Data Governance and Compliance: Evolving to Our Current High Stakes Environment

By Rupa Mahanti

This book sets the stage of the evolution of corporate governance, laws and regulations, other forms of governance, and the interaction between data governance and other corporate governance sub-disciplines. Given the continuously evolving and complex regulatory landscape and the growing number of laws and regulations, compliance is a widely discussed issue in the field of data. This book considers the cost of non-compliance bringing in examples from different industries of instances in which companies failed to comply with rules, regulations, and other legal obligations, and goes on to explain how data governance helps in avoiding such pitfalls.
The first in a three-volume series on data governance, this book does not assume any prior or specialist knowledge in data governance and will be highly beneficial for IT, management and law students, academics, information management and business professionals, and researchers to enhancetheir knowledge and get guidance in managing their own data governance projects from a governance and compliance perspective.

• Language: English
• Publisher: Springer
• Release date: Apr 27, 2021
• ISBN: 9789813368774

Rupa Mahanti

Dr. Rupa Mahanti is a Business and Information Management consultant with has extensive and diversified consulting experience in different technologies, solution environments, business areas, industry sectors, and geographies.

Book preview

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2021

R. MahantiData Governance and Compliancehttps://doi.org/10.1007/978-981-33-6877-4_1

1. Introduction to Governance, Corporate Governance, and Compliance

Rupa Mahanti¹  

(1)

Strathfield, NSW, Australia

Rupa Mahanti

Email: rupa.mahanti0@gmail.com

It is clear that good corporate governance makes good sense. The name of the game for a company in the 21st Century will be conform while it performs.

—Mervyn King (Chairman: King Report).

Abstract

This chapter introduces the readers to the concept of governance, corporate governance, the impact of the digital age and data on governance, compliance and performance, and discusses in detail the difference between management and governance.

1.1 Introduction

An entity is an organization, country, or business. At the core of any entity’s success is good governance, which needs to be entrenched in its cultural fabric. Governance is the exercise of authority and control to ensure accountability and promote transparency. While good governance can lead to an entity’s success, poor governance can result in its decline or failure.

Governance is often confused with management. The first section of this chapter discusses the differences between governance and management. The next sections introduce the readers to the concept of corporate governance, the impact of the digital age and data on governance, compliance, and performance.

1.2 Governance Versus Management

Governance and management are not the same. There is a thin line between governance and management, with both having leadership roles that need to be executed differently. Management focuses on people. In general, it concerns drive, commitment, allegiance, and politics. Governance focuses on power. It concerns policies, rules, regulations, the distribution of authority and responsibities, and the boundaries, exercise, and abuse of authority. Governance deals with What, that is, determining the mission and vision, setting policies and strategic plans, selection of the chief executive, managing the governance process, providing insight, wisdom, and judgement, and verify, and audit performance.

Management focuses on operations and performance. In general, it concerns work done by people or machines and grouped into tasks, functions, or processes. Management deals with How; that is, implementing policies, strategic plans, and board decisions, supporting governance processes, establishing operating procedures, measuring performance, and delivering services (Community Southwark).

Bird (2001) states that while executives and managers administer, develop, implement and monitor business strategies on a day-to-day basis, boards and other governance structures deal with overall organization policy, culture, and direction. He goes on to state that, Executives…manage organizations by the authority delegated to them by those who govern (Bird 2001), thus making a strong distinction between the different elements of corporate governance and management (Webb et al. 2006). This distinction is based on the difference in the activities performed by the governance body, structures, and operational management.

However, the line between governance and management is not hard and fast and there are some overlap areas. The common overlap areas are ensuring that the strategic plan objectives are met, performance issues, and constant assessment of risk.

The distinction between governance and management differs from one organization to another organization and, from time to time, within the same organization, too (Mitchell 2010). The organizational maturity, size, and culture have an effect on the extent of separation between the governance and management structures.

Less mature organizations may take time to establish formal governance mechanisms. In the case of smaller organizations with limited employees or members, there might not be enough individuals to play distinct roles, and staff or members may perform multiple roles and may be entrusted with overlapping responsibilities of both governance and management. However, as an organization evolves and expands, the distinction becomes more and more important as delineating governance and management endorses accountability at all levels, and also provides a mechanism for good enterprise governance that emphasizes on stakeholder value by balancing performance and conformance (CommunityNet Aotearoa; Ball 2010; IEG World Bank 2007). Though a clean delineation is rarely possible, the ‘right’ balance between governance and management is necessary to avoid conflicts (Ball 2010).

The analogy of steering versus rowing is often used to describe the delineation of roles of governance versus management, and the delineation supports good decision making and outcomes driven activities. In the words of Robert Tricker , If management is about running the business, governance is about seeing that it is run properly. While governance is about doing the right thing, management is about "doing things right (Tricker 1998; IEG World Bank 2007)".

The governing body , such as a committee or board (comprised of directors), is responsible for governance and provides direction, leadership, control, and an enabling framework for collective decision making. At the same time, the management or executive team, led by the chief executive and his/her staff and volunteers, is responsible for the management and implementing decisions made by the governing body. The governing body’s role is to oversee management and not to manage directly. It must be satisfied that the management team is doing its job under the stated policy and available resources (CommunityNet Aotearoa).

Every board is dissimilar in terms of how they carry out their governance role, and there should be clarity and consensus regarding the governance approach. According to Demb and Neubauer (1992), there are three main classic ways for boards to implement their governance role (Ball 2010);

the watchdog,

the trustee, and

the pilot mode.

In a ‘watchdog’ role, the board provides complete oversight and has no obvious involvement in the organization’s activities. In the ‘trustee’ role, the board conducts itself like a custodian of assets and is accountable to shareholders and society for those assets. In a ‘pilot’ role, the board takes an active role in supervising the business of the organization (Demb and Neubauer 1992; Ball 2010).

As highlighted by John A. Zachman, Author of The Framework for Enterprise Architecture (The Zachman Framework), Zachman International, in his interview statement,—the definition of Management historically included: 1. Plan 2. Organize 3. Staff 4. Direct, and 5. Control. Governance also includes almost all of these elements but with a different perspective. Governance systems include the management processes designed to deliver on performance objectives while considering stakeholder interests (ASQ).

1.3 Corporate Governance and Its Subdisciplines—in a Nutshell

Corporate governance is the system of policies, rules, mechanisms, practices, authorities, and processes used to direct, manage, and control a corporation. There are several subdisciplines under the corporate governance umbrella as shown in Fig. 1.1:

../images/494555_1_En_1_Chapter/494555_1_En_1_Fig1_HTML.png

Fig. 1.1

Subdisciplines of corporate governance

Operational governance

Financial governance

HR governance

Risk governance

Security governance

IT governance

Data governance

IT governance and data governance are relatively new fields of governance as compared to the other corporate governance subdisciplines.

All the subdisciplines of coporate governance have been discussed in detail in Chap. 3.

1.4 Corporate Governance, the Digital Age, Data and Compliance

We are governed by information and our belief in and acceptance of that information. Transparent, verified information and knowledge bridges are the most important tools available to us today. ― Heather Marsh, The Creation of Me, Them and Us

Corporations have evolved over centuries, and so has the governance of corporations. Also, economic disasters, corporate scandals, and cases of fraud have weakened the world economy and influenced the evolution of governance. These have led to new laws and regulations to prevent recurrence of such incidents, events, or situations, which in turn have led to tighter controls, well-defined accountabilities, and enforcements to ensure compliance.

Effective governance needs facts , and good quality data represents facts. Before the advent of information technology, important facts were recorded on paper, kept under lock and key, and these served as inputs to the other disciplines of corporate governance.

The advancement of information technology, decreased cost of hardware and storage, and increased storage capacity has led us into the digital age. The digital age is characterized by organizations collecting large amounts of and different varieties of data electronically in shorter periods. In the digital age, data itself is an asset that needs to be effectively governed to ensure compliance and high-quality data. Compliance is one of the biggest drivers of data governance.

Data used in business processes has a direct or indirect impact on business performance. Faulty business processes often generate bad data, which adversely impacts business processes, which in turn adversely impacts business performance, as shown in Fig. 1.2.

../images/494555_1_En_1_Chapter/494555_1_En_1_Fig2_HTML.png

Fig. 1.2

Data, business processes, and business performance

Compliance is about following rules and regulations. These rules and regulations came into existence because of wrong actions, such as fraud and security breaches, as well as operational failures, corporate failures, and financial scandals that have been the result of poor performance or ethical issues. While fulfilling compliance obligations, organizations should look at improving business processes which will have a positive impact on performance, instead of only focusing on avoiding wrong actions. Where compliance hinders performance, the focus should be to achieve compliance by balancing performance .

Corporate failures, operational failures, security breaches, ethical issues and financial scandals beget rules and regulations which in turn beget governance, which begets improved performance and compliance, which in turn prevent corporate failures, operational failures, fraud, security breaches, ethical issues, and financial scandals as shown in Fig. 1.3.

../images/494555_1_En_1_Chapter/494555_1_En_1_Fig3_HTML.png

Fig. 1.3

Cycle of compliance and performance

1.5 What’s Ahead?

In this book, we introduce the readers to the concept of governance, corporate governance, its history and evolution across different geographies in the face of scandals and financial disasters, which triggered the need for laws and regulations that organizations need to comply with, the different subdisciplines of corporate governance, and how the different subdisciplines of corporate governance tie together. We also will introduce the concept of data, data governance, the lack of standard definition of data governance, the distinction between IT governance and data governance, and finally, how data governance helps in attaining compliance.

References

ASQ. What is organizational or Corporate Governance, Quality Resources. https://​asq.​org/​quality-resources/​governance Accessed 20 Feb 2020

Ball D (2010) November 3, 2010, Management versus governance—it’s not that easy, better boards. https://​betterboards.​net/​governance/​management-vs-governance/​. Accessed 20 Feb 2020

Bird F (2001) Good governance: a philosophical discussion of the responsibilities and practices of organizational governors. Canadian J Admin Stud 298–312

CommunityNet Aotearoa. Governance and Management, NZ Navigator Trust. https://​community.​net.​nz/​resources/​community-resource-kit/​4-2-governance-governance-and-management/​ Accessed 20 Feb 2020

Community Southwark (2018) Governance or Management: Knowing the difference. https://​communitysouthwa​rk.​org/​sites/​default/​files/​images/​Governance%20​or%20​Management.​pdf. Accessed 20 Feb 2020

Demb A, Neubauer F (1992) The corporate board: confronting the paradoxes. Oxford University Press, New York

Independent Evaluation Group IEG World Bank (2007) Sourcebook for Evaluating Global and Regional Partnership Programs Indicative Principles and Standards. http://​www.​oecd.​org/​development/​evaluation/​dcdndep/​37981082.​pdf. Accessed 20 Feb 2020

Mitchell R (2010) The crucial difference between governance and management. AKT LTP. https://​www.​inphilanthropy.​org/​sites/​default/​files/​resources/​Crucial%20​Difference%20​Between%20​Governance%20​%26%20​Management-AKT%20​LLP-2011.​pdf. Accessed 20 Feb 2020

Tricker R (1998) The role of management is to run the enterprise and that of the board is to see that it is being run well and in the right direction. In: Robert IT (ed) Pocket Director, p 8

Webb P, Pollard C, Ridley G (2006) Attempting to define IT governance: wisdom or folly? Proc Ann Hawaii Int Conf Syst Sci 8:194a–194a. https://​doi.​org/​10.​1109/​HICSS.​2006.​68Crossref

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2021

R. MahantiData Governance and Compliancehttps://doi.org/10.1007/978-981-33-6877-4_2

2. Governance Evolution and Basic Concepts

Rupa Mahanti¹  

(1)

Strathfield, NSW, Australia

Rupa Mahanti

Email: rupa.mahanti0@gmail.com

Necessity is the mother of invention.—Plato

The only constant in life is change.— Heraclitus of Ephesus

Abstract

The concept of governance is the exercise of authority and control to ensure accountability and promote transparency. It has been around in some form since ancient times and has evolved with the requirements of the respective periods. This chapter explains governance and corporate governance followed by the evolution of corporate governance in the different geographies across the world.

2.1 Introduction

The concept of governance is the exercise of authority and control to ensure accountability and promote transparency. It has been around in some form since ancient times and has evolved with the requirements of the respective periods. In ancient times, governance centered around ruling tribes and kingdoms. Over time, corporations evolved, and a similar structure of governance was required. As corporations grew in size, and businesses, infrastructure, and technologies evolved, different subcategories of governance, such as operational governance, finance governance, risk governance, HR governance, security governance, IT governance, and data governance also evolved under the corporate governance umbrella to handle these changes and to ensure that organizations continued to run