IT Compliance and Controls

Converging Business, Information, and Controls

IT Compliance and Controls header image 2

Deloitte: Business ‘Value’ Metrics are Needed …

February 24th, 2010 · No Comments

A web cast by Deloitte accompanied with a poll has provided some interesting data points on the state of data governance within businesses.  On the heels of this web cast and poll results I have also added some insight from my field experience and general personal impressions.  Interesting facts include:

  • The definition of Data Governance is often different for different people throughout the organization

Creating a great opportunity to establish relative context and personal ownership across the myriad divisions and geographies of the business

  • 36.4% think the chief information officer (CIO) should be the sponsor and accountable for data governance in an organization

Full accountability I accept, but responsibility must be across those that have personal and business concerns directly related to Data Governance

  • 15.5% consider data asset specification optimization as a top problem

Reading these findings I cannot help but hear a certain management guru seeking to hear the contrarian position.  This is not to say that Data Governance is bad or good, but perhaps provide supplemental support to a very difficult challenge.
A great challenge of Data Governance is shifting culture and human behavior to instill control around the data in question.  An interesting approach would be to seek to find what is already being done within the business operations that can provide a control and monitor with some form of natural feedback.  This would allow for data governance to occur naturally relative to every organization, while allowing for a broad adoption across the board with low cost impact.

Such controls can be found in the manner in which data is accessed from the databases and file servers.  Controls can be pulled from how the desktop / laptops are deployed and supported.  This approach looks at the entire business as a system, and can allow for controls to be recorded.  In essence, the objective is to (at least partially) establish data governance and spot level controls without labeling a new server / gadget / process as data governance.
Again, this is not an argument against a mature and prudent data governance program across an enterprise, but simply an identification of possible supplemental avenues that can bring those greatly desired early wins.

Other contrary native controls?

Reflectively,

James DeLuccia

Tags: Uncategorized

0 responses so far ↓

  • There are no comments yet...Kick things off by filling out the form below.

Leave a Comment