Information Governance: Setting and Enforcing your Data Policy Decisions

Matthew Wagnon, Senior Product Manager at BackOffice Associates, answers readers’ questions on setting and enforcing data policy decisions and discusses why this is critical for your business. Read the transcript to learn about:

• What the initial design and best practices architecture for information governance looks like, and what it will take to establish
• How policy execution works
• How to leverage governance to increase your data quality and Master Data problems.
• Factors to consider when choosing an enforcement option, such as integration across domains and cloud implementations
• How data governance can help you with upcoming regulations (i.e. GDPR, IDMP)
• Building a business case for governance

Meet the panelist:  W. Matthew Wagnon, Senior Product Manager, BackOffice Associates
As a Senior Product Manager, Matthew is responsible for the vision and roadmap of the BackOffice product suite with a special focus on MDM and Data Governance. As a Product Manager, Matthew is or has been at any point in time responsible for the roadmap and vision of our entire product suite.

Scott Priest:

Welcome to SAPinsider’s live Q&A on information governance! I’m Scott Priest and I’ll be moderating today’s Q&A.

Scott Priest:

Joining us is Matthew Wagnon, Senior Product Manager at BackOffice Associates. Matthew is responsible for the vision and roadmap of the BackOffice product suite, with a special focus on MDM and Data Governance. Welcome, Matthew!

Matt Wagnon:

Hi everyone! Looking forward to your questions.

Comment from Michael LaMendola:

What is your preferred strategy for integrating risk levels, after you have identified them, into your Data Policy?

Matt Wagnon:

Thanks for the question Michael. To clarify, are we talking risk in not having policies identified or risk in the violation of particular Data Policy?

Comment from Michael LaMendola:

That would be the risk inherent in each violation. The risk of no policy would have to have been answered before reaching this question. Thank you.

Matt Wagnon:

I like to associate the risks inherent in each violation to primarily one or two things. The first is to tie a cost to a violation. Money talks. A violation could mean regulatory fines (hard cost) or it could mean time and money spent on resources, and time identifying a route cause, analyzing the data and remediating that data.

Second, it’s important to know the downstream implication of a violation and how critical that is. Does this erroneous data cause any Business Process interruption (i.e., Shipping Product, paying a vendor, moving inventory, costing a material, etc.)?

Comment from Michael LaMendola:

Thanks again, Matt. The reason for my question is that I generally need to present at a high level, with a breakdown by request. I’ve used “risk-chain analysis” (a.k.a. “the domino effect”) and the hierarchy method, presenting a risk or collection of risks in pyramidal form.

Matt Wagnon:

Thanks again for the question Michael. (I would love to see one of those high-level presentations as part of my market research.) Showing how a violation could start a chain reaction of negative events can be very valuable, especially if you are able to tie it to management and executives not meeting their strategic goals for the year.

Comment from Roberto Castaneda:

What tools/solutions are available to quantify (cost, waste, rework, time, etc.)  and the impact of bad master data in the Req-To-Pay process?

Matt Wagnon:

Gartner has a market guide for Information Stewardship and a magic quadrant for Data Quality, and a Forrester has a Wave for both Data Quality and Governance 2.0.

These analyst firms, while they don’t know everything each tool can do, can help guide you in your search for tools.

As the Product Manager for one of the vendors that you will find on these guides, I can best speak about our own products and how they can help you quantify the impact of poor master data.

SAP has a tool called Information Steward, and BackOffice Associates has an accelerator, sold by SAP, called the Information Steward Accelerator. We also have another product in our Data Governance product suite that can help you monitor your bad data, how frequently it gets created, and guide you on how to tie a cost to that data, and help make decisions on which data domain an Active Data Governance solution or MDM solution would provide the most impact from an ROI and business-value perspective.

Comment from Jaydeepsinh Rathore:

What are the SAP guidelines for implementing SAP HANA security when SAP BO is used to fetch data from SAP HANA?

Matt Wagnon:

Hi Jaydeepsinh. Unfortunately I am not the SAP HANA expert in my organization, but I can connect you with him if you would like. Please send your contact information to mattwagnon@boaweb.com. 

Comment from Jim:

We are supporting a global system with data in multiple languages. Do you have any suggestions or pointers on best practices in governing data where it is not all in English (it could be Chinese, Arabic, Greek, Russian, etc.)

Matt Wagnon:

I have done implementations around the world and I’d like to understand more about your problems and current challenges related to multiple languages in order to focus my answer on that. I could go in many directions . . . .

Comment from Jim:

In our Global Data Standard and SOP we have rules, for example, to use legal entity names. But we also need to avoid potential duplicate records to avoid potential duplicate payments. Aside from a direct match of a name, do other companies use fuzzy logic that works in different character sets (Chinese [traditional/simplified]), Japanese (Katakana, Kanji, etc.), Cyrillic, Greek, Arabic, Korean, etc.?

Matt Wagnon:

Yes, fuzzy logic works well as long as you are in the same language. That is a challenge indeed. In the organizations where we were successful with multiple languages, we set up global standards and regional standards where languages were prioritized, and the company required a translation to be entered in the specific languages that were sponsored by the organization. As one example, in Brazil, we had to have a translation for English, Portuguese, and Spanish for all config, all material descriptions, etc.

This is overhead, but it will support fuzzy logic and prevent duplicaitons. So, we would monitor what data didn’t meet our translation standards, find it nightly, and workflow it to the owners of that language to provide the translation (it would also call the Bing or Google translate API to suggest a translations where it would then get approved or manually edited to something more fitting in case something is lost in translation).

This is very difficult problem to solve indeed, Jim.

Comment from Pragna:

I would like to know, what is the best practice in establishing master data governance policies and procedures? What are some options to consider in establishing a data governance team? Which data takes precedence (priority)—material master, customer master, or vendor master?

Matt Wagnon:

Hi Pragna, thanks for the question. First and foremost, approach this program with an open mind. There may be a lot of noisemakers in the organization claiming that the master data in a one area is extremely poor. Make informed decisions driven by data and facts. I would start with profiling all master data and, in parallel, identify who from each master data domain should be involved in the creation and approval of all policies related to that data. Once profiled, you will learn a lot about that data, and what policies are being followed and which are not.

Step 2. Put in what we call a passive-data-governance approach, which is far less costly and can show far more value in just a few weeks. Assign an owner (hopefully, someone from the business) to each policy, and monitor the data quality scores. In addition, send out this report as frequently as necessary and provide a method to remediate, whether automated in a tool or with manual data cleansing.

Once your data quality is up to acceptable thresholds, you will then begin to see which areas are deteriorating more rapidly than the others.

You may find that passive-data governance was cheap and got vendor master to five Sigma levels of DQ. But Materials is a mess and there are constant process and policy violations. DQ levels deteriorate so much that it makes sense to implement a more active approach, where the data is collected and validated prior to entry into your Enterprise Architecture.

Comment from Karl:

What are your best practices for where to start when it comes to, specifically, data quality?

Matt Wagnon:

Hi Karl, I went into a little detail in Pragna’s question about this (see above, earlier in the transcript).

Make data-informed decisions and avoid the noise factor from the organization. It’s very easy to get caught up in silencing the noise. While delivering progress to your organization is important and meeting your stakeholders’ needs is as well, you may very well miss an even larger value-add opportunity without making well-informed decisions.

In a perfect world, I would start by defining a vision and strategy for achieving that vision. This means having clear achievable goals, a set timeframe, and metrics to measure success or failure. An example goal for data quality could be a Sigma level.

In parallel, define the scope, which data domains, which types of data are in that domain, etc. Then define what those are in a Business Glossary.

Profile your data and build a repository for all your policies around that data and the rules that enforce them.

Then monitor and score those policies to get a baseline to be able to compare your progress (hopefully) to where you started.

And, finally, have clearly defined business owners for that data, and a business-user-friendly process for remediating that data or automating it if possible (no approvals required, business logic exists).

Comment from Bill:

Should I focus on just master data or should my scope go beyond?

Matt Wagnon:

Do not get stuck in the trap of focusing on just master data. While master data is important and transactions are reliant on it, there are many ancillary data objects that transactions and master data depend on in order to successfully process. You should also think a lot about metadata and all the systems and data sets that your organization has. Do you even know where it all exists? Who is using it? Who should or shouldn’t have access to it? What systems do you engage with your customers in, and what can you learn from that data? And, finally, do you understand how Data Governance can help your data scientists and analytics to give you a competitive advantage in the market place?

Matthew Wagnon, Senior Product Manager at BackOffice Associates, answers readers’ questions on setting and enforcing data policy decisions and discusses why this is critical for your business. Read the transcript to learn about:

• What the initial design and best practices architecture for information governance looks like, and what it will take to establish
• How policy execution works
• How to leverage governance to increase your data quality and Master Data problems.
• Factors to consider when choosing an enforcement option, such as integration across domains and cloud implementations
• How data governance can help you with upcoming regulations (i.e. GDPR, IDMP)
• Building a business case for governance

Meet the panelist: 

W. Matthew Wagnon, Senior Product Manager, BackOffice Associates
As a Senior Product Manager, Matthew is responsible for the vision and roadmap of the BackOffice product suite with a special focus on MDM and Data Governance. As a Product Manager, Matthew is or has been at any point in time responsible for the roadmap and vision of our entire product suite.

Scott Priest:

Welcome to SAPinsider’s live Q&A on information governance! I’m Scott Priest and I’ll be moderating today’s Q&A.

Scott Priest:

Joining us is Matthew Wagnon, Senior Product Manager at BackOffice Associates. Matthew is responsible for the vision and roadmap of the BackOffice product suite, with a special focus on MDM and Data Governance. Welcome, Matthew!

Matt Wagnon:

Hi everyone! Looking forward to your questions.

Comment from Michael LaMendola:

What is your preferred strategy for integrating risk levels, after you have identified them, into your Data Policy?

Matt Wagnon:

Thanks for the question Michael. To clarify, are we talking risk in not having policies identified or risk in the violation of particular Data Policy?

Comment from Michael LaMendola:

That would be the risk inherent in each violation. The risk of no policy would have to have been answered before reaching this question. Thank you.

Matt Wagnon:

I like to associate the risks inherent in each violation to primarily one or two things. The first is to tie a cost to a violation. Money talks. A violation could mean regulatory fines (hard cost) or it could mean time and money spent on resources, and time identifying a route cause, analyzing the data and remediating that data.

Second, it’s important to know the downstream implication of a violation and how critical that is. Does this erroneous data cause any Business Process interruption (i.e., Shipping Product, paying a vendor, moving inventory, costing a material, etc.)?

Comment from Michael LaMendola:

Thanks again, Matt. The reason for my question is that I generally need to present at a high level, with a breakdown by request. I’ve used “risk-chain analysis” (a.k.a. “the domino effect”) and the hierarchy method, presenting a risk or collection of risks in pyramidal form.

Matt Wagnon:

Thanks again for the question Michael. (I would love to see one of those high-level presentations as part of my market research.) Showing how a violation could start a chain reaction of negative events can be very valuable, especially if you are able to tie it to management and executives not meeting their strategic goals for the year.

Comment from Roberto Castaneda:

What tools/solutions are available to quantify (cost, waste, rework, time, etc.)  and the impact of bad master data in the Req-To-Pay process?

Matt Wagnon:

Gartner has a market guide for Information Stewardship and a magic quadrant for Data Quality, and a Forrester has a Wave for both Data Quality and Governance 2.0.

These analyst firms, while they don’t know everything each tool can do, can help guide you in your search for tools.

As the Product Manager for one of the vendors that you will find on these guides, I can best speak about our own products and how they can help you quantify the impact of poor master data.

SAP has a tool called Information Steward, and BackOffice Associates has an accelerator, sold by SAP, called the Information Steward Accelerator. We also have another product in our Data Governance product suite that can help you monitor your bad data, how frequently it gets created, and guide you on how to tie a cost to that data, and help make decisions on which data domain an Active Data Governance solution or MDM solution would provide the most impact from an ROI and business-value perspective.

Comment from Jaydeepsinh Rathore:

What are the SAP guidelines for implementing SAP HANA security when SAP BO is used to fetch data from SAP HANA?

Matt Wagnon:

Hi Jaydeepsinh. Unfortunately I am not the SAP HANA expert in my organization, but I can connect you with him if you would like. Please send your contact information to mattwagnon@boaweb.com. 

Comment from Jim:

We are supporting a global system with data in multiple languages. Do you have any suggestions or pointers on best practices in governing data where it is not all in English (it could be Chinese, Arabic, Greek, Russian, etc.)

Matt Wagnon:

I have done implementations around the world and I’d like to understand more about your problems and current challenges related to multiple languages in order to focus my answer on that. I could go in many directions . . . .

Comment from Jim:

In our Global Data Standard and SOP we have rules, for example, to use legal entity names. But we also need to avoid potential duplicate records to avoid potential duplicate payments. Aside from a direct match of a name, do other companies use fuzzy logic that works in different character sets (Chinese [traditional/simplified]), Japanese (Katakana, Kanji, etc.), Cyrillic, Greek, Arabic, Korean, etc.?

Matt Wagnon:

Yes, fuzzy logic works well as long as you are in the same language. That is a challenge indeed. In the organizations where we were successful with multiple languages, we set up global standards and regional standards where languages were prioritized, and the company required a translation to be entered in the specific languages that were sponsored by the organization. As one example, in Brazil, we had to have a translation for English, Portuguese, and Spanish for all config, all material descriptions, etc.

This is overhead, but it will support fuzzy logic and prevent duplicaitons. So, we would monitor what data didn’t meet our translation standards, find it nightly, and workflow it to the owners of that language to provide the translation (it would also call the Bing or Google translate API to suggest a translations where it would then get approved or manually edited to something more fitting in case something is lost in translation).

This is very difficult problem to solve indeed, Jim.

Comment from Pragna:

I would like to know, what is the best practice in establishing master data governance policies and procedures? What are some options to consider in establishing a data governance team? Which data takes precedence (priority)—material master, customer master, or vendor master?

Matt Wagnon:

Hi Pragna, thanks for the question. First and foremost, approach this program with an open mind. There may be a lot of noisemakers in the organization claiming that the master data in a one area is extremely poor. Make informed decisions driven by data and facts. I would start with profiling all master data and, in parallel, identify who from each master data domain should be involved in the creation and approval of all policies related to that data. Once profiled, you will learn a lot about that data, and what policies are being followed and which are not.

Step 2. Put in what we call a passive-data-governance approach, which is far less costly and can show far more value in just a few weeks. Assign an owner (hopefully, someone from the business) to each policy, and monitor the data quality scores. In addition, send out this report as frequently as necessary and provide a method to remediate, whether automated in a tool or with manual data cleansing.

Once your data quality is up to acceptable thresholds, you will then begin to see which areas are deteriorating more rapidly than the others.

You may find that passive-data governance was cheap and got vendor master to five Sigma levels of DQ. But Materials is a mess and there are constant process and policy violations. DQ levels deteriorate so much that it makes sense to implement a more active approach, where the data is collected and validated prior to entry into your Enterprise Architecture.

Comment from Karl:

What are your best practices for where to start when it comes to, specifically, data quality?

Matt Wagnon:

Hi Karl, I went into a little detail in Pragna’s question about this (see above, earlier in the transcript).

Make data-informed decisions and avoid the noise factor from the organization. It’s very easy to get caught up in silencing the noise. While delivering progress to your organization is important and meeting your stakeholders’ needs is as well, you may very well miss an even larger value-add opportunity without making well-informed decisions.

In a perfect world, I would start by defining a vision and strategy for achieving that vision. This means having clear achievable goals, a set timeframe, and metrics to measure success or failure. An example goal for data quality could be a Sigma level.

In parallel, define the scope, which data domains, which types of data are in that domain, etc. Then define what those are in a Business Glossary.

Profile your data and build a repository for all your policies around that data and the rules that enforce them.

Then monitor and score those policies to get a baseline to be able to compare your progress (hopefully) to where you started.

And, finally, have clearly defined business owners for that data, and a business-user-friendly process for remediating that data or automating it if possible (no approvals required, business logic exists).

Comment from Bill:

Should I focus on just master data or should my scope go beyond?

Matt Wagnon:

Do not get stuck in the trap of focusing on just master data. While master data is important and transactions are reliant on it, there are many ancillary data objects that transactions and master data depend on in order to successfully process. You should also think a lot about metadata and all the systems and data sets that your organization has. Do you even know where it all exists? Who is using it? Who should or shouldn’t have access to it? What systems do you engage with your customers in, and what can you learn from that data? And, finally, do you understand how Data Governance can help your data scientists and analytics to give you a competitive advantage in the market place?