Defining the Role of Chief Data Officer (CDO): Process and Data Ownership
*Guest post by Barry Green, Chief Data Officer (Interim) at Bank of Ireland
Policy Next Steps
Many assume that the Chief Data Officer’s (CDO) policy and data management are relatively well understood. This broadly includes governance, quality and controls, modelling & architecture, usage & flows and key domains.
It is the ‘how’, which causes the issues. This includes ownership, which in my view is one of the most difficult aspects of execution. In most organizations accountability is often blurred; accountable and responsible definitions are ambiguous or enclosed within a “we are different” wrapper. This effectively leads to a situation in which no one can be held accountable.
Data ownership requires collaboration between everyone in an organization. Data ownership is a shared responsibility with no one individual, division or executive owning organization data. Data ownership will also change as an organization matures. So where do you start and how do you assign ownership?
Firstly, there is no silver bullet; this difficult topic needs a pragmatic approach. The approach taken needs to align to levels that make sense in your organization. Start simple with no more than two issues being addressed, such as:
- Executive ownership
- Critical Data Element (‘CDE’) ownership
In this example, executive ownership is used to drive understanding and education. It is critical that each part of the organization’s key executives understand and help drive the broader data management change as needed, with ownership being a component. Policy is key to this process and is the anchor.
The identification of critical data elements is a progressive undertaking. To manage execution, use a risk-based approach. To ensure future capability of the organization, it is sound to start with activity that is starting or going to start. I call this ‘fix forward’. The ‘fix forward’ approach helps with risk prioritization. Remediation of old legacy issues can be risk-assessed and prioritized using governance.
It is also important to note that when looking at data, process also needs to be considered. Data and process are not mutually exclusive. An end-to-end understanding is critical to ensure balanced decisions are made in managing and controlling data and process. Process can be undertaken immediately as the organization matures — if process is clearly understood with data flows, and assignment can be undertaken when appropriate.
Roles and Responsibilities
The concept of ownership for data and process needs to be clearly defined. The table below outlines the various components of ownership using roles, with definitions for accountable, responsible, 100% committed and reasonable explained to provide full context.
The various activities undertaken in the production, consumption, and management of data through the data lifecycle (depicted in Figure 3) can be broadly defined in five key roles. These roles are defined below in Figure 2.
While the implementation of ownership will evolve, it is important to understand that all data-related roles need to collaborate to ensure data in the organization is managed efficiently and effectively.
Accountable & Responsible
Accountability and responsibility are compared to highlight how they should be used for the purpose of ownership.
The main difference between responsibility and accountability is that responsibility can be shared while accountability cannot. Being accountable not only means being responsible for something but also ultimately being answerable for your actions. Also, accountability is something you hold a person to only after a task is done or not done. Responsibility can be before and/or after a task.
Accountability and responsibility can be assigned using either a 100% committed basis or reasonable efforts basis (refer to Figure 1). these terms are defined below:
Performing a duty on a ‘100% committed’ basis is the onerous standard. If you are accountable or responsible for performing a duty on a ‘100% committed’ basis this means, everything that can be done should be done: but not to the point of acting in a manner that is not commercially efficient or effective. The phrase ‘no stone unturned’ exemplifies the ‘100% committed’ standard.
By contrast, “reasonable efforts” implies that what can be done should be done, in the context and purpose of the duty being performed, but without the responsible or accountable party needing to leave ‘no stone unturned’. ‘Reasonable efforts’ is a less onerous standard than 100% committed.
The Critical Data Element (CDE) ownership is where real ownership begins. The CDE owner should be defined in the Business Glossary and become a critical part of the on-going governance in maintaining the development and understanding of critical data and the context in which it is critical. To tackle the complexity of ownership it is suggested that as you begin to understand critical data (through process and data flow documentation) you develop simple rules signed off by the executive and use this as a basis for ownership. While it won’t completely avoid ambiguity, it provides a good place to start and a basis from which to develop CDE ownership in an organization.
CDE End-to-End Ownership
It is not practical for the CDE Owner to understand the detail of the full end to end process for a CDE. A CDE will likely be the result of various processes across various parts of the organization. However an understanding of the end-to-end process is a key part of developing sound data management, with the owner responsible on a reasonable basis for this process.
CDE Sub Process Owner
Where a CDE crosses several processes across an organization, the owner of these sub-processes is accountable on a ‘100% Committed’ basis. It is expected that the BAU activity covering these processes will have the necessary Risk Control Framework controls applied with appropriate ownership aligned.
Technical Producer (Custodian)
The organization’s technology should have owners of the various systems from a technical perspective. This means they maintain the accountability for ensuring the systems are current and working and support the organization’s business processes. In this role they are responsible for ensuring the system controls and systems are defined in line with business requirements on a ‘100% committed’ basis.
Data powers all business. All users of data are required to understand their responsibilities when using data to transaction process. They have a responsibility on a reasonable basis for ensuring their consumption of data is in line with organizational policies (data privacy, security, etc.).
The Chief Data Officer is accountable on a ‘100% committed’ basis for ensuring the organization has the right policy, strategy, and data standards for the organization to operate effectively. The scope is across the data lifecycle which is outlined below in Figure 3.