in enterprises and governmental institutions (Haneem et al. 2019, pp. 37). This is due to some
key trends. The amount of data created annually on the whole planet is expected to increase from 4.4
zettabytes in 2013 to 44 zettabytes in 2020 (IDC 2014, p. 2). The growing data volumes from diverse
sources cause data inconsistencies that need to be identified and addressed before decisions are made
based on incorrect data. Companies introduce more self-service reporting and analytics, which create the
need for a common understanding of data across the organization. The continuing impact of regulatory
requirements such as the General Data Protection Regulation (GDPR) increases the pressure on companies
to have a strong handle on what data is stored where, and how the data is being used. Organizations are
forced to overcome their challenges regarding inaccurate and incomplete data (Kim & Cho 2018, p. 386;
Morabito 2015 p. 97), fragmented enterprise architecture and legacy systems (Nielsen et al. 2018, p. 22),
and compliance issues related to regulations (Khatri & Brown 2010, p. 151).
Despite the growing importance of data governance, the current view on this topic is fragmented.
Publications either address data governance with a focus on specific decision domains such as data quality,
data security, and data lifecycle (e.g., Donaldson & Walker 2004, p. 281; IBM 2014, p. 26; Otto 2011c, pp.
5; Tallon et al. 2014, p. 142) or comprise smaller reviews to corroborate the conceptual or empirical
Cite as: Abraham, R., vom Brocke, J., Schneider, J. (2019), Data Governance: A conceptual framework, structured
review, and research agenda, in: International Journal of Information Management (IJIM), forthcoming.
content (e.g., Brous et al. 2016a, pp. 304; Lee et al. 2017, p. 1; Neff et al. 2013, p. 3; Rasouli et al. 2016c,
p. 1356). We identified six existing literature reviews related to data governance (Al-Ruithe et al. 2018a;
Alhassan et al. 2016; Alhassan et al. 2018; Brous et al. 2016c; Lillie & Eybers 2019; Nielsen 2017). Though
they aim to advance the knowledge base regarding data governance, they have some limitations. Three
literature reviews focus on narrowly defined areas of data governance, i.e. cloud data governance (Al-
Ruithe et al. 2018a, p. 16), data governance principles (Brous et al. 2016c, p. 3), and agile capabilities of
data governance (Lillie & Eybers 2019). Nielsen (2017) conducts a classification of research disciplines,
methods, and units of analysis concerning data governance with only a minor focus on conceptual areas.
Both literature reviews conducted by Alhassan et al. present a frequency count of data governance
activities. However, they do not provide a detailed description of the underlying data governance
concepts. Furthermore, the authors do not describe the antecedents and consequences of data
governance, which are necessary to understand the factors that motivate the adoption of different data
governance practices and the effects of those practices. To overcome these deficiencies, we attempt to
methodologically analyze and synthesize the literature on data governance and provide a firm foundation
for future research. The following two questions frame our structured literature review of 145 research
papers and practitioner publications covering data governance published up to April 2019: What are the
building blocks of data governance? Where do we lack in knowledge about data governance?
The remainder of this paper is structured as follows. First, we explain our literature search and review
method. Second, we describe the conceptual framework of data governance that served as the structure
for our review of the state of knowledge. Third, we present the results of the actual review and synthesis
of the data governance literature. Fourth, we highlight gaps in our understanding of data governance and
propose a research agenda, which contains insightful questions for future research. Fifth, we conclude
with a summary.
2 Literature search and review
Similar to other existing literature reviews such as Gong & Janssen (2019) and Senyo et al. (2019), our
approach comprised a structured, topic-centric literature review. We aimed to better describe the domain
of data governance and synthesize the relevant knowledge as available in peer-reviewed scientific
literature as well as in selected practitioner publications. In doing so, we followed best practices for
literature reviews (Rowe 2014; vom Brocke et al. 2009; Webster & Watson 2002; Zorn & Campbell 2006).
Figure 1 summarizes the search process.
Figure 1 Literature review sea rch process
First, we conducted a keyword-based search (Ismagilova et al. 2019, p. 89; Olanrewaju et al. 2020, p. 91;
Rowe 2014, p. 247). The keyword-based search helped us to avoid bias towards well-known authors or
well-cited papers. Through an initial step of probing searches, we identified “data governance” and
“information governance” as search terms. We included “information governance” as a search term since
it is often used interchangeably with “data governance” (e.g. In et al. 2019, p. 508; Rasouli et al. 2016c, p.
1357; Tallon et al. 2014, p. 142). We used the databases in Table 1 that provide access to peer-reviewed
IS journals as well as proceedings of leading conferences such as the European Conference on Information
Systems and the Americas Conference on Information Systems. We included conference papers since
recent research may not yet have been, or may never be, published in journals. We conducted the final
keyword-based search in April 2019 covering the period from 2002 to 2019. This step resulted in a total of
483 hits across all databases. Next, we conducted a qualitative assessment consisting of two steps. First,
we filtered articles based on their titles and abstracts and removed those which did not focus on data or
information governance. We also removed duplicate articles. This step reduced the number of hits to 88.
Second, we read those remaining 88 articles and excluded non-scientific journal articles and papers that
referred to data governance only in passing. This left 55 papers to be included in the review.
Second, we conducted a backward and forward search of the above 55 papers (vom Brocke et al. 2009, p.
8). We again applied the two-step qualitative assessment described above to exclude non-relevant papers.
However, we expanded the assessment to include seminal books on data governance and publications by
industry associations such as the International Organization for Standardization (ISO) and inter-
governmental organizations such as the Organisation for Economic Co-operation and Development
(OECD). We added these publications to obtain a comprehensive view of data governance and reduce
systematic biases by simply choosing a set of scientific journals and conference papers (Boell & Cecez-
Kecmanovic 2015, p. 166). The backward search resulted in 41 relevant papers. For the forward search,
we used Google Scholar. We reviewed an additional 44 relevant papers.
Third, we considered selected publications not identified through either the keyword-based search or the
backward and forward search. These included one scientific paper recommended during the review
process and four practitioner publications. The latter comprised publications by the European Foundation
for Quality Management (EFQM), the Information Systems Audit and Control Association (ISACA), and by
leading data governance tooling vendors IBM and Informatica (Peyret & Goetz 2014, pp. 7). The third step
resulted in 5 additional publications.
In total, we reviewed 145 publications on data governance. Table 1 summarizes the search process and
results. Figure 2 provides an overview of the number of publications found per year.
Figure 2 Number of publications per year
12 2 2
5 5 3
2001 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019
Number of publications per year
Search in title,
Search in title,
Search in title,
Search in title,
Search in title,
Search in title,
2002 – 2019
2002 – 2019
2002 – 2019
2002 – 2019
2002 – 2019
2002 – 2019
Table 1 Overview of the literature search characteristics
The total of 145 publications does not contain two publications, since they could not be accessed (one journal paper found via the keyword-based search in EBSCOhost and one
dissertation found via the forward search).
All relevant publications were categorized according to their nature (scientific or practice-oriented) and
format (papers in journals and conference proceedings, theses, publications by industry associations and
inter-governmental organizations, publications by software vendors and consultants, books). Table 2
presents an overview of the publications within the scope of this literature review.
(Aisyah & Ruldeviyani 2018), (Al-Badi et al. 2018), (Al-Ruithe &
Benkhelifa 2017), (Al-Ruithe & Benkhelifa 2017b), (Al-Ruithe &
Benkhelifa 2017c), (Al-Ruithe & Benkhelifa 2018), (Al-Ruithe et al.
2016a), (Al-Ruithe et al. 2016b), (Al-Ruithe et al. 2016c), (Al-Ruithe et
al. 2018a), (Al-Ruithe et al. 2018b), (Alhassan et al. 2016), (Alhassan et
al. 2018), (Alhassan et al. 2019), (Allen et al. 2014), (Becker 2007),
(Begg & Caira 2011), (Begg & Caira 2012), (Borgman et al. 2016),
(Brooks 2019), (Brous et al. 2016a), (Brous et al. 2016b), (Brous et al.
2016c), (Brown & Toze 2017), (Bruhn 2014), (Carretero et al. 2017),
(Cheng et al. 2017), (Cheong & Chang 2007), (Choi & Kroeschel 2015),
(Cousins 2016), (Coyne et al. 2018), (Dahlberg & Nokkala 2015),
(Daneshmandnia 2019), (de Abreu Faria et al. 2013), (Donaldson &
Walker 2004), (Evans et al. 2019), (Felici et al. 2013), (Fu et al. 2011),
(Gillies 2015), (Gillies & Howard 2005), (Grimstad & Myrseth 2011),
(Guetat & Dakhli 2015), (Hagmann 2013), (Heredia-Vizcaíno & Nieto
2019), (Hovenga 2013), (Hovenga & Grain 2013), (In et al. 2019), (Jim
& Chang 2018), (Kamioka et al. 2016), (Khatri 2016), (Khatri & Brown
2010), (Kim & Cho 2017), (Kim & Cho 2018), (Koltay 2016), (Kooper et
al. 2011), (Korhonen et al. 2013), (Kravets & Zimmermann 2012),
(Kusumah & Suhardi 2014), (Lajara & Maçada 2013), (Lăzăroiu et al.
2018), (Lee et al. 2017), (Lee et al. 2014), (Lemieux et al. 2014), (Lillie
& Eybers 2019), (Lomas 2010), (Malik 2013), (Marchildon et al. 2018),
(Mikalef et al. 2018), (Mlangeni & Ruhode 2017), (Neff et al. 2013),
(Ng et al. 2015), (Nguyen et al. 2014), (Nielsen 2017), (Nielsen et al.
2018), (Niemi & Laine 2016), (Nwabude et al. 2014), (Otto 2011a),
(Otto 2011b), (Otto 2011c), (Otto 2012), (Otto 2013), (Palczewska et
al. 2013), (Panian 2010), (Permana & Suroso 2018), (Prasetyo 2016),
(Prasetyo & Surendro 2015), (Proença et al. 2016), (Proença et al.
2017), (Rasouli et al. 2016a), (Rasouli et al. 2016b), (Rasouli et al.
2016c), (Rasouli et al. 2017), (Renaud 2014), (Rifaie et al. 2009),
(Rosenbaum 2010), (Saputra et al. 2018), (Silic & Back 2013), (Tallon
2013), (Tallon et al. 2013), (Tallon et al. 2014), (Thammaboosadee &
Dumthanasarn 2018), (Thiarai et al. 2019), (Thompson et al. 2015),
(Traulsen & Troebs 2011), (Tse et al. 2018), (van den Broek & van
Veenstra 2015), (van Helvoirt & Weigand 2015), (Vilminko-Heikkinen
& Pekkola 2019), (Waltl et al. 2015), (Watson et al. 2004), (Weber et
al. 2009), (Weller 2008), (Wende 2007), (Wende & Otto 2007), (Were
& Moturi 2017), (Wilbanks & Lehman 2012), (Winter & Davidson
2017), (Winter & Davidson 2018), (Wright 2013), (Young & McConkey
2012), (Yu & Foster 2017), (Yulfitri 2016), (Zhang et al. 2017)
(Barker 2016), (Cave 2017), (Nguyen 2016), (Randhawa 2019), (Rasouli
(DAMA International 2009), (EFQM 2011), (ISO 2001), (ISO/IEC 2005),
(ISACA 2013), (NASCIO 2008), (OECD 2017), (Pierce et al. 2008)
(IBM 2007), (IBM 2014), (Informatica 2012), (Soares 2013), (Thomas
(Dreibelbis et al. 2008), (Dyché & Levy 2006), (Loshin 2008), (Morabito
Table 2 Sources for state-of-the-art analysis
3 Data governance definition and framework
As proposed by Zorn & Campbell (2006, p. 175), we provide a working definition of the key term “data
governance”. Furthermore, we present a conceptual framework for data governance to structure the
review. The conceptual framework builds on the rich data we have collected during our literature search
We did not find a standard definition of data governance in scholarly literature or in the set of practitioner
publications. Hence, we analyzed every definition of data governance in our set of papers and used open
coding to find common characteristics. The analysis led us to the following definition of data governance:
Data governance specifies a cross-functional framework for managing data as a strategic enterprise
asset. In doing so, data governance specifies decision rights and accountabilities for an organization’s
decision-making about its data. Furthermore, data governance formalizes data policies, standards, and
procedures and monitors compliance.
This definition (bold text) is our own but corresponds to the characterization of data governance in the
reviewed literature. Our definition of data governance has six parts. First, data governance is a cross-
functional effort. It enables collaboration across functional boundaries and data subject areas. Second,
data governance is a framework, which provides structure and formalization for the management of data.
Third, data governance focuses on data as a strategic enterprise asset. Data is the representation of facts
in different formats. Fourth, data governance specifies decision rights and accountabilities for an
organization’s decision-making about its data. It determines what decisions need to be made about data,
how these decisions are made, and who in the organization has the rights to make these decisions. Fifth,
data governance develops data policies, standards, and procedures. These artifacts should be consistent
with the organization’s strategy and promote desirable behavior in the use of data. Finally, data
governance monitors compliance. It includes the implementation of controls to ensure that data policies
and standards are followed. This definition also considers the differentiation between data governance
and data management made by several authors. Data governance refers to what decisions must be made
and who makes those decisions, whereas data management is about making those decisions as part of the
day-to-day execution of data governance policies (Dyché et al. 2006, pp. 150, Hagmann 2013, pp. 234,
Khatri & Brown 2010, p. 148; Otto 2013, p. 96). Table 3 shows how the characteristics of data governance
in our definition correspond to the reviewed set of papers. We performed the analysis for all data
governance definitions in the papers, and the table provides selected excerpts for illustration.
“It pervades the enterprise, crossing lines of
business, data subject areas, and individual skill sets
Dyché & Levy 2006, p. 145
“(…) encompassing professionals from both business
and IT departments.”
Weber et al. 2009, p. 2
“A decision-making and cross-functional charter (…)”
Informatica 2012, p. 4
“Data governance specifies the framework for
decision rights and accountabilities (…)”
Weber et al. 2009, p. 6
“A good data governance framework typically
answers questions about (…)”
Rifaie et al. 2009, p. 588
“Data governance programs provide a framework for
setting data-usage rules (…)”
Morabito 2015, p. 99
Data as a
“(…) accountable for an organization’s decision-
making about its data assets.”
Khatri & Brown 2010, p. 149
“(…) exercise of decision-making and authority for
Thomas 2006, p. 3
“(…) operating discipline for managing data and
information as a key enterprise asset.”
NASCIO 2008, p. 1
“(…) who holds the decision rights and is held
accountable for an organization’s decision-making
about its data assets.”
Khatri & Brown 2010, p. 149
“(…) answers questions about how decisions related
to data are made, who makes the decisions, who is
held accountable (…)”
Rifaie et al. 2009, p. 588
“(…) who in a company is allowed to make what
decisions regarding the handling of data (rights), and
what the tasks related to this decision-making are
Otto 2011b, p. 47
“(…) to create data management policies, processes,
and standards (…)”
Informatica 2012, p. 4
“(…) that formalizes a set of policies and procedures
to encompass (…)”
Korhonen et al. 2013, p. 11
“(…) develops and implements corporate-wide data
policies, guidelines, and standards (…)”
Weber et al. 2009, p. 6
“Key aspects of data governance include decision
making authority, compliance monitoring (…)”
NASCIO 2008, p. 1
“(…) along with the processes for monitoring
conformance to those information policies.”
Loshin 2008, p. 68
“The exercise of authority and control (planning,
monitoring, and enforcement) over the management
of data assets.”
DAMA International 2009, p.
Table 3 Definition elements of data governance
We aimed to synthesize the literature according to a conceptual framework that allows us to structure the
review of important concepts of data governance. A conceptual framework “explains, either graphically or
in narrative form, the main things to be studied – the key factors, constructs or variables – and the
presumed relationships among them” (Miles & Huberman 1994, p. 18). It brings together the different
currents of thought and helps identify directions for future research (Marshall & Rossman 2011, p. 58).
The process of creating this conceptual framework was as follows: We applied open coding analysis
techniques suggested by Corbin & Strauss (2015, pp. 220) to identify the concepts regarding data
governance. We used a concept matrix as described by Webster & Watson (2002, p. xvii) to synthesize and
document the concepts. We then mapped these concepts against existing frameworks and found that the
IT governance cube of Tiwana et al. (2014) and the framework for data decision domains of Khatri & Brown
(2010) provided useful starting points for grouping these concepts. We used the dimensions proposed in
those frameworks to create our conceptual framework for data governance. However, we made several
changes to the dimensions to suit the needs of our review. Among others, we divided the content
dimension of Tiwana et al. into traditional data and big data, and we added data architecture and data
storage and infrastructure to the decision domain dimension of Khatri & Brown. Figure 3 shows the final
framework that we use in this paper.
The conceptual framework for data governance in Figure 3 encompasses six dimensions. Governance
mechanisms represent the core dimension of the framework and encompass structural, procedural, and
relational mechanisms. The organizational scope determines the organizational expansiveness of data
governance and roughly corresponds to the unit of analysis. We differentiate between the intra-
organizational and the inter-organizational scope. The data scope pertains to the data asset an
organization needs to govern. We distinguish between traditional data and big data. The domain scope
covers the data decision domains, to which governance mechanisms are applied. They comprise data
quality, data security, data architecture, data lifecycle, meta data, and data storage and infrastructure.
Antecedents cover the contingency factors, which impact the adoption and implementation of data
governance. We differentiate between internal and external antecedents. Finally, consequences contain
the effects of data governance. We distinguish between intermediate performance effects and risk
Figure 3 Conceptual framework for data governance
4 Analysis and review
In this section, we discuss the state of knowledge regarding data governance as documented in the set of
reviewed papers. In doing so, we use the structure of the conceptual framework shown in Figure 3. We
break down each dimension of the conceptual framework and provide an overview of findings and insights.
We begin with the description of the core dimension of the framework, namely the governance
mechanisms. We then present the organizational, data, and domain scope, to which the governance
mechanisms are applied. We continue with the antecedents that influence the setup and configuration of
data governance. We conclude this section with the consequences, which describe the effects of data
governance. Figure 4 provides an overview of the concepts per dimension of the conceptual framework.
Figure 4 Concepts within the conceptual framework for data governance
4.1 Governance mechanisms
As part of their data governance approach, companies utilize a mixture of various governance
mechanisms. These mechanisms help to plan and control data management activities (DAMA International
2009, p. 21; Informatica 2012, pp. 17). Governance mechanisms comprise formal structures connecting
business, IT, and data management functions, formal processes and procedures for decision-making and
monitoring, and practices supporting the active participation of and collaboration among stakeholders.
Following the literature on information technology governance (De Haes & Van Grembergen 2005, pp. 4;
De Haes & Van Grembergen 2009, pp. 123; Peterson 2004, pp. 14; Weill & Ross 2005, p. 28), we distinguish
between (a) structural; (b) procedural; and (c) relational governance mechanisms.
4.1.1 Structural mechanisms
Structural governance mechanisms determine reporting structures, governance bodies, and
accountabilities (Borgman et al. 2016, p. 4903). They encompass (i) roles and responsibilities and (ii) the
allocation of decision-making authority.
The main roles and governance bodies comprise the executive sponsor, data governance leader, data
owner, data steward, data governance council, data governance office, data producer, and the data
consumer. The executive sponsor provides strategic direction, business prioritization, and funding for data
management initiatives (Informatica 2012, p. 8; NASCIO 2008, p. 7; Weber et al. 2009, p. 11). He or she is
ideally one of the highest-level executives, i.e. the C-level (Dreibelbis et al. 2008, p. 492; Informatica 2012,
p. 8; Loshin 2008, p. 83; Weber et al. 2009, p. 11). The data governance leader is responsible for the day-
to-day management of the data governance program (Loshin 2008, p. 83). He or she provides guidance
concerning the design, delivery, and maintenance of data and oversees compliance with data policies
(Dyché & Levy 2006, pp. 156; Loshin 2008, p. 83). Furthermore, the data governance leader coordinates
tasks for data stewards and provides periodic reports on data governance performance (Informatica 2012,
p. 8; Loshin 2008, p. 83). Data owners are often line-of-business executives and accountable for the data
assets in their business unit (Cheong & Chang 2007, pp. 1004; IBM 2014, pp. 194; Otto 2011c, p. 7). They
communicate broad data requirements and risks (IBM 2014, pp. 194). Data stewards are business leaders
or designated subject matter experts, who have detailed knowledge about the business and data
requirements and who can translate those requirements into technical specifications (e.g., Cheong &
Chang 2007, pp. 1004; DAMA International 2009, pp. 39; Informatica 2012, p. 8). Business data stewards
are subject matter experts from specific business areas (e.g., Dyché & Levy 2006, pp. 156; Informatica
2012, p. 8). Technical data stewards are professionals within IT that act as the counterparts of business
data stewards (e.g., DAMA International 2009, pp. 5; Weber et al. 2009, p. 11). The data governance
council is a hierarchy-overarching, cross-functional governance body (Otto 2011b, p. 49; Watson et al.
2004, p. 437). It establishes the strategic direction for the entire data governance program and aligns it
with organizational goals (e.g., Cheong & Chang 2007, pp. 1004; Watson et al. 2004, p. 443). Moreover,
the data governance council monitors the program including ongoing improvement activities (Dyché &
Levy 2006, pp. 156; Loshin 2008, p. 83; Thomas 2006, p. 17). The data governance office is a staff
organization that supports the governance and decision-making activities of the data stewardship teams
and the data governance council (DAMA International 2009, pp. 44; Thomas 2006, p. 18). The data
governance office establishes communication channels, prepares meetings, coordinates issue resolution,
and educates stakeholders (DAMA International 2009, pp. 31; Thammaboosadee & Dumthanasarn 2018,
p. 2; Thomas 2006, p. 18). The data producer creates the data or aggregates and maintains the data
created by others (ISACA 2013, pp. 27; Kooper et al. 2011, pp. 197; DAMA International 2009, pp. 31;
Thomas 2006, p. 17). The data consumer is the user of the data (ISACA 2013, pp. 27; Kooper et al. 2011, p.
197; Thomas 2006, p. 17). He or she specifies requirements and reports data-related issues (Cheong &
Chang 2007, pp. 1004).
The allocation of decision-making authority determines, which organizational unit has the mandate for
action related to data governance (Khatri & Brown 2010, p. 151; Otto 2011b, p. 62). We distinguish
between hierarchical positioning, functional positioning, and the positioning of decision-making authority
on a continuum ranging from centralized to decentralized (Otto 2011c, p. 6; Wende & Otto 2007, p. 9).
Hierarchical positioning defines at which hierarchical level of an organization the decision-making
authority is situated (Otto 2011c, p. 6). Functional positioning determines which department holds the
decision-making authority (e.g., DAMA International 2009, p. 38; Otto 2011c, p. 6; Watson et al. 2004, pp.
436). The positioning of decision-making authority on a continuum determines whether decisions are
taken by a central unit, by decentral units, or by both (e.g., Barker 2016, pp. 70; Begg & Caira 2012, p. 10;
Tallon et al. 2014, p. 147; Weber et al. 2009, p. 5).
4.1.2 Procedural mechanisms
Procedural governance mechanisms aim to ensure that data is recorded accurately, held securely, used
effectively, and shared appropriately (Borgman et al. 2016, p. 4903). They comprise (i) the data strategy,
(ii) policies, (iii) standards, (iv) processes, (v) procedures, (vi) contractual agreements, (vii) performance
measurement, (viii) compliance monitoring, and (ix) issue management.
The data strategy represents a high-level course of action based on strategic business objectives (e.g.,
Cheng et al. 2017, p. 518; DAMA International 2009, pp. 45; Guetat & Dakhli 2015, p. 1091). It consists of
a vision statement (Al-Ruithe & Benkhelifa 2017, p. 226; Barker 2016, pp. 68; Informatica 2012, p. 7), a
business case (e.g., Al-Ruithe et al. 2018a, pp. 13; Weber et al. 2009, p. 10), guiding principles (e.g., Brous
et al. 2016c, p. 5; Fu et al. 2011, p. 3; Khatri & Brown 2010, p. 149), long-term and short-term objectives
(Alhassan et al. 2019, p. 107; DAMA International 2009, pp. 45; Weber et al. 2009, p. 10), and an
implementation roadmap (DAMA International 2009, pp. 45; Prasetyo & Surendro 2015, p. 51).
Data policies provide high-level guidelines and rules regarding the creation, acquisition, storage, security,
quality, and permissible use of data (e.g., Alhassan et al. 2019, p. 106; DAMA International 2009, pp. 47;
Thompson et al. 2015, p. 320). Organizations use data policies to communicate key objectives, data
accountabilities, roles, responsibilities, and data retention periods (e.g., DAMA International 2009, pp. 47;
Donaldson & Walker 2004, p. 283; Morabito 2015, p. 89). Enterprises enforce, monitor, evaluate, and
revise data policies (e.g., Brous et al. 2016c, p. 10; Cheong & Chang 2007, p. 1002; Donaldson & Walker
2004, p. 283).
Data standards ensure that the data representation and the execution of data-related activities are
consistent and normalized throughout the organization (e.g., DAMA International 2009, pp. 48; Kim & Cho
2017, p. 387; Palczewska et al. 2013, p. 576). They facilitate interoperability within and across
organizations and ensure their fit for purpose (e.g., Cheong & Chang 2007, p. 1002; DAMA International
2009, p. 185; Otto 2012, p. 274). Data standards are defined internally by data stewards and data
architects, or externally by standardization organizations such as ISO (DAMA International 2009, pp. 48;
Dreibelbis et al. 2008, pp. 493; Hovenga & Grain 2013, pp. 82; Otto 2012, p. 274).
Clear data processes are considered a fundamental element of a successful data governance
implementation (Alhassan et al. 2019, p. 105). Processes are standardized, documented, and repeatable
methods used to govern data (Al-Ruithe et al. 2018b, p. 10; Thomas 2006, pp. 18). Examples include
processes for developing and maintaining rules for data handling as well as modeling and documenting
the data lifecycle (EFQM 2011, pp. 17; Khatri 2016, p. 675; Kim & Cho 2018, p. 40). Further examples
comprise processes for the assessment of the current state, processes for the alignment and validation of
policies, processes for decision-making, performance measurement, and issue resolution (Dreibelbis et al.
2008, pp. 484; Loshin 2008, p. 77; Rifaie et al. 2009, p. 588; Thomas 2006, pp. 18).
Procedures are “the documented methods, techniques, and steps followed to accomplish a specific activity
or task” (DAMA International 2009, pp. 48). They vary widely across companies. For example, procedures
describe how to establish accountabilities and decision rights (Thomas 2006, pp. 18), develop a data model
(DAMA International 2009, pp. 48; Thomas 2006, pp. 18), or identify and resolve data errors (Rifaie et al.
2009, p. 588; Thomas 2006, pp. 18).
Data provisioning and data sharing settings require contractual agreements between participating internal
departments or external organizations. Examples of such agreements are service level agreements (SLA)
and data sharing agreements (DSA). An SLA defines what data services will be provided by an internal team
or a third-party provider, how the services will be provided, and what happens if expectations are not met
(Al-Ruithe et al. 2018b, p. 16; Barker 2016, pp. 44). A DSA determines the legal and data governance
aspects before two or more organizations start sharing data (Allen et al. 2014, pp. 1).
Performance measurement aims at assessing the effectiveness of data governance by measuring the level
of goal attainment (e.g., Al-Ruithe et al. 2018a, pp. 13; Carretero et al. 2017, p. 143; Otto 2011b, p. 62;
Weber et al. 2009, pp. 10). Performance measures on firm-level are based on strategic business goals such
as revenue growth, increased profitability, and cost savings (e.g., EFQM 2011, p. 24; Tallon et al. 2014, p.
166; Thomas 2006, pp. 14). Performance measures on intermediate-level are based on operational
business goals or decision domain specific goals, both derived from strategic business goals on firm-level
(Otto 2011b, p. 62; Panian 2010, pp. 944; Pierce et al. 2008, p. 31). Performance measures on program-
level focus on the progress and impact of the data governance program (EFQM 2011, pp. 25; Informatica
2012, pp. 13; Thomas 2006, pp. 14).
Compliance monitoring aims at tracking and enforcing conformance with regulatory requirements and
organizational policies, standards, procedures, and SLAs (e.g., Al-Ruithe et al. 2018a, pp. 13; Bruhn 2014,
p. 3; ISACA 2013, p. 24). This includes the supervision of data professionals and the oversight of data
management projects and services (DAMA International 2009, p. 21). Compliance monitoring
encompasses auditing, which aims at providing stakeholders with objective, unbiased assessments and
recommendations for improvement (DAMA International 2009, pp. 159). Based on audit results,
companies can take corrective and preventive actions (ISO/IEC 2005, p. vi).
Issue management refers to the identification, management, and resolution of data-related issues (DAMA
International 2009, pp. 50). It includes processes for the standardization of data issues and for issue
resolution (DAMA International 2009, pp. 303; Thomas 2006, pp. 18) and the identification of persons,
who are accountable to resolve issues (DAMA International 2009, p. 307). In addition, an escalation
process helps to address issues to higher levels of authority (DAMA International 2009, pp. 50; IBM 2014,
p. 40). This enables stakeholders to give feedback, e.g. concerning policy changes to meet new business
4.1.3 Relational mechanisms
Relational governance mechanisms facilitate collaboration between stakeholders (Borgman et al. 2016, p.
4903). They encompass (i) communication, (ii) training, and (iii) the coordination of decision-making.
Communication aims at continuously generating awareness for the data governance program among
stakeholders (e.g., Begg & Caira 2012, p. 10; Cheong & Chang 2007, p. 1002; Lomas 2010, p. 188; Watson
et al. 2004, p. 443). Creating awareness is an essential step in establishing shared commitment (Rifaie et
al. 2009, p. 589), ensuring buy-in and active participation of stakeholders (DAMA International 2009, p.
294; EFQM 2011, p. 17; Young & McConkey 2012, p. 72), and eliminating resistance to required changes
(EFQM 2011, p. 17; Guetat & Dakhli 2015, p. 1092; Otto 2012, pp. 287). A communication plan can help by
determining stakeholders, communication channels, supporting tools, and initiatives to retain
commitment (Al-Ruithe et al. 2018a, pp. 13; EFQM 2011, p. 31; NASCIO 2008, p. 6; Thomas 2006, p. 19).
Training programs ensure that stakeholders have the necessary knowledge and qualifications to support
the implementation of data governance (EFQM 2011, p. 17; Tallon et al. 2013, p. 196). In addition,
continuous training helps them act according to data policies, processes, and procedures (Alhassan et al.
2019, p. 104; Randhawa 2019, pp. 119). Training can be conducted in form of computer-based training,
classroom training, job-specific and project-related training, and one-on-one coaching (Cave 2017, p. 125;
Watson et al. 2004, pp. 444). Communication and training facilitate the creation of an organizational
culture that values data assets (Informatica 2012, p. 16).
The coordination of decision-making describes practices for the alignment across functions. The
hierarchical (or vertical) approach is characterized by a pyramid-like structure with decision-making
authority located at top-level. The main elements of the hierarchical approach include steering and control
(Hagmann 2013, p. 237; Kooper et al. 2011, p. 199). The cooperative (or horizontal) approach makes use
of collaborative behavior to clarify differences and solve problems (Wende & Otto 2007, pp. 10). It utilizes
formal coordination mechanisms such as working groups, committees, task forces, and integrator roles,
but also informal coordination mechanisms such as interdepartmental events, performance reviews across
business units, and job rotation (Bruhn 2014, p. 6; Borgman et al. 2016, p. 4903; Tallon et al. 2014, p. 147;
Weber et al. 2009, p. 15).
4.2 Organizational scope
The organizational scope represents the expansiveness of data governance and roughly corresponds to
the unit of analysis. We subdivide the organizational scope into (a) intra-organizational and (b) inter-
The intra-organizational scope determines data governance within a single organization. It comprises data
governance on the project- or on firm-level (Tiwana et al. 2013, p. 8). Data governance on project-level
focuses on managing the quality and integrity of project-related data (DAMA International 2009, pp. 52).
Data governance on firm-level covers the entire enterprise and coordinates the interests and demands of
different stakeholder groups such as business and IT departments (DAMA International 2009, p. 41; Dyché
& Levy 2006, p. 151; Otto 2011b, p. 47; Pierce et al. 2008, p. 26; Weber et al. 2009, p. 2).
The inter-organizational scope encompasses data governance between firms or even for an ecosystem of
firms (Tiwana et al. 2013, p. 8). Companies increasingly partner with external collaborators such as
vendors, industry peers, and public-sector organizations to create new information products (Bruhn 2014,
p. 5; Cheong and Chang 2007, p. 1002; Lee et al. 2014, pp. 7; Rasouli et al. 2016c, pp. 1362; Winter &
Davidson 2018, pp. 5). Although this enables companies to exploit environmental opportunities, it can also
result in loss of control on data, unsecured information access, and low-quality information products (e.g.,
Al-Ruithe et al. 2018a, p. 2; Rasouli et al. 2016c, p. 1357). To counteract these issues, companies need to
set up governance mechanisms such as data integration and usage policies (Bruhn 2014, pp. 6; Morabito
2015, p. 86), data exchange standards (Lee et al. 2014, pp. 6; Rasouli et al. 2016c, pp. 1362), processes for
interaction and collaboration (Panian 2010, p. 942), service level agreements (Al-Ruithe et al. 2016b, pp.
382; IBM 2014, pp. 26), and data sharing agreements (Allen et al. 2014, p. 1; Bruhn 2014, p. 3; ISO 2005,
4.3 Data scope
Data is the representation of facts in the form of text, numbers, images, sound or video (DAMA
International 2009, p. 2). Every data governance program must specify, which type of data is in focus
(Weller 2008, p. 254). Most data governance articles we analyzed focus on the traditional data space as
described by Lee et al. (2014). However, a few articles also describe data governance in the context of big
data, having partially different requirements on data governance than traditional data. Corresponding to
Lee et al. (2014), we cluster data into the following two categories: (a) traditional data; (b) big data.
Traditional data builds the basis for an organization’s operations (Lee et al. 2014, p. 4). It comprises master
data, transactional data, and reference data. Master data describes the key business objects within an
organization (e.g., Loshin 2008, pp. 6; Otto 2012, p. 274; Soares 2013, p. 57). Typical domains of master
data are customer, employee, finance, patient, product, location, material, and supplier data (e.g.,
Dreibelbis et al. 2008, p. 2; Khatri 2016, p. 681; Loshin 2008, pp. 6). Transactional data represents records
about business transactions in different domains (Dreibelbis et al. 2008, p. 35; IBM 2014, p. 221). Examples
include customer orders, shipments, product invoices, bills, guest visits, or patient stays (Dreibelbis et al.
2008, p. 35; EFQM 2011, p. 9; IBM 2014, p. 221). Reference data refers to an agreed-upon set of common
values used throughout an organization (Dreibelbis et al. 2008, pp. 34). Product codes and order status
are examples for internally defined reference data whereas postal code abbreviations for U.S. states and
ISO currency codes are examples for externally defined reference data (Dreibelbis et al. 2008, pp. 34;
EFQM 2011, p. 9). Data governance with a focus on traditional data often aims to ensure the consistent
use of traditional data across the organization (Dreibelbis 2008, p. 483). To achieve this, organizations
specify data policies and processes for monitoring conformance to those policies (Loshin 2008, p. 68).
Big data possesses multiple definitions comprising diverse nuances in current literature (De Mauro et al.
2014, p. 97). The Meta Group report from 2001 presents one of the more prominent definitions of big data
comprising data variety, velocity, and volume as the three main dimensions of big data (Laney 2001, pp.
1). Variety refers to the data format, which may be structured, semi-structured, or unstructured (e.g., IBM
2014, pp. 198; ISACA 2013, p. 46; Tallon 2013, p. 37). Velocity refers to the high processing rate, which
enables organizations to quickly respond to events as they happen (ISACA 2013, p. 46; Malik 2013, p. 1).
Volume refers to high growth rates of big data (Laney 2001, p. 1; Tallon 2013, p. 37). This definition has
been expanded to include further dimensions such as veracity and value (Khatri 2016, p. 677; Lee et al.
2014, pp. 1). In addition, broader definitions of big data have emerged stating big data as a “common term
for a set of problems and techniques concerning the management and exploitation of very large sets of
data” (ISACA 2013, p. 46). Examples of big data comprise web and social media data (e.g., Brous et al.
2016b, p. 575; Tallon 2013, p. 37), machine-generated data (e.g., Brous et al. 2016b, p. 575; Dahlberg &
Nokkola 2015, p. 32), streaming data (e.g., IBM 2014, p. 16; Tallon 2013, p. 37), and biometric data (Malik
2013, p. 1; Soares 2013, pp. 6). Though the analysis of big data promises potential benefits, it also comes
along with risks such as privacy infringements and data inconsistencies (Kim & Cho 2018, pp. 37; Tse et al.
2018, p. 1633). Data governance focusing on big data needs to address these new risks without hampering
innovation. It needs to consider new privacy requirements regarding sensitive data (Morabito 2015, p. 89;
Soares 2013, pp. 2) and find new ways to measure and monitor big data quality (Al-Badi et al. 2018, p.
275). This includes updated data quality criteria such as timeliness, trustfulness, meaningfulness, and
sufficiency (Kim & Cho 2017, p. 388). Data governance also needs to assess value and costs of big data and
update retention and deletion requirements accordingly (Morabito 2015, pp. 89; Soares 2013, p. 2; Tallon
2013, p. 35). Finally, data governance needs to include new stakeholders such as data scientists and adjust
the responsibilities of existing data stewards (Al-Badi et al. 2018, p. 275; Morabito 2015, p. 89; Soares
2013, p. 2).
4.4 Domain scope
Many data governance programs address goals in two or three areas (Thomas 2006, pp. 6). Corresponding
with Khatri & Brown (2010, p. 149), we name these focus areas data decision domains. Based on our
analysis, we classify the main data decision domains as follows: (a) data quality; (b) data security; (c) data
architecture; (d) data lifecycle; (e) meta data; (f) data storage and infrastructure.
Data quality refers to the ability of data to satisfy its usage requirements in a given context (e.g., de Abreu
Faria et al. 2013, p. 4439; Khatri & Brown 2010, p. 150). Data governance with a focus on data quality
comprises the development of a data quality strategy (e.g., EFQM 2011, p. 10; Thomas 2006, p. 8), the
definition of roles and responsibilities, and the determination of data quality management processes (e.g.,
EFQM 2011, p. 10; Loshin 2008, p. 72; Malik 2013, pp. 8). Monitoring data quality includes the definition
of data quality metrics (e.g., Brous et al. 2016a, p. 305; Dyché & Levy 2006, pp. 156; Malik 2013, pp. 8) and
the continuous measurement of data quality levels (e.g., DAMA International 2009, p. 303; Dreibelbis et
al. 2008, p. 498; Weber et al. 2009, pp. 10). Further tasks include the management of data quality issues
(DAMA International 2009, p. 303; Dreibelbis et al. 2008, pp. 498; Rifaie et al. 2009, p. 588).
Data security refers to the preservation of security requirements concerning the accessibility, authenticity,
availability, confidentiality, integrity, privacy, and reliability of data (e.g., Carretero et al. 2017, p. 142;
Donaldson & Walker 2004, p. 281; de Abreu Faria et al. 2013, p. 4439; ISACA 2013, p. 31). Data governance
with a focus on data security includes the execution of risk assessments (e.g., de Abreu Faria et al. 2013,
p. 4439; IBM 2014, pp. 140; Khatri & Brown 2010, p. 151), the setup of data security roles (DAMA
International 2009, pp. 153; Khatri & Brown 2010, p. 151), and the definition of data security policies,
standards, and procedures (e.g., Khatri & Brown 2010, p. 149; Morabito 2015, p. 89). Furthermore, data
governance comprises the definition of data security controls (DAMA International 2009, p. 22; IBM 2014,
pp. 140; Palczewska et al. 2013, p. 573; Tallon et al. 2014, p. 166) and auditing to ensure that the
implemented procedures and practices comply with security policies, standards, and guidelines (DAMA
International 2009, pp. 159; Palczewska et al. 2013, p. 571).
Data architecture comprises the definition of enterprise data objects (e.g., Dyché & Levy 2006, pp. 156;
EFQM 2011, p. 19; Thomas 2006, p. 9) and the development of an enterprise data model on a conceptual,
logical, and physical level (e.g., DAMA International 2009, p. 21; Watson et al. 2004, pp. 437). Data
governance with a focus on data architecture contains the determination of enterprise data requirements
(DAMA International 2009, p. 19; IBM 2014, p. 31) and the definition of architectural policies, standards,
and guidelines (e.g., DAMA International 2009, pp. 48; EFQM 2011, p. 19; Thomas 2006, p.9). Furthermore,
data governance determines the responsibilities of data architects and the data governance council
concerning the enterprise data model (DAMA International 2009, p. 48; Dreibelbis et al. 2008, pp. 493).
The data lifecycle represents the approach of defining, collecting, creating, using, maintaining, archiving,
and deleting data (e.g., Khatri & Brown 2010, p. 149; Morabito 2015, pp. 89). Data governance with a focus
on data lifecycle comprises the identification of business processes that use data (Carretero et al. 2017, p.
143; EFQM 2011, pp. 17; Informatica 2012, pp. 16; ISACA 2013, p. 34) and the analysis of the information
flow to identify potential overlaps in data storage (IBM 2014, p. 38; Weller 2008, p. 252). This step further
encompasses the derivation of data retention requirements from business needs, regulatory
requirements, and accountability demands (e.g., Cousins 2016, p. 355; ISO 2001, p. 11; Khatri & Brown
2010, p. 149). In addition, organizations need to specify when data is authorized for deletion (DAMA
International 2009, p. 246; ISO 2001, p. 16).
Meta data is used to classify data sensitivity levels (Cousins 2016, p. 349), data provenance (Lee et al. 2017,
p. 6; Were & Moturi 2017, p. 582), and data retention periods (Weller 2008, pp. 256). Data governance
with a focus on meta data comprises the delineation of a meta data strategy (DAMA International 2009,
pp. 23; Grimstad & Myrseth 2011, p. 2; ISO 2001, p. 6), the definition of common meta data standards
(e.g., de Abreu Faria et al. 2013, p. 4439; Khatri & Brown 2010, p. 149), and the specification of processes
to build a meta data repository (e.g., Grimstad & Myrseth 2011, p. 3; Rasouli et al. 2016c, p. 1367).
Furthermore, data governance defines the roles such as enterprise data architects and data modelers, who
are responsible for meta data management (Informatica 2012, p. 10; Khatri & Brown 2010, pp. 150).
Data storage and infrastructure focus on IT artifacts that enable effective data management across the
organization (Dreibelbis et al. 2008, p. 484; Tallon et al. 2014, p. 149). Companies must consider various
hardware and software requirements such as functionality, cost, reliability, complexity, capacity,
scalability, and maintainability (Al-Ruithe et al. 2018a, pp. 12; Panian 2010, p. 946; Tallon et al. 2014, p.
149). Data governance with a focus on data storage and infrastructure comprises the initial assessment of
the application and storage landscape (Dreibelbis et al. 2008, p. 493; Randhawa 2019, pp. 117) and the
planning of software applications and storage capacity to support data quality, data security, and data
lifecycle (EFQM 2011, p. 10; Tallon 2013, p. 35). Further governance mechanisms include the definition of
policies, standards, processes, and procedures regarding storage and distribution of data (e.g., ISO 2001,
p. 14; Palczewska et al. 2013, p. 572; Tallon et al. 2014, p. 163; Weber et al. 2009, p. 12), the control of
storage costs (e.g., Soares 2013, p. 10; Tallon et al. 2014, pp. 164), and the education of stakeholders
regarding storage utilization (Tallon 2013, p. 35).
Antecedents describe the external and internal factors that precede or predict the adoption of data
governance practices (Tallon et al. 2014, p. 143). They have an impact on the implementation and the level
of adoption of data governance (Tallon et al. 2014, p. 168; Wende & Otto 2007 p. 11). In the following, we
present the main antecedents categorized into (a) external and (b) internal.
External antecedents comprise legal and regulatory requirements (e.g., Al-Ruithe et al. 2018b, p. 18; Dyché
& Levy 2006, pp. 156; Tallon 2013, p. 36). They vary by industry (DAMA International 2009, p. 153) or by
region (IBM 2014, pp. 17; Tallon 2013, p. 36). Examples include the Health Information Protection and
Portability Act (HIPPA) (e.g., Khatri & Brown 2010, p. 149; Tallon et al. 2014, p. 156) and the Sarbanes-
Oxley Act (SOX) (e.g., Cheong & Chang 2007, p. 1000; Khatri & Brown 2010, p. 149). Legal and regulatory
requirements have an impact on the business use and control of data (Khatri & Brown 2010, p. 149; Kooper
et al. 2011, p. 198; Tallon et al. 2014, p. 156), data security and data quality (e.g., Cheong & Chang 2007,
p. 1000; ISO 2001, pp. 4; Watson et al. 2004, p. 439), as well as data retention and archiving (e.g., Cousins
2016, p. 355; ISO 2001, pp. 4; Khatri & Brown 2010, p. 149). Furthermore, highly regulated markets require
a more centralized organizational structure than markets with less or no regulations (e.g., Weber et al.
2009, p. 18). Further external factors encompass market volatility (Otto 2011b, p. 61), the industry the
company operates in (Dreibelbis et al. 2008, p. 488; Otto 2011b, p. 61; Tallon 2013, p. 36), and the country
the company is located in (Nguyen 2016, pp. 247).
Internal antecedents contain strategic, organizational, system-related, and cultural factors. On the
strategic level, internal antecedents comprise the organization strategy, IT strategy, and diversification
breadth. Companies with a profit-oriented organization strategy may adopt a centralized organizational
structure, whereas growth-oriented companies benefit from a decentralized setup (Weber et al. 2009, p.
19). Internal antecedents on the organizational level contain the corporate allocation of decision-making
authority and the degree of business process harmonization. A centralized corporate approach in business
and IT facilitates data governance adoption (Tallon et al. 2014, p. 161). Companies with globally
harmonized processes enable a centralized placement of decision-making authority in contrast to
companies with local processes (Weber et al. 2009, p. 18). Internal antecedents on the system level include
IT architecture. A high degree of IT standardization and process integration enable the adoption of data
governance, whereas the usage of legacy IT systems with its application silos and low degree of process
integration hamper data governance adoption (e.g., Tallon et al. 2014, p. 161). Internal antecedents on
the cultural level encompass the organization culture, senior management support, and active leadership
participation (e.g., Daneshmandnia 2019, pp. 30; de Abreu Faria et al. 2013, p. 4439; Randhawa 2019, pp.
107; Silic & Back 2013, pp. 82). An organization culture, which promotes the strategic use of information
and creates a business vision about data governance, enables the adoption of data governance (Hagmann
2013, p. 235; Tallon et al. 2014, p. 161).
Consequences refer to the outcomes of data governance (Tallon et al. 2014, p. 166; Tiwana et al. 2013, p.
10). We identified two types of consequences of data governance: (a) intermediate performance effects;
(b) risk management.
Intermediate performance effects occur in different ways. Kamioka et al. (2016, p. 7) describe the positive
effect of data governance on data utilization level, which contributes to marketing performance by the
increased number of sales and customer spending. Mikalef et al. (2018, p. 4917) demonstrate the positive
effect of data governance on both a firms’ dynamic and operational capabilities by improving the existing
operational mode and leading to renewed means of competing in the market. Furthermore, data
governance is attributed to improving data quality due to increased accuracy, availability, completeness,
consistency, and timeliness of data and the limitation of errors due to data inconsistencies (Barker 2016,
pp. 165; Niemi & Laine 2016, p. 8). Otto (2013, p. 96) even defines data governance effectiveness as the
ratio of the number of preventive data quality management measures to the total number of data quality
management measures conducted by the company. The rationale behind this definition is that a higher
number of preventive measures leads to increased data quality and thus to higher effectiveness of data
governance. Companies without data governance spend more time reacting to data-related issues, which
in turn limits the time spent on running the business and making process improvements (Barker 2016, pp.
165). Then again, companies reduce the cost to clean-up data by implementing data policies (Randhawa
2019, p. 120).
The second consequence of data governance is the management of data-related risk (e.g., Dreibelbis et
al. 2008, pp. 488; Malik 2013, p. 2; Otto 2011c, p. 5; Tallon et al. 2014, p. 150). Risks may arise due to
nonconformance with information policies or the absence of oversight regarding data quality (Loshin 2008,
pp. 72). Further risks concern security and privacy breaches (Loshin 2008, pp. 72; Rifaie et al. 2009, p. 589).
Data governance reduces these risks by creating risk-mitigating policies and introducing controls for
monitoring compliance (Khatri & Brown 2010, p. 149; Loshin 2008, p. 77; Thomas 2006, p. 17).
5 Research agenda and outlook
The review above provides a conceptual framework for data governance and a comprehensive overview
of research findings and insights relevant for data governance to date. Deriving from particular aspects of
our above analysis, we briefly outline an agenda for future research on data governance. Our research
agenda comprises five major areas: (1) governance mechanisms; (2) scope of data governance; (3)
antecedents of data governance; (4) consequences of data governance; and (5) generalizability and
replicability of findings.
5.1 Governance mechanisms
Determining the data owner can be a difficult task (Vilminko-Heikkinen & Pekkola 2019, p. 77). Current
literature does not provide a common understanding of the data owner role. First, we found ambiguous
definitions regarding the ownership and accountability for data. Some definitions clearly allocate
accountability for data to a dedicated data owner role (Otto 2011c, p. 7), whereas other definitions assign
ownership and accountability to the data steward or data producer (Dreibelbis et al. 2008, p. 496; Dyché
& Levy 2006, pp. 156; NASCIO 2008, p. 10). Researchers should further analyze in which cases a dedicated
data owner role is beneficial. Second, we lack knowledge of how the data owner is identified. Do
organizations determine the data owner based on the application, where the data is stored, or based on
the process, which uses the data? Vilminko-Heikkinen & Pekkola (2019, pp. 80) describe both options in
their case study comprising two master data management projects in a Finnish municipality, but the data
owner concept and approach remains unclear during both projects. Future research should further
investigate the process of data ownership determination. Third, we know little about the scope of data
ownership. For a regulation-driven data governance program, the scope might be narrowly defined
focusing on key data elements, whereas for an analytics-driven program it might be more meaningful to
widen the scope to comprise entire data domains. Future research should conduct a richer analysis on
how to define the scope of data ownership, as it might impact the effectiveness of data governance design.
The allocation of decision-making authority also requires further research. As part of our review, we
identified basic categories regarding the allocation of decision-making authority, i.e. hierarchical
positioning, functional positioning, and the positioning of decision-making authority on a continuum
ranging from centralized to decentralized. However, we do not know which allocation of decision-making
authority is most suitable under which circumstances. In case of functional positioning, Otto (2011b, pp.
60) states that business benefits related to data governance are eventually attributed to the data
governance organization to a larger extent if the decision-making authority is allocated to a business
function. However, this proposition requires substantiation through quantitative empirical studies on a
larger and more representative sample of companies. Researchers should analyze whether allocating
decision-making authority to a business function is more effective than allocating it to an IT function or a
separate data governance organization. Weber et al. (2009, pp. 18) provide a qualitative description of the
factors that impact the allocation of decision-making authority on a continuum ranging from centralized
to decentralized. However, they do not provide empirical evidence of this contingency approach.
Researchers should conduct further studies to analyze under which circumstances a centralized,
decentralized, or hybrid allocation of decision-making authority is most suitable. Understanding how to
allocate decision-making authority could greatly improve the effectiveness of data governance.
Furthermore, data governance is an ongoing program and a continuous improvement process (Cheng et
al. 2017, p. 518; DAMA International 2009, p. 38). New internal data needs and changing external demands
such as legal and regulatory requirements force data governance to evolve and adapt (Tallon et al. 2014,
p. 171; Weber et al. 2009, p. 23). However, most of the reviewed publications take a “one-off” perspective
on data governance and do not reflect how data governance arrangements might need to change over
time. We identified a few publications which focus on the evolution of specific data governance concepts
such as the evolution of the data governance strategy (Tallon et al. 2013), data ownership (Vilminko-
Heikkinen & Pekkola 2019), and data governance effectiveness (Otto 2013). Future research should build
on these results and conduct further qualitative, quantitative, and longitudinal studies to deepen the
knowledge about data governance evolution. The findings could provide a better understanding of which
governance mechanisms should be applied during different phases of a data governance program.
5.2 Scope of data governance
Data governance for ecosystems of public and private organizations is another promising research area.
Firms increasingly collaborate with partnering companies, outsourcing vendors, and cloud service
providers to manage parts of the data value chain (Bruhn 2014, pp. 4; Panian 2010, p. 942). Research
institutions team up and form distributed research networks which allow researchers to use data from
multiple institutions (Kim et al. 2014, p. 714). Current research has started investigating data governance
for specific types of inter-organizational settings such as cloud computing (Al-Ruithe et al. 2016a), platform
ecosystems (Lee et al. 2017), dynamic business networking (Rasouli et al. 2016c), supply chains (In et al.
2019), and inter-organizational data collaborations (Broek & Veenstra 2015). However, we do not know
much about how organizations ensure data ownership and control in inter-organizational relationships.
Especially the exchange of sensitive data such as personal health information raises new concerns about
privacy (Winter & Davidson 2018, p. 2). Future research should investigate which data governance
mechanisms can help organizations to retain control over their data in inter-organizational settings.
Researchers should also explore governance practices that support individuals and groups in effectively
co-determining how their data is governed and (re)used. For example, additional governance bodies might
be required to monitor compliance and balance interests in inter-organizational settings. Furthermore,
companies need to create a standardized and trustworthy data exchange environment (Cohn 2015, p. 821;
Rasouli 2016, p. 97; Rasouli et al. 2016c, pp. 1362). Future research should investigate how meta data and
other concepts can be used to facilitate interoperability between organizations and traceability of data
provenance. Finally, the complexity of ecosystems increases with the number of participating
organizations (Broek & Veenstra 2015, p. 9). Researchers should conduct further qualitative studies to
explore the most appropriate governance designs for one-to-one, one-to-many, and many-to-many inter-
Data governance for big data has been a specific focus in research (e.g. Kim & Cho 2018; Malik 2013;
Winter & Davidson 2018). As organizations try to integrate and use big data, having an effective data
governance design becomes substantive. However, no general data governance approach for big data has
been agreed upon. We identified four major big data challenges and research opportunities regarding data
governance. First, data quality for big data needs to be addressed given the incomplete and often
uncertain nature of big data (Lemieux et al. 2014, p. 129; Malik 2013, p. 5). Data quality issues concerning
big data could become an increasing risk, as organizations keep on applying data-driven decision-making
(Kim & Cho 2018, p. 386; Morabito 2015 p. 97). Future research should determine how data quality metrics
should be defined for big data and how accurate big data needs to be. Second, big data raises concerns
regarding privacy infringements (e.g. Tallon 2013, p. 37; Winter & Davidson 2018, p. 2). The extent to
which organizations can act upon big data insights is still an unresolved issue (Tallon 2013, p. 37). For
example, combining data sources to reveal new patterns could cause unanticipated exposure of personal
habits (IBM 2014, p. 6). Researchers should explore governance mechanisms that enable innovation
through big data analytics with simultaneous consideration of privacy requirements. This could include
policies determining the ethical and permissible use of big data without violating privacy rights. Third, not
all data is equally useful, but have varying degrees of value (Malik 2013, p. 6). However, the definition of
the intrinsic data value and the methods of how to measure it still prompt questions (Kooper et al. 2011,
pp. 199; Malik 2013, p. 11). Future research should investigate how to quantify the intrinsic data value.
The results could help companies to adjust data retention policies and determine when to migrate data to
low-cost storage tiers and when to delete data. Finally, integrating big data with traditional enterprise data
poses challenges (Malik 2013, pp. 4). Data is often fragmented and stored in incompatible IT systems
(Lemieux et al. 2014, p. 129; Morabito 2015 p. 98). The reason for these data silos is often a lack of cross-
organizational collaboration (Nielsen et al. 2018, p. 23). Researchers should investigate how governance
mechanisms can be applied to foster cross-organizational collaboration to deconstruct data silos.
5.3 Antecedents of data governance
We found that organizations need to design data governance considering contextual factors. Research
informing these design decisions will be useful as it helps organizations to tailor data governance according
to their specific environment and needs. Although these antecedents have received some attention (Tallon
et al. 2014; Weber et al. 2009), we do not know much about their relative importance, their interrelations,
and their causal chains. We found in the review that many data governance approaches do not consider
contextual factors, which seems reductionist and unrealistic. For future research, rather than ignoring the
context, it would be useful if researchers analyzed contextual factors and their impact on data governance
design and implementation. This includes the investigation of additional antecedents such as specific
industries, firm size, and corporate culture (Begg & Caira 2012, p. 12; Cave 2017, pp. 152; NASCIO 2008, p.
6; Neff et al. 2013, p. 8; Yu & Foster 2017, p. 345), but also the impact of antecedents on data governance
implementation. Based on those findings, organizations could decide upon the amount of structure and
formality for their data governance design. Tallon et al. (2014, p. 170) state that some antecedents
facilitate the adoption of data governance practices, while others inhibit the adoption. Future research
should determine which antecedents are likely to dominate if organizations concurrently possess both
enabling and inhibiting antecedents.
5.4 Consequences of data governance
Another relevant but under-researched area comprises the effectiveness of data governance. Current
research only provides brief evidence of the intermediate performance effects and the ways how to
measure those effects (Kamioka et al. 2016, p. 7; Mikalef et al. 2018, p. 4917; Otto 2013, p. 96; Tallon et
al. 2014, p. 166). On the other hand, organizations still struggle to provide a compelling use case that links
data governance to value generation (Nielsen et al. 2018, p. 24). To fully comprehend data governance,
we need to understand how intermediate performance effects impact strategic business outcomes such
as revenue growth, cost reduction, and regulatory compliance. Future research should conduct a richer
analysis of intermediate-level performance effects and their impact on strategic business outcomes. This
could be achieved by identifying the causal links between intermediate-level and firm-level performance
effects. The findings could help organizations to quantify the benefits of data governance and to derive
the business case. Furthermore, we presently cannot define the point beyond which users can feel
constrained by data governance. If organizations use too bureaucratic, complex, and restrictive data
governance mechanisms, this ‘over-governance’ could lead to a performance decrease by limiting data-
led innovations and motivating users to bypass policies and take unnecessary risks with their data. Tallon
et al. (2014, p. 168) describe this as the curvilinear relationship between data governance and firm
performance. Future research should conduct a richer analysis of this curvilinear relationship and the
inflection point, which determines the optimal data governance design. In doing so, researchers should
consider the influence of antecedents as well as the organizational, data, and domain scope.
5.5 Generalizability and replicability
In addition to the research areas described above, the use of further research methods could unveil new
findings. Prior research mainly conducted single and multiple case studies. This may pose limitations in
making controlled observations and deductions as well as limitations concerning the replicability and
generalizability of the findings (Lee 1989, p. 35; Tallon et al. 2014, p. 171). Transforming the propositions
developed in the case studies into testable hypotheses could lay the foundation for further quantitative
research (Otto 2011b, p. 61). Researchers should aim at substantiating the propositions on data
governance through quantitative empirical studies on a larger and more representative sample of
companies (e.g., Otto 2011b, p. 62; Tallon et al. 2014, p. 171; Weber et al. 2009, p. 23). In addition,
researchers should broaden the sample of study participants. Prior case studies selected primarily IT and
data management executives as interview partners (Neff et al. 2013, p. 8; Otto 2011b, p. 51; Tallon et al.
2014, p. 171; Weber et al. 2009, p. 24). Future research should include additional stakeholders such as the
legal counsel, data architects, application and process owners, and data stewards. In doing so, researchers
could improve internal validity and gain a holistic understanding concerning the effectiveness, limitations,
and challenges of data governance.
Table 4 outlines the research areas for data governance and lists potential research questions for future
Topics of interest
Allocation of decision-
RQ 5.1.1: How do organizations determine the data
owner and his/her responsibilities?
RQ 5.1.2: How does the allocation of decision-making
authority impact data governance effectiveness?
RQ 5.1.3: How do data governance mechanisms evolve
Scope of data
mechanisms on the
and domain scope
measurement for big
RQ 5.2.1: How do organizations retain control over their
data in inter-organizational settings?
RQ 5.2.2: How do companies facilitate interoperability
and traceability of data?
RQ 5.2.3: Which data governance designs are effective
in one-to-one/one-to-many/many-to-many inter-
RQ 5.2.4: How do organizations define data quality
metrics for big data?
RQ 5.2.5: How do organizations enable innovation
through big data analytics with simultaneous
consideration of privacy requirements?
RQ 5.2.6: How do organizations quantify the intrinsic
value of data?
RQ 5.2.7: How do companies foster cross-organizational
collaboration to deconstruct data silos?
Impact of antecedents
on data governance
RQ 5.3.1: How do industry/firm size/corporate culture
impact data governance design?
RQ 5.3.2: Which antecedents are likely to dominate if
companies concurrently possess both enabling and
Measurement of data
RQ 5.4.1: What are the effects of data governance
mechanisms on intermediate-level performance?
RQ 5.4.2: What is the relationship between
intermediate-level performance effects of data
governance and strategic business outcomes?
RQ 5.4.3: How does the amount of applied governance
mechanisms correlate with intermediate-level
Table 4 Research agenda for data governance
In this study, we conducted a structured literature review, provided an overview of the state-of-the-art of
data governance, and identified a research agenda. Two research questions framed our literature review:
What are the building blocks of data governance? Where do we lack in knowledge about data governance?
We answered the first question by developing a conceptual framework for data governance comprising
six dimensions: Governance mechanisms, organizational scope, data scope, domain scope, antecedents,
and consequences of data governance. We answered the second question by analyzing gaps within the
dimensions of the conceptual framework and deriving areas for which further research is required. We
identified five promising fields for future research: Governance mechanisms, the scope of data
governance, antecedents of data governance, consequences of data governance, and further research
strengthening the generalizability and replicability of findings.
From the perspective of the practitioners’ community, the results of the literature review can be
considered valuable as the conceptual framework supports practitioners to approach data governance in
a structured manner. For example, practitioners could first identify the antecedents that affect their
organization. Second, they could determine the organizational scope, data scope, and domain scope for
their data governance design. Data governance with a focus on data quality for master data is likely to be
different than data governance with a focus on data privacy in the context of big data. Based on those
previous two steps, practitioners could choose and customize the set of data governance mechanisms
most appropriate for their organization. Reflecting on these results will help to avoid approaching the topic
prematurely. The conceptual framework also builds the foundation to exploit synergies between decision
domains such as data quality and data security.
Despite the efforts we have made to present a complete review of data governance literature, the study
has its limitations. The major focus of our search process was on the term “data governance” including
synonyms, but less on the broader concept of data management. Future research should review the
literature on data management and screen for governance concepts. Moreover, we included the search
term “information governance”, as the term is often used interchangeably with the term “data
governance”. However, we identified few publications that differentiate between both terms (de Abreu
Faria et al. 2013, p. 4437; Jim & Chang 2018, p. 203; Kooper et al. 2011, p. 198). Future research should
further investigate the usage of these terms. Due to lack of access, we were not able to use certain
scientific databases such as Scopus and Web of Science. Though we are convinced that we have compiled
most of the studies carried out on this topic, future research should conduct a literature search in those
databases. The study did not validate the practical applicability of the conceptual framework. First, we did
not distinguish, which findings describe norms of data governance and which describe the actual practice.
Future research should conduct expert interviews or case studies to ascertain which data governance
concepts are applied in practice. Second, our conceptual framework does not provide the information on
which data governance mechanisms to choose for a given set of antecedents and a given organizational,
data, and domain scope. Researchers should conduct a quantitative study to identify the correlations
between antecedents, the scoping parameters, and data governance mechanisms. This could provide
further insights on how to configure data governance in a specific environment.
With our research agenda, we support the call from Tiwana et al. (2014, p. 9) for more research on the
governance of data. We provided a comprehensive overview of the topic that is valuable for both
researchers and practitioners in the field of data governance. We hope that our work facilitates future
research on data governance by providing a conceptual foundation.
Aisyah, M., & Ruldeviyani, Y. (2018). Designing Data Governance Structure Based On Data Management
Body of Knowledge (DMBOK) Framework: A Case Study on Indonesia Deposit Insurance
Corporation (IDIC). International Conference on Advanced Computer Science and Information
Systems (ICACSIS), (pp. 307-312). Yogyakarta, Indonesia.
Al-Badi, A., Tarhini, A., & Khan, A. I. (2018). Exploring Big Data Governance Frameworks. Procedia
Computer Science, 141, pp. 271-277.
Alhassan, I., Sammon, D., & Daly, M. (2016). Data governance activities: an analysis of the literature.
Journal of Decision Systems, 25(S1), pp. 64-75.
Alhassan, I., Sammon, D., & Daly, M. (2018). Data governance activities: a comparison between scientific
and practice-oriented literature. Journal of Enterprise Information Management, 31(2), pp. 300-
Alhassan, I., Sammon, D., & Daly, M. (2019). Critical Success Factors for Data Governance: A Theory
Building Approach. Information Systems Management, 36(2), pp. 98-110.
Allen, C., Des Jardins, T. R., Heider, A., Lyman, K. A., McWilliams, L., Rein, A. L., . . . Turske, S. A. (2014).
Data Governance and Data Sharing Agreements for Community-Wide Health Information
Exchange: Lessons from the Beacon Communities. eGEMs, 2(1), pp. 1-9.
Al-Ruithe, M., & Benkhelifa, E. (2017). Analysis and Classification of Barriers and Critical Success Factors
for Implementing a Cloud Data Governance Strategy. Procedia Computer Science, 113, pp. 223-
Al-Ruithe, M., & Benkhelifa, E. (2017b). A conceptual framework for cloud data governance-driven
decision making. International Conference on the Frontiers and Advances in Data Science (FADS),
(pp. 1-6). Xi'an, China.
Al-Ruithe, M., & Benkhelifa, E. (2017c). Cloud Data Governance In-Light of the Saudi Vision 2030 for
Digital Transformation. 14th International Conference on Computer Systems and Applications
(AICCSA), (pp. 1436-1442). Hammamet, Tunisia.
Al-Ruithe, M., & Benkhelifa, E. (2018). Determining the enabling factors for implementing cloud data
governance in the Saudi public sector by structural equation modelling. Future Generation
Computer Systems(article in press), pp. 1-16.
Al-Ruithe, M., Benkhelifa, E., & Hameed, K. (2016a). A Conceptual Framework for Designing Data
Governance for Cloud Computing. Procedia Computer Science, 94, pp. 160-167.
Al-Ruithe, M., Benkhelifa, E., & Hameed, K. (2016b). Key Dimensions for Cloud Data Governance. 2016
IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud), (pp. 379-386).
Al-Ruithe, M., Benkhelifa, E., & Hameed, K. (2018a). A systematic literature review of data governance
and cloud data governance. Personal and Ubiquitous Computing, pp. 1-21.
Al-Ruithe, M., Benkhelifa, E., & Hameed, K. (2018b). Data Governance Taxonomy: Cloud versus Non-
Cloud. Sustainability, 10(1), pp. 1-26.
Al-Ruithe, M., Mthunzi, S., & Benkhelifa, E. (2016c). Data Governance for Security in IoT & Cloud
Converged Environments. 2016 IEEE/ACS 13th International Conference of Computer Systems
and Applications (AICCSA) (pp. 1-8). Agadir, Morocco: IEEE.
Barker, J. M. (2016). Data Governance: The missing approach to improving data quality. ProQuest LLC.
Becker, M. Y. (2007). Information governance in NHS’s NPfIT: A case for policy specification. International
Journal of Medical Informatics, 76, pp. 432-437.
Begg, C., & Caira, T. (2011). Data Governance in Practise: The SME Quandary Reflections on the reality of
Data Governance in the Small to Medium Enterprise (SME) sector. Proceedings of the 5th
European Conference on Information Management and Innovation: ECIME 2011, (pp. 75-83).
Begg, C., & Caira, T. (2012). Exploring the SME Quandary: Data Governance in Practise in the Small to
Medium-Sized Enterprise Sector. The Electronic Journal Information Systems Evaluation, 15(1),
Boell, S. K., & Cecez-Kecmanovic, D. (2015). On being ‘systematic’ in literature reviews in IS. Journal of
Information Technology, 30, pp. 161-173.
Borgman, H., Heier, H., Bahli, B., & Boekamp, T. (2016). Dotting the I and Crossing (out) the T in IT
Governance: New Challenges for Information Governance. 49th Hawaii International Conference
on System Sciences, (pp. 4901-4909). Koloa, Hawaii, USA.
Brooks, J. (2019). Perspectives on the relationship between records management and information
governance. Records Management Journal, 29(1/2), pp. 5-17.
Brous, P., Herder, P., & Janssen, M. (2016a). Governing Asset Management Data Infrastructures.
Procedia Computer Science, 95, pp. 303-310.
Brous, P., Janssen, M., & Herder, P. (2016b). Coordinating Data-Driven Decision-Making in Public Asset
Management Organizations: A Quasi-Experiment for Assessing the Impact of Data Governance
on Asset Management Decision Making. In D. Y. al. (Ed.), Social Media: The Good, the Bad, and
the Ugly. I3E 2016. Lecture Notes in Computer Science. 9844, pp. 573-583. Cham: Springer.
Brous, P., Janssen, M., & Vilminko-Heikkinen, R. (2016c). Coordinating Decision-Making in Data
Management Activities: A Systematic Review of Data Governance Principles. Electronic
Government. EGOVIS 2016 (pp. 115-125). Cham: Springer.
Brown, D. C., & Toze, S. (2017). Information governance in digitized public administration. CANADIAN
PUBLIC ADMINISTRATION, 60(4), pp. 581-604.
Bruhn, J. (2014). Identifying Useful Approaches to the Governance of Indigenous Data. The International
Indigenous Policy Journal, 5(2), pp. 1-32.
Carretero, A. G., Gualo, F., Caballero, I., & Piattini, M. (2017). MAMD 2.0: Environment for data quality
processes implantation based on ISO 8000-6X and ISO/IEC 33000. Computer Standards &
Interfaces, 54(3), pp. 139-151.
Cave, A. (2017). Exploring Strategies for Implementing Data Governance Practices. Walden Dissertations
and Doctoral Studies.
Cheng, G., Li, Y., Gao, Z., & Liu, X. (2017). Cloud data governance maturity model. 8th IEEE International
Conference on Software Engineering and Service Science (ICSESS), (pp. 517-520). Beijing, China.
Cheong, L. K., & Chang, V. (2007). The Need for Data Governance: A Case Study. 18th Australasian
Conference on Information System, (pp. 999-1008). Toowoomba, Australia.
Choi, S.-K. T., & Kroeschel, I. (2015). Challenges of Governing Interorganizational Value Chains: Insights
from a Case Study. Twenty-Third European Conference on Information Systems (ECIS), (pp. 1-16).
Cohn, B. L. (2015). Data Governance: A Quality Imperative in the Era of Big Data, Open Data, and Beyond.
I/S: A JOURNAL OF LAW AND POLICY FOR THE INFORMATION SOCIETY, 10(3), pp. 811-826.
Corbin, J., & Strauss, A. (2015). Basics of Qualitative Research (4 ed.). SAGE Publications, Inc.
Cousins, K. (2016). Health IT Legislation in the United States: Guidelines for IS Researchers.
Communications of the Association for Information Systems, 39, pp. 338-366.
Coyne, E. M., Coyne, J. G., & Walker, K. B. (2018). Big Data information governance by accountants.
International Journal of Accounting & Information Management, 26(1), pp. 153-170.
Dahlberg, T., & Nokkala, T. (2015). A framework for the corporate governance of data - Theoretical
background and empirical evidence. Business, Management and Education, 13(1), pp. 25-45.
DAMA International. (2009). The DAMA Guide to The Data Management Body of Knowledge. New Jersey:
Technics Publications, LLC.
Daneshmandnia, A. (2019). The influence of organizational culture on information governance
effectiveness. Records Management Journal, 29(1/2), pp. 18-41.
de Abreu Faria, F., Maçada, A. C., & Kumar, K. (2013). Information Governance in the Banking Industry.
Proceedings of the 46th Hawaii International Conference on System Sciences, (pp. 4436-4445).
Wailea, Maui, Hawaii, USA.
De Haes, S., & Van Grembergen, W. (2005). IT Governance Structures, Processes and Relational
Mechanisms: Achieving IT/Business Alignment in a Major Belgian Financial Group. Proceedings of
the 38th Hawaii International Conference on System Sciences, (pp. 1-10). Big Island, Hawaii, USA.
De Haes, S., & Van Grembergen, W. (2009). An Exploratory Study into IT Governance Implementations
and its Impact on Business/IT Alignment. Information Systems Management, 26(2), pp. 123-137.
De Mauro, A., Greco, M., & Grimaldi, M. (2014). What is Big Data? A Consensual Definition and a Review
of Key Research Topics. International Conference on Integrated Information (IC-ININFO), (pp. 97-
Donaldson, A., & Walker, P. (2004). Information governance—a view from the NHS. International Journal
of Medical Informatics, 73, pp. 281-284.
Dreibelbis, A., Hechler, E., Milman, I., Oberhofer, M., & van Run, P. (2008). Enterprise Master Data
Management: An SOA Approach to Managing Core Information. IBM Press.
Dyché, J., & Levy, E. (2006). Customer Data Integration: Reaching a Single Version of the Truth. John
Wiley & Sons.
EFQM. (2011). Framework for Corporate Data Quality Management.
Evans, J., McKemmish, S., & Rolan, G. (2019). Participatory information governance: Transforming
recordkeeping for childhood out-of-home Care. Records Management Journal, 29(1/2), pp. 178-
Felici, M., Koulouris, T., & Pearson, S. (2013). Accountability for Data Governance in Cloud Ecosystems.
IEEE International Conference on Cloud Computing Technology and Science, (pp. 327-332).
Fu, X., Wojak, A., Neagu, D., Ridley, M., & Travis, K. (2011). Data governance in predictive toxicology: A
review. Journal of Cheminformatics, 3(24), pp. 1-16.
Gillies, A. (2015). The role of information governance within English clinical governance: Observations
based upon the interim report from the NIGC of the Care Quality Commission. Clinical
Governance: An International Journal, 20(1), pp. 13-20.
Gillies, A., & Howard, J. (2005). An international comparison of information in adverse events.
International Journal of Health Care Quality Assurance, 18(5), pp. 343-352.
Gong, Y., & Janssen, M. (2019). The value of and myths about enterprise architecture. International
Journal of Information Management, 46, pp. 1-9.
Grimstad, T., & Myrseth, P. (2011). Information governance as a basis for cross-sector e-services in public
administration. International Conference on E-Business and E-Government (ICEE), (pp. 1-4).
Guetat, S. B., & Dakhli, S. B. (2015). The Architecture Facet of Information Governance: The Case of
Urbanized Information Systems. Procedia Computer Science, 64, pp. 1088-1098.
Hagmann, J. (2013). Information governance – beyond the buzz. Records Management Journal, 23(3), pp.
Haneem, F., Kama, N., Taskin, N., Pauleen, D., & Abu Bakar, N. A. (2019). Determinants of master data
management adoption by local government organizations: An empirical study. International
Journal of Information Management, 45, pp. 25-43.
Heredia-Vizcaíno, D., & Nieto, W. (2019). A Governing Framework for Data-Driven Small Organizations in
Colombia. (C. Springer, Ed.) New Knowledge in Information Systems and Technologies.
WorldCIST'19 2019. Advances in Intelligent Systems and Computing, 930, pp. 622-629.
Hovenga, E. J. (2013). Impact of Data Governance on a Nation’s Healthcare System Building Blocks. In
Health Information Governance in a Digital Environment (pp. 24-66).
Hovenga, E. J., & Grain, H. (2013). Health Data and Data Governance. In Health Information Governance
in a Digital Environment (pp. 67-92).
IBM. (2007). The IBM Data Governance Council Maturity Model: Building a roadmap for effective data
governance. New York.
IBM. (2014). Information Governance Principles and Practices for a Big Data Landscape.
IDC. (2014). The DIGITAL UNIVERSE of OPPORTUNITIES.
In, J., Bradley, R., Bichescu, B. C., & Autry, C. W. (2019). Supply chain information governance: toward a
conceptual framework. The International Journal of Logistics Management, 30(2), pp. 506-526.
Informatica. (2012). Holistic Data Governance: A Framework for Competitive Advantage.
ISACA. (2013). COBIT 5: Enabling Information. Illinois.
Ismagilova, E., Hughes, L., Dwivedi, Y. K., & Raman, K. R. (2019). Smart cities: Advances in research - An
information systems perspective. International Journal of Information Management, 47, pp. 88-
ISO. (2001). INTERNATIONAL STANDARD ISO 15489-1. Information and documentation — Records
management — Part 1: General. Switzerland.
ISO/IEC. (2005). INTERNATIONAL STANDARD ISO/IEC 27001. Information technology — Security
techniques — Information security management systems — Requirements. Switzerland.
Jim, C. K., & Chang, H.-C. (2018). The Current State of Data Governance in Higher Education. Proceedings
of the Association for Information Science and Technology, 55(1), pp. 198-206.
Kamioka, T., Luo, X., & Tapanainen, T. (2016). An empirical investigation of data governance: The role of
accountabilities. PACIS 2016 Proceedings, (pp. 1-12).
Khatri, V. (2016). Managerial work in the realm of the digital universe: The role of the data triad. Business
Horizons, 59, pp. 673-688.
Khatri, V., & Brown, C. V. (2010, January). Designing data governance. Communications of the ACM,
53(1), pp. 148-152.
Kim, H. Y., & Cho, J.-S. (2017). Data Governance Framework for Big Data Implementation with a Case of
Korea. IEEE 6th International Congress on Big Data, (pp. 384-391). Honolulu, Hawaii, USA.
Kim, H. Y., & Cho, J.-S. (2018). Data governance framework for big data implementation with NPS Case
Analysis in Korea. Journal of Business and Retail Management Research (JBRMR), 12(3), pp. 36-
Koltay, T. (2016). Data governance, data literacy and the management of data quality. IFLA Journal,
42(4), pp. 303-312.
Kooper, M., Maes, R., & Lindgreen, E. R. (2011, June). On the governance of information: Introducing a
new concept of governance to support the management of information. International Journal of
Information Management, 31(3), pp. 195-200.
Korhonen, J. J., Melleri, I., Hiekkanen, K., & Helenius, M. (2013). Designing Data Governance Structure:
An Organizational Perspective. GSTF Journal on Computing, 2(4), pp. 11-17.
Kravets, J., & Zimmermann, K. (2012). Inter-organizational Information Alignment: A Conceptual Model
of Structure and Governance for Cooperations. Proceedings of the Eighteenth Americas
Conference on Information Systems, (pp. 1-10). Seattle, Washington, USA.
Kusumah, R. T., & Suhardi. (2014). Designing Information Governance in Statistical Organization.
International Conference on Information Technology Systems and Innovation (ICITSI) 2014, (pp.
Lajara, T. T., & Maçada, A. C. (2013). Information Governance Framework: The Defense Manufacturing
Case Study. Proceedings of the Nineteenth Americas Conference on Information Systems, (pp. 1-
10). Chicago, Illinois.
Laney, D. (2001). 3D Data Management: Controlling Data Volume, Velocity, and Variety. META Delta
Application Delivery Strategies, pp. 1-4.
Lăzăroiu, G., Kovacova, M., Kliestikova, J., Kubala, P., Valaskova, K., & Dengov, V. V. (2018). Data
governance and automated individual decision-making in the digital privacy General Data
Protection Regulation. Administratie si Management Public, 31, pp. 132-142.
Lee, A. S. (1989, March). A Scientific Methodology For MIS Case Studies. MIS Quarterly, 13, pp. 33-50.
Lee, S. U., Zhu, L., & Jeffery, R. (2017). Data Governance for Platform Ecosystems: Critical Factors and the
State of Practice. Twenty First Pacific Asia Conference on Information Systems, (pp. 1-12).
Lee, Y., Madnick, S., Wang, R., Wang, F., & Zhang, H. (2014). A Cubic Framework for the Chief Data
Officer: Succeeding in a World of Big Data. MIS Quarterly Executive, 13(1), pp. 1-13.
Lemieux, V. L., Gormly, B., & Rowledge, L. (2014). Meeting Big Data challenges with visual analytics: The
role of records management. Records Management Journal, 24(2), pp. 122-141.
Lillie, T., & Eybers, S. (2019). Identifying the Constructs and Agile Capabilities of Data Governance and
Data Management: A Review of the Literature. IDIA 2018, CCIS 933, pp. 313-326.
Lomas, E. (2010). Information governance: information security and access within a UK context. Records
Management Journal, 20(2), pp. 182-198.
Loshin, D. (2008). Master Data Management. Morgan Kaufmann.
Malik, P. (2013). Governing Big Data: Principles and practices. IBM Journal of Research and Development,
57(3/4), pp. 1-13.
Marchildon, P., Bourdeau, S., Hadaya, P., & Labissière, A. (2018). Data governance maturity assessment
tool: A design science approach. Projectics / Proyéctica / Projectique, 20, pp. 155-193.
Marshall, C., & Rossman, G. B. (2011). Designing Qualitative Research (5 ed.). SAGE Publications.
Mikalef, P., Krogstie, J., van de Wetering, R., Pappas, I. O., & Giannakos, M. N. (2018). Information
Governance in the Big Data Era: Aligning Organizational Capabilities. Proceedings of the 51st
Hawaii International Conference on System Sciences, (pp. 4911-4920). Big Island, Hawaii, USA.
Miles, M. B., & Huberman, A. M. (1994). Qualitative Data Analysis: An Expanded Sourcebook (2 ed.).
Mlangeni, T. C., & Ruhode, E. (2017). Data Governance: A Challenge for Merged and Collaborating
Institutions in Developing Countries. 14th IFIP WG 9.4 International Conference on Social
Implications of Computers in Developing Countries, ICT4D 2017, (pp. 242-253). Yogyakarta,
Morabito, V. (2015). Big Data and Analytics: Strategic and Organizational Impacts. Switzerland: Springer
NASCIO. (2008). Data Governance – Managing Information As An Enterprise Asset. Part I – An
Neff, A. A., Schosser, M., Zelt, S., Uebernickel, F., & Brenner, W. (2013). Explicating Performance Impacts
of IT Governance and Data Governance in Multi-Business Organisations. Proceedings of the 24th
Australasian Conference on Information Systems, (pp. 1-11). Melbourne, Australia.
Ng, P. M., Lo, M. F., & Choy, E. (2015). Improving China’s Corporate Governance Within the Big Data era:
Integration of Knowledge Management and Data Governance. In A. C. Limited (Ed.), 12th
International Conference on Intellectual Capital Knowledge Management and Organisational
Learning, ICICKM 2015, (pp. 183-190). Thailand.
Nguyen, C., Sargent, J., Stockdale, R., & Scheepers, H. (2014). Towards a unified framework for
governance and management of information. Proceedings of the 25th Australasian Conference
on Information Systems, (pp. 1-13). Auckland, New Zealand.
Nguyen, T. C. (2016). Information governance and management in the context of GOV 2.0.
Nielsen, O. B. (2017). A Comprehensive Review of Data Governance Literature. Selected Papers of the
IRIS, 8, pp. 120-133.
Nielsen, O. B., Persson, J. S., & Madsen, S. (2018). Why Governing Data Is Difficult: Findings from Danish
Local Government. TDIT 2018, IFIP AICT 533, pp. 15-29.
Niemi, E., & Laine, S. (2016). Designing Information Governance with a Focus on Competence
Management in a Knowledge-Intensive Project Organization. ICIQ, (pp. 1-12). Ciudad Real, Spain.
Nwabude, C., Begg, C., & McRobbie, G. (2014). Data Governance in Small Businesses – Why Small
Business Framework should be Different. International Proceedings of Economics Development
and Research, 82, pp. 101-107.
OECD. (2017). Recommendation of the Council on Health Data Governance. OECD/LEGAL/0433, OECD
Olanrewaju, A.-S. T., Hossain, M. A., Whiteside, N., & Mercieca, P. (2020). Social media and
entrepreneurship research: A literature review. International Journal of Information
Management, 50, pp. 90-110.
Otto, B. (2011a). Data Governance. Business & Information Systems Engineering, 4, pp. 241-244.
Otto, B. (2011b). Organizing Data Governance: Findings from the Telecommunications Industry and
Consequences for Large Service Providers. Communications of the Association for Information
Systems, 29(1), pp. 45-66.
Otto, B. (2011c). A morphology of the organisation of data governance. Proceedings of the 19th
European Conference on Information Systems (ECIS), (pp. 1-12). Helsinki, Finland.
Otto, B. (2012). Managing the business benefits of product data management: the case of Festo. Journal
of Enterprise Information Management, 25(3), pp. 272-297.
Otto, B. (2013). On the Evolution of Data Governance in Firms: The Case of Johnson & Johnson Consumer
Products North America. In S. S. (Ed.), Handbook of Data Quality (pp. 93-118). Springer, Berlin,
Palczewska, A., Fu, X., Trundle, P., Yang, L., Neagu, D., Ridley, M., & Travis, K. (2013). Towards model
governance in predictive toxicology. International Journal of Information Management, 33, pp.
Panian, Z. (2010). Some Practical Experiences in Data Governance. World Academy of Science,
Engineering and Technology, (pp. 939-946).
Permana, R. I., & Suroso, J. S. (2018). Data Governance Maturity Assessment at PT. XYZ. Case Study: Data
Management Division. International Conference on Information Management and Technology
(ICIMTech), (pp. 15-20). Jakarta, Indonesia.
Peterson, R. (2004). Crafting Information Technology Governance. Information Systems Management,
21, pp. 7-22.
Peyret, H., & Goetz, M. (2014). The Forrester Wave™: Data Governance Tools, Q2 2014. Forrester
Research, Inc., Cambridge, MA 02140.
Pierce, E., Dismute, W. S., & Yonke, C. L. (2008). The State of Information and Data Governance.
Understanding How Organizations Govern Their Information and Data Assets. International
Association for Information and Data Quality (IAIDQ); University of Arkansas at Little Rock,
Information Quality Program (UALR-IQ).
Prasetyo, H. N. (2016). A review of data governance maturity level in higher education. Jurnal Ilmiah
Teknologi Informasi Terapan, 3(1), pp. 1-10.
Prasetyo, H. N., & Surendro, K. (2015). Designing a data governance model based on soft system
methodology (SSM) in organization. Journal of Theoretical and Applied Information Technology,
78(1), pp. 46-52.
Proença, D., Vieira, R., & Borbinha, J. (2016). A maturity model for information governance. 11th Iberian
Conference on Information Systems and Technologies (CISTI), (pp. 1-6). Las Palmas, Spain.
Proença, D., Vieira, R., & Borbinha, J. (2017). Information Governance Maturity Model Final Development
Iteration. (C. Springer, Ed.) Research and Advanced Technology for Digital Libraries. TPDL 2017.
Lecture Notes in Computer Science, 10450, pp. 128-139.
Randhawa, T. S. (2019). Incorporating Data Governance Frameworks in the Financial Industry. Walden
Dissertations and Doctoral Studies.
Rasouli, M. (2016). Information governance in service-oriented business networking. Eindhoven:
Technische Universiteit Eindhoven.
Rasouli, M. R., Eshuis, R., Grefen, P. W., Trienekens, J. J., & Kusters, R. J. (2017). Information Governance
in Dynamic Networked Business Process Management. International Journal of Cooperative
Information Systems, 26(1), pp. 1-37.
Rasouli, M. R., Eshuis, R., Trienekens, J. J., & Grefen, P. W. (2016a). Information Governance
Requirements for Architectural Solutions Supporting Dynamic Business Networking. In G. W.
Norta A. (Ed.), Service-Oriented Computing – ICSOC 2015 Workshops. ICSOC 2015. Lecture Notes
in Computer Science. 9586, pp. 184-189. Springer, Berlin, Heidelberg.
Rasouli, M. R., Eshuis, R., Trienekens, J. J., Kusters, R. J., & Grefen, P. W. (2016b). Information
Governance as a Dynamic Capability in Service Oriented Business Networking. 17th IFIP WG 5.5
Working Conference on Virtual Enterprises, PRO-VE 2016, (pp. 457-468). Porto, Portugal.
Rasouli, M. R., Trienekens, J. J., Kusters, R. J., & Grefen, P. W. (2016c). Information governance
requirements in dynamic business networking. Industrial Management & Data Systems, 116(7),
Renaud, K. (2014). Clinical and information governance proposes; human fallibility disposes. Clinical
Governance: An International Journal, 19(2), pp. 94-109.
Rifaie, M., Alhajj, R., & Ridley, M. (2009). Data Governance Strategy: A Key Issue in Building Enterprise
Data Warehouse. Proceedings of the 11th International Conference on Information Integration
and Web based Applications & Services, (pp. 587-591). Kuala Lumpur, Malaysia.
Rosenbaum, S. (2010). Data Governance and Stewardship: Designing Data Stewardship Entities and
Advancing Data Access. Health Services Research, 45(5), pp. 1442-1455.
Rowe, F. (2014). What literature review is not: diversity, boundaries and recommendations. European
Journal of Information Systems, 23, pp. 241-255.
Saputra, D. A., Handika, D., & Ruldeviyani, Y. (2018). Data Governance Maturity Model (DGM2)
Assessment in Organization Transformation of Digital Telecommunication Company: Case Study
of PT Telekomunikasi Indonesia. International Conference on Advanced Computer Science and
Information Systems (ICACSIS), (pp. 325-330). Yogyakarta, Indonesia.
Senyo, P. K., Liu, K., & Effah, J. (2019). Digital business ecosystem: Literature review and a framework for
future research. International Journal of Information Management, 47, pp. 52-64.
Silic, M., & Back, A. (2013). Factors impacting information governance in the mobile device dual-use
context. Records Management Journal, 23(2), pp. 73-89.
Soares, S. (2013). IBM InfoSphere: A Platform for Big Data Governance and Process Data Governance (1
ed.). Boise: MC Press Online.
Tallon, P. P. (2013). Corporate Governance of Big Data: Perspectives on Value, Risk, and Cost. Computer,
26(6), pp. 32-38.
Tallon, P. P., Ramirez, R. V., & Short, J. E. (2014). The Information Artifact in IT Governance: Toward a
Theory of Information Governance. Journal of Management Information Systems, 30(3), pp. 141-
Tallon, P. P., Short, J. E., & Harkins, M. W. (2013). The Evolution of Information Governance at Intel. MIS
Quarterly Executive, 12(4), pp. 189-198.
Thammaboosadee, S., & Dumthanasarn, N. (2018). Proposed Amendments of Public Information Act
Towards Data Governance Framework for Open Government Data: Context of Thailand. 3rd
Technology Innovation Management and Engineering Science International Conference (TIMES-
iCON), (pp. 1-5). Bangkok, Thailand.
Thiarai, M., Chotvijit, S., & Jarvis, S. (2019). Balancing information governance obligations when accessing
social care data for collaborative research. Records Management Journal, 29(1/2), pp. 194-209.
Thomas, G. (2006). The DGI Data Governance Framework. The Data Governance Institute.
Thompson, N., Ravindran, R., & Nicosia, S. (2015). Government data does not mean data governance:
Lessons learned from a public sector application audit. Government Information Quarterly, 32,
Tiwana, A., Konsynski, B., & Venkatraman, N. (2014). Special Issue: Information Technology and
Organizational Governance: The IT Governance Cube. Journal of Management Information
Systems, 30(3), pp. 7-12.
Traulsen, S., & Troebs, M. (2011). Implementing Data Governance within a Financial Institution.
INFORMATIK 2011, 41. Jahrestagung der Gesellschaft für Informatik, (pp. 1-15). Berlin.
Tse, D., Chow, C.-k., Ly, T.-p., Tong, C.-y., & Tam, K.-w. (2018). The Challenges of Big Data Governance in
Healthcare. 17th IEEE International Conference On Trust, Security And Privacy In Computing And
Communications/ 12th IEEE International Conference On Big Data Science And Engineering
(TrustCom/BigDataSE), (pp. 1632-1636). New York, NY, USA.
van den Broek, T., & van Veenstra, A. F. (2015). Modes of Governance in Inter-Organizational Data
Collaborations. Twenty-Third European Conference on Information Systems (ECIS), (pp. 1-12).
van Helvoirt, S., & Weigand, H. (2015). Operationalizing Data Governance via Multi-level Metadata
Management. In J. M. al. (Ed.), Open and Big Data Management and Innovation. I3E 2015.
Lecture Notes in Computer Science. 9373, pp. 160-172. Cham: Springer.
Vilminko-Heikkinen, R., & Pekkola, S. (2019). Changes in roles, responsibilities and ownership in
organizing master data management. International Journal of Information Management, 47, pp.
vom Brocke, J., Simons, A., Niehaves, B., Riemer, K., Plattfaut, R., & Cleven, A. (2009). Reconstructing the
Giant: On the Importance of Rigour in Documenting the Literature Search Process. Proceedings
of the 17th European Conference On Information Systems, (pp. 2206-2217). Verona, Italy.
Waltl, B., Reschenhofer, T., & Matthes, F. (2015). Data Governance on EA Information Assets: Logical
Reasoning for Derived Data. Advanced Information Systems Engineering Workshops: CAiSE 2015
International Workshops, (pp. 401-412). Stockholm, Sweden.
Watson, H. J., Fuller, C., & Ariyachandra, T. (2004). Data warehouse governance: best practices at Blue
Cross and Blue Shield of North Carolina. Decision Support Systems, 38, pp. 435-450.
Weber, K., Otto, B., & Österle, H. (2009). One Size Does Not Fit All---A Contingency Approach to Data
Governance. Journal of Data and Information Quality, 1(1), pp. 1-27.
Webster, J., & Watson, R. T. (2002). Analyzing the Past to Prepare For the Future: Writing a Literature
Review. MIS Quarterly, 26(2), pp. xiii-xxiii.
Weill, P., & Ross, J. (2005). A Matrixed Approach to Designing IT Governance. MIT Sloan Management
Review, 46(2), pp. 26-34.
Weller, A. (2008). Data governance: Supporting datacentric risk management. Journal of Securities
Operations & Custody, 1(3), pp. 250-262.
Wende, K. (2007). A Model for Data Governance – Organising Accountabilities for Data Quality
Management. Proceedings of the 18th Australasian Conference on Information Systems, (pp.
417-425). Toowoomba, Australia.
Wende, K., & Otto, B. (2007). A Contingency Approach to Data Governance. 12th International
Conference on Information Quality, (pp. 1-14). Cambridge, Massachusetts, USA.
Were, V., & Moturi, C. (2017). Toward a data governance model for the Kenya health professional
regulatory authorities. The TQM Journal, 29(4), pp. 579-589.
Wilbanks, D., & Lehman, K. (2012). Data governance for SoS. International Journal of System of Systems
Engineering, 3(3-4), pp. 337-346.
Winter, J. S., & Davidson, E. (2017). Investigating Values in Personal Health Data Governance Models.
Twenty-third Americas Conference on Information Systems, (pp. 1-10). Boston, USA.
Winter, J. S., & Davidson, E. (2018). Big data governance of personal health information and challenges
to contextual integrity. The Information Society, pp. 1-16.
Wright, T. (2013). Information culture in a government organization. Examining records management
training and self-perceived competencies in compliance with a records management program.
Records Management Journal, 23(1), pp. 14-36.
Young, A., & McConkey, K. (2012). Data governance and data quality: Is it on your agenda? Journal of
Institutional Research, 17(1), pp. 69-77.
Yu, H., & Foster, J. (2017). Towards Information Governance of Data Value Chains: Balancing the Value
and Risks of Data Within a Financial Services Company. In L. W. Uden L. (Ed.), Knowledge
Management in Organizations. KMO 2017. Communications in Computer and Information
Science. 731, pp. 336-346. Cham: Springer.
Yulfitri, A. (2016). Modeling Operational Model of Data Governance in Government. International
Conference on Information Technology Systems and Innovation (ICITSI), (pp. 1-5). Bandung,
Zhang, S., Gao, H., Yang, L., & Song, J. (2017). Research on Big Data Governance Based on Actor-Network
Theory and Petri Nets. IEEE 21st International Conference on Computer Supported Cooperative
Work in Design (CSCWD), (pp. 372-377). Wellington, New Zealand.
Zorn, T., & Campbell, N. (2006). Improving the Writing of Literature Reviews through a Literature
Integration Exercise. Business Communication Quarterly, 69(2), pp. 172-183.