Jun 8 ’11
Compliance Options: A Fill-in-the-Blanks Compliance Strategy
It was a turning point in my career. My department had a new director, and he was looking for good ideas to champion during those all-important first 100 days in office. I had a great idea I thought would help us meet contractual compliance requirements with additional positive effects. I told him my idea, and he nodded thoughtfully. “Interesting,” he said. “I have to run to a meeting, but come back tomorrow with your strategy. Email it to me in advance.”
My internal “hip, hip, hooray!” quickly gave way to panic. A strategy document? What was he expecting? A paragraph? A page? Ten pages? How should it be organized? I had just told him what I wanted to achieve and how we could get there. What else did he expect?
I really do not remember what I emailed him. Even though he accepted it and we went on to tackle a project that was good for the company and even better for my career, what I remember most was that I felt like I was “faking it” with the strategy document; that I should have been aware of some sort of standard structure and format.
I thought of this a few months ago when I met with a group of about 50 director-level data managers who shared an interest in developing formal data strategies. They were a diverse group; some had burning compliance needs, some were interested in better data quality, some needed data governance, and some needed a strategy for maturing their operations. They all had three things in common. They:
- Needed a formal, written strategy
- Felt like they knew what they wanted to do, but
- Had not been able to find an easy way to capture their ideas in a structured document.
We tested formats together and then I had the chance to field-test the results. A client needed a detailed, documented strategy—fast—with a one-page executive summary. Three members of the team and I constructed a 20-plus page strategy in a single day. Yay!
Many of you may find yourself in this situation. You will recommend an approach to dealing with a compliance requirement. It will be obvious to you, but perhaps not to everyone else. Here is a fill-in-the-blanks data strategy outline that might help you start a first draft.
Executive Summary (One Page)
- 1st heading: “The primary information problem we are trying to solve” followed by a single-sentence description of the problem and a paragraph putting it in context.
- 2nd heading: “Root causes” followed by bullet points describing the conditions leading to the problem.
- 3rd heading: “Primary objectives” followed by a list of conditions that should be met by this strategy. If satisfied, these objectives should solve or reduce the impact of the problem within the stated context.
- 4th heading: “Strategy elements” followed by three to 12 key activity threads.
This will be the executive summary plus a section on each of the strategy elements. For each element, you will zero in on the strategy, being more specific about the issues, conditions, and root causes this strategy element is addressing, specific objectives, and success criteria. You will also note cross-dependencies between this element and business processes, projects, ongoing business practices, different data management disciplines, technology strategies, and existing/planned applications and data stores. You will finish by clearly describing alignment requirements with project management, information security, privacy, access management, data governance, and compliance.
What should those three to 12 elements be? Most of them will be the “usual suspects”—making adjustments to 1) organizational bodies, 2) specific roles and responsibilities, 3) decision rights, 4) policies/standards/rules, 5) processes, 6) technology controls, 7) automated/manual process controls, 8) data storage, movement, or transformation, or 9) monitoring/reporting/statusing.
The others? Well, those are your secret sauce, your career-making ideas. You will know what they are when the time is right.
Gwen Thomas is president of The Data Governance Institute and publisher of its Website at www.DataGovernance.com and its sister site, SOX-online (www.sox-online.com), the Vendor-Neutral, Sarbanes-Oxley Site. She has designed and implemented many data governance and compliance programs for publicly traded and private companies across the U.S. and is a frequent presenter at industry events. Author of the book Alpha Males and Data Disasters: The Case for Data Governance, she hosts the Data Governance & Stewardship Community of Practice at www.DataStewardship.com.
Email: firstname.lastname@example.org; Website: www.datagovernance.com