Data Synchronization, Sarbanes-Oxley, HIPAA, the Patriot Act and other mandates are starting to take their toll as businesses try to comply with the diverse and often confusing requirements. This is especially true when companies try to tackle each of these mandates as a one-off, individual requirement. The April 4, 2005 edition of InfoWorld (page 42) warns of “…nonbudgeted expenses, steep learning curves, and plenty of gotchas” waiting for companies as they struggle to comply. However, when an organization steps back and takes a long look at the intentions of all of these mandates, certain similarities become obvious and a path becomes evident.
Perhaps the most important similarity is the need for proper data stewardship. Each of these mandates holds a business accountable for guaranteeing accurate data. Such requirements demand assigning ownership of, limiting access to, and enforcing accountability for data on an enterprise-wide basis.
If a company addresses such tasks individually, duplication of effort becomes overly burdensome. However, when implemented in a holistic way that addresses all corporate data, not just certain silos, the challenge of managing data becomes less burdensome as data stewardship becomes the corporate norm rather than the exception.
Data Stewardship is an ongoing data management program that includes cross functional rules and metrics for enterprise-wide ownership and accountability for accurate and timely data.
The benefits of this are significant. Manufacturers that embraced data synchronization early on and took to heart the need to make sure internal data was accurate before sharing it with their retail partners have found that the value of the internal data stewardship has been significant. Their businesses have become more efficient with the reduction in duplicate manual data entry, an increase in using the right data for tactical and strategic purposes, and an elimination of many internal errors and problems. More importantly, the cost reductions and revenue benefits associated with cleaning up their internal systems and processes have more than paid for the efforts involved.
So what are some of the aspects of a data stewardship program? A data stewardship program will consist of some, if not all of the following: internal data synchronization or enterprise application integration, workflow, security applications, business rules engines, and audit and control capabilities. However, before any of these aspects can be put in place, a thorough analysis of the organization’s data and data repositories needs to be accomplished.
Companies need to identify all of the instances of their business data. Most companies have more than one instance of each data element somewhere in their systems. Some might have a dozen or more. And some instances fly under the radar. Workgroup databases, Excel spreadsheets and other localized repositories might be home to primary or secondary instances of business data. If a localized instance includes confidential patient information, a healthcare company might find itself in violation of the HIPAA standards. Thus, a thorough review of all instances of data is imperative.
Each data element needs to be identified and then the appropriate system of record decided for that element. A system of record is the only place you will enter or modify that data element manually and it will be considered the primary instance of that data on an enterprise-wide basis. It will also be the primary location that a corporate audit will consider when reviewing your data.
All other instances of that same data element will be considered a secondary instance and should be fed automatically, through internal synchronization, from the primary instance. Different systems may serve as systems of record for different data elements. Also, points of origin and destination – both internal and external to the enterprise – need to be identified in appropriate data and process flows in order to appropriately understand and implement the steps below.
Once the data elements are identified, the systems of record are chosen, and data flows defined, ownership of the data elements needs to be assigned. Ownership includes who has the rights to enter, change or view the data, and appropriate steps need to be put in place to enforce those rights – and obligations. Absence of data is often as bad as having the wrong data, so tools, such as workflow, need to be used to make sure data elements are entered in a timely fashion as well. And of course these rules and methodologies need to be documented and all affected staff members need to be thoroughly trained.
It is important to know, though, that each company will have their own hurdles, requirements and processes to go through to gain and maintain compliance. Thus, no off-the-shelf software by itself will handle all the requirements for any of these mandates. In fact, many companies may have most of the tools they need already – they just need to use them right. Engaging the right advisors can help make the difference between struggling and success in assessing your situation and utilizing existing resources.
It is also important to note that some mandates are left up to each company to interpret in terms of what they need to do to comply. In a December 6, 2004 article in SearchCIO.com, David Foote writes regarding Sarbanes-Oxley, that the “Definition of internal controls will continue to expand, increasing complexity.” David rightly recognizes that we are in the early phases of compliance for these mandates and that, at least for Sarbanes-Oxley, companies will uncover an ever growing list of functional and technical areas they will need to address in order to remain compliant. Because of this, a comprehensive, enterprise-wide approach must be implemented. Implementation through disciplined, incremental phases is called for as companies will learn from each iterative step.
The picture that emerges with an ongoing data stewardship program is one where all the corporate data is accurate and up-to-date in each enterprise-wide system. Rogue data repositories are reduced or eliminated through careful training, auditing and rules enforcement. Business processes work more efficiently, employees can rely on the data they use to make important business decisions, and the organization and its leaders know with confidence that the information they are sharing – whether with their trading partners or with the government is accurate and something they can certify. This is especially important when CEOs and CFOs must sign-off on corporate financial filings.
Bryan Larkin is the Vice President of Technology Strategies for The Kodiak Group, a professional services firm providing eCommerce education, managed services, strategic consulting, and solutions implementation services to Global 2000 companies and their trading partners. Bryan can be reached at: email@example.com.