The need for data governance is necessary for almost any corporation, but for large corporations that are subject to government regulations and oversight such as the financial firm of Goldman Sachs having a strict policy for data governance is imperative. IBM in its August 2008 white paper “Getting Started with Data Governance” defines data governance as “the orchestration of people, processes and technology to enable an organization to leverage data as an enterprise asset. It helps make data more usable, accessible, consistent and trustworthy” (p. 2). One reason for Goldman Sachs needing to have a comprehensive data governance policy is that compliance requirements demand the need for high-quality data that is auditable. With the implementation of the Dodd-Frank Act in 2010, large financial institutions are held to a higher standard of compliance having been deemed to potentially provide a danger to the economy if they were to fail. Having a strict data governance program will help reduce the risks associated with the nature of their business and protect the integrity of their data.
A data governance program is only as good as its policies and how it is managed. Before creating the program the direction that the governance decisions will be following needs to be determined. The most important factor in any choice of direction is that the tone is set from the top that the subject of data governance is supported by the leadership so that middle management and the other employees realize the importance of adhering to this policy. There are generally four direction flows to choose from and some programs may include several in their design according to Gwen Thomas, President of the Data Governance Institute (2012):
• Top-down governance and decision flows
• Bottom-up governance and decision flows
• Center-out governance and decision flows
• Silo-in and governance flows
For Goldman Sachs’ data governance program, it has been determined that the Data Governance leadership will use the center-out governance and decision flow because they are aware that the use of data by various departments is not a one size fits all situation. Therefore, it is best to have the experts in the various areas “specify data models, interpret compliance requirements, design controls, and set protocols” (Thomas, 2012). Once this has been accomplished and the decisions have been made as to how the best way to proceed, leadership the top-down option comes into play with a mandate being made as to how the data governance program is to be followed. In order to be successful, the stakeholders need to be educated with the plan and support processes such as exceptions, issue escalation paths, and the issue resolution process need to be instituted and explained to all.
According to IBM’s Director of Data Governance Solutions Steven Adler’s article in CIO Magazine (2007), the following steps should then follow with implementing a successful data governance program:
• The current situation of the existing program needs to be accessed across the various domains. This will help set benchmarks for the program and help determine where the program needs to be for the future.
• Once the assessment has been completed, the governance group needs to create a vision of where Goldman Sachs’ data governance policies should be in the coming years as this will not be an overnight process. Using this as a guideline, they would work backwards setting realistic project plans and milestone dates to work to close identified gaps in the current program. Progress would be tracked with set metrics or key performance indicators. Reporting to the CEO and leadership would occur on a set schedule to keep them apprised of the progress of the governance program.
• The value of the company’s data needs to be calculated. Its value is often taken for granted, but if it is destroyed or not accurate, it can prove to be financially disastrous to a company. Knowing the data’s worth will help increase the meaning behind protecting it.
• The probably of risk needs to be calculated, as it relates to its prior use and abuse, which will then give an indication of how it could be compromised in the future. Being Goldman Sachs has not been immune to scandal over the years regarding inaccurate reporting and so forth, it is imperative that past events be analyzed. This will help reduce the future misuse of data by changing policies to avoid such occurrences and the ability to forecast possible future losses.
• Ongoing monitoring of the data governance needs to occur as it relates to organization behavior. The business environment changes at a rapid pace and so does the requirements of data as its risk and value are subject to constant change. This means monitoring efforts need to be ongoing on a daily or weekly basis, not just during a yearly audit.
In order for Goldman Sachs to safeguard its corporate information, a strict data governance program is required. This will assist the company in satisfying the requirements that have been set forth by banking and securities regulators, but also improve the auditing process. A successful data governance program will help the company reduce or mitigate its risks and provide a better value to its stakeholders.
- Adler, Steven. (2007). Six steps to data governance success. CIO Magazine. Retrieved from http://www.cio.com/article/114750/Six_Steps_to_Data_Governance_Success?page=1&taxonomyId=3089
- IBM. (2008). Getting started with data governance. Retrieved from http://public.dhe.ibm.com/software/data/sw-library/ii/whitepaper/LIW14003USEN.pdf
- Thomas, Gwen. (2012). Choosing governance models. Retrieved from http://www.datagovernance.com/gbg_governance_models.html