Six Key Data Governance Questions For Directors

If there’s anything that’s defining successful businesses today, it’s the understanding, use, and strategy around an organization’s data.  Does your company incorporate data governance into its business strategy?

Your data governance framework should provide guidance on how your organization collects, manages and archives data.  Earlier this month, the Institute of Internal Auditors (IIA) shared an article in their bimonthly newsletter, The Tone at the Top, detailing the current state of data governance and shared the top six questions that directors should be asking.  The following excerpt highlights questions leadership teams should consider when implementing their company’s data governance framework:

Six Key Data Governance Questions For Directors
Passage From IIA Tone at the Top February 2019 Data Governance: What Directors Need to Know”

  1. What data are we concerned with?

Effective data governance starts by knowing what data is being collected, where it resides, and how it’s being used throughout the organization. In many cases, mapping the flow of data can enhance understanding and strengthen data governance.

  1. Is our data being used properly?

The data governance system should help assure that data is available when needed for legitimate business reasons, but it must also protect sensitive information and assure that data is used ethically. Directors need to know whether the company has created adequate policies and procedures on data usage, and they need to ensure that there are controls to monitor and enforce the policies.

  1. Have we defined specific goals for our data governance program?

Every company is different, so there are no standard one-size fits-all approach to data governance. If the data governance program is relatively new, for example, it might be a considerable undertaking merely to determine where all of the organization’s critical or sensitive data resides. Later, the focus might shift to minimizing risks, increasing the value of data, improving the flow of information, or other priorities. Therefore, data governance goals and priorities should be reassessed regularly.

  1. How have we evaluated the risks?

Every company must deal with risks such as data loss or corruption, data breaches, or compliance lapses. It’s impossible to eliminate all risk, but it’s important that the board receives timely information about significant data risks and evaluates whether the level of risk exposure is appropriate for the company’s risk appetite.

  1. When significant issues are identified, how do we assure that they are handled appropriately?

The board needs to understand the processes for communicating and addressing significant data governance issues. They also need to ensure that when problems are identified, the problems are addressed appropriately.

  1. What about data governance frameworks?

A data governance framework provides guidelines for using data, managing it, and resolving data issues. It identifies the people and departments that should control and manage different types of data.  Organizationally, the framework might include a data governance office that helps run the program, along with a data governance committee or council that prioritizes data governance projects; approves data usage policies, processes, and procedures; and identifies data stewards and stakeholders. If your company has not yet agreed upon a data governance framework that assigns specific responsibilities, it may be time to ask why not.

All organizations should consider the who – what – how – when – where and why of data to not only ensure security and compliance, but to extract value from all the information collected and stored across the business – ultimately improving business performance.


Ms. Darlene Brown is a director with our Risk Advisory practice. She has more than 20 years of experience in leading internal audits, SOX Section 404 compliance testing, internal control evaluation, operational performance reviews, and business process improvement reviews. She has oversight responsibility for our co-sourced and outsourced internal audit services with a diverse clientele across all business sectors including state government entities, higher education, not-for-profit organizations, Fortune 500 companies, and public and privately held businesses. Connect with Darlene via email .

 

For more insights on improving business processes:

McConnell & Jones’ consulting services provide a systematic process for aligning operational outcomes with strategic objectives and stakeholder demands.