Information Governance for Smarter Government Strategy and Solutions

© 2011 IBM Corporation

Information Agenda Information Management

May 24, 2012

Information Governance for Smarter Government Strategy and Solutions


Information Management

2

Questions from Legislature

How many children under 15 also have children utilizing our services?

How many people over 100 years of age receive benefits?

How many indigenous people receive income support payments?

Why is Governance Important?

Data Profiling by Business Intelligence department

Several one-year old children also had children

Number of people over 100 years of age exceeded the number of people from the

national census

The percentage of indigenous people receiving income support payments was

significantly lower than the average population

Outcomes

Focus on Date of Birth and Race as critical data elements

People creating the mess (front office) were not the people consuming the mess

(Business Intelligence)



3 3

The Information Challenge Is Only Making It Harder…

An Explosion In Volume, Variety & Velocity

Inefficient Access 1 in 2 don’t have access to the information across their

organization needed to do their jobs

Lack of Insight 1 in 3 managers frequently make

decisions without information they need

Inability to Predict 3 in 4 leaders say more predictive

information would drive better decisions

Variety of Information

Volume of Digital Data

Velocity of Decision Making

Source: IBM Institute for Business Value

“…40 exabytes of data created in 2008…

more than created in the previous 5,000 years combined…”

•Scope & Size of Data Sets

• Complexity, Connectedness and Growth Rates

• Context & Importance Of Integration



4

People Process Technology

INFORMATION GOVERNANCE

Proactively leveraging information to unlock value and manage risk Guide decision-making

Ensure information is consistently defined and understood

Increase the use and trust of data as an enterprise resource

Protect data and comply with regulatory requirements

Objectives of an Information Governance Program

Information Governance is the exercise of decision rights to

optimize, secure and leverage data as an enterprise asset.



5

Information

Governance Govern

Quality Security & Privacy

Lifecycle Standards

Transactional &

Collaborative

Applications

Business Analytics

Applications

External

Information

Sources

Success requires governance across the “Information Supply Chain”

Analyze

Integrate

Manage Cubes

Streams

Big Data

Master Data

Content

Data

Streaming

Information

Data Warehouses

Content Analytics

……a holistic approach



6

IBM’s thought leadership history in Information Governance

Enhances

Requires

Supports

The organization processes for monitoring and measuring the data value, risks, and efficacy of governance.

Audit and Reporting

The methods and tools used to create common semantic definitions for business and IT terms, data models, types, and repositories. Metadata that bridge human and computer understanding.

Data Classification / Metadata

The architecture design of structured and unstructured data systems and applications that enable data availability and distribution to appropriate users.

Data Architecture

Stewardship is a quality control discipline designed to ensure custodial care of data for asset enhancement, risk mitigation, and organizational control.

Stewardship

Describes the level of mutual responsibility between business and IT, and recognition of the fiduciary responsibility to govern data at different levels of management.

Organization

Policy is the written articulation of desired organizational behaviour.

Policy

Describe the policies, practices, and controls used by an organization to mitigate risk and protect data assets.

Security / Privacy / Compliance

Manage a systemic policy-based approach to information collection, use, retention, and deletion.

Information Life Cycle

Methods to measure, improve, and certify that quality and integrity of production, test, and archival data.

Data Quality

The methodology by which risks are identified, qualified, quantified, avoided, accepted, mitigated, or transferred out.

Data Risk Management

The process by which data assets are qualified and quantified to enable the business to maximize value created by data assets.

Value Creation

DescriptionCategory

The organization processes for monitoring and measuring the data value, risks, and efficacy of governance.

Audit and Reporting

The methods and tools used to create common semantic definitions for business and IT terms, data models, types, and repositories. Metadata that bridge human and computer understanding.

Data Classification / Metadata

The architecture design of structured and unstructured data systems and applications that enable data availability and distribution to appropriate users.

Data Architecture

Stewardship is a quality control discipline designed to ensure custodial care of data for asset enhancement, risk mitigation, and organizational control.

Stewardship

Describes the level of mutual responsibility between business and IT, and recognition of the fiduciary responsibility to govern data at different levels of management.

Organization

Policy is the written articulation of desired organizational behaviour.

Policy

Describe the policies, practices, and controls used by an organization to mitigate risk and protect data assets.

Security / Privacy / Compliance

Manage a systemic policy-based approach to information collection, use, retention, and deletion.

Information Life Cycle

Methods to measure, improve, and certify that quality and integrity of production, test, and archival data.

Data Quality

The methodology by which risks are identified, qualified, quantified, avoided, accepted, mitigated, or transferred out.

Data Risk Management

The process by which data assets are qualified and quantified to enable the business to maximize value created by data assets.

Value Creation

DescriptionCategory

1

2

6

7

8

9

10

11

4

5

3

The IBM leading practice Information Governance Framework is composed of eleven disciplines of governance across 4 distinct focus layers.



7

Good governance requires process and accountability IBM Information Governance Unified Process

Define

Business

Problem

Obtain

Executive

Sponsorship

Conduct

Maturity

Assessment

Build

Roadmap

Establish

Organization

Blueprint

Build

Business

Glossary

Understand

Data

Create

Metadata

Repository

Define

Metrics

Govern

Lifecycle

Management

Govern

Security &

Privacy

Govern

Analytics

Measure

Results = Enable through Process

= Enable through Process & Technology

Govern

Master Data

Management

Govern Data

Quality



8

Where do we get started?

Define

Business

Problem

Obtain

Executive

Sponsorship

Conduct

Maturity

Assessment

Build

Roadmap

Establish

Organization

Blueprint

Define

Metrics

Measure





9

Obtain executive sponsorship

Information Governance will only succeed if the

process engages the right stakeholders from IT

and the business

Identify an owner of the Information Governance program – Processes will generally fail if it isn’t an owned responsibility

Identify additional stakeholders – As a general rule, it is any function that relies on

information for effective performance

Establish the business case

Focus on “quick hits”, measure outcomes and

show success – Improve data quality to support better customer activities

– Manage data lifecycle to reduce costs of storage

– Monitor database activity to protect data and

enhance compliance



10

Case Study: Information Governance over date of death and mailing address at a social services agency

A social services agency found that:

A number of individuals continued to receive payments, and did not inform the agency

when a family member passed away.

Because 20 different parts of the organization needed to be notified when a person died,

it was always possible that a death would be “lost in the mix.”

In addition, the agency knew that the quality of its customer mailing addresses was

poor.

As a result:

The agency was paying extra fees to the postal service for returned mail.

Because the location of an individual was a critical factor in the formula for income

support payments, the agency was potentially over-paying persons who had moved but

did not update their mailing address.

Finally, the agency had to deal with privacy issues if letters were sent to the wrong

address.



11

Case Study: Information Governance over date of death and mailing address at a social services agency

The agency established an information governance program to:

Improve the quality of data for just two attributes: date of death and mailing address.

It created a special team that pored over newspaper records to identify deaths that had

not been recorded in its systems.

The team also used data quality tools to standardize mailing addresses. Finally, the

team began to validate mailing addresses with a standardized list from the postal service.

Because of these activities, the social services agency was able to reduce fraud and the

costs of serving its constituents by a significant percentage.



12

Establish Organizational Blueprint Define the Information Governance charter

Define the organization structure for information

governance

Establish the Information Governance council

Establish the Information Governance working group

Identify data stewards

Conduct regular meetings

– Information Governance council

– Information Governance working group

“ Remember that when Information Governance roles are created, they should be explicitly

made part of the job, and the individuals assigned to them must be accountable for their

performance in those roles. It's not good enough to say ‘we know you have a day job,

but we'd like you to be responsible for this information as well’.

Gartner Research, Q&A: Information Governance, Anne Lapkin, Debra Logan, Jan 19, 2011



13

Ownership of Information Governance Programs in Government

• Social services agency – The data quality team, within the business integrity branch,

had ownership for information governance. The data quality team developed a close

working relationship with the information technology branch that acted as the data

custodian.

• Local child welfare services agency – The information technology team assumed

ownership for the information governance program that had an intense focus on

improving the privacy of sensitive data regarding child services. The objective was to

hand over ownership of the program to the office of privacy once there was widespread

organizational buy-in to the severity of the problem.

• Provincial health system – The director of client registry was a newly created position

with responsibility to establish a common patient master record across the province. The

director was also accountable for the quality of data within the patient registry.

• Veterans agency – The information committee was chaired by the deputy commissioner

with representatives across the business. The data integrity sub-committee was

responsible for data quality issues.



14

Define Metrics

Data Governance Metrics Goal Oct

2011

Sept

2011

Aug

2011

July

2011

June

2011

May 2011

(Baseline)

Percent of customer duplicates in Unica 5% 9% 10% 11% 12% 13% 14%

Percent of customer duplicates in Oracle 3% 4% 5% 7% 7% 8% 14%

Percent of public domain email addresses Unica 13% 11% 13% 15% 18% 21% 23%

Percent of non-validated email addresses in Unica 8% 10% 10% 11% 11% 12% 15%

Percent of null bill-to email addresses in Oracle 2% 6% 8% 12% 15% 18% 22%

4. Develop rules for

measuring data elements

2. Define your KPI’s and critical

data element measurements

5. Establish the acceptable

threshold or goal with the Data

Governance Council

6. Report periodic progress to the Data

Governance Council.

3. Discover location of

critical data elements

1. Plan for metrics within

your governance initiative



15

Define

Business

Problem

Obtain

Executive

Sponsorship

Conduct

Maturity

Assessment

Build

Roadmap

Establish

Organization

Blueprint

Build

Business

Glossary

Understand

Data

Create

Metadata

Repository

Define

Metrics

Govern

Lifecycle

Management

Govern

Security &

Privacy

Govern

Analytics

Measure



Govern

Master Data

Management

Govern Data

Quality

Product Mapping – Unified Governance Process Support

InfoSphere

Blueprint

Director

InfoSphere

Business

Glossary

InfoSphere

Information

Analyzer /

Discovery

InfoSphere

Metadata

Workbench

IBM Cognos

InfoSphere

Information

Server

InfoSphere

MDM Server /

Initiate

InfoSphere

Optim /

Guardium

InfoSphere

Optim

IBM

Cognos



16

Using the right tools – and using the tools right!



17

Understanding data quality You can’t manage what you don’t understand

Understand the structure and content of heterogeneous data

Apply business rules to test and verify data quality

Understand complex, poorly documented data relationships

Develop a shared understanding of the data you have

Discover the location and extent of sensitive data

?

? ?

? ?

? ?

?

? ? ?

?

?

?

?

?

?

?

? ?

?

? ?

?

? ?

?

?

?

?

Distributed Data Landscape



18

Governments must tame the chaos of their data

What’s the Problem?

– There’s too much information, and you can’t tell what’s important or reliable

– Multiple versions of the truth lead to problems with regulatory compliance and

problems managing customer, product and partner interactions

– Lack of business agility to identify and take advantage of opportunities

The Data Quality Challenge and Desired Outcome

• Redundancies • Lack of standards • Unlinked records • Incorrect data

Complete & accurate view of information

It’s essential to cleanse your data then continually manage it to retain high quality



19

Case Study Security and Privacy at Child Welfare Agency

The department received a complaint from a relative who cared for a family member’s

child.

On numerous occasions she requested that her home address, telephone number and

other details about the child remain private. The complainant was concerned about the

child’s parents’ criminal history, violence and drug use.

The complainant’s address details were included in documentation and sent to the

child’s parents by the department. As a result, the complainant moved house because

of safety concerns. She complained to the department which provided her with some

financial assistance as a result of the move.

The complainant requested that her new address be recorded as ‘withheld’ by the

department. However, the department failed to comply with this request.

The department subsequently sent documentation to the child’s parents which included

the complainant’s new address details as well details concerning the child. The

complainant requested compensation to cover the cost of insurance and security

measures for her home, as well as increased rental costs.

The complainant’s payout was then reassessed and she was provided with a higher

level of compensation.



20

Establish Metadata Repository to demonstrate the lineage of data



21

Metadata

Case Study: Multiple definitions for “child” at a social services department

A social services department had 14 different definitions for the term “child.” In some

instances, the legislation would define a child as being under 16 years of age. In other

instances, the legislation would define a child as being under 18 years of age to

determine their eligibility for homeless benefits.

The business glossary at the social services agency included all the 14 definitions of child

along with a reference to the specific page in the legislation that defined the term.

Every government entity struggles with the inconsistency of data definitions

For example, a government health department had different hospitals in the same area using different testing codes for the same procedure

In many cases, the proliferation of definitions is compounded by the fact that different pieces of legislation define the same term differently to achieve a multitude of social and economic goals (see case study)



22

Metadata Benefits

A. Number of new applications per year 100

B. Number of hours by business analysts per application per year 200

C. Number of hours by data modelers per application per year 200

D. Average hourly cost of a business analyst $40

E. Average hourly cost of a data modeler $25

F. Total application development cost for analysts and data modelers

{(AxBxD)+(AxCxE)} $1,300,000

G. Number of developer hours spent on data discovery per application 100

H. Average hourly cost of a developer $30

I. Total annual cost of data discovery (AxGxH) $300,000

J. Conservative savings from efficiency improvements based on a metadata

platform 25%



23

Metadata Benefits (Cont’d.)

K. IT savings from a metadata platform in year 1 (F+I)xH $400,000

L. Number of users of business reports 5,000

M. Total number of working hours per year 2,000

N. Percentage of time spent on reviewing reports 5%

O. Percentage of report-viewing time that can be saved based on access to common

data definitions and data lineage

3%

P. Cost per hour of business users $50

Q. Business savings from a metadata platform in year 1 (LxMxNxOxP) $750,000

R. Total financial benefits to IT and the business from a metadata platform in year 1

(K+Q)

$1,150,000



24

Designate Enterprise Master Data

What is “Master Data Management”?

Disciplines, Technologies, Processes …

… that accommodate, control and manage master data, across the organization

Master Data Management – Foundational to Information Governance

Customer

Support

Sales

Claims

INFORMATION

Bill

35 West 15th Street

Toledo

Jones

OH / 12345

M

50

1/1/65

First:

Last:

Address:

City:

State/Zip:

Gender:

Age:

DOB:

CRM

B. Jones

Toledo, OH 12345

35 West 15th Street

Name:

Address:

Address:

ERP

William Jones

Toledo, OH 12345

35 West 15th St.

Name:

Address:

Address:

Legacy

Billie Jones

Toledo, OH 12345

36 West 15th St.

Name:

Address:

Address:

SOURCE SYSTEMS ENTERPRISE

APPLICATIONS MASTER DATA

MANAGEMENT



25

Improve the quality of data to support citizen-centric initiatives

Several state and local governments are implementing different flavors of “single view”

initiatives. For example, some social services agencies provide a single view of all their

services to the citizen. The objective is to allow caseworkers to view a person’s family

history, financial information, employment background, and eligibility for programs such

as food stamps and public healthcare.

In another scenario, a single view of the client might be shared across divisions in a

human services department so that services can be offered based on a “client-journey.”

As a result, a single view of a homeless person might be tracked across employment

services, housing services, complex needs, and disability. In yet another scenario, child

services needs to ensure that children are paired with the appropriate caregivers and not

exposed to individuals that might do them harm.

These projects are typically quite challenging because most health and human services

organizations need to collect data about their clients from service providers, other

agencies, and non-governmental organizations. This data is often in different formats and

requires information governance policies to link client data across silos.



26

Volume and run rate costs are probably doubling every 3 years

While information governance capabilities haven’t improved – resulting in a vicious cycle

Data Volume and Storage Growth Are Cost Crisis and Risk Driver

Run Rate May Be Growing Faster than Budget

Storage OpEx 2008: 2014F ($ M)

High Risks & Mitigation Burden

Without capability to align how information is stored with its value, you over spend and over store Processes have not matured to reflect volume, including how we:

Define and execute legal holds and data collection

Communicate and execute retention schedules for electronic information

Ensure transparency and associate information duties and business value with information assets

Provision, decommission and dispose of data

Unable to defensibly dispose of unnecessary data which just increases your costs and risks in a vicious escalation.



27

27

Very Simple Savings Proposition: Dispose of Unnecessary Data

Hold & Collect Evidence

Archive for Value & Dispose

Retain Records & Dispose

Dispose of Data Debris

Cost Reduction and Risk Reduction The value of Defensible Disposal

Change Your Data & Value Curve:

A new definition of Archiving:

Archiving is an intelligent process for effectively

managing inactive, infrequently accessed, or currently

unmanaged data, both structured and unstructured,

while providing the ability to discover, search, and

retrieve it during a specified retention period while it

has value to the organization as a whole and

ideally, to defensibly dispose of it when it does not.



28

A. Number of applications to be retired 10

B. Number of technical staff assigned to maintaining each application

including developers, DBAs, and managers 5

C. Annual cost per employee $60,000

D. Total employee cost for applications to be retired (AxBxC) $3,000,000

E. Annual cost of hardware and storage per application $50,000

F. Total hardware and storage costs for applications to be retired (AxE) $500,000

G. Total annual cost savings from application retirement (D+F) $3,500,000

State and Local Government – Information Governance around Application

Retirement



29

Protecting data is both an external and internal issue

Prevent “power users” from abusing their access to sensitive data (separation of duties)

Prevent authorized users from misusing sensitive data

Prevent intrusion and theft of data

Prevent “power users” from abusing their access to sensitive data (separation of duties)

Prevent authorized users from misusing sensitive data

Prevent intrusion and theft of data

Security makes it possible for us to take risk, and innovate confidently.



30

Business Benefits from Security and Privacy at a Government Agency

Top-level business benefits

Reduce the risk of data breaches for structured data stored in various databases

Improve regulatory compliance by implementing real-time database monitoring controls

to identify policy violations and suspicious activity

The agency identified two categories of quantifiable business benefits associated with the

reduction of risk and operational costs.

Quantifiable business benefits

1. Five-year business case for risk reduction

– Reduction of risk reduction of $10 million per year, or $51 million over five years

– Return on investment was 1,195 percent

– Payback in four months

2. Five-year operational cost benefits

– Reduction of total operational cost by $13 million

– Return on investment was 230 percent

– Payback in 10 months



31

Next Steps in Information Governance

IBM Information Governance Council

– Established Information Governance Council over five years ago

– Developed Maturity Model for Information Governance leveraged by over 250 customers

– Community now exceeds 1500 members

– Join the community www.infogovcommunity.com

– Self assessment

Free workshops and assessments

For more information www.ibm.com/informationgovernance

http://www.infogovcommunity.com/

http://www.ibm.com/informationgovernance



32

Resources: IBM Information Governance Workshop

Focus is on four key disciplines

1. Data Quality

2. Information Lifecycle Management

3. Data Security & Privacy

4. Standards

Workshop Components

Understand Business Objectives & Related Technical Challenges

Conduct an Information Governance Maturity Assessment

Create an Information Governance Roadmap

Quantify Cost Savings with a Business Value Assessment (BVA)



33

Automotive

Information Governance for Smarter Government Strategy and Solutions