Affiliated with:

EWSolutions logo color white
dmu logo text dark

Data Governance Checklist for Internal Audits

July 4, 2021 Sowmya Teja Kandregula Data Governance

Sign Up For A Free Subscription!
Data Governance Checklist for Internal Audits

Data governance can support the protection and effective use of sensitive report data, such as customer and employee data

An integral part of organizational data is customer and employee data. This data is often used for important decision making – for instance improving sales, budget planning & allocation, resource utilization etc. At the same time, this data potentially contains sensitive customer and employee information. Therefore while using this data for decision making, it becomes imperative to:

  • protect data from a regulatory compliance standpoint (and)
  • ensure data adheres to highest standards of quality and accuracy.

There is a series of data governance concepts and best practices that should be addressed to ensure such reporting data is fully protected and maintained for optimal usage.

1. Need for Data Governance

Data Governance provides a competitive advantage when it comes to effective utilization of data. It helps align unsorted information, hide confidential information (and) structure/protect relevant information used for decision making. Achieving these objectives will be a step in the right direction to keep regulatory authorities satisfied and the executive leadership content concerning the validity of the information.

Different data governance principles can be implemented to accomplish each of these tasks. Following is a collection of different data governance principles that should be adopted, for a proper and functional data management program.

2. Data Governance Principles

These principles will help determine the ownership of the Business Intelligence (BI) object or report (and) also address additional information such as information source, quality, validity (and) protection around data including its lineage and relevance. Abiding by these principles will help enterprises gain a 360 degree view and control over the information used for critical decision making.

2.1. Report (as an Asset) must be inventoried in the catalog and classified with appropriate steward/owner.

Every report must be inventoried as part of an asset catalog (data catalog) with the appropriate ownership. It is advisable that the data owner/data steward

 of the report is a subject matter expert (SME) of the report and its content.

2.2. The report requirements including business need, usage and report fields along with any calculations/mapping to the source data assets need to be identified by the owner of the report and should be stored in the catalog.

Report related information should be identified and recorded within the asset catalog. The information should include the business requirements of the report, the usage (Board of Directors reporting, Regulatory reporting, etc.) and the corresponding report fields and metrics to accurately identify the characteristics of the report.

2.3. The business/technical metadata and the critical data elements within the report should be documented, aligned and captured in the catalog.

The business metadata (Logical Data Dictionary) and technical metadata (Physical Data Dictionary) for all the critical data elements within the report should be recorded and mapped within the catalog so that the business users can identify the elements within the report for usage and decision making.

2.4. The report lineage must be captured to the source information assets – Authoritative Data Sources (ADS).

The critical data elements within the report can be captured from multiple sources of data assets and might have gone through transformations with multiple data hoops. The lineage of these elements should be traced back to the Source Asset within the organization. The source asset needs to be a reliable source and is ideally expected to be an Authoritative Data Source (ADS).

2.5. The Source Information Asset used in the creation of the report must be inventoried in the catalog and should be assigned the appropriate asset owner/steward.

The source assets used across the lineage as described in the previous requirement for the generation of the report should also be inventoried in the asset catalog along with their ownership. The data owner/steward is preferred to be a subject matter expert for the given asset and its components.

2.6. The business/technical metadata for the critical data elements within the source information asset should be documented, aligned and captured in the catalog.

The business metadata (Logical Data Dictionary) and technical metadata (Physical Data Dictionary) for all the critical data elements within the source assets of the report should be recorded and mapped within the catalog so that the business users can identify the elements within the source assets and their transformations for report utilization.

2.7. Rules must be defined for all six dimensions of Data Quality as applicable for the source information asset. All critical data elements within the asset must be monitored as approved by the owner of the asset. A Data Quality Index (DQI) must be calculated for the critical data elements (CDEs) within the asset in order to maintain the quality of the data used within the report. The DQI should be assessed against a threshold set up by the source information asset owner.

Data Quality rules should defined for all six dimensions i.e. accuracy, completeness, consistency, timeliness, validity and uniqueness. These rules need to be assigned and monitored for all information assets and their critical data elements as applicable by the respective stewards of the assets. There are different ways to monitor the application of these rules for the assets and their elements. The most common is defining Data Quality Index for the CDEs and assessing it against the threshold of data quality as defined in the system by the governance team in accordance with the asset owner.

2.8. Data Quality issues and exceptions within the report must be identified and traced back to the source information asset on a pronto basis and resolved within a stipulated time frame.

The data quality issues and exceptions as identified by the rules established for the assets need to be identified to the source of the issue and resolved before the asset is utilized by the organization.

2.9. If the source information asset is external to the system, a service level agreement and information sharing agreement must be in place identifying the metadata of the asset and the critical data elements shared externally to build the report.

If the source information asset utilized by the report is external to the organization, it should have a service level agreement and information sharing agreement to identify and validate the data from the external source and should have the metadata, data quality rules and privacy controls for the critical data elements and sensitive data defined within the agreement.

2.10. Appropriate security and privacy controls need to be assessed and managed for all sensitive data elements within the report and all source information assets.

Sensitive data elements need to be identified for all assets within the lineage of the report and the appropriate security and privacy controls need to be implemented, assessed and managed for these sensitive data elements as per the privacy regulations established within the system. Privacy regulations can be in form of General Data Privacy Regulation (GDPR), California Consumer Privacy Act (CCPA), etc. The privacy controls can be implemented in multiple ways including data masking, encryption, data shuffling, etc.

2.11. Retention periods and legal holds need to be developed, maintained, reviewed and published for the report.

All assets within the organization need to follow retention rules and adhere to legal holds for statutory and regulatory purposes. The retention periods and legal holds as defined as per regulations need to be developed, recorded, maintained and reviewed periodically. The assets can only be discarded from the system once the retention period and legal holds for the asset have expired.

Conclusion

These are the general data governance concepts and best practices that should be followed for ensuring proper regulatory compliance, effective resource utilization and optimal utilization of assets (reports) within an organization.  Even though they won’t assist in decision making, they will provide the accurate and well-defined data that can be used for making the decisions by the business and technical stakeholders. The other benefits of adhering to these rules include a well-defined data framework, ease for data management, and compliance with privacy rules and state and federal regulatory reporting norms.

LinkedIn
Facebook
Twitter

Sowmya Teja Kandregula

Sowmya Tejha Kandregula is an experienced data management professional leading data governance/metadata management/data privacy/data quality/data integration projects at a variety of Fortune 500 businesses. Sowmya’s recent emphasis has been focusing on data demands, including a changing landscape of privacy laws, increased movement of data onto the cloud, and a greater dependency on quality governed data for machine learning and Artificial Intelligence (AI) solutions.

Sowmya conducts seminars, webinars, and training sessions for aspiring information management professionals on a pro bono basis. To date, Sowmya has mentored over 800 professionals across the globe.  He also serves on the advisory panel of various professional and non-profit associations.

More DMU Knowledge

DMU Sponsors

DMU Partners

DMU - Landing Page
dmu logo white
Facebook Twitter Instagram Linkedin Youtube

DMU Categories

Online Courses

Contact Us

© Since 1997 to the present – Enterprise Warehousing Solutions, Inc. (EWSolutions). All Rights Reserved

Subscribe To DMU

Be the first to hear about articles, tips, and opportunities for improving your data management career.