Data Governance: A Step Toward Value-Driven Compliance & Risk Management

In Data Governance by IRM UK0 Comments

Print Friendly

by Dr. Walid el abed, [email protected]

As trivial as it may sound today, 100 years ago companies from all industries elected electricity experts on their senior management team to guide the assimilation of this new and disruptive technology. Like electricity production and delivery at the turn of the beginning of last century, data is now changing the way business is being done. Today, organizations from all sectors are looking at data from an executive standpoint and exploring how to embrace data governance as a core business function.

As electricity enabled companies to scale their operations, businesses around the globe try to harness the volume, velocity and variety of data to maximize their business activities. Nevertheless as Google, Facebook and Amazon have shown the world, companies must not only incorporate data into various lines of business but in fact to be successful in increasingly competitive and regulated industries, companies must consider data as the motor force of their corporate value and treat these like an enterprise asset.

While executives from all sectors are increasingly aware of this paradigm shift, many are still hesitant to address this transformation. This is particularly true in the financial sector where confidentiality and security are inevitable concerns. While some industries may have the luxury to enjoy a few more years of status quo before legislation will force them to embrace this new reality, financial institutions now have no choice but to address the challenges imposed by the arrival of the information age.

Banks, insurances companies and brokerage firms are being strangled. On the one hand they are required to comply with stringent legal requirements. On the other they are confronted by an ever growing volume, velocity and complexity of data which enhance their vulnerability to sanctions, security threats and analysis inaccuracies. This “twin tsunami” of legal and technical disruption brings about a series of questions that traditional models for managing risk and compliance requirements cannot answer.

The End of ERP, MDM and BI

Within the last 10 years a broad variety of IT artillery, ERP, MDM and BI solutions were created to review data, rules and processes. Nevertheless none of these tools has succeeded in normalizing the fragmented and inconsistent data environments in which they operate. In fact, most if not all of these tools perpetuate the creation of silos and sustain duplicates and incoherence. Despite millions invested in applications and infrastructures, conventional IT tools remain disconnected from the overall business objectives and strategies and hence remain isolated from the organic business development of an organization.

In order to succeed in the information age, financial institutions need to align 1) business, 2) Data and 3) IT processes into one single direction and to govern data across ERP and BI/DW by using a combination of DI, DQ, and MDM solutions. In other words, a global, top-down and collaborative approach to data management is necessary for growth and sustainability. This is where Data Governance intervenes.

Data Governance

Data Governance (DG) builds upon the natural convergence between MDM, ERP and BI to create a single, fit-for-the-purpose view which emphasizes the enterprise’s global data ecosystem across sources. Data Governance in fact reconciles IT processes and business objectives by specifying the framework for decisions’ rights and accountabilities so as to encourage desirable behavior in the use and correction of data. DG encompasses people, policies, procedures and technologies to enable an organization to lever data as an enterprise asset. A well implemented DG should:

  • Ensure data meet the business needs,
  • Protect, manage and develop data to lower management cost,
  • Eliminate the profits loss associated with predictable impact,
  • Reduce operational friction and increase consensus,
  • Secure a common approach to data management,
  • Integrate compliance controls of policies, standards, and procedures.
  • Oversee the delivery of data management projects and services.

Around the world, regulatory bodies and committees such as the OSIF and BIS have published broad guidelines and principles on data management and governance but transforming these static policies in dynamic processes requires more than IT skills. It requires the active contribution of business in defining rules and priorities along the application of IT.

Valorization: enforcing priorities

The exponential growth of data volume, velocity and complexity is bringing about the question of priority. Since the number of records increases daily, and error reports directly follow the same rate of growth, the question of what data are the most crucial becomes fundamental and requires a new and broader notion of how we define “value”.

Distancing ourselves from the conventional wisdom of value as being a monetary unit and cost effectiveness coefficient, value takes on a broader function. It becomes the meeting point between an objective to be met and its actual measure within a system. Hence each of the resources existing within a system will have a share of the contribution to the objective and must then have a value.

In order to establish an efficient and fluid organization a hierarchy of priorities value must be assigned to each resource involved in a desired outcome. This value is to be defined upon consensus and will become the missing link between objectives and transactions.

By measuring the value of data upon its contribution to a desired objective (which one is operationalized by defined rules, policies or standards), we can ultimately express and observe value creation in each business function’s transactions and in turn assign the right priority to the right data. In other words, by implementing this process of valorization, the value indicator will reflect the impact of compliant and non compliant data to the business rules, policies, or standards that operationalize business objectives. In order to assess the value of data and to govern by value, companies have to implement a framework capable of tracking this value chain by:

  • Aligning and linking business objectives to data management processes via business rules;
  • Measuring and visualizing the business impact of data compliance and the value generation of high impact data;
  • Organizing and executing sustainable DG processes based on a proven methodology supported by a product solution.

The implementation of a Govern by Value approach also directly leads to the development of a collaborative culture in which clear lines of accountability and responsibility are established and sustained in a system.

As already explained, the Govern by Value approach focuses on the actual impact of a resource on the ultimate value creation of the enterprise. This in turn distances management from conventional performance evaluations using Key Performance Indicators (KPIs) and infuses a new formulation: the Key Value Indicators (KVI).

One can understand a KVI as a ratio between the value “to be realized” and the potential impact of a deviation from the rule assigned to each business function’s transaction. KVIs illustrate what resources are involved in what transactions, what is a resource’s related output, and how compliant it is with business rules and policies. KVIs will thus predicatively express the potential impact of non-compliant data before it actually impacts your business.

The distinction between KPI and KVI is subtle yet powerful. It enables management teams to conceptualize value generation as an inherent flow and observe its fluctuations throughout the organization’s transactions, departments and roles. This is what we mean by “treating data as an enterprise asset”.

Govern Risk and Compliance by Value

Using this approach, a risk will essentially become the potential for non-realization of the enterprises value objectives; something that will in turn be valued and governed predicatively. Using this approach and the appropriate system a company will be capable of visually monitoring and evaluating both risk (the faults that drive loss of value) and impact (the amount of value that will be lost) before it actually impacts the business. Govern by value will bring about a revolution in risk and compliance management.

For years financial institutions have collected information on their customers and members – basic demographic, transactions, account activity, loan portfolios and credit cards balances – and used this information as the backbone of decision making. Yet all this insight extracted about the past will be irrelevant as the information age overtakes old management traditions and methods.

Risk, we agree, is about understanding the future, not the past. The information age provides us with an unparalleled playing field for optimizing the value creation of our businesses. We have the intellectual and technical capabilities to adhere to this new paradigm. It is only up to us, business leaders, to decide if we want to take this initiative ourselves or to wait for another to do it for us. For the many financial institutions which are attempting to repay the technical dept accumulated over a decade of mergers and acquisitions which resulted in the “Ad-Hoc” management of references systems, I am convinced that the Govern by Value approach will prove its “raison d’être”.


Previously Published in Financial Worldwide Magazine

Leave a Comment