With the explosion of AI and ever-increasing awareness of the importance of data, the term “data governance” seems to be everywhere these days. We hear it used in different contexts, and it may seem to equate to regulatory compliance or to have relevance for only the largest companies.

This interpretation misses a key benefit of data governance, however: competitive advantage. We cannot diminish the critical importance of regulatory compliance and its role in shaping governance efforts, but it’s important to understand that this is not the whole picture when it comes to data governance.

Governing Data as an Asset

Data is a business asset, not unlike cash. If you asked any business leader whether their cash flow processes needed controls to ensure their accuracy, integrity, and protection, they would likely give you a quizzical look and assume you were baiting them into some trap…of course their cash flow processes need controls.

Similarly, data has the potential to guide and inform nearly every aspect of a business. To leverage data effectively, businesses must ensure its integrity in an ongoing and reliable way. From financial reporting to performance evaluation to operational efficiency, data quality sits at the heart of modern businesses. Later, we will see some examples of how data quality and integrity issues can have significant impacts on SMBs.

Additionally, company data assets need to be secure and protected—arguably even more so than other company assets. This is because many personal data elements do not ultimately belong to a business. These considerations impact regulatory compliance and are essential for effectively and responsibly leveraging data as the valuable asset that it is.

The policies and processes that ensure the availability, usability, integrity, and security of data assets are what we mean by data governance.

Did you know that…

• 97% of data leaders state that their companies have experienced the costs of disregarding data quality and integrity in the form of lost revenue opportunities, inaccurate performance forecasting, and/or poor investments.
• More than 87% of small and mid-sized businesses (SMBs) collect or process sensitive customer data that could be compromised.
• Small businesses spend an average of $955,429 to restore normal business operations in the wake of successful attacks.

AND…

• About 85% of data science and analytics projects fail due in part to disregarding data governance processes.

Four Common Challenges for SMBs

Challenge #1: No Buy-In

To effect change within an organization, you must secure buy-in from key constituents. For data governance, these important players begin with executive leadership and extend through the organizational hierarchy to front-line staff. However, some SMBs question whether data governance has any real applicability for them. In response, consider: Do you store sensitive customer, client, or patient data? Do you keep sales, productivity, performance, or program data for decision-making? If you answered yes to any of those questions, data governance principles do have applicability in your environment.

Business leaders and decision-makers should prioritize data governance because their decisions directly impact the company’s value and profitability. Without data governance policies, decision-makers can only hope that their data-driven decisions are well-founded. Inaccurate data can lead to poor decisions in ways that are difficult to detect or explain even after the fact, leaving decision-makers accountable for the outcome.

Securing employee buy-in is equally important when implementing data governance. Buy-in should stem from an understanding of the shared responsibility for the data that drives business outcomes. A collective sense of accountability for data quality works to prevent resentment and misunderstandings towards your policies that could undermine even the best data governance efforts.

Tips for Success:

• Elicit interest and assistance from vested stakeholders. Leverage opportunities to ease business pain points through data governance. I’ll list some examples in “Data Governance in the Wild” below.
• Pave a step-by-step path to mature your data culture. Start with education, delegated responsibility, and distributed data ownership.
• Align policies with the existing strategic objectives of the company. Be specific about the expected business outcomes of your efforts.
• Empower business stakeholders to take ownership of and make decisions about business data.
• Create strategic goals and an initial roadmap. This will work best if it is an ongoing organizational effort that is largely led by the business, not by IT.    

Challenge #2: No Budget

Chances are that unless improving data governance is already a top business priority, perhaps because of a recent security incident, audit, or a particularly problematic data irregularity, you will be up against budget constraints when introducing formalized data governance to an SMB.

This is a challenge, but not a barrier. Yes, there are tools on the market that can be very helpful, but they are by no means necessary for SMBs—and certainly not at the outset.

Tips for Success:

• Start small and go slow. Introduce change gradually by beginning with what you can accomplish internally. Define and document business logic for your most critical data objects, and then introduce business processes to enforce that logic.
• Treat data governance as a process of continuous improvement rather than a costly one-time project. Small, inexpensive wins can produce significant results.
• Avoid a box-checking mentality. Use internal data audits to showcase regulatory compliance, but don’t let minimal standards dictate strategy. Prioritize business advantage over compliance, focusing first on areas with immediate value, such as labor cost savings, enhanced reporting, or boosted analytical capabilities.
• Leverage tools strategically. Develop your strategy and framework first. Look to tools second, and only for ease of implementation and execution. Tools alone will not provide true data governance.

Challenge #3: No Champion

You know that data governance is important for your organization and that someone needs to advocate for it. You also might not have the authority, capacity, or desire to be that person. In that case, use the suggestions about securing buy-in from Challenge #1 to find or create a data governance champion within your organization.

Tips for Success:

• Business and IT need to collaborate for effective data governance. There should be a designated senior IT team leader who is collaborating closely with at least one senior business leader. In a small organization, this could simply mean your one IT resource working with the business owner. Regardless of the size of the organization, the effort should not be one-sided.
• Champions should not limit their scope to policies alone. Having centralized documentation, tools, and processes at the ready will help to avoid individuals and teams developing their own tools and processes to implement the policies their own way. Disparate processes can lead to inconsistency and diminished success.
• Champions need to be committed and persistent. Don’t roll out data governance processes and forget about them. Remember that education and training will need to be ongoing, as will the refinement of governance practices to keep pace with technology and changing business requirements.
• Champions should consider the needs of the employees that work with the data when creating policies and approving tools. If your governance initiatives are seen as an unnecessary burden, workarounds will be developed that could compromise your efforts.

Challenge #4: Internal Skills Gap

You have the needed organizational buy-in, a small budget, and even a champion, but your IT team is small (or outsourced), without any data professionals on staff. Where can you begin?

Remember, the key is to go slowly and implement organically. The full implementation of data governance will ultimately require technology expertise, but defining rules, requirements, and workflows may not. Start there, then reach out for help with technical implementation when you’re ready.

Tips for Success:

• Research any compliance regulations applicable to your business sector. Perform an analysis of how your business is meeting these requirements. Where you find gaps, assess a strategy for how to fill those gaps. Implementation can be left to a third party as needed, but be sure that you understand what needs to be done. If you are unsure about how to get started, use some of that budget to reach out for support.
• Perform a security audit of your data systems. Adjust and delete credentials and permissions as appropriate. Review third-party system access. Inventory inbound, outbound, and internal data pipelines and evaluate for best practices. Then set up ongoing processes and/or reports to assist with security monitoring.
• Look for critical data objects that need to be formally defined. Beginning with mission-critical data elements, document all business logic and metadata requirements associated with these elements in a data dictionary or catalog. This doesn’t need to be elaborate, but it should cover all key data elements. Start in one business area and expand out from there.
• Assign ownership and accountability. Look for data owners who are invested in the quality of the data within their domain because of their connection to the processes that produce or consume the data.
• Upskill and/or seek third-party guidance as required. Provide access to resources for interested staff to get trained to become data owners, stewards, and partners in data governance. Reach out to third parties for guidance in areas that are outside the internal expertise of the organization.

Data Governance Challenges in the Wild

Below are some real challenges faced by SMBs that could be solved with improved data governance processes.

Local Restaurant Chain

A small, local restaurant chain encountered a discrepancy between a company report on drink sales and individual location reports generated in Excel. This irregularity surfaced after a competition to incentivize staff to sell more drinks by holding a competition between locations with a cash prize. At the end of the competition, when managers compared their individual reports, Store A had sold the most drinks. When using the central company report, Store B had. Which was correct?

Upon investigation, one of the restaurant locations had long ago coded milkshakes as drinks. All of the other locations coded them as desserts. This was never audited or corrected. As a result, the individual reports that were rolled up by individual menu item codes produced a different result than the central report that was rolled up by the “Drink” category. This confusion affected competition results as well as drink and dessert sales analytics and other location-to-location comparisons.

Small Food Manufacturer

A large grocery store chain approached a regional manufacturer of salad dressings and condiments, requesting the production of one of its products as a generic for the chain. Similarly, a bulk food retailer asked the same manufacturer to produce a bulk version of the same product. The contracts were accepted, but the original product, the generic version, and the bulk version of the product are all assigned different product codes without being rolled up to any parent product category. When the accounting office ran their standard report of overall sales trends by product, they had no way of recognizing that these three items represented the same underlying product and ended up producing a skewed and incomplete product analysis.

International Boutique Wholesaler

A private international wholesaler with dispersed brick-and-mortar locations was having continual problems with their inventory. Customers complained that the website frequently showed products as available when they were not. Retail associates complained that the inventory in the POS was incorrect and frequently showed negative inventory when stock was actually present in the stores.

One of the issues in this scenario was that individual store inventory was manually counted and entered with different workflows, lacking a centralized mechanism for tracking inventory. Furthermore, associates often used the “miscellaneous” category to sell products that were at the stores but didn’t have a corresponding inventory item recognized in the system. These issues produced a myriad of operational, financial, and analytic discrepancies, as well as increased costs in the form of labor inefficiencies, lost revenue, and misplaced or stolen inventory.

Social Services Organization

A social services organization gathers information about its clients to produce an annual statistical analysis of clients and outcomes. This nationally distributed, highly regarded report serves as a source for scholarly research and influences funding for numerous public and private institutions.

However, the organization faces challenges in bringing consistency to its intake processes. Since many clients arrive in crisis, intake steps that can be skipped by staff often are because intake personnel are in a rush and do not realize the importance of each step. Furthermore, the application being used to collect this valuable information does not require answers to many questions that are deemed critical for this organization and the annual report. The organization has attempted many process changes to improve the consistency of this workflow. However, the problem still persists and is consistently cited as a limitation of their statistical findings.

Is data governance important for SMBs?

This is just a small handful of examples of how a lack of data governance can affect SMBs. In fact, once you’re on the lookout for data governance issues, you may start to notice them everywhere.

Additionally, we have only begun to touch on the security and compliance aspects of data governance. Many of the challenges to implementation outlined here are less prominent when a regulatory requirement is at play since compliance is mandated. Even when regulations play a less obvious role, most of us are aware of the gravity of security risks. It is important to note, however, that this security risk is even greater for SMBs than for the largest companies. According to Veeam’s 2023 Data Protection Trends Report, 85% of ransomware attacks targeted small businesses.

The take-away? If your business or organization retains data, and very few (if any) businesses do not, formalizing some level of data governance will help you to securely and responsibly leverage that asset to drive your business.

Further Reading

• • More interesting statistics

• • A privacy audit checklist

• • A guide to data governance for small businesses

• • Data governance frameworks

• • Amazon’s guide to data governance for SMBs

Want to continue the conversation about data governance for SMBs?

To learn more, you can click here to access a recording of our May 14, 2024 webinar on Data Governance for SMBs.

Need help? We can help you tailor practical data governance solutions to meet the specific needs of your SMB. Schedule a call or send us an email.