DATA GOVERNANCE
Otto, Boris, University of St. Gallen, Institute of Information Management, Müller-Friedberg-Strasse 8, 9000 St. Gallen, Switzerland, boris.otto@unisg.ch
Abstract
Both information systems (IS) researchers and practitioners consider data governance as a promising approach for companies to improve and maintain the quality of corporate data, which is seen as critical for being able to meet strategic business requirements, such as compliance or integrated customer management. Both sides agree that data governance primarily is a matter of organisation. However, hardly any scientific results have been produced so far indicating what actually has to be organised by data governance, and what data governance may look like. The paper aims at closing this gap by developing a morphology of data governance organisation on the basis of a comprehensive analysis of the state of the art both in science and in practice. Epistemologically, the morphology represents an analytic theory, as it serves for structuring the research topic of data governance, which is still quite unexplored. Six mini case studies are used to evaluate the morphology by means of empirical data. Providing a foundation for further research, the morphology contributes to the advancement of the scientific body of knowledge. At the same time, it is beneficial to practitioners, as companies may use it as a guideline when organising data governance. Keywords: Data governance, Organisational design, Theory development, Morphology.
1 Introduction
Regarding the quality of their data, companies see themselves confronted with a number of strategic business requirements, such as compliance with legal and regulatory provisions or the need for customer centric business models. In this context, data governance is seen as a promising approach for companies to improve and maintain the quality of their data (Panian, 2010). Early definitions of the term have been rendered both by researchers (Khatri and Brown, 2010; Weber et al., 2009b) and practitioners (Karel, 2007; Russom, 2006). Both sides agree that data governance refers to the entirety of decision rights and responsibilities regarding the management of data assets.
Assigning decision rights within companies is a typical organisational task (Galbraith, 1974; Grochla, 1982). As to the organisation of data governance, both researchers and practitioners have come up with a number of recommendations, such as functional diagrams linking decision rights to appropriate roles (Dyché and Levy, 2006; McGilvray, 2007; Weber et al., 2009b), specification of roles such as data stewards or data committees (Economist Intelligence Unit, 2008; Friedman, 2007; Loshin, 2007), specification of decision rights (Khatri and Brown, 2010; Weber et al., 2009b), or recommendations for establishing data governance in companies’ organisational structures (Karel, 2007; Vaygan et al., 2007; Weber et al., 2009b). What all these approaches have in common is that they focus on single aspects of data governance, what leads to isolated solutions only. The fact that companies need to take into account a number of aspects when trying to organise data governance has been neglected so far. This gap both in the scientific and in the practical state of the art has been the motivation for this contribution. The research question to be answered is: What are the aspects that need to be considered in order to capture the entirety of data governance organisation?
To accomplish this objective the paper develops a morphology of data governance organisation. In general, a morphology is concerned with the “structure and arrangement of parts of an object, and how these conform to create a whole” (Ritchey, 2006, p. 793). Epistemologically, a morphology follows the principles of an “analytic theory” as specified by Gregor (2006, p. 622 ff.). Theories of this kind describe the structure and the relations of the basic concepts of current phenomena for which only few scientific results are available so far. For theory development, a deductive approach (Wilde and Hess, 2006) is applied, based on a detailed analysis of both the scientific and the practical state of the art. In addition, mini case studies are used for a critical appraisal of the morphology. A similar use of mini case studies has been described by Weill and Olson (1989) in their investigation on investments in information technology (IT).
2 Background
As mentioned above, researchers and practitioners agree that data governance is basically about assigning decision rights and responsibilities when it comes to data management in companies (Karel, 2007; Khatri and Brown, 2010; Russom, 2006; Weber et al., 2009b; Wende and Otto, 2007). It is also common sense that data governance is of particular importance when it comes to the management of master data, i.e. data about materials and products, customers and suppliers, for example (Dreibelbis et al., 2008; Loshin, 2008). Furthermore, practitioners and researchers agree upon the fact that establishing data governance is an organisational design task (Lee et al., 2006; Pierce et al., 2008). However, a holistic perspective on the entirety of the several organisational concepts is still missing with regard to data governance. Therefore, in the following a conceptual framework of the different dimensions of “organisation” as a theoretical concept is derived from studies on organisational design in general and on the organisation of the IS function in particular.
The first organisational dimension relates to (1) an organisation’s goals. Grochla (1982) divides the them into (1A) formal goals and (1B) functional goals. Whereas the former measure an organisation’s performance, the latter refer to the tasks an organisation has to fulfil. Transferred to the research area
of data governance, the formal goals relate to maintaining or raising the value of a company’s data assets, whereas the functional goals are represented by the decision rights defined.
The second organisational dimension is (2) the organisational structure (Galbraith, 2002). It comprises three aspects, namely the positioning of decision-making power within the hierarchical structure of an organisation (2A, “locus of control”), the division of labour and the (2B) organisational form resulting from this, and the allocation of tasks to (2C) roles and committees. Especially, the question regarding the positioning of the “locus of control” with regard to decision-making on IT is a traditional research area in IS research. Boynton et al. (1992), for example, propose an approach for supporting companies that want to find a solution for splitting up IS/IT related decision rights between functional departments and IT department. In the context of data governance there have been some basic reflections about this issue both in the scientific (Khatri and Brown, 2010; Weber et al., 2009b) and in the practitioners’ community (Friedman, 2007; Laurent, 2005).
IS research also has developed a comprehensive knowledge base on the division of labour of the IS/IT function and organisational forms resulting from this. There have been numerous studies examining alternatives in the continuum between centralised and decentralised organisation (Brown, 1997; Ein-Dor and Segev, 1978). Based on this, various researchers have determined contingency factors by transferring the principles of contingency theory to the organisation of the IS/IT function (Brown and Magill, 1994; Sambamurthy and Zmud, 1999). The so-called IT governance archetypes by Weill and Ross (2005) are also built upon these studies. Regarding data governance, comparable studies have not been made so far. Instead, what can be found is a number of organisational “prototypes” for data governance in certain individual cases (Cheong and Chang, 2007; Dyché and Levy, 2006; Friedman, 2007).
Introducing roles and committees for data governance typically involves hierarchy-overarching and hierarchy-complementing measures. In organisational design, such measures are the result of an effort to mitigate the dysfunctional aspects of the primary organisation (Galbraith, 2002; Lawrence and Lorsch, 1967). There have been numerous suggestions, particularly from the practitioners’ community, regarding roles and committees to which decision rights and responsibilities are assigned in the course of data governance. Precision and unambiguity of terms is still insufficient, though. When elaborating on data stewardship, for example, suggestions range from “data steward” (Berson and Dubov, 2007; Loshin, 2007) to “data custodian” (Cheong and Chang, 2007) to “data governance manager”(McGilvray, 2007) to “chief steward” (Weber et al., 2009b).
3 Research Approach
This paper aims at the development of a morphology of data governance organisation based on deductive analysis (cf. Wilde and Hess, 2006, p. 7). Following the notion of theory building as specified by Gregor (2006), the morphology constitutes an analytic theory, i.e. it identifies and structures the basic concepts of data governance organisation. The research approach comprises three steps.
Step 1 started with an analysis of the scientific literature related to data governance. Five academic online libraries were searched, namely the ACM Digital Library, the AIS Electronic Library, CiteseerX, EBSCO Online, and Emerald Insight (see Table 1). Data governance was used as a search term, but also related terms such as “information governance”, “data management organisation”1, and “information management organization” in order to cover a broader scope. In addition to this, a heuristic search procedure using Google Scholar was applied, with “data governance” used as the search term. All search results were analysed and categorised according to their nature (scientific or practice-oriented) and format (book, article in journal, white paper/report, etc.).
1
Both British and American spellings were used for the term “organisation”.
ACM Digital AIS Electronic CiteSeerX EBSCO Online Emerald Insight Library Library
Website portal.acm.org aisel.aisnet.org citeseerx.ist.psu.edu ejournals.ebsco.com emeraldinsight.com Search Advanced Advanced Advanced search. Find articles, find Advanced search. function search in search, match articles by text,
journals, any, peer-guided criteria. transactions, reviewed only. proceedings.
Search Search in all Search in title, Search in abstract. Search in title and Search in abstract. options fields. abstract, abstract.
keywords.
Search 2011-04-01 2011-04-01 2011-04-01 2011-04-01 2011-04-01 date
Table 1. Literature analysis.
Moreover, the results were combined with contributions from practitioners on data governance (search terms “data governance” and “information governance” in title or text), namely reports by analysts such as Gartner, Inc., white papers by consulting companies or software manufacturers, and publications by industry associations such as DAMA International and the International Association for Information and Data Quality (IADIQ).
Nature of Format Sources Contribution
Scientific Papers in (Ardagna et al., 2009), (Beynon-Davies, 2005), (Beynon-Davies, 2009),
journals and (Caldwell, 2008), (Cheong and Chang, 2007), (Dan et al., 2007), (Delbaere and conference Ferreira, 2007), (Dember, 2006), (Gates and Bishop, 2010), (Gillies and Howard, proceedings 2005), (Hüner et al., 2009), (Kerschbaum and Schaad, 2008), (Kerschbaum and
Vayssière, 2008), (Khatri and Brown, 2010), (Lomas, 2010), (Lucas, 2010), (Ojo et al., 2009), (Ossher et al., 2010) (Otto et al., 2007), (Otto and Reichert, 2010), (Panian, 2010), (Pearson, 2009), (Rifaie et al., 2009), (Rosenbaum, 2010), (Simpson et al., 2006), (Stell et al., 2008), (Vaygan et al., 2007), (Weber et al., 2009b), (Weber et al., 2009a), (Wende, 2007), (Wende and Otto, 2007), (Williams, 2008), (Williams et al., 2010)
Books (Berson and Dubov, 2007), (Dreibelbis et al., 2008), (Dyché and Levy, 2006),
(Fisher, 2009), (Lee et al., 2006), (Loshin, 2008), (Sarsfield, 2009)
Working (Pierce et al., 2008) reports Theses (Kerr, 2006), (Weber, 2009)
Practice-Publications (DAMA, 2009), (Griffin, 2006), (Griffin, 2008), (Hopwood, 2008), (Laurent,
oriented by industry 2005), (McGilvray, 2007), (Power, 2008), (Waddington, 2008)
associations
Publications (Bitterer and Newman, 2007), (CDI Institute, 2006), (Dyché, 2007), (Economist by software Intelligence Unit, 2008), (Ferguson, 2007), (Friedman, 2007), (Hewlett-Packard, vendors and 2007), (IBM, 2007), (Informatica, 2006), (Karel, 2007), (Loshin, 2007), (NCC, analysts 2006), (Redman, 2005), (Russom, 2006), (Seiner, 2007), (Thomas, 2006), (Wenk
and Bertrand, 2005), (White et al., 2008)
Table 2. Sources for state-of-the-art analysis.
In Step 2, all sources were analysed and coded according to the different organisational dimensions of the conceptual framework, i.e. the concepts 1A to 2C explained in Section 2 of this paper. From the analysis of the data (i.e. both the scientific and the practice-oriented literature, see Table 2) and the continuous comparison of the coded concepts, the morphology of data governance organisation was developed. The procedure was terminated following the principle of theoretical saturation (cf. Glaser, 1965, p. 441 ff.), i.e. when it turned out that the knowledge base could not be significantly enhanced
anymore by inclusion of additional search results. An example is the contribution by Lucas (2010), in which primarily concepts are discussed that are already known.
In step 3 the theory underwent a critical appraisal through the use of mini case studies (see Table 3). Case study research is an appropriate means of evaluation of analytic theories, in particular with regard to Gregor who stresses “usefulness” and “appropriateness” as evaluation criteria for this type of theory (2006, p. 624). All the companies participating in the case study have been members of a research project on corporate data quality management. The project follows the principles of consortium research (cf. Österle and Otto, 2010), i.e. in the course of the project researchers collaborate intensively with multiple partner companies. Data was collected by means of semi-structured, mainly open interviews. The interviews were documented as field notes by at least two researchers. The field notes were then transferred into protocols and sent to the interviewees for approval. The mini case studies were conducted between 2007 and 2010. They were all of a participatory nature (Baskerville, 1997), i.e. the principal researcher was asked for his advice, but was not explicitly involved in the decision-making regarding the organisation of data governance.
Case A B C D E F Industry Chemicals Automotive Mfg. Telecom Chemicals Automotive Headquarter Germany Germany USA Germany Switzerland Germany Revenue 2009 [million €] 6,510 38,174 4,100 64,600 8,354 9,400 Staff 2009 [1,000] 18,700 275,000 23,500 260,000 25,000 60,000 Role of main contact Head of Program Head of Head of Head of Project person for the case study Enterprise Manager Data Data MDM SSC Manager
MDM MDM Governance Governance MDM
Key: MDM - Master Data Management, Mfg. - Manufacturing; SSC - Shared Service Center.
Table 3. Overview of mini case studies.
4 Morphology Development
Figure 1 shows the morphology of data governance organisation as a result of the research procedure outlined in Section 3. The morphology identifies and describes 28 individual organisational.
Data governance goals as specified by the morphology are either formal or functional in nature. Formal goals are measurable and serve to assess the effectiveness of data governance. The first set of formal goals specified by the morphology comprises a number of business goals. Ensuring compliance with legal and regulatory provisions is the business goal most frequently mentioned in literature on data governance (Delbaere and Ferreira, 2007; Ferguson, 2007; Karel, 2007; Otto et al., 2007; Panian, 2010; Vaygan et al., 2007). Other sources do not explicitly refer to the issue of compliance, but suggest similar concepts to be goals of data governance. The IBM Data Governance Maturity Model, for example, specifies risk reduction as a goal of data governance (IBM, 2007). Other business goals refer to decision-making (Dyché, 2007; Ferguson, 2007; Otto et al., 2007; Pierce et al., 2008; Thomas, 2006) and customer satisfaction. Regarding the latter, the CDI Institute speaks of “enhancing customer loyalty” (2006), while Otto et al. stress the importance of “integrated customer management” (2007). Apart from that, “increasing the operational efficiency” (Vaygan et al., 2007) is specified as a business goal by the morphology. This goal is supposed to be accomplished by, for example, avoiding process errors caused by data defects or increasing process lead times with the help of consistent data (Ferguson, 2007; Thomas, 2006). The fifth business goal relates to “support of business integration”, which is particularly relevant in the case of company mergers (CDI Institute, 2006).
The second set of formal goals specified by the morphology is a two-piece set of IS/IT-related goals: “increase data quality” (Pierce et al., 2008) and “support IS/IT integration”. Regarding the latter, Karel points out the importance of data governance in data migration projects (2007). Besides formal goals, the morphology of data governance organisation specifies a number of functional goals. Functional goals exclusively relate to the decision areas for which data governance specifies certain rights and
responsibilities. The first functional goal aims at the creation of a data strategy (DAMA, 2009; Otto and Reichert, 2010; Otto et al., 2007; Pierce et al., 2008) and of data policies (DAMA, 2009; Griffin, 2006; Khatri and Brown, 2010). The two terms have been distinguished by DAMA International, saying that data strategy refers to a “high-level course of action” of data management, whereas data policies rather comprise concise principles and rules of behaviour (DAMA, 2009). A second functional goal refers to the establishment of data quality controlling using data quality metrics (Friedman, 2007; Griffin, 2006; IBM, 2007; Khatri and Brown, 2010; McGilvray, 2007; Vaygan et al., 2007; White et al., 2008). More functional goals relate to the establishment of data stewardship, data architecture management (Bitterer and Newman, 2007; DAMA, 2009; Loshin, 2008), data lifecycle management (IBM, 2007; Khatri and Brown, 2010; Redman, 2005; Vaygan et al., 2007), as well as of data standards and metadata management (Bitterer and Newman, 2007; Khatri and Brown, 2010).
Data Governance Organisation(1) Data Governance Goals(1A) Formal GoalsBusiness Goals•••••Ensure complianceEnable decision-makingImprove customer satisfactionIncreasoperational efficiencySupport business integration (2) Data Governance Structure(2A) Locus of ControlFunctional Positioning••Business departmentIS/IT departmentHierarchical Positioning••Executive managementMiddle managementIS/IT-related Goals••Increase data qualitySupport IS integration (e.g. migrations)(2B) Organisational Form•••••CentralisedDecentralised/localProject organisationVirtual organisationSharedservice(1B) Functional Goals••••••Create data strategy and policiesEstablish data quality controllingEstablish data stewardshipImplement data standards and metadata managementEstablish data life-cycle managementEstablish data architecture management(2C) Roles and Committees••••••SponsorData governance councilData ownerLead data stewardBusiness data stewardTechnical data steward
Figure 1. Morphology of Data Governance Organisation.
The second dimension of the morphology of data governance organisation is its structure. The first aspect here refers to the “locus of control”, i.e. the main instance of responsibility for data governance in a company. Relevant sources have been discussing two questions with regard to the positioning of the locus of control: its functional positioning and its positioning in a company’s hierarchical structure. While some authors see the functional positioning of the locus of control in business departments (Cheong and Chang, 2007; Friedman, 2007; NCC, 2006), others prefer the locus of control to be in a company’s IS/IT department (CDI Institute, 2006; Delbaere and Ferreira, 2007). Quite often, however, there are many authors suggesting that some kind of shared responsibility should be established for data governance. As Seiner (Seiner, 2007) puts it: “When I get asked if Data Governance should ‘reside’ in the business areas or the IT area, my answer is always ... ‘Yes’. It should reside in both.” Regarding the hierarchical positioning of the locus of control for data governance, also no clear trend can be identified when looking at the opinions of relevant authors. Many of them suggest data governance to be located both on the executive management level and on the middle management level (Pierce et al., 2008; Vaygan et al., 2007).
The second structural dimension regarding data governance organisation as specified by the morphology relates to its organisational form. To this question a number of contributions can be found in literature which – in analogy to research on IT governance (Weill and Ross, 2005) – suggest that a
“continuum” be created between centralised and decentralised organisation of data governance (CDI Institute, 2006; Khatri and Brown, 2010; Otto and Reichert, 2010; Weber et al., 2009b). Other authors point out that no one-and-only organisational form of data governance can be determined, as data governance “must support the needs of all the participants across the enterprise” (Loshin, 2007), which is why very often virtual forms of organisation can be found in practice (Bitterer and Newman, 2007; Friedman, 2007). Weber et al. propose to take advantage of a shared-service organisation (2009a), especially in order to make the effectiveness of data governance measurable through the use of service level agreements (SLAs).
The third structural dimension regarding data governance organisation as specified by the morphology is about Roles and Committees. There have been numerous contributions on the necessity and the responsibilities of data stewards, for example. From all suggestions made in literature, six basic roles and committees can be specified. Data governance always requires a sponsor on the level of the executive management (Bitterer and Newman, 2007; Karel, 2007; Sarsfield, 2009; Weber et al., 2009b). The sponsor fosters data governance throughout the company and grants the “mandate” for action. Since data governance typically affects a company as a whole, quite frequently a so-called data governance council (Cheong and Chang, 2007; Dyché, 2007; Laurent, 2005; McGilvray, 2007; Redman, 2005) can be found, which is supposed to balance and match different interests of different stakeholders in data management, and which is also supposed to make binding decisions. The data governance council is composed of the data owners and the lead data steward. Many authors point out the importance to distinguish between these two roles (Berson and Dubov, 2007; Bitterer and Newman, 2007; DAMA, 2009). While data owners are “accountable” for the immediate correctness and consistency of certain data, data stewards develop and provide the rules for the handling of this data, i.e. they are “responsible” for the overall data management.
Bitterer and Newman (2007) use a metaphor to differentiate between the two roles, comparing the data owner to “a king who owns the land, but does not do anything with it, apart from riding horses on the land”, whereas the data steward is compared to “a farmer who takes care of the land by growing crops, watering plants, ploughing fields and so on.” The group of data stewards can be further divided into a lead data steward and several business data stewards and technical data stewards. For the role of the lead data steward a number of synonyms are used in literature, such as “corporate data steward” (CDI Institute, 2006; Russom, 2006) or “chief data officer” (Griffin, 2008).
5 Critical Appraisal
Six mini case studies (see Table 4) are used to assess the morphology of the organisation of data governance by means of empirical data from the phenomenon’s natural context.
To some extent, the mini case studies reveal a high level of congruence between the goals and structures of the cases analysed and the specifications of the morphology of data governance organisation. All manifestations of the data governance goals and the date governance structure, the two major dimensions of the morphology, can be found in the real-world cases as well. What the appraisal also shows is that there is great similarity regarding the manifestations of the two dimensions across all cases analysed. In all cases, data governance is located on the third or fourth management level, the functional goals are similar, and the organisational form of the data governance structure is more or less of a centralised nature. On the other hand, the mini case studies reveal also differences between the cases analysed and the concepts developed in the morphology. Although data governance is considered to have significant business impact on companies, a direct relation between data governance and business goals can only be found in Case D (yet without any goal quantification). What can be found are goals that relate to data quality and to service level agreements (SLAs). Another difference refers to the involvement of the executive management when it comes to data governance, which is seen as critical by authors from both the scientific and the practitioners’ community, but which cannot be confirmed in any of the six cases. As already mentioned above, the mandate for action is located on the middle management level. Also, there is no example of data
governance being executed in a decentralised form, although in literature quite frequently a continuum is demanded between centralised and decentralised approaches. One possible explanation for this may be that data governance often refers to the management of corporate data (i.e. data that is used across the entire company), which seems to be difficult to accomplish by means of a decentralised approach. The focus on corporate data is also confirmed by the fact that four of the six companies apply data governance explicitly for the management of their master data. Finally, there is a difference with regard to the establishment of committees for data governance. Three of the six companies do without any special committees for data governance, although in literature the importance of committees (data governance council, for example) is an aspect that is stressed quite frequently.
DG goals Case Formal goals Functional goals A No formal DQ, data
quantified goals; lifecycle, data DQ index and data arch., software lifecycle time tools, training measured
B No formal Business: Data
quantified goals definitions,
ownership, data lifecycle, data arch.; IS/IT: Data models, IT arch., projects, DQ
C No formal Data ownership,
quantified goals, data lifecycle, data lifecycle time DQ, service level measured, SLAs management, with internal project support customers planned D Alignment with DQ standards and
business strategic rules, data quality goals, no measuring, quantification ownership, data
models and arch., audits
E Alignment with Data strategy,
business drivers, rules and formalisation standards, through SLAs ownership, DQ
assurance, data & system arch. F No formal
quantified goals
Locus of control Business (IM and SCM), 3rd level
DG structure Org. form Central MDM dept., virtual global
organisation Central project organisation, virtual
organisation
Roles, committees MDM council, data owners, lead steward, technical steward
Steering
committee, master data owner,
master data officer
Business (corporate
accounting), 3rd level
Business (shared Central data
th
service centre), 4 management org.; level virtual global
organisation
Hybrid (both central IT and business), 3rd and 4th level Central
organization, supported by projects
Business (shared Shared service
th
service centre), 4 level
MDM strategy, IS/IT, 3rd level Central monitoring, organisation, organisation, supported by processes, and projects data arch., system arch., application dev.
Key: DG - Data governance; Org. - Organisational; DQ - Data quality; arch. - architecture; IM - Information Management; SCM - Supply Chain Management; MDM - Master Data Management, dept. - department; IS - Information Systems; IT - Information Technology; SLA - Service Level Agreement.
DG manager, DQ manager, data owner, data stewardship manager, data steward; no committee “Data
responsible”, data architect, data manager, DQ manager, no committee Head of MDM, data owners, lead stewards (per domain), regional MDM heads, data architect; no committee Head of MDM, data owners, DG council, data architect
Table 4. Critical appraisal through mini case studies.
6 Conclusion
This paper develops a morphology of the organisation of data governance. The morphology constitutes an analytic theory that serves for structuring the research topic of data governance, an area for which only few scientific findings have been produced so far. The morphology contributes to the advancement of the scientific state of the art by forming a basis for further studies. For example, the morphology allows identifying and evaluating “archetypes” of data governance and it allows for detailed analysis of contingency factors. The practitioners’ community will also benefit from the morphology, as it is structuring a complex phenomenon for which only isolated solutions have been proposed so far. Companies that want to organise data governance can use the morphology as a guideline or checklist. Limitations of the paper lie in the nature of analytic theories (cf. Gregor, 2006). Analytic theories form only a starting point for future research. The next research steps could include, for example, investigations into the impact of the model on the design of data governance organisation and quantitative analyses of the archetypes mentioned above.
References
Ardagna, C. A., De Capitani di Vimercati, S., Paraboschi, S., Pedrini, E. and Samarati, P. (2009). An
XACML-based privacy-centered access control system. In Proceedings of the 1st ACM Workshop on Information Security Governance, Chicago, IL (USA), 2009-11-13, pp. 49-57.
Baskerville, R. (1997). Distinguishing Action Research from Participative Case Studies. Journal of
Systems and Information Technology, 1 (1), pp. 25-45.
Berson, A. and Dubov, L. (2007). Master Data Management and Customer Data Integration for a
Global Enterprise. McGraw-Hill, New York.
Beynon-Davies, P. (2005). Personal Identification in the Information Age: The Case of the National
Identity Card in the UK. In Proceedings of the 13th European Conference on Information Systems, Regensburg (Germany), Art. 27.
Beynon-Davies, P. (2009). The UK National Identity Card. In Proceedings of the 29th International
Conference on Information Systems, Phoenix, AZ (USA), Art. 29.
Bitterer, A. and Newman, D. (2007). Organizing for Data Quality. Gartner, Inc., Stamford, CT (USA). Boynton, A. C., Jacobs, G. C. and Zmud, R. W. (1992). Whose Responsibility is IT Management?
Sloan Management Review, 33 (4), pp. 32-38.
Brown, C. V. (1997). Examining the Emergence of Hybrid IS Governance Solutions: Evidence from a
Single Case Site. Information Systems Research, 8 (1), pp. 69-94.
Brown, C. V. and Magill, S. L. (1994). Alignment of the IS Functions with the Enterprise: Toward a
Model of Antecedents. MIS Quarterly, 18 (4), pp. 371-403.
Caldwell, F. (2008). Risk intelligence: applying KM to information risk management. VINE: The
journal of information and knowledge management systems, 38 (2), pp. 163-166.
CDI Institute (2006). Corporate Data Governance Best Practices. CDI Institute, Burlingame, CA
(USA).
Cheong, L. K. and Chang, V. (2007). The Need for Data Governance: A Case Study. In Proceedings
of the 18th Australasian Conference on Information Systems, Toowoomba (Australia), 2007-12-06, pp. 999-1008.
DAMA (2009). DAMA Data Management Body of Knowledge (DMBOK): Functional Framework.
DAMA International, Lutz, FL (USA).
Dan, A., Johnson, R. and Arsanjan, A. (2007). Information as a Service: Modeling and Realization. In
Proceedings of the International Workshop on Systems Development in SOA Environments, (no place given), 2007-05-20.
Delbaere, M. and Ferreira, R. (2007). Addressing the data aspects of compliance with industry models.
IBM Systems Journal, 46 (2), pp. 319-334.
Dember, M. (2006). 7 Stages for Effective Data Governance. Architecture & Governance Magazine, 2
(4).
Dreibelbis, A., Hechler, E., Milman, I., Oberhofer, M., van Run, P. and Wolfson, D. (2008). Enterprise
Master Data Management: An SOA Approach to Managing Core Information. Pearson Education, Boston, MA (USA).
Dyché, J. (2007). A Data Governance Manifesto: Designing and Deploying Sustainable Data
Governance. Baseline Consulting, Los Angeles, CA (USA).
Dyché, J. and Levy, E. (2006). Customer Data Integration. John Wiley, Hoboken, NJ (USA).
Economist Intelligence Unit (2008). The future of enterprise information governance. The Economist
Intelligence Unit Limited, London (UK).
Ein-Dor, P. and Segev, E. (1978). Organizational Context and the Success of Management
Information Systems. Management Science, 24 (10), pp. 1064-1077.
Ferguson, M. (2007). Accelerating Enterprise Data Governance. Intelligent Business Strategies,
Cheshire (UK).
Fisher, T. (2009). The Data Asset: How Smart Companies Govern Their Data For Business Success.
John Wiley, Hoboken, NJ (USA).
Friedman, T. (2007). Best Practices for Data Stewardship. Gartner, Inc., Stamford, CT (USA).
Galbraith, J. R. (1974). Organization Design: An Information Processing View. Interfaces, 4 (3), pp.
28-36.
Galbraith, J. R. (2002). Designing organizations: an executive guide to strategy, structure, and process.
Jossey-Bass, San Francisco, CA (USA).
Gates, C. and Bishop, M. (2010). The Security and Privacy Implications of Using Social Networks to
Deliver Healthcare. In Proceedings of the 3rd International Conference on Pervasive Technologies Related to Assistive Environments, Samos (Greece), 2010-06-23.
Gillies, A. and Howard, J. (2005). An international comparison of information in adverse events.
International Journal of Health Care Quality Assurance, 18 (5), pp. 343-352.
Glaser, B. G. (1965). The Constant Comparative Method of Qualitative Analysis. Social Problems, 12
(4), pp. 436-445.
Gregor, S. (2006). The Nature of Theory in Information Systems. MIS Quarterly, 30 (3), pp. 611-642. Griffin, J. (2006). The Data Governance Component of EDM. DM Review, (November), pp. 35. Griffin, J. (2008). The Role of the Chief Data Officer. DM Review, (February), pp. 28.
Grochla, E. (1982). Grundlagen der organisatorischen Gestaltung. Poeschel, Stuttgart (Germany). Hewlett-Packard (2007). Managing data as a corporate asset: three action steps toward successful data
governance. Hewlett-Packard Development Company.
Hopwood, P. (2008). Data Governance: One Size Does Not Fit All. Vol. 2008 DM Review Magazine. Hüner, K. M., Ofner, M. and Otto, B. (2009). Towards a Maturity Model for Corporate Data Quality
Management. In Proceedings of the 24th ACM Symposium on Applied Computing, Honolulu, HI (USA).
IBM (2007). The IBM Data Governance Council Maturity Model: Building a roadmap for effective
data governance. IBM Corporation, Somers, NY (USA).
Informatica (2006). Putting Metadata to Work to Achieve the Goals of Data Governance. Informatica
Corporation, Redwood City, CA (USA).
Karel, R. (2007). Data Governance: What Works And What Doesn’t. Forrester Research, Inc.,
Cambridge, MA (USA).
Kerr, K. (2006). The Institutionalisation of Data Quality in the New Zealand Health Sector.
Dissertation, The University of Auckland, Auckland (New Zealand).
Kerschbaum, F. and Schaad, A. (2008). Privacy-Preserving Social Network Analysis for Criminal
Investigations. In Proceedings of the 7th ACM Workshop on Privacy in the Electronic Society, Alexandria, VA (USA), 2008-10-27, pp. 9-13.
Kerschbaum, F. and Vayssière, J. (2008). Privacy-preserving data analytics as an outsourced service.
In Proceedings of the ACM Workshop on Secure Web Services, Fairfax, VA (USA), 2008-10-31, pp. 87-95.
Khatri, V. and Brown, C. V. (2010). Designing Data Governance. Communications of the ACM, 53
(1), pp. 148-152.
Laurent, W. (2005). The Case for Data Stewardship. DM Review, (February), pp. 26-28.
Lawrence, P. R. and Lorsch, J. W. (1967). Organization and Environment. Harvard University Press,
Boston, MA (USA).
Lee, Y. W., Pipino, L. L., Funk, J. D. and Wang, R. Y. (2006). Journey to Data Quality. MIT Press,
Boston.
Lomas, E. (2010). Information governance: information security and access within a UK context.
Records Management Journal, 20 (2), pp. 182-198.
Loshin, D. (2007). Data Governance for Master Data Management and Beyond. DataFlux. Loshin, D. (2008). Master Data Management. Elsevier, Burlington, MA (USA).
Lucas, A. (2010). Corporate Data Quality Management in Context. In Proceedings of the 15th
International Conference on Information Quality, Little Rock, AR (USA), 2010-11-13.
McGilvray, D. (2007). Data Governance: A Necessity in an Integrated Information World, Part 2. DM
Review, (January), pp. 25-30.
NCC (2006). Data Governance - Results of the Rapid Survey. The National Computing Centre Ltd.,
Manchester (UK).
Ojo, A., Janowski, T. and Estevez, E. (2009). Semantic interoperability architecture for electronic
government. In Proceedings of the 10th Annual International Conference on Digital
Government Research: Social Networks: Making Connections between Citizens, Data and Government, Puebla (Mexico), 2009-05-17, pp. 63-72.
Ossher, H., Bellamy, R., Simmonds, I., Amid, D., Anaby-Tavor, A., Callery, M., Desmond, M., de
Vries, J., Fisher, A. and Krasikov, S. (2010). Flexible Modeling Tools for Pre-Requirements Analysis: Conceptual Architecture and Research Challenges. In Proceedings of the ACM International Conference on Object Oriented Programming Systems Languages and Applications, Reno/Tahoe, NV (USA), pp. 848-864.
Österle, H. and Otto, B. (2010). Consortium Research: A Method for Researcher-Practitioner
Collaboration in Design-Oriented IS Research. Business & Information Systems Engineering, 2 (5), pp. 283-293.
Otto, B. and Reichert, A. (2010). Organizing Master Data Management: Findings from an Expert
Survey. In Proceedings of the 25th ACM Symposium on Applied Computing, Sierre (Switzerland), 2010-03-22, pp. 106-110.
Otto, B., Wende, K., Schmidt, A. and Osl, P. (2007). Towards a Framework for Corporate Data
Quality Management. In Proceedings of the 18th Australasian Conference on Information Systems, Toowoomba (Australia), 2007-12-06, pp. 916-926.
Panian, Z. (2010). Some Practical Experiences in Data Governance. World Academy of Science,
Engineering and Technology Management, (62), pp. 939-946.
Pearson, S. (2009). Taking Account of Privacy when Designing Cloud Computing Services. In
Proceedings of the ICSE Workshop on Software Engineering Challenges of Cloud Computing, Vancouver (Canada), 2009-05-23, pp. 44-52.
Pierce, E., Dismute, W. S. and Yonke, C. L. (2008). The State of Information and Data Governance -
Understanding How Organizations Govern Their Information and Data Assets. IAIDQ and UALR-IQ, Little Rock, AR (USA).
Power, D. (2008). The Politics of Master Data Management & Data Governance. DM Review,
(March), pp. 24-38.
Redman, T. C. (2005). A Comprehensive Approach to Data Quality Governance. Navesink Consulting
Group, Little Silver, NJ (USA).
Rifaie, M., Alhajj, R. and Ridley, M. (2009). Data Governance Strategy: A Key Issue in Building
Enterprise Data Warehouse. In Proceedings of the 11th International Conference on
Information Integration and Web-based Applications & Services, Kuala Lumpur (Malaysia), 2009-12-14, pp. 587-591.
Ritchey, T. (2006). Problem structuring using computer-aided morphological analysis. Journal of the
Operational Research Society, 57 (7), pp. 792-801.
Rosenbaum, S. (2010). Data Governance and Stewardship: Designing Data Stewardship Entities and
Advancing Data Access. Health Services Research, 45 (5), pp. 1442-1455.
Russom, P. (2006). Taking Data Quality to the Enterprise through Data Governance. The Data
Warehousing Institute, Seattle, WA (USA).
Sambamurthy, V. and Zmud, R. W. (1999). Arrangements for Information Technology Governance: A
Theory of Multiple Contingencies. MIS Quaterly, 23 (2), pp. 261-290.
Sarsfield (2009). The Data Governance Imperative: A Business Strategy for Corporate Data. IT
Governance Publishing, Cambridgeshire (UK).
Seiner, R. S. (2007). The Data Stewardship Approach to Data Governance: Chapter 4 -
Organizationally, Where Does Data Governance Fit? TDAN.com.
Simpson, A., Power, D. and Slaymaker, M. (2006). On tracker attacks in health grids. In Proceedings
of the 21st ACM Symposium on Applied Computing, Dijon (France), 2006-04-23, pp. 209-216.
Stell, A., Sinnott, R. and Ajayi, O. (2008). Supporting UK-wide e-Clinical Trials and Studies. In
Proceedings of the 15th ACM Mardi Gras Conference, Baton Rouge, LA (USA), 2008-01-29.
Thomas, G. (2006). The DGI Data Governance Framework. The Data Governance Institute, Orlando,
FL (USA).
Vaygan, J. A., Garfinkle, S. M., Walenta, C., Healy, D. C. and Valentin, Z. (2007). The internal
information transformation of IBM. IBM SYSTEMS JOURNAL, 46 (4), pp. 669-683.
Waddington, D. (2008). Adoption of Data Governance by Business. DM Review, (December), pp. 32-34.
Weber, K. (2009). Data Governance-Referenzmodell: Organisatorische Gestaltung des
unternehmensweiten Datenqualitätsmanagements Dissertation, Institute of Information Management, University of St. Gallen, St. Gallen (Switzerland).
Weber, K., Otto, B. and Österle, H. (2009a). Data Governance: Organisationskonzept für das
konzernweite Datenqualitätsmanagement. In Proceedings of the 9. Internationale Tagung Wirtschaftsinformatik (Vol. 1), Wien (Austria), pp. 589-598.
Weber, K., Otto, B. and Österle, H. (2009b). One Size Does Not Fit All – A Contingency Approach to
Data Governance. ACM Journal of Data and Information Quality, 1 (1), Art. 4.
Weill, P. and Olson, M. H. (1989). Managing Investment in Information Technology: Mini Case
Examples and Implications. MIS Quarterly, 13 (1), pp. 3-17.
Weill, P. and Ross, J. (2005). A Matrixed Approach to Designing IT Governance. MIT Sloan
Management Review, 46 (2), pp. 25-34.
Wende, K. (2007). A Model for Data Governance – Organising Accountabilities for Data Quality
Management. In Proceedings of the 18th Australasian Conference on Information Systems, Toowoomba (Australia), 2007-12-06, pp. 417-425.
Wende, K. and Otto, B. (2007). A Contingency Approach to Data Governance. In Proceedings of the
12th International Conference on Information Quality, Cambridge, MA (USA), 2007-11-10.
Wenk, D. and Bertrand, C. (2005). Data Governance: Regulatory Compliance and Business
Continuity. Hitachi Data Systems Corporation, Santa Clara, CA (USA).
White, A., Radcliffe, J., Steenstrup, K., Bitterer, A., Beyer, M. A., Wilson, D., Rayner, N., Chandler,
N. and Newman, D. (2008). Hype Cycle for Master Data Management, 2008. Gartner, Inc., Stamford, CT (USA).
Wilde, T. and Hess, T. (2006). Methodenspektrum der Wirtschaftsinformatik: Überblick und
Portfoliobildung. Munich School of Management, Institute for Information Systems and New Media, Munich (Germany).
Williams, C. B., Fedorowicz, J. and Tomasino, A. P. (2010). Governmental Factors Associated with
State-wide Interagency Collaboration Initiatives. In Proceedings of the 11th Annual
International Conference on Digital Government Research, Puebla (Mexico), 2010-05-17, pp. 14-22.
Williams, P. (2008). A practical application of CMM to medical security capability. Information
Management & Computer Security, 16 (1), pp. 58-73.
因篇幅问题不能全部显示,请点此查看更多更全内容