Once a rule is created or a data-related decision is made, the organization will be ready to act on it. Who should do what, and when? For activities that do not neatly map to departmental responsibilities, the Data Governance program may be expected to define accountabilities that can be baked into everyday processes and the organization’s software development life cycle (SDLC).
This is especially true of programs with a focus on compliance. Organizations sometimes struggle with assigning responsibilities for compliance activities. Why? First, because compliance – like governance – is generally a boundary-spanning initiative that requires cross-functional alignment. Second, many managers who are adept at planning for the management of their specific areas have less experience with the requirements that come with the Post-Compliance Paradigm.
This new paradigm says that, for efforts with a compliance requirement, the work is not finished until you
1) Do it
2) Control it
3) Document it
4) Prove compliance.
Individual managers are often not prepared to identify all the tasks and integration points for designing and implementing controls, documentation, and auditable proof of compliance. Indeed, in a compliance environment, individual managers may not be allowed to interpret requirements independently. Instead, companies often move to a model where a centralized group develops these requirements and then disseminates them to stakeholders. Sometimes, Data Governance is asked to assist with developing requirements and accountabilities for such data-related efforts.
Next: Component #6 – Controls