SlideShare a Scribd company logo
1 of 34
Download to read offline
The Six Questions
        every Organization
should ask about Data Governance

 Steven B. Adler
 IBM Data Governance Solutions
 adler1@us.ibm.com
 http://www.ibm.com/itsolutions/datagovernance
Why Data?
                           Why Governance?
                                        §   Governance:
    §   Data:
                                              -Corporate governance is about
         § Structured                           controlling human self-interest to
         § Unstructured                         benefit the common good:
         § Metadata                           § Increased Revenue

         § Video, Audio, Multi-Media          § Lower Costs
                                              § Reduced Risk
         § Print, Email, and Archived
         § Software Code                §   IT has become the engine for
                                            business innovation and growth and
         § Patents, IP                      it must be governed to demonstrate
         § Protocols, Message               contribution to the business bottom-
           Streams                          line.
    §   These are all digital           §   To govern IT effectively, the value of
                                            Data must be assessed, Risk
        assets                              calculated, outcomes measured and
                                            constantly re-evaluated.

2                                                  07/31/07
Without Data Governance…
§ People make mistakes…
§ Those mistakes more
  commonly result in losses
  than hackers…
§ Those losses effect every
  aspect of IT and business
§ But data is still an abstract
  concept and governance
  needs technology to be
  improved…
The IBM Data Governance Council was formed in 2004
to explore enterprise challenges and develop solutions
 Customers                                            Business Partners             Academia
 Abbott                     Freddie Mac               AirMagnet                     North Carolina State
 ABN Amro                   Huntington Bank                                         University
                                                                                    Nova Southeastern
                                                      Application Security
 Alltel                     IBM CIO Office                                          University
                                                      Axentis                       Bucerius Law School
 American Express           Key Bank                  Continuity Software
 Bank of America            MasterCard                Guardium
 Bank of Montreal           Merrill Lynch             Intellinx
 Bank of Tokyo/Mitsubishi   Monaris                   Lumigent
 Bell Canada                Novartis                  OpenPages
 BITS Financial Services    Nordea Bank               Organizational Policy Inst.
 Roundtable
 Cadence Design             Northwestern Mutual       Paisley
 Citigroup                  PNC                       RiskWatch
 City of New York, FISA     Regions Financial Corp.   SecNap
 Danske Bank                TIAA-CREF                 Semantic Arts
 Deutsche Bank              TeliaSonera               SPS Security
 Discover Financial         VP Securities Services    Tizor
 Equifax                    Washington Mutual         Valid Technologies
 Fannie Mae                 Wachovia                  ZANTAZ
                            The World Bank
There are Six Questions every organization should ask
      themselves about Data Governance today
   §   Do we have a Government?
       §  Who is responsible for governing?
       §  How do we share accountability across the enterprise?
   §   How do we assess our situation?
       §  Are benchmarks available?
       §  How do we measure our Maturity?
   §   What is our Strategy?
       §  How do we get from here to there?
       §  What does our CEO and Board want?
   §   What is our data worth?
       §  How much revenue is it producing?
       §  How much does low quality data cost?
   §   What are our vulnerabilities?
       §  How do we calculate risk?
       §  Which risks do we accept, mitigate, transfer?
   §   How do we measure progress?
       §  What do audits tell us?
       §  How do we report results that matter? 07/31/07
                                             5
1. Do we have a Government?
§   Who are the leaders?
§   What does the DG Committee look like?
§   What power centers should be at the table?
§   How many business representatives are in the
    Council?
§   What is the charter of the group?
§   How are issues raised, discussed, and resolved?
§   How are requirements gathered?
§   How are policies communicated?
§   What are our legislative powers?
§   How do we govern?
A Government has these basic powers
§   To discourage behavior:
    §   Make something expensive
    §   Make something difficult to do
    §   Make something illegal

§   To encourage behavior:
    §   Make something cheaper
    §   Make something easier to do
    §   Make something legal

§   To record results:
    §   Census
    §   GDP, CPI, etc.
What will our organization look like to exercise these
powers?
                                                   Each governor
                                               represents an interest
                                                  group and line of
                     Executive                   business within the
                    Leadership                organization and makes
                                                 policy decisions on
                                               behalf of the interests
                    Decision Making Input
                                                 and the enterprise.

                  Data Governors                 This ensures clear
                                                accountability for all
                       Policy Decisions            aspects of data
                    Requirements Definition   governance within each
                                              line of business as well
                                                as across the entire
                                                    organization.
                   Data Stewards
                       User Acceptance
                            Testing



              End Users, Customers, etc.
2. How do we assess our situation?
  §   Assessment criteria
  §   Benchmarks
  §   Categories or Disciplines
  §   Using existing assessments
  §   Scope of effort
  §   Public statements vs. internal reality
Elements of Effective Data Governance
                                          Outcomes
              Data Risk Management &
                                                 Value Creation
              Compliance

                                          Enablers

              Organizational Structures & Awareness
Requires

              Policy                             Stewardship

                                                                                     Enhance
                                       Core Disciplines

              Data                   Information               Information
              Quality                 Life-Cycle                Security
              Management              Management               and Privacy

Supports
                                    Supporting Disciplines

              Data                   Classification &          Audit Information
              Architecture           Metadata                  Logging & Reporting
                                                        10


                                                                                               10
                                                                                                10
How do DG domains come together
  establish DG within an organization?
§ An organization can start with any of the 11 domains, and is
  likely on the path to maturity for one or more of these
  domains.
§ By grouping the 11 domains of Data Governance, for which
  organizations can assess their current maturity, some
  insight into how to establish a road map can be gained.
§ An initial high level grouping of DG domains, and showing
  primary relationships between these groupings, may help
  organizations to build a road map:
   §Outcomes
   §Enablers
   §Core Disciplines
   §Supporting Disciplines
Examples of relationships between DG
                        Domains:
  1   &    2   Quality and Security/Privacy requirements for data need to be assessed
               and managed throughout the information life-cycle

                                         Disciplines

                   Data                  Information                  Information
                  Quality  1              Life-Cycle           2        Security
                Management               Management                   and Privacy


  3       Executive level endorsement and sponsorship is an enabler for stewardship of
          information that requires standardization across processes and functional boundaries
  4       Consistency in practice can be enabled through Stewardship when there are
          Enterprise-level policies and standards in place for DG disciplines.

                                                  Enablers
                                                                                    3
                                Organizational Structures & Awareness


                              Policy        4                         Stewardship
6:47 PM                                Confidential Draft - not for
                                              distribution
IBM Data Governance Maturity Model and Assessment
IBM has developed an assessment tool and maturity model to measure DG maturity

                                                                            Key contributors to maturity:
                                                                            §    Rigor
                                                                            §    Comprehensiveness
Business Transformation                                                     §    Consistency


 •   Continuous Improvement
 •   Innovation / Leadership
 •   Collective / Shared Efforts
 •   Consistent & Rigorous
 •   Significant Automation
 • Consistent Performance
   Measurement against
   Stated Goals
 • Objectivity and Trust
 • Advanced Tools / Usage

 •   Measured and Managed Efforts
 •   Understood / Shared Practices
 •   Consistent Application
 •   Improving Performance
 •   Advancing Technology
 • Initial Process Definition
 • Basic Infrastructure
   Modeling
 • Project Discipline
 • Automation Opportunities

 • Lack of Processes
 • Stand-alone Structures
 • No Tracking /
   Management
 • Heroic Efforts
 • Ad Hoc Attempts
Customer Examples
§   Today, 10 members of the Data Governance
    Council are using the Maturity Model to transform
    their businesses
    §   Bottoms-up process transformation
    §   Top-down governance models
    §   Inside-out program funding

§   They use the Maturity Model to defining what is in
    scope for Data Governance, based on a
    benchmark created by peers.
3. What is our Strategy?
  §   Where do you want to be in 3 years?
  §   What is the gap between where you are
      today?
  §   What milestones, specific tactics, and KPI’s?
  §   How to get organizational support?
  §   How to get Board support?
After the assessment, you need to benchmark
where you are and where you want to go
Build a Data Governance Vision

  §   Minimum Requirements
  §   Milestones
  §   Key Performance Indicators
  §   Project Plans
  §   Teams and structure
  §   Enabling Technology
  §   Desired Outcomes
  §   Timeframe
Sell the Vision
§   To affect organizational change, everyone needs to
    be onboard
§   Getting everyone onboard can eat vast amounts of
    time and become process overkill
§   New methods of community-based consultation and
    eVoting are needed to get broad support for the
    vision
§   The CEO and Board are also important
4. What are our data assets worth?
  § How do we measure data quality?
  § What is the data landscape?
  § What is the data model?
  § What is metadata?
  § How does data contribute to business results?
  § How can we measure the ROI of data improvement
    projects?
The Value of Data is Dependent Upon the Value of IT

   §   Value is dependent on Price
       §   You can’t tell the value of something if it doesn’t have a
           market price
   §   IT is run like a Command Economy.
       § Budgets are allocated centrally
       § Projects are managed based on labor value and
         infrastructure cost allocation
       §   ROI is impossible to derive because there are no
           market mechanisms to determine the price of IT.
In the Perfect World…
  §   IT would buy hardware, software, and services from other vendors at
      cost, mark them up, and resell those products to the business.
  §   The business would negotiate prices with IT and each division would pay
      new project, operational, and maintenance prices on all IT services.
  §   IT would only have an investment budget based on business needs.
  §   This would create an internal market for IT services similar to the real-
      world external market.
  §   The Value of IT would therefore be based on the utility of IT services.
  §   The value of data could also be measured using Utility Theory, because
      data management costs would be factored into IT prices.
What is the value of Data?
  §   Data is worth whatever someone wants to pay for it:
      § $1   for the NY Times
      § $93   for a stolen identity
      § $259    for Windows Vista
      § $20   for a book on Amazon
      § $1.29   for a song on iTunes
      § $5   for 512m2 of land in Second Life
  §   How do you calculate the value of enterprise data?
      § Buildan enterprise marketplace and let data supply and user demand
       set the internal price
      § Track   data usage patterns to derive the Utility Value of Data
      § Record   the revenue generated with use of the data and subtract the
       utility price paid to calculate the net earnings on data (EOD)þ
Content Level Agreements

   §   Content level agreements can contain numerous data
       quality performance metrics with corresponding data
       integrity and availability level objectives. Some examples
       are:
        § DQI (Data Quality Index): Index ratio of data quality.
        § DAR (Data Availability Rate): Percentage of time that
          contracted data was available to “consumers”
        § DIR (Data Integrity Rate): Percentage of time that contracted
          data was trusted and reliable.
        § DER (Data Error Rate) Number of data errors.
5. What are our vulnerabilities?
    § Security Risks
    § Regulatory Concerns
      §Different approaches in laws
      §Related documentation and administration
      §Bringing regulations and reality together

    § Reputation Risks
      §Data leakage
        §Protected data
        §“sensitive data”
      §Misuse of data
      §Loss of Data
      §Risk of “bad” data
Calculating Risks
 § Qualitative Analysis
   §   Assessment
   §   Prioritization
   §   Weighting
   §   Scoring
 § Quantitative Analysis
   §   Causes and Trends
   §   Incidents & Occurrences
   §   Events
   §   Claims
   §   Losses
   §   Probability Analysis
Level 5
  Data Risk Management Maturity                                                       Optimized
                                                                                      Find ways to
                                                                                      leverage risk to
                                                               Level 4                corporate benefit.
                                                               Managed                WIN!
                                                               Make decisions to
                                                               predict and control:

                                               Level 3               §   Managed risks
                                                                     §   Limited risks
                                               Defined               §   Process change            Benefits
                                           Combine with              §   Accountability          from data
                                           human behavior            §   Budgeting
                                                                                                 risk mgmt
                                           and “effect” data
                        Level 2            Correlate and       Implement
                        Repeatable         develop compre-     Monitor/Report
                                           hensive Data Risk   Adjust
                                           Assessment                            Risks “from” data
                      Create context for
                                           picture
                      “bad events”
      Level 1         Collect, categorize,
      Initial         analyze all “actions
                      of interest”
“Bad Event” Driven    Broaden across
“Faith-Based” Fixes
No predictability     multiple risk entities
No cause/effect                                          Risks “to” data

 07/31/07
Other Risks
§   IT Project Risk?
    § Defect   Errors
    § Process Mistakes

    § Governance risks

§   Implementation Risks?
    § Interoperability

§   Deployment?
    § Business    Continuity
    § Service Level Agreements

§   Globalization Risks?
Alternative Risk Transfer

     “Alternative Risk Transfer (often referred to as
     ART) is the use of techniques other than
     traditional insurance and reinsurance to provide
     risk bearing entities with coverage or protection.
     The field of ART grew out of a series of insurance
     capacity crises in the 1970s through 1990s that
     drove purchasers of traditional coverage to seek
     more robust ways to buy protection.”
        – Wikipedia
§ ART agreements can contain numerous risk metrics with
  corresponding protection level objectives. Some examples
  are:
  § IRE (Incident Rate of Exposure): Percentage of incidents to
    occurrences.
  § AIRT (Average Incident Response Time): Average time
    (usually in seconds) it takes for an incident to be responded
    by the service desk.
  § CA (Coverage Amount): Amount of risk transfer from
    department to organization on an aggregate basis.
  § RA (Reserve Amount): Amount of “premium” paid by each
    department, based on past losses, to cover future exposures.
  § Security Agreement: Common agreements include
    percentage of network uptime, power uptime, etc.
6. How do we measure progress?
  §   Processes for capturing requirements
  §   Processes for managing change
  §   Processes for implementing policy
  §   Using User Acceptance Test to measure how policy
      maps to requirements
  §   Monitoring policy compliance
      § Link   to operational risk
What are we measuring?
  §   Data Quality
  §   Value of Data and IT Services
  §   Probability of Risk
  §   Policy Compliance
  §   Regulatory Filings
  §   Governance efficiency
  §   Revenue Contributions
  §   Cost Savings
Why CLA and ART
  §   Because they provide market mechanisms to
      price content and risk in an enterprise
       § Incentives and Disincentives to motivate behavior

  §   Those market mechanisms provide governing
      power to affect change
  §   With that change comes accountability,
      efficiency, and enlightenment
  §   Without them, we are just guessing at the value
      of data and the cost of risk.



                                                             32
Data Governance Balanced Scorecard
Element        Current                    Desired                  KPIs                        Outcome
               Maturity                   Maturity
               •Traditional Structure     •community based self-   •# new ideas                •78% employee
Organization   (2)þ                       governance (4)þ          implemented                 satisfaction rate
               •Data Stewards only        •Stewardship in every    •# stewardship              •125% more stewards
Stewardship    (2)þ                       discipline (3)þ          communities
               •Ad-hoc policy             •Structured policy                                   •45% increase in reg.
Policy         management (1)þ            management (3)þ                                      compliance
               •Spreadsheet-based         •Process oriented DG     •Data utility index         •24% reduction in
Data Quality   DQ program (1)þ            program (4)þ             •Price of data              fraud
               •Stovepipes of data (1)þ   •Federated and           •Data availability index    •Lower data
Architecture                              integrated (4)þ          •Data supply ratio          management costs
               •No metadata               •End-to-end metadata     •Business glossary          •12% reduction in
Metadata       management (0)þ            management (4)þ          •Metadata elements          policy failure
               •Enterprise Access         •Context-based           •# Incidents                • 98% Customer
Security       Control                    entitlements                                         satisfaction
               •Faith-based Risk          •Fact-based Risk         • $ Capital Reserve         •12% net underwriting
Risk           Management (1)þ            Forecasting (4)þ         • # Losses                  profit
               •Command Economy           •Demand Economy          •Efficiency of IT service   •8% Net IT operating
Value          •Labor Theory (1)þ         •Utility Theory (5)þ     pricing                     profit
               •Enterprise Backup (2)þ    •Policy-based backup     •Retention/deletion         •23 Terabytes saved
ILM                                       (3)þ                     ratio
               •Quarterly Audits (1)þ     •Automated self-         •# Failures reported        •24% reduction in IT
Audit                                     assessments (5)þ         •# audits passed            project failure
Questions?
Click on the questions tab on your screen, type in your
      question (and name if you wish) and hit send.

More Related Content

What's hot

Do-It-Yourself (DIY) Data Governance Framework
Do-It-Yourself (DIY) Data Governance FrameworkDo-It-Yourself (DIY) Data Governance Framework
Do-It-Yourself (DIY) Data Governance FrameworkDATAVERSITY
 
Data Governance Best Practices
Data Governance Best PracticesData Governance Best Practices
Data Governance Best PracticesDATAVERSITY
 
Data Strategy Best Practices
Data Strategy Best PracticesData Strategy Best Practices
Data Strategy Best PracticesDATAVERSITY
 
Enterprise Data Architecture Deliverables
Enterprise Data Architecture DeliverablesEnterprise Data Architecture Deliverables
Enterprise Data Architecture DeliverablesLars E Martinsson
 
Data Architecture for Data Governance
Data Architecture for Data GovernanceData Architecture for Data Governance
Data Architecture for Data GovernanceDATAVERSITY
 
Master Data Management – Aligning Data, Process, and Governance
Master Data Management – Aligning Data, Process, and GovernanceMaster Data Management – Aligning Data, Process, and Governance
Master Data Management – Aligning Data, Process, and GovernanceDATAVERSITY
 
Building a Data Governance Strategy
Building a Data Governance StrategyBuilding a Data Governance Strategy
Building a Data Governance StrategyAnalytics8
 
How to Build & Sustain a Data Governance Operating Model
How to Build & Sustain a Data Governance Operating Model How to Build & Sustain a Data Governance Operating Model
How to Build & Sustain a Data Governance Operating Model DATUM LLC
 
Data Catalog for Better Data Discovery and Governance
Data Catalog for Better Data Discovery and GovernanceData Catalog for Better Data Discovery and Governance
Data Catalog for Better Data Discovery and GovernanceDenodo
 
data-analytics-strategy-ebook.pptx
data-analytics-strategy-ebook.pptxdata-analytics-strategy-ebook.pptx
data-analytics-strategy-ebook.pptxMohamedHendawy17
 
Data Architecture, Solution Architecture, Platform Architecture — What’s the ...
Data Architecture, Solution Architecture, Platform Architecture — What’s the ...Data Architecture, Solution Architecture, Platform Architecture — What’s the ...
Data Architecture, Solution Architecture, Platform Architecture — What’s the ...DATAVERSITY
 
Introduction to Data Governance
Introduction to Data GovernanceIntroduction to Data Governance
Introduction to Data GovernanceJohn Bao Vuu
 
Data Governance
Data GovernanceData Governance
Data GovernanceBoris Otto
 
Data Quality Best Practices
Data Quality Best PracticesData Quality Best Practices
Data Quality Best PracticesDATAVERSITY
 
Building a Data Strategy – Practical Steps for Aligning with Business Goals
Building a Data Strategy – Practical Steps for Aligning with Business GoalsBuilding a Data Strategy – Practical Steps for Aligning with Business Goals
Building a Data Strategy – Practical Steps for Aligning with Business GoalsDATAVERSITY
 
Data Quality & Data Governance
Data Quality & Data GovernanceData Quality & Data Governance
Data Quality & Data GovernanceTuba Yaman Him
 
How to Strengthen Enterprise Data Governance with Data Quality
How to Strengthen Enterprise Data Governance with Data QualityHow to Strengthen Enterprise Data Governance with Data Quality
How to Strengthen Enterprise Data Governance with Data QualityDATAVERSITY
 
Data Governance Best Practices
Data Governance Best PracticesData Governance Best Practices
Data Governance Best PracticesBoris Otto
 

What's hot (20)

Do-It-Yourself (DIY) Data Governance Framework
Do-It-Yourself (DIY) Data Governance FrameworkDo-It-Yourself (DIY) Data Governance Framework
Do-It-Yourself (DIY) Data Governance Framework
 
8 Steps to Creating a Data Strategy
8 Steps to Creating a Data Strategy8 Steps to Creating a Data Strategy
8 Steps to Creating a Data Strategy
 
Data Governance Best Practices
Data Governance Best PracticesData Governance Best Practices
Data Governance Best Practices
 
Data Strategy Best Practices
Data Strategy Best PracticesData Strategy Best Practices
Data Strategy Best Practices
 
Enterprise Data Architecture Deliverables
Enterprise Data Architecture DeliverablesEnterprise Data Architecture Deliverables
Enterprise Data Architecture Deliverables
 
Data Architecture for Data Governance
Data Architecture for Data GovernanceData Architecture for Data Governance
Data Architecture for Data Governance
 
Master Data Management – Aligning Data, Process, and Governance
Master Data Management – Aligning Data, Process, and GovernanceMaster Data Management – Aligning Data, Process, and Governance
Master Data Management – Aligning Data, Process, and Governance
 
Building a Data Governance Strategy
Building a Data Governance StrategyBuilding a Data Governance Strategy
Building a Data Governance Strategy
 
How to Build & Sustain a Data Governance Operating Model
How to Build & Sustain a Data Governance Operating Model How to Build & Sustain a Data Governance Operating Model
How to Build & Sustain a Data Governance Operating Model
 
Data Catalog for Better Data Discovery and Governance
Data Catalog for Better Data Discovery and GovernanceData Catalog for Better Data Discovery and Governance
Data Catalog for Better Data Discovery and Governance
 
data-analytics-strategy-ebook.pptx
data-analytics-strategy-ebook.pptxdata-analytics-strategy-ebook.pptx
data-analytics-strategy-ebook.pptx
 
Data Architecture, Solution Architecture, Platform Architecture — What’s the ...
Data Architecture, Solution Architecture, Platform Architecture — What’s the ...Data Architecture, Solution Architecture, Platform Architecture — What’s the ...
Data Architecture, Solution Architecture, Platform Architecture — What’s the ...
 
Introduction to Data Governance
Introduction to Data GovernanceIntroduction to Data Governance
Introduction to Data Governance
 
Data Governance
Data GovernanceData Governance
Data Governance
 
Data Quality Best Practices
Data Quality Best PracticesData Quality Best Practices
Data Quality Best Practices
 
Building a Data Strategy – Practical Steps for Aligning with Business Goals
Building a Data Strategy – Practical Steps for Aligning with Business GoalsBuilding a Data Strategy – Practical Steps for Aligning with Business Goals
Building a Data Strategy – Practical Steps for Aligning with Business Goals
 
Data Quality & Data Governance
Data Quality & Data GovernanceData Quality & Data Governance
Data Quality & Data Governance
 
How to Strengthen Enterprise Data Governance with Data Quality
How to Strengthen Enterprise Data Governance with Data QualityHow to Strengthen Enterprise Data Governance with Data Quality
How to Strengthen Enterprise Data Governance with Data Quality
 
Data Governance Best Practices
Data Governance Best PracticesData Governance Best Practices
Data Governance Best Practices
 
Data Governance Intro.pptx
Data Governance Intro.pptxData Governance Intro.pptx
Data Governance Intro.pptx
 

Similar to Ibm data governance framework

Big Data in Financial Services: How to Improve Performance with Data-Driven D...
Big Data in Financial Services: How to Improve Performance with Data-Driven D...Big Data in Financial Services: How to Improve Performance with Data-Driven D...
Big Data in Financial Services: How to Improve Performance with Data-Driven D...Perficient, Inc.
 
EDF2012 Wolfgang Nimfuehr - Bringing Big Data to the Enterprise
EDF2012   Wolfgang Nimfuehr - Bringing Big Data to the EnterpriseEDF2012   Wolfgang Nimfuehr - Bringing Big Data to the Enterprise
EDF2012 Wolfgang Nimfuehr - Bringing Big Data to the EnterpriseEuropean Data Forum
 
How to become an Analytics-driven organization - and why bother? - IBM Smarte...
How to become an Analytics-driven organization - and why bother? - IBM Smarte...How to become an Analytics-driven organization - and why bother? - IBM Smarte...
How to become an Analytics-driven organization - and why bother? - IBM Smarte...IBM Sverige
 
IT Management of Export Controls Seminar 28 Feb13 Invite
IT Management of Export Controls Seminar 28 Feb13 InviteIT Management of Export Controls Seminar 28 Feb13 Invite
IT Management of Export Controls Seminar 28 Feb13 Invitebrianhelfer
 
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation:  Cloud Computing and Compliance For RIAsAdvisorAssist Presentation:  Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAsAdvisorAssist, LLC
 
Data Governance for the Executive
Data Governance for the ExecutiveData Governance for the Executive
Data Governance for the ExecutiveDATAVERSITY
 
Data Governance And Technology Enablement First San Francisco Partners 2009
Data Governance And Technology Enablement   First San Francisco Partners  2009Data Governance And Technology Enablement   First San Francisco Partners  2009
Data Governance And Technology Enablement First San Francisco Partners 2009First San Francisco Partners
 
Sask 3.0 Summit Pci dss presentation Bashir Fancy
Sask 3.0 Summit  Pci dss presentation   Bashir FancySask 3.0 Summit  Pci dss presentation   Bashir Fancy
Sask 3.0 Summit Pci dss presentation Bashir FancySaskSummit
 
Information på agendaen
Information på agendaenInformation på agendaen
Information på agendaenIBM Danmark
 
Day 2 aziz apj aziz_big_datakeynote_press
Day 2 aziz apj aziz_big_datakeynote_pressDay 2 aziz apj aziz_big_datakeynote_press
Day 2 aziz apj aziz_big_datakeynote_pressIntelAPAC
 
Driving Business Performance with effective Enterprise Information Management
Driving Business Performance with effective Enterprise Information ManagementDriving Business Performance with effective Enterprise Information Management
Driving Business Performance with effective Enterprise Information ManagementRay Bachert
 
Resume
ResumeResume
Resumedkohne
 
Identity Management: Risk Across The Enterprise
Identity Management: Risk Across The EnterpriseIdentity Management: Risk Across The Enterprise
Identity Management: Risk Across The EnterprisePerficient, Inc.
 
Business & Decision MDM Summit (english version)
Business & Decision MDM Summit (english version)Business & Decision MDM Summit (english version)
Business & Decision MDM Summit (english version)Jean-Michel Franco
 
Achieving Digital Transformation in Regulatory
Achieving Digital Transformation in RegulatoryAchieving Digital Transformation in Regulatory
Achieving Digital Transformation in RegulatoryCary Smithson
 
Big data governance as a corporate governance imperative
Big data governance as a corporate governance imperativeBig data governance as a corporate governance imperative
Big data governance as a corporate governance imperativeGuy Pearce
 
5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown Jewels5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown JewelsIBM Security
 
SYMCInvestorPresentationDec2008II
SYMCInvestorPresentationDec2008IISYMCInvestorPresentationDec2008II
SYMCInvestorPresentationDec2008IIfinance40
 

Similar to Ibm data governance framework (20)

Big Data in Financial Services: How to Improve Performance with Data-Driven D...
Big Data in Financial Services: How to Improve Performance with Data-Driven D...Big Data in Financial Services: How to Improve Performance with Data-Driven D...
Big Data in Financial Services: How to Improve Performance with Data-Driven D...
 
EDF2012 Wolfgang Nimfuehr - Bringing Big Data to the Enterprise
EDF2012   Wolfgang Nimfuehr - Bringing Big Data to the EnterpriseEDF2012   Wolfgang Nimfuehr - Bringing Big Data to the Enterprise
EDF2012 Wolfgang Nimfuehr - Bringing Big Data to the Enterprise
 
How to become an Analytics-driven organization - and why bother? - IBM Smarte...
How to become an Analytics-driven organization - and why bother? - IBM Smarte...How to become an Analytics-driven organization - and why bother? - IBM Smarte...
How to become an Analytics-driven organization - and why bother? - IBM Smarte...
 
MitKat Ad
MitKat AdMitKat Ad
MitKat Ad
 
IT Management of Export Controls Seminar 28 Feb13 Invite
IT Management of Export Controls Seminar 28 Feb13 InviteIT Management of Export Controls Seminar 28 Feb13 Invite
IT Management of Export Controls Seminar 28 Feb13 Invite
 
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation:  Cloud Computing and Compliance For RIAsAdvisorAssist Presentation:  Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
 
Data Governance for the Executive
Data Governance for the ExecutiveData Governance for the Executive
Data Governance for the Executive
 
Data Governance And Technology Enablement First San Francisco Partners 2009
Data Governance And Technology Enablement   First San Francisco Partners  2009Data Governance And Technology Enablement   First San Francisco Partners  2009
Data Governance And Technology Enablement First San Francisco Partners 2009
 
Information builders gartner mdm - barcelona 2-7-2013
Information builders   gartner mdm - barcelona 2-7-2013Information builders   gartner mdm - barcelona 2-7-2013
Information builders gartner mdm - barcelona 2-7-2013
 
Sask 3.0 Summit Pci dss presentation Bashir Fancy
Sask 3.0 Summit  Pci dss presentation   Bashir FancySask 3.0 Summit  Pci dss presentation   Bashir Fancy
Sask 3.0 Summit Pci dss presentation Bashir Fancy
 
Information på agendaen
Information på agendaenInformation på agendaen
Information på agendaen
 
Day 2 aziz apj aziz_big_datakeynote_press
Day 2 aziz apj aziz_big_datakeynote_pressDay 2 aziz apj aziz_big_datakeynote_press
Day 2 aziz apj aziz_big_datakeynote_press
 
Driving Business Performance with effective Enterprise Information Management
Driving Business Performance with effective Enterprise Information ManagementDriving Business Performance with effective Enterprise Information Management
Driving Business Performance with effective Enterprise Information Management
 
Resume
ResumeResume
Resume
 
Identity Management: Risk Across The Enterprise
Identity Management: Risk Across The EnterpriseIdentity Management: Risk Across The Enterprise
Identity Management: Risk Across The Enterprise
 
Business & Decision MDM Summit (english version)
Business & Decision MDM Summit (english version)Business & Decision MDM Summit (english version)
Business & Decision MDM Summit (english version)
 
Achieving Digital Transformation in Regulatory
Achieving Digital Transformation in RegulatoryAchieving Digital Transformation in Regulatory
Achieving Digital Transformation in Regulatory
 
Big data governance as a corporate governance imperative
Big data governance as a corporate governance imperativeBig data governance as a corporate governance imperative
Big data governance as a corporate governance imperative
 
5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown Jewels5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown Jewels
 
SYMCInvestorPresentationDec2008II
SYMCInvestorPresentationDec2008IISYMCInvestorPresentationDec2008II
SYMCInvestorPresentationDec2008II
 

Recently uploaded

Introduction to Entrepreneurship and Characteristics of an Entrepreneur
Introduction to Entrepreneurship and Characteristics of an EntrepreneurIntroduction to Entrepreneurship and Characteristics of an Entrepreneur
Introduction to Entrepreneurship and Characteristics of an Entrepreneurabcisahunter
 
Contracts with Interdependent Preferences
Contracts with Interdependent PreferencesContracts with Interdependent Preferences
Contracts with Interdependent PreferencesGRAPE
 
The Power Laws of Bitcoin: How can an S-curve be a power law?
The Power Laws of Bitcoin: How can an S-curve be a power law?The Power Laws of Bitcoin: How can an S-curve be a power law?
The Power Laws of Bitcoin: How can an S-curve be a power law?Stephen Perrenod
 
20240314 Calibre March 2024 Investor Presentation (FINAL).pdf
20240314 Calibre March 2024 Investor Presentation (FINAL).pdf20240314 Calibre March 2024 Investor Presentation (FINAL).pdf
20240314 Calibre March 2024 Investor Presentation (FINAL).pdfAdnet Communications
 
The CBR Covered Bond Investor Roundtable 2024
The CBR Covered Bond Investor Roundtable 2024The CBR Covered Bond Investor Roundtable 2024
The CBR Covered Bond Investor Roundtable 2024Neil Day
 
Solution manual for Intermediate Accounting, 11th Edition by David Spiceland...
Solution manual for  Intermediate Accounting, 11th Edition by David Spiceland...Solution manual for  Intermediate Accounting, 11th Edition by David Spiceland...
Solution manual for Intermediate Accounting, 11th Edition by David Spiceland...mwangimwangi222
 
Sarlat Advisory - Corporate Brochure - 2024
Sarlat Advisory - Corporate Brochure - 2024Sarlat Advisory - Corporate Brochure - 2024
Sarlat Advisory - Corporate Brochure - 2024Guillaume Ⓥ Sarlat
 
Buy and Sell Urban Tots unlisted shares.pptx
Buy and Sell Urban Tots unlisted shares.pptxBuy and Sell Urban Tots unlisted shares.pptx
Buy and Sell Urban Tots unlisted shares.pptxPrecize Formely Leadoff
 
The unequal battle of inflation and the appropriate sustainable solution | Eu...
The unequal battle of inflation and the appropriate sustainable solution | Eu...The unequal battle of inflation and the appropriate sustainable solution | Eu...
The unequal battle of inflation and the appropriate sustainable solution | Eu...Antonis Zairis
 
Zakat and it’s Social Benefits - THE FORGOTTEN PILLAR OF ISLAM
Zakat and it’s Social Benefits - THE FORGOTTEN PILLAR OF ISLAMZakat and it’s Social Benefits - THE FORGOTTEN PILLAR OF ISLAM
Zakat and it’s Social Benefits - THE FORGOTTEN PILLAR OF ISLAMFaisal834049
 
ACADEMIC BANK OF CREDIT: A WORLDWIDE VIEWPOINT
ACADEMIC BANK OF CREDIT: A WORLDWIDE VIEWPOINTACADEMIC BANK OF CREDIT: A WORLDWIDE VIEWPOINT
ACADEMIC BANK OF CREDIT: A WORLDWIDE VIEWPOINTindexPub
 
Monthly Market Risk Update: March 2024 [SlideShare]
Monthly Market Risk Update: March 2024 [SlideShare]Monthly Market Risk Update: March 2024 [SlideShare]
Monthly Market Risk Update: March 2024 [SlideShare]Commonwealth
 
2024.03 Strategic Resources Presentation
2024.03 Strategic Resources Presentation2024.03 Strategic Resources Presentation
2024.03 Strategic Resources PresentationAdnet Communications
 
ACCOUNTING FOR BUSINESS.II BRANCH ACCOUNTS NOTES
ACCOUNTING FOR BUSINESS.II BRANCH ACCOUNTS NOTESACCOUNTING FOR BUSINESS.II BRANCH ACCOUNTS NOTES
ACCOUNTING FOR BUSINESS.II BRANCH ACCOUNTS NOTESKumarJayaraman3
 

Recently uploaded (20)

Introduction to Entrepreneurship and Characteristics of an Entrepreneur
Introduction to Entrepreneurship and Characteristics of an EntrepreneurIntroduction to Entrepreneurship and Characteristics of an Entrepreneur
Introduction to Entrepreneurship and Characteristics of an Entrepreneur
 
Contracts with Interdependent Preferences
Contracts with Interdependent PreferencesContracts with Interdependent Preferences
Contracts with Interdependent Preferences
 
The Power Laws of Bitcoin: How can an S-curve be a power law?
The Power Laws of Bitcoin: How can an S-curve be a power law?The Power Laws of Bitcoin: How can an S-curve be a power law?
The Power Laws of Bitcoin: How can an S-curve be a power law?
 
Commercial Bank Economic Capsule - March 2024
Commercial Bank Economic Capsule - March 2024Commercial Bank Economic Capsule - March 2024
Commercial Bank Economic Capsule - March 2024
 
20240314 Calibre March 2024 Investor Presentation (FINAL).pdf
20240314 Calibre March 2024 Investor Presentation (FINAL).pdf20240314 Calibre March 2024 Investor Presentation (FINAL).pdf
20240314 Calibre March 2024 Investor Presentation (FINAL).pdf
 
The CBR Covered Bond Investor Roundtable 2024
The CBR Covered Bond Investor Roundtable 2024The CBR Covered Bond Investor Roundtable 2024
The CBR Covered Bond Investor Roundtable 2024
 
Monthly Economic Monitoring of Ukraine No.230, March 2024
Monthly Economic Monitoring of Ukraine No.230, March 2024Monthly Economic Monitoring of Ukraine No.230, March 2024
Monthly Economic Monitoring of Ukraine No.230, March 2024
 
New Monthly Enterprises Survey. Issue 21. (01.2024) Ukrainian Business in War...
New Monthly Enterprises Survey. Issue 21. (01.2024) Ukrainian Business in War...New Monthly Enterprises Survey. Issue 21. (01.2024) Ukrainian Business in War...
New Monthly Enterprises Survey. Issue 21. (01.2024) Ukrainian Business in War...
 
Solution manual for Intermediate Accounting, 11th Edition by David Spiceland...
Solution manual for  Intermediate Accounting, 11th Edition by David Spiceland...Solution manual for  Intermediate Accounting, 11th Edition by David Spiceland...
Solution manual for Intermediate Accounting, 11th Edition by David Spiceland...
 
Sarlat Advisory - Corporate Brochure - 2024
Sarlat Advisory - Corporate Brochure - 2024Sarlat Advisory - Corporate Brochure - 2024
Sarlat Advisory - Corporate Brochure - 2024
 
Buy and Sell Urban Tots unlisted shares.pptx
Buy and Sell Urban Tots unlisted shares.pptxBuy and Sell Urban Tots unlisted shares.pptx
Buy and Sell Urban Tots unlisted shares.pptx
 
Effects & Policies Of Bank Consolidation
Effects & Policies Of Bank ConsolidationEffects & Policies Of Bank Consolidation
Effects & Policies Of Bank Consolidation
 
The unequal battle of inflation and the appropriate sustainable solution | Eu...
The unequal battle of inflation and the appropriate sustainable solution | Eu...The unequal battle of inflation and the appropriate sustainable solution | Eu...
The unequal battle of inflation and the appropriate sustainable solution | Eu...
 
Zakat and it’s Social Benefits - THE FORGOTTEN PILLAR OF ISLAM
Zakat and it’s Social Benefits - THE FORGOTTEN PILLAR OF ISLAMZakat and it’s Social Benefits - THE FORGOTTEN PILLAR OF ISLAM
Zakat and it’s Social Benefits - THE FORGOTTEN PILLAR OF ISLAM
 
ACADEMIC BANK OF CREDIT: A WORLDWIDE VIEWPOINT
ACADEMIC BANK OF CREDIT: A WORLDWIDE VIEWPOINTACADEMIC BANK OF CREDIT: A WORLDWIDE VIEWPOINT
ACADEMIC BANK OF CREDIT: A WORLDWIDE VIEWPOINT
 
E-levy and Merchant Payment Exemption in Ghana
E-levy and Merchant Payment Exemption in GhanaE-levy and Merchant Payment Exemption in Ghana
E-levy and Merchant Payment Exemption in Ghana
 
Monthly Market Risk Update: March 2024 [SlideShare]
Monthly Market Risk Update: March 2024 [SlideShare]Monthly Market Risk Update: March 2024 [SlideShare]
Monthly Market Risk Update: March 2024 [SlideShare]
 
2024.03 Strategic Resources Presentation
2024.03 Strategic Resources Presentation2024.03 Strategic Resources Presentation
2024.03 Strategic Resources Presentation
 
Digital Financial Services Taxation in Africa
Digital Financial Services Taxation in AfricaDigital Financial Services Taxation in Africa
Digital Financial Services Taxation in Africa
 
ACCOUNTING FOR BUSINESS.II BRANCH ACCOUNTS NOTES
ACCOUNTING FOR BUSINESS.II BRANCH ACCOUNTS NOTESACCOUNTING FOR BUSINESS.II BRANCH ACCOUNTS NOTES
ACCOUNTING FOR BUSINESS.II BRANCH ACCOUNTS NOTES
 

Ibm data governance framework

  • 1. The Six Questions every Organization should ask about Data Governance Steven B. Adler IBM Data Governance Solutions adler1@us.ibm.com http://www.ibm.com/itsolutions/datagovernance
  • 2. Why Data? Why Governance? § Governance: § Data: -Corporate governance is about § Structured controlling human self-interest to § Unstructured benefit the common good: § Metadata § Increased Revenue § Video, Audio, Multi-Media § Lower Costs § Reduced Risk § Print, Email, and Archived § Software Code § IT has become the engine for business innovation and growth and § Patents, IP it must be governed to demonstrate § Protocols, Message contribution to the business bottom- Streams line. § These are all digital § To govern IT effectively, the value of Data must be assessed, Risk assets calculated, outcomes measured and constantly re-evaluated. 2 07/31/07
  • 3. Without Data Governance… § People make mistakes… § Those mistakes more commonly result in losses than hackers… § Those losses effect every aspect of IT and business § But data is still an abstract concept and governance needs technology to be improved…
  • 4. The IBM Data Governance Council was formed in 2004 to explore enterprise challenges and develop solutions Customers Business Partners Academia Abbott Freddie Mac AirMagnet North Carolina State ABN Amro Huntington Bank University Nova Southeastern Application Security Alltel IBM CIO Office University Axentis Bucerius Law School American Express Key Bank Continuity Software Bank of America MasterCard Guardium Bank of Montreal Merrill Lynch Intellinx Bank of Tokyo/Mitsubishi Monaris Lumigent Bell Canada Novartis OpenPages BITS Financial Services Nordea Bank Organizational Policy Inst. Roundtable Cadence Design Northwestern Mutual Paisley Citigroup PNC RiskWatch City of New York, FISA Regions Financial Corp. SecNap Danske Bank TIAA-CREF Semantic Arts Deutsche Bank TeliaSonera SPS Security Discover Financial VP Securities Services Tizor Equifax Washington Mutual Valid Technologies Fannie Mae Wachovia ZANTAZ The World Bank
  • 5. There are Six Questions every organization should ask themselves about Data Governance today § Do we have a Government? § Who is responsible for governing? § How do we share accountability across the enterprise? § How do we assess our situation? § Are benchmarks available? § How do we measure our Maturity? § What is our Strategy? § How do we get from here to there? § What does our CEO and Board want? § What is our data worth? § How much revenue is it producing? § How much does low quality data cost? § What are our vulnerabilities? § How do we calculate risk? § Which risks do we accept, mitigate, transfer? § How do we measure progress? § What do audits tell us? § How do we report results that matter? 07/31/07 5
  • 6. 1. Do we have a Government? § Who are the leaders? § What does the DG Committee look like? § What power centers should be at the table? § How many business representatives are in the Council? § What is the charter of the group? § How are issues raised, discussed, and resolved? § How are requirements gathered? § How are policies communicated? § What are our legislative powers? § How do we govern?
  • 7. A Government has these basic powers § To discourage behavior: § Make something expensive § Make something difficult to do § Make something illegal § To encourage behavior: § Make something cheaper § Make something easier to do § Make something legal § To record results: § Census § GDP, CPI, etc.
  • 8. What will our organization look like to exercise these powers? Each governor represents an interest group and line of Executive business within the Leadership organization and makes policy decisions on behalf of the interests Decision Making Input and the enterprise. Data Governors This ensures clear accountability for all Policy Decisions aspects of data Requirements Definition governance within each line of business as well as across the entire organization. Data Stewards User Acceptance Testing End Users, Customers, etc.
  • 9. 2. How do we assess our situation? § Assessment criteria § Benchmarks § Categories or Disciplines § Using existing assessments § Scope of effort § Public statements vs. internal reality
  • 10. Elements of Effective Data Governance Outcomes Data Risk Management & Value Creation Compliance Enablers Organizational Structures & Awareness Requires Policy Stewardship Enhance Core Disciplines Data Information Information Quality Life-Cycle Security Management Management and Privacy Supports Supporting Disciplines Data Classification & Audit Information Architecture Metadata Logging & Reporting 10 10 10
  • 11. How do DG domains come together establish DG within an organization? § An organization can start with any of the 11 domains, and is likely on the path to maturity for one or more of these domains. § By grouping the 11 domains of Data Governance, for which organizations can assess their current maturity, some insight into how to establish a road map can be gained. § An initial high level grouping of DG domains, and showing primary relationships between these groupings, may help organizations to build a road map: §Outcomes §Enablers §Core Disciplines §Supporting Disciplines
  • 12. Examples of relationships between DG Domains: 1 & 2 Quality and Security/Privacy requirements for data need to be assessed and managed throughout the information life-cycle Disciplines Data Information Information Quality 1 Life-Cycle 2 Security Management Management and Privacy 3 Executive level endorsement and sponsorship is an enabler for stewardship of information that requires standardization across processes and functional boundaries 4 Consistency in practice can be enabled through Stewardship when there are Enterprise-level policies and standards in place for DG disciplines. Enablers 3 Organizational Structures & Awareness Policy 4 Stewardship 6:47 PM Confidential Draft - not for distribution
  • 13. IBM Data Governance Maturity Model and Assessment IBM has developed an assessment tool and maturity model to measure DG maturity Key contributors to maturity: § Rigor § Comprehensiveness Business Transformation § Consistency • Continuous Improvement • Innovation / Leadership • Collective / Shared Efforts • Consistent & Rigorous • Significant Automation • Consistent Performance Measurement against Stated Goals • Objectivity and Trust • Advanced Tools / Usage • Measured and Managed Efforts • Understood / Shared Practices • Consistent Application • Improving Performance • Advancing Technology • Initial Process Definition • Basic Infrastructure Modeling • Project Discipline • Automation Opportunities • Lack of Processes • Stand-alone Structures • No Tracking / Management • Heroic Efforts • Ad Hoc Attempts
  • 14. Customer Examples § Today, 10 members of the Data Governance Council are using the Maturity Model to transform their businesses § Bottoms-up process transformation § Top-down governance models § Inside-out program funding § They use the Maturity Model to defining what is in scope for Data Governance, based on a benchmark created by peers.
  • 15. 3. What is our Strategy? § Where do you want to be in 3 years? § What is the gap between where you are today? § What milestones, specific tactics, and KPI’s? § How to get organizational support? § How to get Board support?
  • 16. After the assessment, you need to benchmark where you are and where you want to go
  • 17. Build a Data Governance Vision § Minimum Requirements § Milestones § Key Performance Indicators § Project Plans § Teams and structure § Enabling Technology § Desired Outcomes § Timeframe
  • 18. Sell the Vision § To affect organizational change, everyone needs to be onboard § Getting everyone onboard can eat vast amounts of time and become process overkill § New methods of community-based consultation and eVoting are needed to get broad support for the vision § The CEO and Board are also important
  • 19. 4. What are our data assets worth? § How do we measure data quality? § What is the data landscape? § What is the data model? § What is metadata? § How does data contribute to business results? § How can we measure the ROI of data improvement projects?
  • 20. The Value of Data is Dependent Upon the Value of IT § Value is dependent on Price § You can’t tell the value of something if it doesn’t have a market price § IT is run like a Command Economy. § Budgets are allocated centrally § Projects are managed based on labor value and infrastructure cost allocation § ROI is impossible to derive because there are no market mechanisms to determine the price of IT.
  • 21. In the Perfect World… § IT would buy hardware, software, and services from other vendors at cost, mark them up, and resell those products to the business. § The business would negotiate prices with IT and each division would pay new project, operational, and maintenance prices on all IT services. § IT would only have an investment budget based on business needs. § This would create an internal market for IT services similar to the real- world external market. § The Value of IT would therefore be based on the utility of IT services. § The value of data could also be measured using Utility Theory, because data management costs would be factored into IT prices.
  • 22. What is the value of Data? § Data is worth whatever someone wants to pay for it: § $1 for the NY Times § $93 for a stolen identity § $259 for Windows Vista § $20 for a book on Amazon § $1.29 for a song on iTunes § $5 for 512m2 of land in Second Life § How do you calculate the value of enterprise data? § Buildan enterprise marketplace and let data supply and user demand set the internal price § Track data usage patterns to derive the Utility Value of Data § Record the revenue generated with use of the data and subtract the utility price paid to calculate the net earnings on data (EOD)þ
  • 23. Content Level Agreements § Content level agreements can contain numerous data quality performance metrics with corresponding data integrity and availability level objectives. Some examples are: § DQI (Data Quality Index): Index ratio of data quality. § DAR (Data Availability Rate): Percentage of time that contracted data was available to “consumers” § DIR (Data Integrity Rate): Percentage of time that contracted data was trusted and reliable. § DER (Data Error Rate) Number of data errors.
  • 24. 5. What are our vulnerabilities? § Security Risks § Regulatory Concerns §Different approaches in laws §Related documentation and administration §Bringing regulations and reality together § Reputation Risks §Data leakage §Protected data §“sensitive data” §Misuse of data §Loss of Data §Risk of “bad” data
  • 25. Calculating Risks § Qualitative Analysis § Assessment § Prioritization § Weighting § Scoring § Quantitative Analysis § Causes and Trends § Incidents & Occurrences § Events § Claims § Losses § Probability Analysis
  • 26. Level 5 Data Risk Management Maturity Optimized Find ways to leverage risk to Level 4 corporate benefit. Managed WIN! Make decisions to predict and control: Level 3 § Managed risks § Limited risks Defined § Process change Benefits Combine with § Accountability from data human behavior § Budgeting risk mgmt and “effect” data Level 2 Correlate and Implement Repeatable develop compre- Monitor/Report hensive Data Risk Adjust Assessment Risks “from” data Create context for picture “bad events” Level 1 Collect, categorize, Initial analyze all “actions of interest” “Bad Event” Driven Broaden across “Faith-Based” Fixes No predictability multiple risk entities No cause/effect Risks “to” data 07/31/07
  • 27. Other Risks § IT Project Risk? § Defect Errors § Process Mistakes § Governance risks § Implementation Risks? § Interoperability § Deployment? § Business Continuity § Service Level Agreements § Globalization Risks?
  • 28. Alternative Risk Transfer “Alternative Risk Transfer (often referred to as ART) is the use of techniques other than traditional insurance and reinsurance to provide risk bearing entities with coverage or protection. The field of ART grew out of a series of insurance capacity crises in the 1970s through 1990s that drove purchasers of traditional coverage to seek more robust ways to buy protection.” – Wikipedia
  • 29. § ART agreements can contain numerous risk metrics with corresponding protection level objectives. Some examples are: § IRE (Incident Rate of Exposure): Percentage of incidents to occurrences. § AIRT (Average Incident Response Time): Average time (usually in seconds) it takes for an incident to be responded by the service desk. § CA (Coverage Amount): Amount of risk transfer from department to organization on an aggregate basis. § RA (Reserve Amount): Amount of “premium” paid by each department, based on past losses, to cover future exposures. § Security Agreement: Common agreements include percentage of network uptime, power uptime, etc.
  • 30. 6. How do we measure progress? § Processes for capturing requirements § Processes for managing change § Processes for implementing policy § Using User Acceptance Test to measure how policy maps to requirements § Monitoring policy compliance § Link to operational risk
  • 31. What are we measuring? § Data Quality § Value of Data and IT Services § Probability of Risk § Policy Compliance § Regulatory Filings § Governance efficiency § Revenue Contributions § Cost Savings
  • 32. Why CLA and ART § Because they provide market mechanisms to price content and risk in an enterprise § Incentives and Disincentives to motivate behavior § Those market mechanisms provide governing power to affect change § With that change comes accountability, efficiency, and enlightenment § Without them, we are just guessing at the value of data and the cost of risk. 32
  • 33. Data Governance Balanced Scorecard Element Current Desired KPIs Outcome Maturity Maturity •Traditional Structure •community based self- •# new ideas •78% employee Organization (2)þ governance (4)þ implemented satisfaction rate •Data Stewards only •Stewardship in every •# stewardship •125% more stewards Stewardship (2)þ discipline (3)þ communities •Ad-hoc policy •Structured policy •45% increase in reg. Policy management (1)þ management (3)þ compliance •Spreadsheet-based •Process oriented DG •Data utility index •24% reduction in Data Quality DQ program (1)þ program (4)þ •Price of data fraud •Stovepipes of data (1)þ •Federated and •Data availability index •Lower data Architecture integrated (4)þ •Data supply ratio management costs •No metadata •End-to-end metadata •Business glossary •12% reduction in Metadata management (0)þ management (4)þ •Metadata elements policy failure •Enterprise Access •Context-based •# Incidents • 98% Customer Security Control entitlements satisfaction •Faith-based Risk •Fact-based Risk • $ Capital Reserve •12% net underwriting Risk Management (1)þ Forecasting (4)þ • # Losses profit •Command Economy •Demand Economy •Efficiency of IT service •8% Net IT operating Value •Labor Theory (1)þ •Utility Theory (5)þ pricing profit •Enterprise Backup (2)þ •Policy-based backup •Retention/deletion •23 Terabytes saved ILM (3)þ ratio •Quarterly Audits (1)þ •Automated self- •# Failures reported •24% reduction in IT Audit assessments (5)þ •# audits passed project failure
  • 34. Questions? Click on the questions tab on your screen, type in your question (and name if you wish) and hit send.