IT Management

“Data governance is a system of decision rights and accountabilities for information-related processes, executed according to agreed-upon models that describe who can take what actions with what information, and when, under what circumstances, using what methods.” (Source:

This is a general, all-purpose definition of data governance, focused at the mid-level managers who must come together to make cross-functional decisions, set policies, and execute them. Its emphasis is on the idea of governance as setting the rules by which managers manage.

Why did the Data Governance Institute (my organization) highlight “rules of engagement” (a key component of the DGI Data Governance Framework)? When it was written and published, we wanted to provide an alternative to definitions that focused on authority and control structures, since we thought those definitions might not be well-accepted in consensus-based cultures.

Now look at some alternative definitions. Can you see how the way data governance is defined might influence how it’s executed? Can you tell from the definitions whether it’s aimed at executives, middle managers, or individual contributors? Can you guess what types of changes (to the organization, processes, authority structures, technology, and data) are being supported by data governance?

Here’s a definition from IBM: “Data governance is about how an organization uses data to benefit and protect itself.” (Source: data-governance.html.)

Would you expect an organization that uses this definition to be focusing its data governance efforts on improving the quality of its data or on standardizing definitions or policies for that data? I wouldn’t. I’d expect a focus on security, with the techno-centric approaches that usually go with that. I’m not certain how to interpret the “benefit” part of the definition. What conclusion would you make about what’s expected of participants and stakeholders?

Here’s another definition: “Data governance refers to the overall management of the availability, usability, integrity, and security of the data employed in an enterprise.” (Source: 0,,sid91_gci1151688,00.html.)

Would you expect a program with this definition to be focused on just security? I wouldn’t. I’d expect a rather broad set of goals. Suppose another executive told you they were introducing a program with this definition. What questions would you have about the number and types of efforts they would undertake to achieve their goals? What assumptions might you make about the level of resources they would need? What would you ask about the who, what and when of managing the availability of data? Usability? Integrity? Security? What’s your first impression about how IT would be involved in such a program? How about how various business teams might be involved? Does this definition give you any impression about how managers will come together to make decisions? Do you think the program is making assumptions about who has the right to introduce policies, standards, and data-related rules?

Consider this definition from Robert S. Seiner, publisher of “The Data Administration Newsletter (TDAN)”: “Data governance: The execution and enforcement of authority over the management of data assets and the performance of data functions.” (Source:

I’ve had many debates with the author of this definition. He contends that the purpose of a data governance program is to ensure people do what they’re told by those in charge (my paraphrase). In this vision, you might conclude that what’s needed are data cops—official program representatives who know what leadership wants, and who enforce those rules through the execution of authority.

  1. When the author and I have debated this definition, we’ve talked about three topics:
  2. How organizations relate to “cops.” I contend that, yes, some organizations with command-and-control cultures expect a certain amount of policing and “enforcement of authority.” Other cultures, however, are based more on consensus. In those cultures, major changes are expected to come about via persuasion rather than power. Ask yourself this: If you exist in a consensus culture, how would your colleagues react to this definition?
  3. Our second topic of debate has been around the concept that those in charge are ready to issue data-related mandates that must be obeyed by staff across the organization. In my experience, those who have the highest level of authority in an organization may not be experts on how to manage data. Rather, I’ve found that sometimes an important function of a data governance program is to assemble knowledgeable resources from across the organization that can compile, prioritize, and recommend data policies and practices that meet enterprise needs. In these situations, those in authority are depending on this governance body to issue recommendations that leadership can turn into mandates.
  4. Our third topic of debate involves the second part of this definition—the “execution and enforcement of authority over the management of data assets and the performance of data functions.” I interpret this to imply that the focus of the program will be on data management departments and resources. What do you think? If this program definition were introduced in your organization, how do you think business-side managers would react? In that critical first minute of hearing about the program, what do you think they would infer about their role?

Here’s yet another definition: “Data governance is the practice of organizing and implementing policies, procedures, and standards for the effective use of an organization’s structured/unstructured information assets.” (Source: library/uuid/60022998-5d17-2b10-dbaa-8e3ab357fa55.)

What do you think your organization’s business-side managers would conclude about this program? What do you think they would conclude about the type of changes the data governance group would be proposing? What does this program definition say about the scope of efforts? Would the program be confined to data in the mainframe?

Now consider this definition: “Data governance is the formal orchestration of people, process, and technology to enable an organization to leverage data as an enterprise asset and mitigate risk.” (Source: data_governance.htm.)

With this definition’s focus on risk, I would expect the program to support a more formal approach to assessing data-related risks and implementing controls to manage that risk. What do you think? Because of the use of the word “orchestration,” I would infer that the way people, process, and technology will be used will involve careful alignment rather than heavy-handed pronouncements. Because of the goal of enabling an organization to “leverage data as an enterprise asset,” I would assume the program will be inspired by approaches used to manage other types of assets, such as physical and financial assets. What would you assume about such a program? Would you expect it to have a tactical or strategic focus?

Finally, let’s consider one last definition: “Data governance is the decision-making process that prioritizes investments, allocates resources, and measures results to ensure that data is managed and deployed to support business needs.” (Source:

What would you infer about the focus of this program? Is it tactical or strategic? Is it concerned only with technical issues or also with business issues? Does it imply that someone in the organization already knows everything that must be done, or will participants be involved in making decisions? If so, what type? Would they be driven by ideals or metrics? Would you want to sign on for involvement with this program?

In conclusion, let me again acknowledge that as a member of the management team of an organization large enough to employ mainframes, you’re a busy person. You’re too busy to attend to all the details that cry out for your attention. That’s what you have staff for. Yet, if you’re expecting your staff to meet with other leaders to solicit their support for a program, project, or initiative that’s important to you, you should pay attention to one detail: the description of that effort. Read it carefully, and speak it out loud. Consider every word and what it implies, who would be involved, what they would be focusing on, and the ground rules that apply to their engagement. Carefully consider the implications of the definition.

Don’t be afraid to solicit multiple versions of a program description so you can pick and choose the exact words that will help craft the perfect elevator speech. After all, a great deal rests on that first impression.

3 Pages