Opportunity to apply lessons learnt in my new job

This week I started a new job as Head of Customer Information at Bank of Ireland in Dublin. I am excited at the prospect of applying the lessons I have learnt for the benefit of our customers.

I would like to take this opportunity to thank my fellow data management professionals worldwide for generously sharing their experience with me. I started to write this blog in 2009. My objective was to “Share my experience and seek to learn from the experience of others”. I have certainly learnt from the experience of others, and I hope to continue to do so.

The opinions I express on this blog will continue to be my own. I look forward to continuing to hear yours.

Know your data

You must know your data.

Do you know what’s in your data box of chocolates?

You must know where it is, what it should contain and what it actually contains.

When your data does not contain what it should, you must have a process for correcting it.

CEOs, CFOs and CROs often take the above as “given”.  They make business critical decisions using information derived from data within their organisation.  After all, its applied common sense.

For the insurance industry, Solvency II requires evidence that you are applying common sense.

If you operate in the EU market or process the personal data of EU data subjects, you must comply with the EU General Data Protection Regulation (GDPR) or face severe fines. To comply, you must “know your (personal) data” and how you manage it.

In my experience, data is like a box of chocolates “You never know what you’re gonna get.”

Do you know your data?

My interview with Dylan Jones

Dylan Jones of DataQualityPro interviews me about the process I use to assess common Enterprise wide data issues. Use this process to assess the status of data governance within your organisation or that of a client.

Data Quality Pro interview with Ken O'Connor Data Consultant

Russian Gas Pipe and Data Governance

As you know, Russia supplies Gas to many European countries.

What's flowing through your critical data pipelines?

Do you know what’s in your critical data pipelines?

Could you imagine Italy purchasing gas from Russia without checking what exactly was flowing through the pipe?  I’m no expert on gas pipelines, but I know that before completing the agreement to purchase the gas, Italy and Russia would have agreed metrics such as:

  • Volume of Gas
  • Calorific value (Energy content)
  • etc.

So what? What else would one expect?  Applied common sense… yes?

Why is it that such common sense is often lacking in Data Migration and Data Population projects?  Why do some Enterprises continue to perform data population of, and ongoing data entry to, critical data repositories without fully understanding the data they are pumping into the repository?

A simple example involves Date of Birth.  The business ask the IT function to populate Date of Birth in the new AML / BASEL II / CRM / other repository. Some time later, when data population is complete, the business begin to express concerns:

  • “We never realised we had so many customers aged over 100 ???”
  • “I thought we had more Student customers”
  • “How come so many of our customers share the same birthday ?”
  • “These are not the results we expected”
  • etc.

Performing data population on the basis of what the source data “should contain”, without analysing what exactly it does contain is known as ‘Load and Explode’ approach to Data Population.  I cover this Enterprise Wide Data Issue in more detail here.

We in the “Data Governance”, “Data Quality” industry need to educate the business community on the “common sense” parts of data governance, and the need to engage “Data Governance Professionals”  to ensure that “Data Quality Common Sense” is actually applied.

Feedback welcome – Ken

Business Rules Case Study – Part II

In part one of this case study,  I  discussed questions like:

  1. Why are Business Rules necessary?
  2. What exactly is a Business Rule?
  3. What should happen if the data fails a Business Rule?

I would like to thank the following people for contributing to the discussion to date:

Jim Harris @ocdqblog shared his experience on data migration and data integration projects, and concluded “Sadly, the most common problem was that no business rules were defined at all and the data would be blindly migrated or integrated without even at least some superficial validation checks.” more here.

In Henrik Liliendahl Sørensen’s @hlsdk experience, Business rules divide into External and Internal Business Rules:

  • “External rules that are defined outside your organisation – mostly laws and other regulations you must follow when doing business in a given country (or group of countries like the EU).
  • Internal rules that are defined by and for your business alone – made to make your business competitive.” more here.

Marianne Colwell @emx5 shared recent wins on the project she is currently working on, in which they have captured business rules in a requirements management repository, more here.

Phil Allen would like to know what the most popular choices of software are for handling the recording of Business Rules and what experiences people have had more here.

In part two, I plan to explore:

I will continue to use a case study from an Anti Money Laundering (AML) programme. However, in my experience, all data migration / data population projects face the same challenges.

 

What controls should you have in place to manage Business Rules?

In Sarbannes Oxley (SOX) terms: “If it’s not written down, it doesn’t exist”.  In my experience, you need the following controls to manage business rules:

  1. Business owner (Business responsibility)
    There must be a defined business owner (business area) with responsibility for the data item, and for the business rule(s) relating to it.  The definition must include details of who to contact (the title of a person) with queries regarding the data.
  2. Location of Business rule(s) (Business responsibility)
    The Business owner must identify where the Master business rules are formally documented, and subject to Change Management.  The business owner must also identify where copies of the business rules are held, since they must all be updated when the master copy is updated.
  3. Change Management process for the Master business rules, and copies. (Business responsibility).
    The Business owner must have a documented Change Management process for updates to the Master business rules, and for ensuring that all copies of the business rules are also updated.
  4. Location of source data (Business accountability – Technical responsibility)
    The Business owner must satisfy him/herself that the providers of IT services to the business have a control process in place that identifies where the actual data is held (i.e. the physical location).  If there are a number of physical locations, they should all be recorded, together with details of which is the Master source, which is a replica, and details of the replication process.

Where should you look for Business Rules (if your Enterprise has no Master Business Rules Repository)

Too often, I have worked on data migration/population projects for which there was no master business rules repository.  We had to research the business rules from first principles. If you have to research business rules from first principles, I suggest you consider the following locations.

  • Business Operations Manuals
    Most organisations have some form of operations manuals – in hard or softcopy. Business rules are commonly embedded in this documentation.  Be careful, they are often out of date.
  • Computer System prompt screens / help screens
    The possible/permitted values for a given field are often provided on help screens.
  • Internet sites belonging to the Enterprise
    Internal and external websites are a rich source of business rules.  They can hold product details, fee rates, etc.
    Unfortunately, they are too often out of sync with the Master Business Rules (wherever they are).
  • Data Warehouse(s) within Enterprise
    If you are lucky enough to have a single “Enterprise Data Warehouse”, this is the logical place to find business rules.  In my experience, many enterprises have a number of data bases (often in the Marketing area), at least one of which is referred to as a ‘data warehouse’.
  • Data Protection Area
    In most countries, customers may request details of the data held about them by an Enterprise.  Many Enterprises have a “Data Protection Area” to coordinate gathering the details held about the customer.  Often, the details held contain internal codes, which the Data Protection Area must ‘translate’ into something meaningful for the customer.  In my experience, the “Data Protection Area” translation process is a rich source of Business Rules.
  • Business Rules are often coded into application systems such as:
    • Anti Money Laundering (AML)
    • BASEL II
    • CRM
    • Single view of customer database

The above are all potential sources of Business Rules…however, they share a common characteristic – they are all typically ‘copies’ or replicas of the master business rules.   My experience suggests the following (I look forward to reading your feedback on this ):

  • The ‘Master Copy’ should be the copy used by the production application system (e.g. to apply an interest rate, e.g. to calculate fees due).
    Rationale:
    – The production application system copy dictates the customer experience (e.g. interest rate charged or given).
    – Production ‘Master copies’ are already subject to ‘IT Change Management Processes’ that ensure all changes are authorised by the business, and tested prior to going live.
  • Unfortunately, many production ‘IT Change Management Processes’ do not attempt to identify ‘replica copies’ of the product information, and I believe this is a ‘Gap’ in the process.
  • I recommend that production ‘Change Management Processes’ should be extended as follows:
    • Replica copies of business rules must be identified, together with the business owners of the replica copies.
      (This can be a once-off process).
    • The Business area requesting and authorising a change must contact the business owner of each replica copy, and receive confirmation that the proposed change is understood and accepted.
    • The change to the production ‘Master Copy’ must be synchronised with the change to all ‘replica copies’. e.g. If the interest rate on a product is changed from 3% to 4% – The product information on a website must change at the same time that the rate is changed (probably within 24 hours).
    • Copy ‘owners’ should also perform a periodic control; every 6 or 12 months, to verify that changes made to the ‘production master’ have been reflected in their replica copies.
      (The copy owners require a means of displaying both the master and copy details).

What has all of the above got to do with an AML programme?

My most recent encounter with researching business rules from first principles was on an AML programme.  An AML programme is an “End of food-chain” programme, as are most Data Migration and Data Population programmes like Euro Changeover, Basel II, CRM and Single View of Customer programmes.

End of food-chain programmes share the following characteristics:

  • They depend on pre-existing data
  • They have no control over the quality of existing data they depend on
  • They have no control over the data entry processes by which the data they require is captured.
  • The data they require may have been captured many years previously.

[Update August 2017: Achieving compliance with the EU General Data Protection Regulation (GDPR) faces all of the above challenges of a classic “end of food chain programme”. However, GDPR differs in that it requires organisations to demonstrate that they are in control of their Personal Data Supply Chain. They must be able to show that they:

  • Know the personal data they process and where they store it
  • Know the data entry processes by which they capture personal data
  • Know where the data goes within their organisation; who may and who has seen it
  • Know what personal data they receive from or provide to third parties
  • Know the quality of the personal data they hold and have control processes in place to maintain that quality
  • Understand the legal basis upon which they may process the personal data they hold]

What has your experience been?  Have you identified other places to look for business rules? Please share your experience by posting a comment.   Thank you, Ken.

Common Enterprise Wide Data Governance Issues: #1 The quality of informational data is not as high as desired

In most Financial Institutions, transactional data quality is quite good across the Enterprise, in that customers transactions are successfully processed.

However, the quality of informational data (Master Data), such as customer details, is typically not as good as desired.  This is the ‘generic data governance issue’ that faces most organizations.   In this series of posts, I will take this high level data governance issue to a lower level of detail.

This post is one of a series dealing with common Enterprise Wide Data Governance Issues.  You can see the full list, together with the process for assessing the status of the issues in your Enterprise by clicking here:  Data Governance Issue Assessment Process

Your experience:
Have you faced the above issue in your organisation, or while working with clients?  What did you do to resolve it?  Please share your experience by posting a comment – Thank you – Ken.

Common Enterprise Wide Data Governance Issues: #4 No clear ownership of data

In many large organisations, it is unclear as to who ‘owns the data’.   There is no one responsible for providing existing data to new projects that require it.   There is no one responsible for measuring, or maintaining data quality.  It is unclear who to ask when looking for information, e.g. to satisfy new regulatory requirements.  This post is one of a series dealing with common Enterprise Wide Data Governance Issues.  Assess the status of this issue in your Enterprise by clicking here:  Data Governance Issue Assessment Process

Impact:
New projects dependent on existing data (especially Master Data) must locate the data from first principles, and face the risk of not finding the data, or identifying inappropriate sources.   New projects dependent on existing data take longer than necessary to complete.  Multiple re-invention of the wheel results in the creation of islands of data, and a maintenance nightmare.

Solution:
Agree and implement the following Data Ownership policies:

  1. Overall ownership for data within the Enterprise lies with the CIO.
  2. Ownership for data within each Business Unit lies with the CIO and the head of the Business Unit.
  3. The CIO and head of each business unit must appoint a person with responsibility for the provision of data from that business unit, to those who require it.  This person is also responsible for the measurement and maintenance of data quality within the business unit.
  4. The CIO and head of each business unit must appoint a single point of contact to handle requests for data / information.

Your experience:
Have you faced the above issue in your organisation, or while working with clients?  What did you do to resolve it?  Please share your experience by posting a comment – Thank you – Ken.