South African businesses are increasingly being prompted by their auditors to ensure they get their data governance act together since failure to do so, or do so successfully at this stage, derails the auditors’ ability to write them a clean bill of health, says Mervyn Mooi, director at Knowledge Integration Dynamics (KID).
Auditors face a number of problems with regard to data governance and overall compliance. They cannot ascertain the source of some data, they get conflicting results, and they get multiple versions of the truth.
The reason is that data governance frameworks, consisting of standard, guidelines, and policies that stipulate management, security, lifecycle management, creation, archiving and decommissioning, have not been established, have only been partially established or are inconsistently applied.
In only some cases have South African businesses not yet tried to establish data governance frameworks where necessary. In the majority of instances businesses have created frameworks but they have not been applied or applied inconsistently, or they have only been partially created.
Out to lunch
One common problem for companies that have data governance frameworks in place is that they are not applied. Commonly the problem is that developers have no map back to their real world projects so that, at each gate in the project lifecycle, they are unable to determine data governance requirements and therefore cannot implement them.
The fact that developers are often required to develop point solutions to business requirements, taken out of context of the overall business strategic framework, means that data governance is inconsistently applied. In some cases it is done, in others not, which results in pockets of data governance excellence.
One means of remedying that ailment is to create a data governance group or committee that ascertains the framework of theory, documentation, policies and standards and interacts with enterprise architects (EA) who then bring it back to a system level.
Show me the money
Many businesses fail to make a case for data governance because it is difficult to determine return on investment or revenue increases.
The result is that it lacks executive sponsorship and takes a back seat as resources come under pressure. However, while it is necessary to ensuring auditable processes and results, data governance also improves efficiencies of processes, resources and can result in rationalisation of IT systems and therefore costs.
An experienced data consultant can quickly ascertain where the data governance framework has not been mapped to processes by analysing the data models and rapidly pinpoint areas of concern. The process can also illuminate areas of infrastructure, resource and skills waste.
Beyond the pale
Another common issue is that businesses leave gaps in their frameworks. With the advent of big and other data, which may reside beyond the firewall, some companies have simply excluded them from the framework.
It is an oversight of epic proportions but is not, in most cases, intentional. Business systems tend to be developed over time, as the need for them arises, which means they are often point solutions not part of an overall architecture.
By mapping the data governance framework to systems and sources companies can quickly ascertain which systems are necessary, which can be decommissioned, which can be combined, and which are missing.
Data governance is currently in its infancy in South Africa and is immature yet businesses are feeling more pressure to do it and do it right. The challenge that they face is making it approachable, applicable, and usable across the entire business or they will simply be wasting their time.
In order to get it right they really need to focus on mapping it down to controls and checkpoints in each and every development project they undertake throughout the information lifecycle management schedule.