Office 365 Governance ≠ Data Governance
Gartner defines “governance” as the process of setting decision rights and accountability, as well as establishing policies that are aligned to business objectives, balancing investments in accordance with policies and in support of business objectives, establishing measures to monitor adherence to decisions and policies, and ensuring that processes, behaviors, and procedures are in accordance with policies and within tolerances to support decisions. (Julie Short, “Gartner defines ‘Governance.’” Gartner Database, Sept. 2012)
“Everyone seems to have a different definition of what governance means (sort of like the blind man and the elephant story). As a result, it makes capturing data through surveys and anecdotal stories very difficult. Most people do not feel that their governance model, however they define it, is very mature. That seems to indicate an opportunity for deeper understanding to make sure that all stakeholders are coming at this from the same perspective.” Microsoft MVP Sue Hanley (@SusanHanley)
One place to see governance in action is the Organization for Economic Co-operation and Development (OECD), a unique forum where the governments of 34 democracies with market economies work with each other, as well as with more than 70 non-member economies to promote economic growth, prosperity, and sustainable development. Governance is the key to successful management of programs between countries. The OECD defines corporate governance as: a set of relationships between a company’s management, its board, its shareholders and other stakeholders. Corporate governance also provides the structure through which the objectives of the company are set, and the means of attaining those objectives and monitoring performance are determined. (William D. Savedoff, “Governance in the Health Sector: A Strategy for Measuring Determinants and Performance.” Policy Research Working Papers, May 2011)
Learning from Corporate Governance Best Practices
Corporate governance is the system of rules, practices, and processes by which an organization is controlled and directed. It sets the foundation not only for business protection and strategic performance, but also for the confidence of the markets, investors, regulators, and other key stakeholders. Determining whether strong corporate governance practices are in place entails taking a hard look at big-ticket issues such as the board’s and the executives’ roles and practices, how leadership sets and agrees on strategy, how that strategy translates into overall action plans, how those plans are managed, and how progress is measured against goals (Doug Watt and Brian Schwartz. “Governance in View” Internal Auditor, Feb. 2018)
Governance is, therefore, “conceptualized broadly . . . not as an alternative to government but as the regulation and coordination of activities by public and private institutions through a variety of formal and informal instruments. Instruments of governance may include policies and guidelines, rules or laws, norms, standards, monitoring and verification procedures, financial and other incentives, the exercise of authority, and so on.” (Magnus Bostrom, “Sustainable and Responsible Supply Chain Governance: Challenges and Opportunities.” Journal of Cleaner Production)
Expanding into Data Governance
Within IT organizations, governance is more specifically applied to the management of intellectual property (IP), corporate information assets, and data. To be effective, a governance policy must drive personnel behaviors and actions, including that of senior management.
“Governance is all about the company culture, no two companies have the same company culture. The culture can change; a company does something always one way but doesn’t mean can’t change to have more effective governance. As time and technology changes, your culture changes as well: prepare your users for that. If culture changes in the background and users don’t see it as a big culture shock or change then it becomes part of a normal process and less disruptive.” Microsoft MVP Stacy Deere-Strole (@sldeere)
Data governance goes a step beyond the broader IT governance issues to focus on the actual data within out tools and platforms. This type of governance can be handled at the department level and managed by the “owner” of the data and establishes the standards and stewardship principles used to ensure the data are correct, trustworthy, and used in an appropriate way in a facility.
Representatives from business units serve as data stewards who oversee and ensure the accuracy, validity, completeness, timeliness, and integrity of their business unit’s data. Though down in the details, data governance efforts do also need different business units to collaborate and ensure a single source of truth for information. This single source of truth means that everyone in an organization or its information trading partners uses the same definition for a type of data. That allows the data to be comparable between systems, business units, and facilities.
In short, information and data governance ensure that everyone is playing by the same rules when it comes to data and information in an organization, and that the data are accurate and trustworthy (Chris Dimick, “Governance Apples and Oranges: Differences Exist Between Information Governance, Data Governance, and IT Governance.” Journal of AHIMA, Dec. 2013)
Evaluating the existing work on data governance for traditional IT and cloud computing reveals that it is still very limited, lacking standards and unified definitions. Only 15% of data and analytics leaders measure the value of their IT programs and investments. Poor data quality in both the planning and execution phases of these initiatives is a major cause. Poor data quality also affects operational efficiency, risk mitigation and agility by compromising the decisions made in each of these areas. In addition, data quality effects overall labor productivity by as much as a 20%. (Ron George “Establishing an Effective Data Governance System.” Pharmaceutical Technology Europe, Nov. 2017)
Focusing more on Data Governance
One visible trend within the IT industry is to hire an executive to manage the security and administration of corporate data. However, companies getting started with information governance or a similar program may want to hold off on hiring a Chief Data Officer (CDO) as their first step. A certain amount of momentum needs to be established before it is reasonable to make the case for such a position, such as a cross-departmental governance committee.
“Now it is mandated to have some form of governance with formalized governance committees. They are given rights to see new features and discuss whether features should be implemented for their businesses; this is happening more frequently now.” Microsoft MVP Liam Cleary (@helloitsliam)
Gartner predicts that through 2019, only 50% of the CDOs hired by large organizations will be hailed a success (Debra Logan, “Ten Steps to Information Governance.” Gartner Database, July 2016). We are already seeing the bandwagon effect, where companies with no information governance practice at all are appointing CDOs. This is a recipe for failure.
The reality is that different companies bring different perspectives. Governance as a subject matter is very broad, and there’s no single definition that fits all organizations. And in many organizations the reality is that the inability to agree on a definition has slowed or halted progress on establishing consistent policies and procedures.
Focusing more on data governance is directionally correct. However, hiring a new executive to lead the category without beginning with shared definitions is a recipe for disaster. Understanding comes first, followed by planning, and then take action.