The deployment of accurate enterprise data for business value depends not only on the effectiveness with which the data is improved and maintained, but also on the effectiveness with which that data is governed. If data quality were easy to control, we would not need data governance; ironically, however, if that were truly the case, a data quality improvement effort would not be necessary in the first place.

To that end, it is extremely important for data quality improvement efforts to include a comprehensive data governance plan with policies and procedures that accurately define data-related processes. Unfortunately, having well-defined policies and procedures does not necessarily guarantee their use or compliance.

Throughout my career, I have had the pleasure of working with data professionals from a variety of diverse industries, including: insurance, education, traffic safety, motorcycle sales and marketing, auto rental, oil/energy, finance/banking, criminal and juvenile justice, pharmaceutical sales and marketing, and software development – just to name a few. It is interesting to note that, regardless of industry, data quality improvement efforts have been consistently plagued by two major challenges.

First, is the approach that data quality and data governance are one-time projects instead of ongoing programs requiring their own continuous monitoring and improvement. Without an effective data governance plan, data quality improvement is reduced to little more than data cleansing – this may provide quality data temporarily, but nothing more. Eventually, the entire thing will have to be redone. It seems a shame that after having devoted so much effort to improving their data quality, companies (regardless of industry) would overlook the need for ongoing program support.

The second challenge consistently plaguing data quality improvement efforts is the lack of a practical strategy to effectively enforce data governance compliance. Without an effective method to enforce compliance, data governance is reduced to little more than a bunch of documentation; with no one using the policies and procedures designed to maintain the data quality, well, you get the idea.

So, now that we have established that data quality and data governance go hand-in-hand, and that without an effective strategy to enforce data governance compliance, data quality improvement is little more than a one-time data cleansing project, how do we enforce compliance?

Methods used to enforce data governance compliance fall into two basic categories: manual and automated. The first section describes the challenges one major financial institute faced when they chose to use a manual method of enforcement. The second section explains how an automated process management system can significantly decrease the time and effort required to manage data governance, while at the same time significantly increase the effectiveness of compliance enforcement. Also outlined in the second section are six key factors critical to the success of any automated process management system. The last section of this article provides an overview of several components most commonly built into the workflow of an automated system.

Is your company currently using a manual method to enforce process compliance? Read on and see if this sounds familiar…

An Example of Manually Enforcing Compliance

First, let’s set the stage. As part of an enterprise-wide effort to become more customer-centric, one major financial institute funded a comprehensive data quality program that included a robust set of data governance policies and procedures. Their goal was to gain a more accurate and well-rounded picture of their customers in order to develop marketing campaigns that would better serve their customers’ interests and preferences.

Today, the new sales and marketing data mart is up and running, complete with clean data and newly developed data governance policies and procedures. Change management has successfully communicated the necessary information to all constituent departments running their analytics against the mart. Everything is running smoothly. To keep everything in check, the data governance coordinator has recently been assigned the responsibility of monitoring and managing data governance compliance.

In the beginning, everyone is happy. Everyone loves the new data mart and everyone loves that they can access cross-functional data across a range of organizations and subject areas. They also appreciate that new data governance policies and procedures have been established (and communicated) to ensure success. Everyone knows his or her responsibilities and what is expected.

For the data governance coordinator, however, her day job has now become exponentially complicated. Along with her newly appointed responsibilities of monitoring and managing the operational data governance policies and procedures, she is also now being held accountable for monitoring and managing breakdowns. Not to worry though, she is ready. Regular status meetings are scheduled. Reports are created to tally who is and is not complying with what standards. Established decisions are reiterated. Reminder emails are sent and followed up. Policy changes are diligently communicated.

As time goes on, our data governance coordinator finds that her oversight responsibilities are becoming more and more time-consuming. Status meetings are cancelled, rescheduled and cancelled again. Reports are becoming more difficult to update. Tolerance for reiterating established governance policies and decision rights is, well, gone. Email reminders aren’t working. Co-workers start to run whenever they see the data governance coordinator – now known as The Compliance Constable – turn the corner. Contributing to the challenge, change management is starting to become its own full-time job, and requests for additional employees are not being approved. There’s got to be an easier way!

Actually, there is an easier way, which will be described in the next section. But, before we get into that, let’s take a look at two glaring, but common mistakes that this example illustrates:

First, the data governance coordinator was chosen to enforce compliance – manually. This is an issue because so few of the company’s data warehouse users actually report to her – as a result, she really does not have the authority to enforce the compliance that she is so energetically trying to manage. The data governance coordinator is the appropriate person to manage the administration of compliance enforcement; however, management is of the system itself, not with manually enforcing data governance compliance to co-workers. Holding someone responsible or accountable for something they do not have the authority to control is guaranteed to fail.

Second, there is no process automation to help ensure compliance with what would otherwise be a well thought out and well developed data governance plan. Data governance without compliance enforcement is akin to buying a really cool car and not learning how to drive! Having a well thought out data governance plan is definitely an achievement; but if no one complies with the policies and procedures and there is no viable way to attempt enforcing that compliance, you might as well not have spent the time to design data governance in the first place. (You can just imagine what happened to that well thought out data quality effort after even just a few months of manually managing ongoing compliance!)

Throughout history there are numerous examples of how manual methods have been used to enforce compliance. Unfortunately, they typically involved weapons, violence and bodily injury – or worse! In today’s business world, however, these methods are simply not practical (no matter how frustrated we may get).

The example you have just read is not uncommon; in fact, any process-based system that is manually managed can be substituted for the above example with similar results. I see it every day everywhere I go. As a data quality professional with an expertise in process improvement, I can’t help but see process breakdown like a blinding light. (I could quote numerous examples, but I have a limit on the length of this article.) Instead, I’ll simply leave you with a challenge to see how many process breakdowns you can recognize yourself. Try it during your lunch break. You may be surprised at how many you spot!

Now, let’s check out the deal with automating compliance enforcement.

Enforcing Compliance through Automation

In the beginning, there were business rules. As time went on, those business rules were cultivated and eventually develop into a comprehensive set of policies and procedures that govern all data-related processes necessary to ensure the highest possible level of data quality. Thanks to an effective change management system, everyone in the “need-to-know” has now received extensive documentation about what they can and cannot do, what is expected and what to expect.

At this point, the data quality/governance efforts are considered successfully completed. Resources have been re-allocated and documentation archived (hopefully!). In reality, however, this is actually just the beginning.
At this point, all of those policies and procedures that were so diligently developed should be translated into process workflows and built into an automated system, where possible, to ensure continuous monitoring, maintenance and compliance. This concept is not new to business intelligence. In fact, it is already widely used in issue management, task management and even project management, especially within the software development industry.

The problem is that most business professionals associate automation with software, not with data. Think of it as creating a macro in MS Excel. When you create a macro, you are building several steps (the process) into a single tool that automatically carries out the desired steps, in the desired order, in a matter of seconds – no remembering the order of each step, no forgetting to complete a step and no mistakes entering something incorrectly – that’s automated process management!

The following illustration demonstrates how a hiring a new employee (an everyday event) can be mapped into a workflow diagram. Once the process (complete with rules, dependencies, possible outcomes) is built, it can then be translated into an automation system.

Copyright © 2008 Baseline Consulting. All rights reserved.

Figure 1: Example of a Task-Based Process Workflow (mouse over to enlarge)

Now, let’s take a look at exactly how an automated process management system can benefit data governance compliance.

Benefits of an Automated Process Management System

Not having an automated process management system does not necessarily guarantee failure; however, by centralizing, linking and automating task-based policies and procedures, issues typically encountered through manual enforcement can be significantly reduced. With manual processes, enforcement can quickly become a matter of reacting to issues that cause the greatest pain. Automation, on the other hand, provides a proactive approach to enforcement that is much more efficient, effective and accepted by both business and technical staff. (Automation can also assist with challenges often associated with external customers or clients who need to submit information for internal use.)

Copyright © 2008 Baseline Consulting. All rights reserved.

Figure 2: Benefits of an Automated Process Management System

When built with appropriate logic and dependencies, an automated process management system can:

• Decrease the time and effort required to monitor and manage governance compliance, including updating, compiling and reviewing status reports.
  
  
• Decrease the chance of miscommunications, errors, redundant research, and other human factors that typically cause process workflow breakdowns.
  
  
• Decrease the roadblocks and other challenges associated with analyzing risk and implementing change management.
  
  
• Increase the overall cost-effectiveness of your data governance efforts.
  
  
• Increase the quality and availability of all task-based communications, including, the effectiveness of communications between technical and business staff, and the assurance that appropriate approval has been granted.
  
  
• Increase the ability to enforce and ensure compliance with established governance policies and procedures by maintain stable and reliable processes, and more importantly, providing for accountability to be given to those who are actually accountable.

Ultimately, the goal is to automate as many governance processes as possible in order to enforce as many task-based decisions as possible. In other words, an effective automated process management system can significantly decrease enforcement time and effort, and increase overall governance cost-effectiveness.

Next, let’s take a look at the six critical success factors that make an automated process management system fully functional.

The Six Critical Success Factors of Process Automation

Just like any other system, the efficiency, effectiveness and acceptance of an automated process management system depends on the quality of its design and management – the process workflows, accountabilities, roles, tasks and dependencies, and security requirements all need to be taken into account during its design.
Here are six critical success factors that every automated process management system should include in order to help ensure efficiency, effectiveness and acceptance:

1. Information Centralized and Linked – Centralized information eliminates the need to rely on spreadsheets or lengthy email strings where valuable information can be lost or misunderstood. This means, where possible, finding a way to link separate tools together in such a way as to consolidate information components and take advantage of cross referencing. Having information centralized and linked can significantly reduce time and effort, especially when trying to cross-reference similar issues for separate projects or manage resources allocated to multiple efforts.
   
   
2. Access to Historical Archives – Knowing dates, times, names, and other pertinent information associated with past projects, task, issues, etc. will help increase communication effectiveness and decrease time-consuming redundant research. Historical information should be made available for reference long after the project, issue or task has been closed. Having historical archives can also be extremely helpful for training new business and technical staff.
   
   
3. Ad Hoc and Standardized Reporting – Having built-in standardized and ad hoc reporting capabilities provides users the ability to quantify progress and success without having to wait for weekly or monthly status meetings. This means that executives and other stakeholders can have up-to-the-minute access to valuable decision-making information, not to mention metrics that can be highly useful for calculating ROI!
   
   
4. Access Security Protocols – Incorporating security protocols allows all users the appropriate level of access and visibility to the system, while easily maintaining regulatory or other confidentiality compliance rules. Security protocols also help minimize time and effort needed to administer the system itself.
   
   
5. Built-In Scalability – The system should be scalable for future types of needs and functionality. The system must be able to grow and change as the business grows and changes.
   
   
6. User Customizability – The system should be designed so that customization is quick and easy with minimal administrative effort, yet flexible enough that users can view information according to their individual needs. If the system is clumsy or difficult to maneuver, both business and technical staff will find other means with which to accomplish their tasks, leaving the system disliked and unused.

 Copyright © 2008 Baseline Consulting. All rights reserved.

Figure 3: Six Critical Successs Factors for an Automated Process Management System

Creating an Automated Process Management System

Just as every data governance program evolves from the unique needs of the business that launched it, every process management system evolves from the company’s unique data management requirements. Therefore, depending on the complexity of your data governance needs, your process management system may simply be a centralized modification of several systems already in use, or it may be a completely new system that is built in house from the ground up.

While many master data management (MDM) vendors have plans to embed intelligent workflows into their software to support data oversight, the bigger issue of compliance oversight has been largely ignored by the vendor community. As a result, it is often necessary for data managers to customize their existing tools or to develop proprietary automation to satisfy the need for ensuring governance compliance.

However, whether you are piecing together a simple system, or building a highly complex system, automation is the key. Automation allows tasks, dependencies, notifications, and escalations to be easily (and continuously) monitored, updated and enforced. Centralizing, linking and automating task-based policies and procedures can help you to maintain stable and reliable processes, and more importantly, automation provides for accountability to be assigned to those who are actually accountable.

Common Workflow Components

As stated above, every automated process management system is uniquely built according to the company’s specific data governance compliance needs and processes. Following is an outline of some of the more common components typically built into the workflow for data governance.

Project Management – Automating task-based project management efforts can significantly decrease management time and effort by providing up-to-the-minute resource and budgeting allocation information, as well as easy-to-access business requirements, tasks and issues associated with current or past projects. Automation can be especially beneficial for projects that include multiple teams or departments, as well as for projects with multiple phases. Including access to historical data can also provide valuable cross-reference information and reduce time-intensive research.

Task Management – Since all tasks have a process (formal or informal), all tasks can be automated – the degree of which depends on the need for compliance enforcement. It is not necessary for tasks to be associated with issues submitted as part of a development project, or even as part of a project at all. Day-to-day task management can benefit greatly from automation, especially with large teams, remote staff, or for tasks that require some form of approval or authorization.

Issue Management – Most people associate issue management with application development projects, data warehousing, or some other large development effort. Issue management, however, is necessary for all projects and all ongoing programs. By including issue management in your automation process management system, it is possible to link issues with tasks, project, process updates, changes to security, and any other system or day-to-day management needs. Maintaining an ongoing list of issues can also assist with risk and change management, project prioritization and resource needs, and many other decision-making efforts relating to your data programs.

Security Management – Automating security management systems that link and consolidate information and administrative tasks can be extremely helpful for everything from granting and revoking user access rights to monitoring and managing privacy and other regulatory compliance concerns, such as HIPPA and SOX.

Change Management – Whether a change request comes from an internal project task, an external customer or the data governance council itself, a fast reliable method of assessing risk and implementing change is necessary for the smooth operation of any business. Integrating change management processes into an automated system will help business and technical staff know and understand exactly what to expect and what is expected of them. This is highly useful for reducing stress and resistance typically associated with process or task changes. In addition, the ability to cross-reference historical data and existing project efforts can greatly reduce the time and work required to research risk, available resources, and other overlapping efforts.

Document Management – By including an automated process for managing (including updating and archiving) documents, metadata and other information, companies can greatly reduce the duplication or loss of valuable intellectual property. However, document management is more than just storing intellectual property. For example, by developing a process to manage intellectual property, the business can ensure that: business rule updates are captured and stored for change management and archival purposes; training materials are developed and updated for new staff and customers; and access to sensitive materials is granted only to those with the appropriate clearance.

Copyright © 2008 Baseline Consulting. All rights reserved.

Figure 4: Common Components of an Automated Process Management System

Data Governance Compliance Administration

Typically, the data governance coordinator would be the administrator of the workflow system – not a manager enforcing compliance, but the administrator managing the system itself. In other words, the data governance coordinator is responsible for updating process steps, event triggers, group roles, access rights and metadata, as well as running auditing reports and monitoring issues that need to be brought to the data governance council for consideration.

Integrating data governance policies and procedures into the automation workflow helps to ensure process consistency and governance compliance by preventing purposeful circumvention or human error. It also, helps with updating and integrating new governing decisions, while minimizing change management and system administration efforts.

Conclusion

With software tools that expressly address governance compliance still in the early stages, companies are quickly learning that paper-based (and personality-based) data governance, no matter how diligently developed, can be highly subject to individual interpretation and political influence. The good news is that by automating compliance oversight and placing accountability with those who are actually accountable, enforcement efforts become much more effortless, and provide a higher probability for overall data quality and data governance program success! After all, data governance increases everyone’s confidence and trust in the data, but an automated process management system that enforces compliance ensures that confidence and trust! Don’t be afraid to start small – you need to start somewhere. Just remember, if you don’t have the time or money to do it right, you probably won’t have the time or money to do it over!