Information Governance: Roles, Responsibilities, and Key Processes

Information governance is a program that implements decision rights and support mechanisms to ensure enterprise information accuracy, completeness, consistency, accessibility, and security. To maintain governance, several roles must be defined and established within the business rather than IT; these roles may exist separately or be combined, especially in smaller organizations, and embedding them in daily business operations is essential for adopting enterprise information management.

Three Key Roles

Data Governance Committee

Data Steward

Data Custodian

At the highest level, the governance committee creates policies, the steward enforces policies/rules, and the custodian handles all execution activities that cause data changes in company systems.

Information governance must include an organizational component that focuses on overall data quality assessment and improvement, reflecting individual responsibility for data quality assurance. It also addresses data retention/disposal, security, privacy, and standards. An organization’s information governance plan can cover all these aspects or a subset; many start with data quality.

Typically, the data governance committee defines the scope—what aspects of information governance and which data assets will be handled. The committee consists of business‑side stakeholders from across the organization, each sharing decision rights on policy and scope. The IT organization often facilitates interaction and provides input on technical opportunities and impacts. The committee agrees on a charter and specific information‑management policies, which become the data steward’s responsibilities.

Organizations may focus on data quality, master‑data consistency, or start with “dynamic” data. The location of data (on‑premise or cloud) is irrelevant; the principles of data governance and management remain consistent.

Primary Responsibilities of Data Stewards

Assess the current state of data fidelity, security, privacy, and retention within their scope.

Execute activities to achieve data fidelity improvement goals and comply with all other data‑governance policies.

Identify the best approaches to resolve data‑quality or consistency issues to meet objectives.

Work within and beyond their direct domain to implement changes that support data‑governance policy adoption.

Monitor and track ongoing data fidelity levels (e.g., quality and consistency) and other metrics to evaluate compliance with data‑governance strategies.

Report to the data governance committee when cross‑domain or cross‑functional data stewardship is needed, acting individually or as a team of stewards.

Key Procedures and Processes in Information Governance

Determine data‑governance metrics and conduct audits to benchmark data quality, retention, security, and their impact on expected business outcomes.

Regularly publish data‑governance metrics through standard reporting mechanisms (e.g., data‑quality scorecards or dashboards).

Collaborate with business leadership (key business managers, department heads, executive teams) to quantify and articulate the business impact of policy violations.

Report on policies agreed and signed by the data governance committee and support their execution.

Follow prescribed data‑fidelity methods to execute data‑quality improvement projects.

Actively participate in the design and deployment of application and data‑integration processes to ensure standards and controls, guaranteeing high‑quality data according to governance policies.

Promote successes, preferably in quantifiable business‑benefit terms, to further engage participants at all organizational levels.

Relationship Between Information Governance, Corporate Governance, and IT Governance

The overall goal of good governance is to increase the speed and effectiveness of decision‑making and processes, maximize the value created from information, and reduce organizational cost and risk. Information governance is a subset of corporate governance, not merely a part of IT governance, because viewing it solely as IT responsibility limits accountability. While some information is indeed the responsibility of the IT department, much is not, and direct participation in information governance is necessary to achieve the intended goals.

Figure 1 illustrates the relationship among corporate governance, information governance, and business planning.

Figure 1

Governance Decisions

Effective governance narrows focus to aspects of risk, efficiency, or value that matter to the business. A successful Enterprise Information Management (EIM) project identifies the most valuable information and concentrates on it rather than attempting to control everything, which is impossible.

Figure 2 describes the components of information governance from a business‑decision perspective.

Figure 2

All organizations, regardless of size, have a massive potential information space to manage. Focusing is essential for progress. Selecting focus areas helps limit project scope to a manageable size. Typical focus areas include:

Business strategy and alignment – ensuring overall consistency of business and information goals, prioritization, and conflict resolution.

IT architecture, standards, and integration – covering information, metadata, storage, transmission, and system standards.

Data or information quality – standards, measurement, and maintenance of data quality.

Data or information access – sources, access rights, permissions, and usage.

Reporting – regular assessment of the availability and quality of information sources for business decisions.

Security and privacy – planning, controls, and response to security and privacy requirements.

Legal and regulatory compliance – planning, controls, and response to information risk factors, as well as legal and regulatory requirements for data retention and disposal.

It is important to note that some focus areas are best addressed by business lines—quality is a good example, as is privacy. Treating these areas solely as IT concerns reduces business involvement and hampers governance success. In many cases, focus areas require a combination of business and IT expertise; security is a prime example where the enterprise must identify risks but also implement controls.

Source: http://jiagoushi.pro/node/1059

Discussion: Join the Knowledge Planet "Chief Architect Circle" or the editor’s account "jiagoushi_pro" for further conversation.