I thought this was an extremely interesting way of getting data governance accepted into an organisation. It is a low cost, light touch approach that will deliver benefits, and can be extended when the organisation has brought into the data governance vision. Governance of any kind is alwasy a tough sell!
There is growing agreement on the need for data governance, but I find that enterprises are often ambivalent about actually implementing it. The recognition of the need for governance is counterbalanced by a worry that a vast amount of bureaucracy will have to be set up, and that this bureaucracy will be unjustifiably expensive, inefficient, and might not deliver any results. The latter point seems to be particularly worrying. Most, if not all, of the large financial sector companies that are now in trouble apparently had robust and well-funded GRC (governance, risk, and compliance) functions. Something evidently went very wrong across a wide spectrum of these enterprises. What guarantee, therefore, is there that an essentially similar approach for data governance could do any better?
What are Principles?
One way that I believe we can overcome these twin objections of inefficiency and ineffectiveness is to take a principles-based approach to data governance. Before looking at how such an approach can be implemented, it is first necessary to come to grips with what principles really are, and that involves a small digression.
“Principles” is a word that is thrown around a lot, and is used to mean all sorts of different things, such as laws of the universe or moral commandments. However, in the sense used here, it means what the metaphysicians call “absolute presuppositions.” Metaphysics (also known as ontology) is the science of being. It is not held in high regard today, for a variety of reasons, but has a valuable corpus of work that can be drawn on. According to metaphysics, an “absolute presupposition” is a proposition that cannot be further analyzed – it can only be accepted by an individual as true or false. This key insight is followed by a second, which is that all of us operate within a framework of absolute presuppositions, and that one of the jobs of metaphysics is (or was when it was an active area of study) to precisely identify what these are in every area of human activity. This is because it is very rare for the absolute presuppositions to be formally stated. Strangely, people can behave in certain ways without knowing why they are doing so.
Even so, some principles are well known. Take, for instance, the following propositions from the U.S. Declaration of Independence:
All men are endowed by their Creator with an unalienable Right to Life
The first is a direct quote; the second is a specific formulation from the enumeration of certain rights. The text that precedes them says:
What this means is not to say that we are not going to allow debate on the principles, but rather it recognizes that we have reached a boundary beyond which no further analysis is actually possible. Each of us has to either accept or reject the principles – there is no higher framework within which these propositions are located that allows us to deduce or induce if they are true or not. Intuitively, we know this is the case. Many of us have tried to argue over an absolute proposition only to feel frustrated that we cannot “prove” to someone else that it is true or false. We should not blame ourselves – it simply cannot be done.
Principles versus Rules
Returning from our digression, we can now look a little more deeply at the challenges of data governance. It seems to me we have two major options in approaching data governance, which is to make it principles-based or rules-based. These two options are not fully mutually exclusive, but they are distinct. They can be basically understood as follows.
A principles-based governance approach will clearly articulate the principles an enterprise adopts for data governance. It will ensure that all stakeholders understand, adopt, and practice these principles.
By contrast, a rules-based governance approach will attempt to formulate policies. For each policy, a set of rules will then be designed and implemented. It is expected that all stakeholders will understand the rules and obey them.
Those who advocate the rules-based approach will probably object if told that their policies are in fact based on principles. Perhaps this is true in some cases, but my experience is that the “principles” are never articulated. By contrast, those who advocate the principles-based approach sometimes seem to think that simply stating the principles is all the work they need to do. There is a lot more, and business processes and infrastructure need to be developed to support a principles-based approach, just as much as for a rules-based approach. Stakeholders need help in getting things done, and the rules-based approach at least tries to incorporate such support. A principles-based approach should not be an excuse for abandoning such efforts.
It is important to understand how data governance programs will run, depending on whether they are principles-based or rules-based. A principles-based governance program essentially empowers the individual, and emphasizes individual responsibility. It asks individuals to think hard about what they are doing in every situation and make a best effort to apply the principles they have assented to.
A rules-based approach assumes that every situation can be foreseen in advance, and the individual can be supplied with a set of precise instructions on how to react to each situation to produce an outcome that the enterprise has also specified.
Which is Better?
I would submit that the rules-based approach has distinct limitations. It is definitely good in certain situations where high levels of discipline are essential. Legislatures, armies, prisons, and the like need rules, but these are hardly similar to data management environments. We all know that it is possible to fully obey rules and produce perverse outcomes. We have seen the result in our economy of mortgage brokers, rating agencies, securitizers, bankers, and regulators doing precisely that. Furthermore, it is not possible to foresee every situation in advance and devise rules for it. Data is almost unique in being an abstract thing that represents something else. It can be distorted in an infinite number of ways, which, even if they could be thought of in advance, are so intertwined with other considerations that it would be impossible to figure out how to manage them by sets of rules. Attempting to do so would be so resource-consumptive that the task could never be fully completed.
The principles-based approach has a limitation in that individuals must agree with the principles. They cannot simply say that they agree but work in practice to a different set of covert principles. If this difficulty can be overcome, then the same human ingenuity that can be used to circumvent pre-specified rules can be used to find ways to adhere to principles of data governance in unusual and difficult circumstances. Nobody gets any real satisfaction in knowing they are following rules; but people can be genuinely delighted when they know they have used their initiative to apply shared principles they believe in.
We often talk about different “cultures” of an organization and try to form descriptions of them. I believe that it is better (although more difficult) to formalize the set of data governance principles under which an enterprise operates. There is no escaping such a set of principles, and we can be absolutely certain one exists in every enterprise. We may discover existing principles such as:
No software acquisition involves conforming to an enterprise architecture
No analysis artifact is updated after a project ends
A principles-based data governance approach will seek to replace poor existing principles with better ones and empower stakeholders to implement them without prescribing how it should be done. This will avoid creating a bureaucratic overhead and will give the enterprise a reasonable way to implement effective data governance.
Malcolm Chisholm, Ph.D., has over 25 years of experience in enterprise information management and has worked in a wide range of sectors. He specializes in setting up and developing enterprise information management units, master data management and business rules. Malcolm has authored two books: Managing Reference Data in Enterprise Databases (Morgan Kaufmann, 2000) and How to Build a Business Rules Engine (Morgan Kaufmann, 2003). He can be contacted at firstname.lastname@example.org.