Sound governance needed to get the most out of big data

A strategy for governance and assurance is essential for capitalising on the benefits and overcoming the challenges that big data presents, according to global IT association ISACA.

“Enterprises are investing significant capital to develop and deploy big data analytics to obtain an early competitive advantage,” Richard Chew, senior information security analyst at Emerald Management Group, said in an ISACA news release. “While big data can reap big rewards, it also poses a significant risk, including misleading data and unexpected costs. It is critical for enterprises to put in place a governance programme to ensure that information remains accurate, consistent and reliable.”

The information available to companies multiplies at startling rates. US-based consultant McKinsey & Co. has estimated that in 15 of 17 sectors, US companies with more than 1,000 employees store, on average, more information than the US Library of Congress.

If used correctly, this information can be extremely valuable. A 2012 forecast by global IT and market intelligence consultant IDC projected that the global market for big data technology and services will grow from $3.2 billion in 2010 to $16.9 billion by 2015.

But big data poses significant challenges, too:

  • Security and confidentiality breaches can expose organisations to numerous types of risk.
  • Organisations are exposed to legal jeopardy if they fail to comply with regulations on data storage or privacy in a jurisdiction.
  • Without proper assurance, faulty data can cause businesses to embark on misguided strategies.

A good data governance programme can provide a framework for setting policies and creating controls that help ensure that information remains accurate, consistent and accessible, according to an ISACA white paper co-authored by Chew.

Many organisations appear to recognise this. Three-fourths of IT managers at large companies that make extensive use of big data said in a 2012 survey by Intel that they have a formal strategy for dealing with big data analytics. Another 20% said creation of a big data strategy is “on the radar” at their company, according to the research, which was based on 200 responses.

Because the volume and velocity of data available to companies has accelerated so quickly, though, governance programmes for big data are in relatively immature stages, according to ISACA. A successful big data governance programme, according to ISACA, will establish enterprise objectives to be achieved, set directions through prioritisation and monitor performance and compliance.

Assurance controls around big data, according to ISACA, would be grouped into:

  • Approach and understanding. This includes demonstrating the right tone at the top of the enterprise, and will begin with creation of an inventory of data.
  • Quality. Controls should assess data against the accuracy, reliability, completeness and timeliness criteria set out in the data policy.
  • Confidentiality and privacy. Rules and regulations, such as the 1998 UK Data Protection Act, must be obeyed. All sensitive data should be identified, and controls should be put into place.
  • Availability. Disaster recovery arrangements need to be implemented.

Additional CGMA Magazine content:

Companies Not Tapping Into Big Data, US CIO Survey Says”: A majority of US chief information officers said their companies aren’t harvesting information on customers, and even those that are doing so have not necessarily turned big data into business insight. A Robert Half survey of 1,400 CIOs said that talent constraints limited companies’ ability to access and analyse data.

Ken Tysiac ( is a CGMA Magazine senior editor.