search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
data, while data such as its own human resources data might follow in a subsequent year. Limiting scope based on IT systems housing data can also offer a straightforward way to scope policy compliance. Many organisations rate their IT systems for criticality, and that rating can be used to limit the scope of a compliance program, for example, by focusing on the systems with the highest rated risk to the business. The bottom line is that a compliance program cannot and should not evaluate all data in an organisation, and so must early in the process define the scope of data that will be subject to policy.


Adopt a risk-based approach to evaluation and the timeline for


expected compliance Compliance programs often fall back on random sampling to guide the order and structure in which they evaluate lines of business for compliance. A better use of resources may be to establish a risk-based approach—one that sets more granular priorities for the order in which in-scope data or IT systems will be reviewed. Those with the highest risk should be prioritised first, and an openly published evaluation schedule should state which systems or programs will be evaluated, and in what order. For example, if the scope of policy compliance is grant recipient data, then a compliance review schedule should focus first on the highest-risk grant programs, which could be the ones with the largest grant awards, those most scrutinised by Congress, or some other risk factor.


The compliance program should publish and socialise its review schedule so that lines of business can plan to work toward a specific date to reshape their data management processes to comply with policy. In addition, the compliance program should have clear guidance that is published and well-socialised regarding the timeframes businesses would have to make further changes if they are found not to be in full compliance during an evaluation. This information is critical to enabling lines of business to manage the work associated with new policy directives. Finally, a best practice is for policy to indicate that lines of business are not required to be in compliance sooner than the date of their compliance review. This maximises the time that lines of business have to introduce change, and—if a line of business is hit with a new priority, it can partner with the compliance program to adjust its place in the compliance review schedule to give them more time.


This approach allows time for change management, including communicating with an array of stakeholders beyond those involved in approving policy, so that the component organisations can plan for and execute the necessary work, while creating a sense of accountability. In the same way a good project manager can drive a project toward meeting milestones and completing work, a compliance program can be a driving force to keep an organisation progressing toward improved data management.


Compliance and audit are not the same thing. Auditors must stop at identifying a flaw and directing an agency to


fix it. Because a data governance compliance program is a management function, it can partner with the program to close any identified gaps. It can provide coaching, subject matter expertise, successful examples used by other programs, and other resources to aid the program in successfully standing up new data management practices. For example, if the compliance program were evaluating the implementation of data quality parameters, it could collect examples of these parameters and how they were implemented (e.g., the use of automated dashboards that refresh daily with the percent of blank routing and account numbers in a grant recipient’s payment profile). When it discovered a line of business struggling to comply with the new policy requirement, these examples could be shared and a meeting with staff from a program that had successfully complied arranged, providing practical assistance for the noncompliant group to establish a timeline for compliance with regular progress check-ins.


This type of supportive, hands-on coaching delivered with a tone of ‘we are in this together’ can be a powerful tool in helping an organisation to transform and implement its data management practices. A compliance program that both supports and holds programs accountable can do this.


Compliance and evaluation are intrinsically linked to successful implementation, and new data governance programs that link policy development with compliance dramatically improve the adoption of new enterprise data management practices,


https://www.abs-group.com


Successfully introducing policy and compliance expectations for approval


1. Be clear on what problem the policy is trying to solve and present that to your Data Governance Executive Council.


2. Introduce policy to the Council in a draft form and ask each of the executives to identify a subject matter expert on their team from whom you can solicit technical feedback. The goal here is not only to obtain good feedback but also to ensure that the staff members support the policy and indicate their approval to the executive.


3. Once feedback is incorporated into the policy, present a more polished draft to the Council along with a proposal regarding how compliance will be measured. This should include both the criteria by which compliance will be determined as well as a schedule for a phased rollout of compliance testing.


4. Present the compliance plan to the same subject matter experts to obtain feedback and buy-in.


5. Present the final package to the Council for voting.


36 | TOMORROW’S FM


twitter.com/TomorrowsFM


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60