The role of the Chief Data Officer (CDO) seems to be confused. Is it a Business, Technology, Compliance or Risk role? The CDO reporting line is also hotly debated: CIO, COO or CEO? The responsibilities of the CDO in my view are generic and need to be agreed up-front to drive the benefits of data and information management. It also needs to be noted that the role of CDO is not limited to Data, but also the management, understanding and execution of a complete Information strategy.
Where the CDO reports will be largely determined by the organisation they operate within. What is key is that the role is enterprise wide, is strategic, and provides solutions that are best for the organisation as a whole, rather than their direct reporting line. The performance objectives need to be defined accordingly.
Firstly, data strategy should not operate in isolation; it needs to be grounded on the fundamentals of any business (Customer, Channel, Product, Revenue and Risk mitigation). While this seems obvious, data management is often being implemented as a response to some regulatory need. In addition, data organisations are often set up in such a way that they conflict with the current organisation construct.
If an organisation wants to change (with a capital C) to a data driven, information organisation, the definition of the role is key. Ideally, where data is a key pillar (People, Process, System and Data). It is critical to recognise that this journey is fundamentally a large and complex change initiative. Creating a data organisation as a response only to a regulation is in my view short sighted.
Data is often seen as someone else’s responsibility, especially when the CDO reporting line is through Technology. All organisations need data to be managed and used to drive revenue and to drive a better customer experience. Regulatory demands are very important but not the only show in town. BCBS 239 is the obvious example where if good data management for the enterprise is put into place BCBS 239 principles should be met (BCBS 239 is the Basel Committee on Banking Supervision regulation number 239).
Key responsibilities for the CDO start with setting an appropriate data policy. This becomes the anchor to which all activities align. Policy is a core piece of the puzzle and the content is now well understood. The difficulty is in defining how you apply the policy to an organisation which has legacy infrastructure and a culture where data has previously taken a back seat. The trick is to understand the organisation and to introduce a policy with the right level of standards but ensuring the auditability is limited to allow for change to embedded.
Defining a policy which drives organisational non-compliance is not an effective way to change the culture, process and legacy thinking. The standards provide a baseline for reviewing current practice and ensuring any decisions made, which are non-compliant from the date of introduction, have a reference point for remediation.
The CDO owns the policy. They also need to drive through education, an understanding of what the policy will mean for process, system and organisational change going forward. Where there are existing frameworks in place (e.g. three lines of defence approach and Risk and Control Self-Assessment processes), these should be used to drive future compliance (adding new frameworks that complete is not effective).
It is critical that data is not seen as only the responsibility of the CDO. The role needs to be a conduit between stakeholders in a business to ensure the information for decision making is current and continually improving. The policy is a key first anchor point to drive gradual process and data ownership.
NEXT: Process and Data ownership.