From this discussion arises one other question; “Does data risk management align with Data Governance division or Chief Risk Office.” Risk Management needs to be an integral dimension of Data Governance for which policy needs to be defined in close coordination with the enterprise risk function. But, accountability needs to be provided to a sustainable, standalone function within the risk office. Further, extract responsibility from accountability and maintain management review in aligning Data Governance in view of risk with enterprise objectives.
Data Governance is the only existing pillar in most organizations to ensure successful and sustainable management of data as an enterprise asset by enforcing, formalizing, and enabling data management practices. Data Governance further defines oversight by establishing policy, approval mechanisms and evaluation of adherence to policies. It is the responsibility of the division to ensure business functions take responsibility and accountability for maintaining data quality, metadata, content, compliance, and source the right data. Do you see many gaps in operationalizing these well-needed aspects of Data Governance?
Today, there is a pressing need for the organizations to have an approach that will allow the data risk management function identify the focus areas to manage risks and govern data effectively. There arises a question –Should these focus areas arise from Risks identified while tracing them back to processes?Or should the enterprise goals be cascaded forth to processes and identify the focus areas?It is ideal to amalgamate the best practices of Risk identification with Goals cascade, to identify the scope of Risk Management focus areas, within an enterprise
Consideration of assessing and managing the risk associated with data and related resources often take a backstage in an enterprise risk management strategy. Shortly, we will look into the synergies required between Data Governance and risk functions to enable a holistic management of risk related to data. Data Governance is already a new normal in most enterprises as is demanded by regulations like BCBS 239, GDPR, EU No 1024/2013, EMIR, MiFID2, etc. The regulatory landscape is fast changing with much legislation providing future guidance on controlling risks associated with data.
Regulation and compliance are major drivers for enterprises to adopt risk management in Data Governance. The other leading driver is the need to prioritize and manage data associated with high regulatory, financial or operational risk. These multiple drivers necessitate the blend of Data management, Risk management, and Data Governance principles which further bring up several questions as below
Data Governance enables the organization to harness the right data for purpose of raising an organization’s confidence and trust in their data. There is a definite value associated with leveraging the right data for business functions. At the same time, there is also risk related to data and its operations. This risk is a business risk and should be business owned, as is the Value.
What do a zero appetite for privacy incidents and loss of price-sensitive data mean to data management and Governance?
How often do your organizational risk priorities, appetite, tolerance and limits change – annually or bi-annually?