Growing grass in a can



Managing the demands of regulatory compliance

Legislation of recent years has put data governance firmly in the spotlight with the financial crisis, data protection and many publicised data failures driving this agenda.

Data governance defines the policies and identifies the people who govern the retention and disposition of corporate information. The legislation of recent years has put data governance firmly in the spotlight with Sarbanes-Oxley, sanctions screening, data protection and more driving regulators’ focus on the data management process and associated controls.

Good data governance is about more than just regulatory compliance however. Establishing clear accountability and ownership is vital to engender a culture of trust and confidence in the data that supports operational and management information requirements - people, processes and technology must be orchestrated in order to achieve this and enable an organisation to leverage data across the enterprise.

The challenge

Good data governance practices allow companies to:

  • Comply with legislation such as the Data Protection, Sarbanes Oxley, sanctions screening and so on.
  • Demonstrate control over data to regulators.
  • Determine and apply company-wide standards to ensure data is fit for purpose.
  • Manage the storage and security of data, including customer or market sensitive data.
  • Provide reassurance to customers, stakeholders and shareholders over the safety of their personal data.
  • Enable managers to run the business rather than spend time reconciling and checking reports.

Good data governance arrangements are aligned with good risk management practices and should be an integral part of corporate governance. The two industry standard methodologies used to deliver data governance are COBIT and COSO.

To deliver a successful approach to data governance, organisations should ensure that:

  • There is a clear delineation of ownership of data. This extends to both process ownership and physical ownership
  • Distinct roles and responsibilities are created. There must be persons and bodies charged with the management of governance within the organisation
  • There is clear support from the business for the roles and responsibilities of these bodies and persons
  • KPIs are well-defined, analysed and maintained

Deloitte’s data management team includes regulation subject matter experts to help our clients understand what data governance is expected, which methodology is most appropriate and how business objectives can be achieved.

How we can help you