Guest Post by Barry Green, Chief Data Officer (Interim) at Bank of Ireland
Policy next steps:
Many assume that the CDO’s policy and data management are relatively well understood. This broadly includes governance, quality and controls, modelling & architecture, usage & flows, and key domains.
It is the ‘how’, which causes the issues. This includes ownership, which in my view is one of the most difficult aspects of execution. In most organisations accountability is often blurred; accountable and responsible definitions are ambiguous or enclosed within a “we are different” wrapper. This Effectively leads to a situation in which no one can be held accountable.
Data ownership requires collaboration between everyone in an organisation. Data ownership is a shared responsibility with no one individual, division or executive owning organisation data. Data ownership will also change as an organisation matures. So where do you start and how do you assign ownership?
Firstly, there is no silver bullet; this difficult topic needs a pragmatic approach. The approach taken needs to align to levels that make sense in your organisation. Start simple with no more than two issues being addressed, such as:
- Executive ownership and;
- Critical data element (‘CDE’) ownership
In this example, Executive ownership is used to drive understanding and education. It is critical that each part of the organisation’s key executives understand and help drive the broader data management change as needed, with ownership being a component. Policy is key to this process and is the anchor.
The identification of critical data elements is a progressive undertaking. To manage execution, use a risk-based approach. To ensure future capability of the organisation, it is sound to start with activity that is starting or going to start. I call this ‘fix forward’. The ‘fix forward’ approach helps with risk prioritisation. Remediation of old legacy issues can be risk-assessed and prioritised using governance.
It is also important to note that when looking at data, process also needs to be considered. Data and process are not mutually exclusive. An end-to-end understanding is critical to ensure balanced decisions are made in managing and controlling data and process. Process can be undertaken immediately as the organisation matures if process is clearly understood with data flows, and assignment can be undertaken when appropriate.
Roles and Responsibilities
The concept of ownership for data and process needs to be clearly defined. The table below outlines the various components of ownership using roles, with definitions for accountable, responsible, 100% committed and reasonable explained to provide full context.
Figure 1: Ownership defined
The various activities undertaken in the production, consumption, and management of data through the data lifecycle (depicted in Figure 3) can be broadly defined in five key roles. These roles are defined below in Figure 2.
Figure 2: Data Roles
While the implementation of ownership will evolve, it is important to understand that all data-related roles need to collaborate to ensure data in the organsiation is managed efficiently and effectively.
Accountable & Responsible
Accountability and responsibility are compared to highlight how they should be used for the purpose of ownership.
The main difference between responsibility and accountability is that responsibility can be shared while accountability cannot. Being accountable not only means being responsible for something but also ultimately being answerable for your actions. Also, accountability is something you hold a person to only after a task is done or not done. Responsibility can be before and/or after a task.
Accountability and responsibility can be assigned using either a 100% committed basis or reasonable efforts basis (refer to Figure 1). these terms are defined below:
Performing a duty on a ‘100% committed’ basis is the onerous standard. If you are accountable or responsible for performing a duty on a ‘100% committed’ basis this means, everything that can be done should be done: but not to the point of acting in a manner that is not commercially efficient or effective. The phrase ‘no stone unturned’ exemplifies the ‘100% committed’ standard.
By contrast, “reasonable efforts” implies that what can be done should be done, in the context and purpose of the duty being performed, but without the responsible or accountable party needing to leave ‘no stone unturned’. ‘Reasonable efforts’ is a less onerous standard than 100% committed.
The CDE ownership is where real ownership begins. The CDE owner should be defined in the Business Glossary and become a critical part of the on-going governance in maintaining the development and understanding of critical data and the context in which it is critical. To tackle the complexity of ownership it is suggested that as you begin to understand critical data (through process and data flow documentation) you develop simple rules signed off by the Executive and use this as a basis for ownership. While it won’t completely avoid ambiguity, it provides a good place to start and a basis from which to develop CDE ownership in an organisation.
CDE End-to-End Ownership
It is not practical for the CDE Owner to understand the detail of the full end to end process for a CDE. A CDE will likely be the result of various processes across various parts of the organisation. However an understanding of the end-to-end process is a key part of developing sound data management, with the Owner responsible on a reasonable basis for this process.
CDE Sub Process Owner
Where a CDE crosses several processes across an organisation, the owner of these sub-processes is accountable on a ‘100% Committed’ basis. It is expected that the BAU activity covering these processes will have the necessary Risk Control Framework controls applied with appropriate ownership aligned.
Technical Producer (Custodian)
The organisation’s technology should have owners of the various systems from a technical perspective. This means they maintain the accountability for ensuring the systems are current and working and support the organisation’s business processes. In this role they are responsible for ensuring the system controls and systems are defined in line with business requirements on a ‘100% committed’ basis.
Data powers all business. All users of data are required to understand their responsibilities when using data to transaction process. They have a responsibility on a reasonable basis for ensuring their consumption of data is in line with organisational policies (data privacy, security, etc.).
The Chief Data Officer is accountable on a ‘100% committed’ basis for ensuring the organisation has the right policy, strategy, and data standards for the organisation to operate effectively. The scope is across the data lifecycle which is outlined below in Figure 3.
Figure 3: Data lifecycle
In the next blog, the organisation structure will be discussed.Published in