This is the first post in a three-part series.
You’ve probably heard the adage “There is a little poison in every medication,” which typically is attributed to Paracelsus (1493–1541), the father of toxicology. The trick, of course, is to prescribe the correct balance of agents to improve the patient while doing the least harm. One might think of data governance in a similar manner. A well-disciplined and well-executed data governance regimen provides significant improvements to the organization. So too, an overly restrictive or poorly designed and/or ineffectively monitored data governance ecosystem can result in significant harm; less than optimal models/scorecards, inaccurate reporting, imprecise portfolio outcome forecasts and poor regulatory reports, subsequently resulting in significant investment and loss of reputation. In this blog series, we will address the issues and best practices associated with the broad mandate of data governance.
In its simplest definition, data governance is the management of the availability, usability, integrity and security of the data employed in an enterprise. A sound data governance program includes a governing body or council, a defined set of procedures and a plan to execute those procedures. Well, upon quick reflection, effective data governance is not simple at all. After all, data is ubiquitous, is becoming more available, encompasses aspects of our digital lives not envisioned as little as 15 years ago and is constantly changing as people’s behavior changes. To add another level of complexity, regulatory oversight is becoming more pervasive as regulations passed since the Great Recession have become more intrusive, granular and demanding.
When addressing issues of data governance lenders, service providers and insurers find themselves trying to incorporate a wide range of issues. Some of these are time-tested best practices, while others previously were never considered. Here is a reasonable checklist of data governance concerns to consider:
- Who owns the data governance responsibility within the organization?
- Is the data governance group seen as an impediment to change or is it a ready part of the change management culture?
- Is the backup and retrieval discipline — redundancy and recovery — well-planned and periodically tested?
- How agile/flexible is the governance structure to new data sources?
- How does the governance structure document and reconcile similar data across multiple providers?
- Are there appropriate and documented approvals and consents from the data provider(s) for all disclosures?
- Are systemic access and modification controls and reporting fully deployed and monitored for periodic refinement?
- Does the monitoring of data integrity, persistence and entitled access enable a quick fix culture where issues are identified and resolved at the source of the problem and not settled by downstream processes?
- Are all data sources, including those that are proprietary, fully documented and subject to systemic accuracy/integrity reporting?
- Once obtained, how is the data stored and protected in both definition and accessibility?
- How do we alter data and leverage the modified outcome? Are there reasonable audits and tracking of downstream reporting?
- In the event of a data breach, does the organization have well-documented protocols and notification thresholds in place?
- How recently and to what extent have all data retrieval, manipulation, usage and protection policies and processes been audited?
- Are there scheduled and periodic reports made to the institution board on issues of data governance?
Certainly, many institutions have most of these aspects covered. However, “most” is imprecise medicine, and ill effects are certain to follow. As Paracelsus stated, “The doctor can have a stronger impact on the patient than any drug.” As in medical services, for data governance initiatives those impacts can be beneficial or harmful.
In our next blog, we’ll discuss observations of client data governance gaps and lessons learned in evaluating the existing data governance ecosystem. Make sure to read Compliance as a Differentiator perspective paper for deeper insight on regulations affecting financial institutions and how you can prepare your business.
Discover how a proven partner with rich experience in data governance, such as Experian, can provide the support your company needs to ensure a rigorous data governance ecosystem. Do more than comply. Succeed with an effective data governance program.