Defining a Data Strategy
The Business Strategy
All serious businesses will have developed a ‘vision statement’ and a ‘mission statement’, and from these developed a set of high-level objectives for all areas of the business, which are then translated into more detailed short-term plans. But there remains a large number of companies that have no data management function, and therefore data management is given little or no consideration in strategic planning. Even when a Chief Data Office (CDO) and data management function has been established, it cannot be fully effective in the absence of a coherent strategy. Organising, governing, analysing and deploying an organisation’s information assets are vital and without such strategic management many companies will struggle to protect and leverage their data.
Of course, before deciding where you’re heading, you have to know where you are right now. To ‘gather the facts’ in this current state assessment, companies have traditionally made use of such techniques as SWOT (Strengths, Weaknesses, Opportunities and Threats) analysis for internal strengths and weaknesses, and PESTLE (Political, Economic, Social, Technological, Legal and Environmental) for external factors. But these techniques are not optimal for understanding a company’s level of data maturity. Databilities has developed an assessment questionnaire which will help to analyse the organisation’s current state of maturity against the Data Maturity Model (DMM) frame of reference (Databilities Data Maturity Model).
Performance Management
It is also vital to continually review all objectives and plans to make sure you’re still on track to achieve the overall goal. Managing and monitoring a whole strategy is a complex task. Whilst developing the data strategy, it helps to define an operational framework for instituting best practices (in the context of a level of maturity) and lay out the roadmap to address the challenges and achieve the benefits. This framework also becomes the opportunity to apply industry best practices and combine those with quality disciplines from other industrial domains (e.g., manufacturing, software development, or service industries).
Knowing where your data is, content and sensitivity, is absolutely vital as first line of defence in the prevention of data loss through hacking, which of course would lead to reputational and possibly financial loss. Businesses will have to ensure that they have clarity and a plan on how to recognise and protect their data via an overall data strategy.
A Data Management Programme
Although there are clear benefits to an organisational data management programme, the need to coordinate the efforts of different personalities in the organisation means that there are bound to be conflicts that will arise among participants as the programme evolves. Any framework must be designed to meet the needs of the organisation without overwhelming people.
It is a formidable challenge to establish the appropriate level of data maturity to meet the needs of the diversity of participants, regulatory bodies, policy makers, and information clients when coupled with the different technologies and practices already in place.
To address these, a data management strategy requires governance, policies, practices, technology, and operational solutions that are all-encompassing yet present themselves to all participants as pragmatic and practical.
This will require trade-offs between control over the data and the flexibility of its use.
Offence Vs. Defence
In the May-June 2017 issues of the Harvard Business Review, Leandro DalleMule and Thomas H. Davenport explore the concept of “defensive” and “offensive” uses of data in an article titled “What’s Your Data Strategy”.
Most literature on enterprise data management is focused on defensive aspects. Areas which minimise risk such as compliance with regulations (rules governing data privacy and integrity of financial reporting), accurate customer data capture and ongoing reviews (KYC and CDD), using data analytics to detect and prevent money laundering and terrorist financing, building systems which prevent theft, etc. There is also considerable focus on ensuring the integrity of the data flowing through internal systems by identifying golden sources or Single Sources of the Truth (SSOT), implementing data quality monitoring, data reconciliations, data controls, defining minimum data quality standards, and policies to manage compliance with these standards.
There is a huge amount to be gained through improved efficiencies by having SSOT. For example by not having to develop and populate multiple data stores for different functions/systems. This ultimately enables cheaper technologies and improvement in the agility of the organisation to flex should market, environment or financial forces change. This results in significant savings and a real return on investment.
Many of the business objectives that will have appealed to the key stakeholders in the business case will have been those that deliver the more tangible, opportunistic benefits, such as increasing revenue, reducing cost, customer satisfaction, broadening the customer base, increasing the share of wealth and so on. In other words, activities that generate actionable insights and support managerial decision making, and these are typically supported by the more exciting “offensive” aspects of data management such as data analytics, modeling, and interactive dashboards.
It is worth noting a distinction between data and information. Information can be viewed as “data endowed with relevance and purpose”. Data architecture describes how data is collected, stored, transformed, distributed and consumed, and the rules that govern the structure and usage of that data. Whereas information architecture governs the processes and rules that convert data into useful information. A useful distinction to make at this stage might also be to say that ‘data’ should typically originate from a single source of truth (SSOT), whereas ‘information’ might be sourced from multiple versions of the truth (MVOTs). (This will be covered in more detail in a future Databilities article on Data and Information Architecture)
How much effort is focussed on each, defensive versus offensive, will very much depend on the type of business – but for law firms there should arguably be equal emphasis on both, due to the nature of the business i.e. customer sensitive data versus the utility of publicly available corporate data. Regulatory compliance versus intense industry competitiveness.
Standardising data and keeping it flexible are not necessarily mutually exclusive, but any framework implemented needs to represent the right balance between these two in support of the company’s overall strategy. To determine a company’s current and desired position the CDO must consider the overall strategy, its regulatory environment, the data capabilities of its competitors, the maturity of its data management practices, and the size of its data budget.
And regardless of the industry a company is in, its strategic position is rarely static and will react to both internal and external actors. For example, as an organisation’s defensive capability matures, they may decide to switch emphasis to a more offensive stance now that they have confidence in complying with regulatory requirements and standards.
Consider how data strategy shifted at HSBC. In 2012 the bank entered into a Deferred Prosecution Agreement (DPA) with the US Department of Justice (DoJ) and were required to globally standardise their Compliance data management practices within 5 years, or face severe penalties, including the loss of their US banking license and custodial sentences for senior management. In 2017 HSBC satisfied the US DoJ that they had met an acceptable standard and were released from the DPA. They are now free to focus more fully on more offensive strategies such as advanced data modelling and data science work.
How a company’s data strategy changes in direction and velocity will be a function of its overall strategy, culture, competition, market and regulation.
Organising Data Management
As with most organisational design, data management functions can be built centrally or can be decentralised by function or business unit. A centralised approach lends itself more readily to a more defensive strategy, with a single accountable CDO ensuring that policies, governance and standards are applied consistently. A decentralised approach, with a CDO for each business unit and function, allows for more flexibility and agility in data reporting and analytics. Although such a role might report directly to their business, they should also have a dotted line into an enterprise CDO which helps prevent the development of data silos and ensures best practices are shared and standards followed.
In addition, it is also important to consider funding and the likelihood of obtaining it. A centralised approach will call for greater funding than a decentralised one, and will likely be more focused on defensive measures, the benefits might be less obvious and tangible to the key stakeholders. Whereas a decentralised approach benefits from a more offensive focus, being closer to the business users and will have a more tangible ROI.
In Summary
Data was once critical to only a few back-office processes, such as payroll and accounting. Today it is central to any business, and the importance of managing it strategically is only growing. Companies that have not yet built a data strategy and a strong data-management function need to catch up very fast or start planning for their exit.
This article was written and edited by Chris Wotton, Brian Jones and Paul Caden at Databilities.
Other credits:
1. What’s Your Data Strategy – Leandro DalleMule and Thomas H. Davenport (2017)
2. Special thanks to Heather Webster for additional input and valuable insights
For more information please contact Databilities
Email: info@databilities.co.uk
Web: https://databilities.co.uk
For more articles in the Databilities ‘It’s all in the data…” series follow us on LinkedIn