How To Build A Data Governance Framework That Reduces Risk

rachel serpa sigma computing headshot

Rachel Serpa

Director of Content Marketing, Sigma

Data governance has traditionally been caught in a catch-22. A governance framework that’s too strict stifles a company’s ability to be data-driven. Domain experts can’t access the data they need when they need it, and important decisions get made based on guesswork. On the other hand, governance that’s too loose opens up unnecessary risk. It’s impossible to ensure compliance, there’s an increased risk of compromised privacy, and data quality is unreliable.

Currently, most companies are erring on the side of too-strict governance. In a 2019 survey by NewVantage Partners, executives reported that 95% of their difficulty in becoming data-driven is a result of cultural challenges around data. But everyone recognizes the importance of being data-driven in the modern world, and business leaders understand that being able to master the data governance balance will deliver a competitive advantage and minimize any risks of falling behind.

Some organizations are succeeding, including Citizen’s Bank. They’re developing data governance frameworks that result in, as Ursula Cottone, Chief Data Officer (CDO) of Citizens Bank puts it, “driving operational efficiency, maintaining growth in revenues and spurring real new insights and innovation within the company with reduction in risk.” Let’s explore how companies of all sizes can make progress toward this ideal.

What you need in a data governance strategy

Before we dive into specific components that you’ll want to consider in your framework, let’s take a step back and look at the characteristics that make an actionable framework.

Fully customized

There’s no one right way to build a data governance framework. The purpose of a framework is to help you meet your goals around data management and usage while limiting risk. These goals and the necessary steps to reach them will look a bit different for every company. For this reason, it’s important to keep in mind that you have the freedom and flexibility to fully customize your framework to work for you.

Provides a clear path to reach your goals

An important first step is to set specific goals as an organization. Start by identifying where your company needs to improve. Do you have challenges around reporting, data quality, data access, duplication, siloed data, or other risk and issues? Run a SWOT analysis on data-related assets, systems, and processes to find where risks, weaknesses and opportunities lie. This analysis will serve as a guide when you build your customized framework.

Communicates effectively to everyone in the organization

One of the main roles that a data governance framework serves is to get everyone in the company on the same page with everything data-related. It helps to facilitate clear communication. You’ll want to focus on creating a framework that makes it easy for every department to understand what the goals, policies, potential risks and procedures are — not just the IT department. Consider how and when you’ll communicate. Best practices for communication include:

  • Introduce the framework early — People feel more confident when they’re made aware of change in advance. And it’s always better for team members to hear news directly from leadership rather than through the grapevine.
  • Allow stakeholders to deliver news — When various people in the organization share news related to your data governance program, they’re able to share their perspective. Also, having more people involved brings the team together.
  • Stay jargon-free — Communications should be able to be understood by all departments. Strieve to minimize the risk of miscommunication.
  • Use a variety of channels — Different teams prioritize different channels. To reach people quickly, use the channels most convenient to them.
  • Communicate on a regular schedule — Whether your schedule is date-based or milestone-based, you’ll want to create a regular pattern for communication and eradicate any risk for misunderstandings.


Before you fully implement a framework, it’s smart to test it. As Michelle Knight at Dataversity points out, testing is an essential part of product development for a reason — it results in a better product that works the way it’s supposed to. It’s no different with data governance. If you want confidence that your framework will perform the way you expect, you’ll need to test it. This testing can take many forms but essentially means role-playing through various hypothetical scenarios to see what the results would be and if there are any risks and weaknesses.

A living document

If you’re doing it right, your framework will be a living document that people use on a day-to-day basis and is modified as things change in your company. For this to happen, you must create a culture that reflects the balance of maximizing the use of data while minimizing risk. This requires a mindset shift. Everyone in the organization should view your data governance framework as the powerful tool it is to help you achieve your goals and grow the health of the company.


Hear what Snowflake’s Chief Data Evangelist, Kent Graziano, has to say about the future of data governance in this interview with Sigma. 

Common components of a data governance framework

While your data governance framework should be fully customized to your organization, most data governance frameworks include a few common components. Feel free to expand on these or add other components as your goals require.

Business drivers

What’s your business case for data governance? What’s driving the need for the initiative? Keeping the WHY front and center for everyone will help with adoption and minimize risks.


What are your specific goals for each area you’re targeting? You’ll probably want to include goals related to data risk management, data quality, data security and privacy, architecture and integration, and use of data warehouses for BI, among others.

Strategies and methods

What are the systems, policies, and processes you will put in place to address each objective above and minimize risks? How will IT and BI professionals be involved? What training and education are needed for domain experts? How will you deliver that training and education? Be sure that you have an actionable plan for implementation.


How will you enforce your policies and procedures? Who will be responsible for enforcement, and what strategies will that person or team use? While you can certainly enforce your data governance manually, it’s more efficient and effective to create process workflows and then create an automated system that will ensure continuous monitoring, risk management, maintenance and compliance. Particularly think through how you’ll enforce without creating bottlenecks.

Tools for data governance

What tools and resources do you need to help you implement your data governance strategy? To identify what you need, look back at your goals and the strategies and methods you identified to reach them. Ask yourself what technologies could help you manage risks, automate and streamline your processes. These may include tools and technologies that are designed to address specific issues, like data indexing systems and data verification tools, but will also include software that allows business users to analyze vetted data assets while minimizing risks and ensuring compliance — like Sigma. Your framework should also detail how you’ll use these tools to ensure data governance.

Tracking and measurement

What exactly defines success? How will you track activities and measure your progress? What you track and how you measure will depend on your goals and strategies, but for a list of possible ideas, see this resource by Datafloq. If you’re just starting on your data governance journey, don’t go overboard on metrics — start with the most meaningful and add more as you master the basics. Detail a clear plan, and take advantage of software tools to minimize risks and automate as much as possible.


See how Sigma’s visual data modeling capabilities can help you achieve a flexible, yet secure data governance policy. Schedule a demo

A balanced, actionable data governance framework is your ticket to becoming a truly data-driven organization, able to derive insights rapidly with minimal risk. If your company can live out the customized framework you create, you can enjoy a competitive advantage that’s currently eluding many of your peers.

Want to learn more about data governance? Read our free Definitive Guide

Wanna make your data more accessible?

Sigma can help: Schedule a demo or start a free trial today