Abstract
Background: There are different uses of data in an organisation. Data are required for reporting purposes, decision-making and providing access to vital facts to enable work processes across business units. Data are central to an organisation’s capacity in anchoring fiscal and strategic plans on valid, accurate and current facts, and are also a vital element in an organisation’s capacity to meet legal, compliance and risk management requirements. To ensure sound decision-making, data must be treated as an asset within organisations, with sound data governance principles entrenched and employed for data handling from inception to deletion.
Objectives: This article proposes a Data Governance Maturity Evaluation Model for government departments of the Eastern Cape province, South Africa.
Method: The methodology for this study is Design Science. The Design Science Process Model, was followed in the development, design and demonstration, and evaluation and communication of the data governance framework. A sequential exploratory mixed-method approach was used for data collection and analysis.
Results: A conceptual data governance maturity model was proposed for government departments of the Eastern Cape province, South Africa. The model was tested through an exploratory sequential mixed-method approach of data collection and analysis. Data were collected from four departments.
Conclusion: The results of the survey confirm the applicability of the model in the set context and reinforced the findings from the literature that maturity models can be used to improve or enhance data governance in public enterprises.
Keywords: Data governance; maturity models; Data Governance Maturity Evaluation Model; data integrity; government departments.
Introduction
Data serve the diverse needs of different stakeholders in an organisation. These needs include the following: reporting and decision-making; ensuring data quality; data access across organisational divisions; the ability to analyse, sort and filter data; the ability to share sensitive and non-sensitive data in a secure environment; and the capacity to meet legal, compliance and risk management requirements (Dismute 2010; Khatri & Brown 2010; Kushner & Villar 2008; Seiner 2014; Thomas 2015). Because of easy accessibility and availability of computing devices, there has been a distinct increase in the number of people with the capability of altering the structure, storage and accessibility of data (Thomas 2015). Soares (2015), Dismute (2010) and Kushner and Villar (2008) assert that the danger of this ease of access is that data may be compromised, reduced or expanded to the detriment of the organisation. The dearth of trustworthy information as a result of inconsistencies, redundancy and variances in the process of data collection, data processing and data archiving has added a significant amount of risk and poor managerial decisions to organisational business successes (Korhonen et al. 2013). Although there are a number of legislative acts seeking to protect data from unauthorised use, such as the Protection of Personal Information Act of South Africa, 2013 and the Companies’ Act, 2008, very sparse evidence is found in government departments of institutionalised data governance.
Furthermore, organisations have increased in size and enterprise data have become more complex, with multiple data streams on different devices, personal workstations and bring-your-own-device (BYOD) becoming conventional in the workplace (Alles & Piechocki 2012). Issues of data authentication, access control and levels of decision rights are critical and require governance in ensuring that data are treated and managed as an asset within an organisation (Soares 2015). This article employed the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) statement as a guide to the selection of relevant secondary literature informing the conceptual maturity model (Moher et al. 2009). Design Science informed the iterative approach to solve the research problem. The institutional and contingency theories informed the design of the research instrument used for empirical investigation into the research problem. The article contributes to the discourse on the importance of valid, accurate and correct data for government fiscal and strategic planning by proposing a Data Governance Maturity Evaluation Model (DGMEM) to assist government departments of the Eastern Cape to manage their data more efficiently.
Research objective
To resolve the research problem resulting from the above issues, this article proposes the implementation of a DGMEM for the purpose of managing data assets in the context under review: government departments of the Eastern Cape province, South Africa. This context is apt, as it is home to an estimated 7 million people (STATSsa 2010). It is rated as one of the poorest provinces in South Africa and is constantly plagued with negative audit outcomes because of inaccurate and incomplete data sets from government departments.
Significance of the study
Data form the basis of information, which is the central, most important factor employed by government in fiscal and developmental planning. Also, national decision-making, on the one hand, and government budgetary projections, on the other, are heavily dependent on the availability of information, which comes from data collected across a broad spectrum of government departments. It is, therefore, of utmost importance that the data on which such information is based are accurate, valid and complete (Naicker & Jairam-Owthar 2017). For data governance to achieve the desired purposes stated above, there need to be unambiguous processes and guidelines in place to direct the departments regarding data handling, management and archiving. The current study proposes a DGMEM to assist in the governance and management of data assets of government departments in the Eastern Cape province.
The next section discusses the theoretical foundation of this article.
Theoretical foundation
The Data Governance Institute (2015) defines governance as a:
… system of decision rights and accountabilities for information-related processes, executed according to agreed-upon models which describe who can take what action with what information, when, under what circumstances, using what methods. (2015:1)
Seiner (2014) describes data governance as the correct implementation and enforcement of authority regarding the management of data and data-related assets. In agreement, Korhonen et al. (2013) define data governance as an organisational approach for managing data that outline a set of formal policies and procedures to cover the full life cycle of data, from acquisition to use and disposal.
Based on all the aforementioned definitions, this article adopts a definition of data governance as ‘a homogeneous set of processes which assures formal management of data assets in an enterprise’. The fundamental aim of data governance is to ensure that data are trustworthy, managed by the right human resources and follow a standardised process (IBM 2008). Data governance also ensures that decisions based on available data do not place the enterprise at risk as a result of low quality, falsification of data or the use of obsolete data (Eckerson 2014; Soares 2015). On the contrary, IT governance covers the decision framework, rights, responsibilities and accountability required to ensure the desired behaviour in support of the organisation’s business goals (Olaitan & Flowerday 2016). The domain of IT governance encompasses the use of technology for driving compliance processes in the organisation (ISACA 2013). The field of data governance and its attendant processes lie within this domain. It should ensure that an organisation reports a single version of the ‘truth’ (Sarsfield 2009; Soares 2015).
Current data governance practices in the government departments of the Eastern Cape
There are various policies and guidelines for IT governance, at both national and provincial levels, which are ostensibly in place for the management and control of IT processes, including data governance and management. Some of these are the Public Service Corporate Governance of Information and the Communication Technology Policy Framework (CGICT) (Department Public Service and Administration [DPSA] 2013), Minimum Information Security Standards (Kzneducation.gov.za 2008) and the Record Management Policy (National Archives and Records Service [NARS] 2006). There are also policy documents that allude to the adoption of Controlled Objectives for Information and Related Technology (COBIT) as a framework to guide IT and, by extension, data governance in government departments (DPSA 2013). However, a comprehensive analysis of these documents reveals that an ad hoc approach to data stewardship and management seems to be in place rather than a structured approach for the purpose of governing departmental data assets. Hendriks (2012) states that one of the problems with inter-operability of government systems is a lack of cohesion in the way they are managed. This article proposes that the DGMEM addresses this gap by assisting government departments in the Eastern Cape province to implement data governance processes.
Maturity models are discussed in the next section of the article.
Maturity models
A maturity model is a:
… structured collection of elements that describe the characteristics of effective processes at different stages of development; maturity models suggest points of demarcation between stages and methods of transitioning from one stage to another. (Okongwu, Morimoto & Lauras 2013:8)
Maturity models have also been described as consisting of a sequence of maturity levels for a class of objects. ‘Maturity models represent the anticipated, desired or typical evolution path of these objects shaped as discrete stages. Typically, these objects are organisations or processes’ (Becker, Knackstedt & Poppelbu 2009:213). From the two definitions above, it is evident that a maturity model encapsulates the different phases or stages, where a predetermined set of processes, relevant to the domain, has been accomplished. Maturity models outline a descriptive ‘as is’ assessment of the entities or organisations under investigation (Poppelbub & Roglinger 2011). They also provide a prescriptive, clearly articulated set of processes for how to achieve desired improvements to get from a current level to the desired maturity level (Poppelbub & Roglinger 2011). To the best of our knowledge, there is no model in place to measure compliance, implementation and maturity of data governance principles within these departments. A DGMEM for government departments of the Eastern Cape would significantly enhance their ability to measure their effectiveness in managing data, thereby ensuring that the quality of data employed in information management, fiscal and strategic planning is reliable and trustworthy (Hamel et al. 2013; Huner, Ofner & Otto 2009).
The Capability Maturity Model (CMM) is considered the foremost maturity model (Crowston & Qin 2012). The CMM enables organisations to use this framework to measure their current state and determine short- and long-term goals for improvement. The CMM also proposes the best practices that can move organisations to the next maturity level while enabling them to assess their progress at any point in the process (Hamel et al. 2013; Huner et al. 2009). The CMM comprises a set of process areas that groups requirements into five levels of organisational capability maturity. The processes become more refined and standardised as they increase from 0 to 5, with 0 being non-existent and 5 being the optimal maturity level (Huner et al. 2009; Koltay 2016). Data Governance Maturity Evaluation Models are based on the principles of the CMM.
The benefits of a Maturity Evaluation Model that serves to highlight the strategic and tactical importance of data governance in government departments of the Eastern Cape are as follows:
- The departments will have an organised method of evaluating existing data governance frameworks and policies in a measurable, scientific manner. The model will assist in identifying the gaps, critical skills sets and procedures required to accomplish the data management goals of the departments.
- Based on the findings of the evaluation, the DGMEM will systematically outline the processes involved in implementing international data governance best practices and measuring the success of the implementation on well-articulated and clearly defined sets of metrics.
- One of the ultimate benefits of a DGMEM is the ability to use the results as a catalyst for building a convincing business case for securing executive sponsorship to support data governance investment and resources for the departments. The model will create an awareness of data governance processes and the negative implications of ungoverned data within government departments.
Theories for the study
The institutional and contingency theories form the theoretical basis for this study. The institutional theory was originally proposed by Meyer and Rowan (1977) and later employed in significant IS governance research by Jacobson (2009). The theory stipulates that the evolution of IT governance necessitates a focus on: (1) how IT governance processes are actualised; (2) the link between IT governance and performance; and (3) constantly changing requirements within an organisation. All these factors are critical to align IT governance with the needs of the organisation (Jacobson 2009). The DGMEM aims to specify a set of processes that answer the question of how effective data governance can be achieved in government departments; the theory is, therefore, relevant to this study. The contingency theory states that there is no best or universally accepted way of organising a corporation, leading it or making decisions (Weber et al. 2009). The theory specifies that the best course of action in a given context is dependent upon its prevalent internal and external situation. The aforementioned theories informed the empirical data collection and analysis. A qualitative survey instrument was used to probe the awareness, current practices and requirements of data governance in the EC departments. This was followed by focus group activities, conducted in three departments to further understand the challenges around data governance. A quantitative research instrument was thereafter employed to confirm the findings of the first two stages of data collection. The final DGMEM was adjusted to align with the findings of the data analysis to ensure relevance and applicability to the research context.
Research method
The methodology for this study is Design Science, which is increasingly being employed in IS research for creating artefacts to solve ‘real-life’ problems (Peffers et al. 2008). Peffers et al. (2008) and Pries-Heje and Baskerville (2008) have written some of the notable works in IS research where Design Science was considered as a methodology. Design Science is perceived as most suitable for investigating all facets of the research problem and offering a solution that ‘works’ in enhancing data governance processes in government departments of the Eastern Cape.
In Design Science, the relationship between people, practice and problems is explored from several viewpoints with the aim of creating an artefact for solving life issues (Johannesson & Perjons 2012). The most important and final objective of a Design Science research method is to produce a ‘mental mode’ of the research output (Gregor & Hevner 2013; Peffers et al. 2008). A mental mode is a small-scale model of reality, which reviewers, consumers and any target audience of a research output can relate to and adapt to solve real-life problems. One of the ways to ensure the alignment of IT governance goals to the needs of the organisation is by delivering quality data, which serve the information needs of the managers and enable them to make quality decisions, hence the application of Peffers’ process model to the design of the DGMEM.
Furthermore, it is argued that the relevance of Information Systems research must stem from its applicability to solving real-life problems, failing which IS research would lose its influence in the field of technology, science and engineering (Peffers et al. 2008). The Design Science Process Model, developed by Peffers et al. (2008), was followed in the development, design, demonstration, evaluation and communication of the data governance framework.
The next section discusses the method of data collection and analysis employed in the study.
Data collection and analysis
Data collection and analysis for this study was conducted using mixed methods. This study employed the exploratory sequential design in the development and validation of the DGMEM through the process of empirical data collection and analysis (Creswell 2014). The conceptual model was tested for relevance, validity and usability with the aid of qualitative and quantitative questions, which were drawn from the secondary literature used in deriving the conceptual model.
In the first phase of data collection, open-ended questionnaires, structured in line with the contingency and institutional theories and based on the results of the needs analysis conducted to confirm the existence of the problem, were administered to 45 participants comprising directors, senior managers, middle-level managers, IT managers and data capturers in four selected departments. These have been named D1, D2, D3 and D4, to protect their identities and maintain confidentiality of the information collected. These four departments were chosen for data collection on account of the strategic role data play in their fiscal and operational planning. The 45 respondents form a carefully selected sample, familiar with both IT governance principles and the policy frameworks which reference data handling and management in these departments (Bertram & Christiansen 2014). The response rate was 55.5%. The second stage of qualitative data collection was informed by the findings from the first phase of data collection and involved the participation of 11 employees in focus group discussions across three government departments of the Eastern Cape. A quantitative questionnaire was thereafter administered. The questions for this phase were based on the results of the findings of the qualitative questionnaire and focus group activities. The questionnaire was administered to 64 respondents, and 49 respondents (76.5%) completed the questionnaire.
The qualitative questionnaire was analysed using Nvivo 11 software, and the focus group discussions were analysed thematically. The quantitative data were analysed using the Statistical Package for the Social Sciences (SPSS) version 24 software. Table 1 depicts the way the themes of the DGMEM are aligned with components of the COBIT 5 and ISO/IEC 38500 frameworks.
TABLE 1: Themes of the Data Governance Maturity Evaluation Model aligned with components of the COBIT 5 and International Organization for Standardization/International Electrotechnical Commission 38500 frameworks. |
The conceptual Data Governance Maturity Evaluation Model
Following a concise review of data governance literature, government policies and the effective use of maturity models, the components of an effective Data Governance Programme for government departments or public enterprises were determined. These are represented in the DGMEM, as shown in Figure 1.
|
FIGURE 1: The Data Governance Maturity Evaluation Model. |
|
The primary focus areas are formulated in line with findings from the literature regarding which aspects of data governance are critical in ensuring accurate data in government departments. The secondary areas were included on the model, as it is believed that the trio of regulatory compliance, metadata management and data management would further assist the departments in maintaining accountability with regard to the verification and accessibility of data assets within the realms of government. The different levels of maturity of the model, as well as the corresponding features inherent in each, are displayed at the top of the model, while the three enablers of stewardship, policies and processes are depicted as the necessary conduit to ensure that the primary and secondary areas of data governance are achievable. The arrows at the base of the model signify Peffers’ process application to the construction of the artefact. The conceptual model is thereafter tested by means of a sequential exploratory mixed-method approach of data collection and analysis.
The process is discussed in the next section of the study.
Discussion of the relevance of the Data Governance Maturity Evaluation Model in solving the research problem
Primary components
The three components that form the primary focus area of the conceptual model are data quality management, data lifecycle management, data security and privacy. All of these three elements are at the core of an effective Data Governance Programme. The components also find support in both COBIT and ISO/IEC 38500 (see Figure 1). At the core of quality information is quality data, which satisfy the verifiable, accurate and complete (VAC) criteria for data. Data lifecycle management encapsulates the entire process of data management from input to disposal. The data security and privacy component are essential to the protection of data assets in government departments. Data security and privacy are vital to the security and control of all the data assets of the enterprise as data breaches could occur at any stage of its lifecycle, if not properly managed. According to Poppelbub and Roglinger (2011), a prescriptive maturity model will include improvement processes. This encapsulates three secondary components of the model: data management, which is considered a sub-component of this model; metadata management is an important sub-component as it is closely related to accountability for data breaches, data leakages or alteration, which tie in with the importance of data governance to compliance and security; and finally, the regulatory compliance aspect as it relates to data governance (Steinhart 2010).
Summary of findings of the qualitative analysis
The five themes tested in this phase of the questionnaire are people, policies and processes, compliance and management of data assets, data quality, metadata management and alignment of current data processes to international frameworks such as COBIT/ISO/IEC 38500. The same themes were also tested in the focus group discussions. The aim of the exercise is to understand the current data processes in the departments vis-à-vis what is represented on the conceptual DGMEM.
Respondents listed seven different policies as being in place for the governance of data assets in the departments. From the list of policies generated by the responses, it is reasonable to state that there are adequate policies to guard information and, by extension, to manage data in government departments. In spite of this, the findings reveal that end-user data has a vague and unstructured process of management. Furthermore, the findings show that the functional processes around data governance are grossly inadequate to ensure the validity, accuracy and correctness of the data. This finding also negates the recommendation by Korhonen et al. (2013) and Khatri and Brown, (2010), which stipulates that data roles must be assigned so that organisations can effectively maximise the potential of their organisational data. Statistics South Africa defines data quality in terms of ‘its fitness for use’ (STATSsa 2010). Seventy-five per cent of the respondents stated that data quality is assured through proper monitoring, but were unable to expand on what data monitoring entails in their respective departments. This depicts a lack of procedural quality practices in the departments. Some of the respondents stated that quality is assured through pre-audit and internal audit checks. This system can also be argued as inadequate, as it is carried out after the fact, that is, after the data have already been collected and organised. Data quality is regarded as a key component of the DGMEM. The respondents admitted that there were no measures in place to gauge actual compliance, only policies that stipulated what represents compliance, thus confirming the absence of processes, which actualise stated policies. Furthermore, there was no empirical evidence to suggest that there was employee compliance with these policies. The only exception to this finding was in a department, which specified monthly and quarterly reports detailing data processes, compliance parameters and an in-built quality check feature. The implication of the findings is that compliance and risk management processes are not yet formalised in these departments, increasing the risk of data breaches and leakages of sensitive information. Findings on the theme of metadata management reveal that 72% of respondents had no idea what represented metadata and did not know whether or not there was a repository for a common metadata language. As data breaches become more sophisticated and fraudsters perfect the art of online fraud, one of the ways in which organisations can keep themselves protected is by keeping top-quality metadata repositories in cases where matters arise that may lead back to tracing the data source (Berson & Dubov 2011).
Findings from the focus group activities do not seem to negate the results of the qualitative study. However, the nature of the discussions indicates underlying challenges and a severe lack of cohesion in data management within the departments, so much so that provincial offices are far ahead of the regional offices in managing departmental data. It also emerged from the discussions that units in the departments operate in silos and that there is no synthesis in the way data are managed among them. Results revealed a confusion in data roles such as data stewards and data capturers. While respondents stated on the questionnaires that they had dedicated data stewards, the focus group revealed that these were in fact data capturers. One of the unintended consequences of the focus group discussions was finding that most of the senior managers who participated acknowledged the need for changes to data processes and made very useful suggestions on how an enterprise-wide culture of awareness could be driven. This is very important as awareness and buy-in are the first steps to remedial action with regard to instituting a strong Data Governance Programme in organisations (Soares 2015).
The impact of qualitative findings on the quantitative questionnaire
According to Creswell and Plano Clark (2011), the researcher must make a decision about which aspects of the qualitative findings are critical to the design of the quantitative instrument to generate the ‘true picture’ of the context and to successfully generate data relevant to the phenomenon at hand. The findings from the qualitative data painted a definitive picture of the need for components of the DGMEM; hence, the questions on the quantitative questionnaire were to test components in each of the focus areas with the aim of adjusting the model accordingly.
The next section presents the results of the quantitative analysis of the data. Table 2 measures the internal consistency of the questionnaire instrument.
Internal consistency
Table 2 shows the results of the test of internal consistency of the questionnaire instrument.
Demographic profile of the respondents
A descriptive approach was used to describe the demographic variables of the study. The results indicate that most of the respondents (76%) have been in the departments for over 5 years, which implies that they would be very conversant with the data processes within their units. This is a positive for the study in the sense that results obtained from the questionnaire can be assumed to be based on credible information and experience garnered by respondents over the years.
Findings from the quantitative data: Perceptions of respondents on various data management and governance processes
A one-sample t test was conducted to infer respondents’ views and perceptions of various data handling or management and governance processes using self-constructed constructs, which they responded to in the questionnaire. The 5-point Likert scale (5 – strongly agree [SA], 4 – agree [A], 3 – neither agree nor disagree [N], 2 – disagree [D] and 1 – strongly disagree [SD]) was used. The one-sample t test was chosen and, in each case, the means were compared with a stipulated mean level. The given p values are for these comparisons.
Applicability of the Data Governance Maturity Evaluation Model
Table 3 summarises the findings on the applicability of the DGMEM within the government departments under consideration. There was a strong indication from the data gathered that most respondents agreed that the DGMEM would be applicable within their departments. However, in terms of relating to the secondary focus areas of the DGMEM, the respondents did not significantly agree with this component (t = ࢤ3.344; p = 0.002). Results are presented in Table 3.
TABLE 3: Applicability of the Data Governance Maturity Evaluation Model (N = 50). |
Findings from this construct indicate a strong level of agreement with the statements probing the applicability of the DGMEM in the departments. The lowest mean score on this variable was 3.52 (1.02), a clear indication that respondents believe very strongly that the DGMEM is relevant and applicable to their data governance processes.
People, policies and process capabilities
Table 4 depicts the outcome of the people, policies and process capabilities variable in the questionnaire. The results confirm what was found in the qualitative analysis. CAP3 and CAP4 both returned a mean of 4.00 and 4.32, respectively, indicative of the fact that the majority of the respondents agreed that there were adequate policies in place for the successful implementation of data governance in the departments and that the departments were able to achieve maturity with the help of the DGMEM and its process document. However, in line with findings of qualitative data, CAP1 and CAP3 returned a mean of 3.08, indicative of the fact that respondents either agree with or are neutral about the adequacy of departmental structures and capable human resources to activate data governance in the departments.
TABLE 4: People, policies and process capabilities (N = 50). |
Alignment of COBIT 5/ISO/IEC 38500 to data process on the Data Governance Maturity Evaluation Model
Table 5 summarises how respondents viewed the alignment of COBIT 5/ISO/IEC 38500 to data processes on the DGMEM. A discussion of the results follows the table.
TABLE 5: Alignment of COBIT 5/ISO/IEC 38500 to data processes in the Data Governance Maturity Evaluation Model (N = 50). |
Table 5 depicts the results of findings on the alignment of COBIT 5 and ISO/IEC 38500 to data governance processes in the DGMEM. The results confirm the outcome of the qualitative phase of the study. ALI1, ALI5, ALI9, and ALI12 were the four variables that returned a mean of 3.00+ out of the 13 components testing the alignment of COBIT 5 and ISO/IEC 38500 to data processes on the DGMEM, indicating that respondents agreed or strongly agreed with these statements. All other variables returned mean scores ranging from 2.38 to 2.86, which indicate that they disagreed with the statements or were neutral about them. This feedback aligns with the qualitative findings regarding the alignment of COBIT 5 and ISO/IEC 38500 to work processes in the departments in the sense that most of the respondents only had a vague understanding of what the frameworks and processes are. The implication of this is that the departments still need to train staff on these processes as the DPSA has chosen them as benchmark frameworks for IT and, by extension, data processes in national government. The attribute that stands strongly correlated across the three data collection methods is ALI12, which speaks to the security aspect of having unique identification and access levels for data in the departments. The variable returned a mean score of 3.86, an indication that access rights in the departments were secured with consistent authentication credentials.
Expected results from the implementation of the Data Governance Maturity Evaluation Model
Table 6 summarises the expected results of the implementation of the DGMEM. This variable sought to gauge the expectations of the respondents if the DGMEM were to be implemented in their respective departments. All the variables, except one (EXP4), scored a mean between 3.92 and 4.60. This is indicative of a very high level of agreement among respondents that the model would assist the departments in the resolution of different aspects of data governance problems if it were implemented. Ninety-six per cent disagreed with the statement posed in EXP4, thus the question returned a mean score of 1.80. This is confirmation that the DGMEM is perceived as an unquestionable tool to impact upon data processes in the departments. Below are graphical presentations of the missing components of the DGMEM.
TABLE 6: Expected results of the implementation of the Data Governance Maturity Evaluation Model (N = 50). |
Missing components of the Data Governance Maturity Evaluation Model
Regarding this variable, the researcher’s intention was to inquire whether the components of data governance in the DGMEM comprehensively cover the essential aspects of data governance as found and discussed in extant literature. To avoid a situation whereby respondents are confused as to the actual meaning of the questions in this variable, it was decided that the best path was to indicate a set of negative statements about missing elements in the model. Four of the five elements of this variable returned a mean of less than 2.60, with the lowest (MIS5) scoring a mean of 2.18. This indicates that respondents strongly disagree with the statements on this variable. MIS4, which states, ‘I believe the DGMEM, as it is, has all the data elements for a successful data governance maturity evaluation suitable for my department’, scored a mean of 4.28, which indicates that respondents strongly believed the statement to be true. Findings regarding this variable align with the qualitative findings (Table 7).
TABLE 7: Missing components of the Data Governance Maturity Evaluation Model (N = 50). |
Descriptive analysis of main variables
Table 8 shows that the mean levels of the theoretical or main variables (i.e. capabilities [mean = 3.3880; SD = 0.0.57344]; alignment of COBIT [mean = 2.9137; SD = 0.41324] and missing components [mean = 2.6880; SD = 0.31079]) were all moderately low for the study sample, while applicability of DGMEM (mean = 4.1727; SD = 0.27930) and expected results (mean = 4.0175; SD = 0.23147) were all moderately high for the study sample.
TABLE 8: Descriptive statistics of study variables. |
The one-sample test revealed that only missing components (mean = 2.69, SD = 0.31, t = ࢤ0.7099, p = 0.000) had a mean level significantly less than 3, thus suggesting that overall the respondents disagreed on the items of this variable in the questionnaire. The findings also revealed that respondents generally neither agreed nor disagreed on alignment of COBIT 5/ISO/IEC 38500 to data process in the DGMEM (mean = 2.91, SD = 0.41, t = ࢤ1.46, p = 0.150), while they generally agreed on the applicability of the Data Governance Maturity Evaluation Model (mean = 4.17, SD = 0.28, t = 29.69, p = 0.000) and on expected results from the implementation of the DGMEM (mean = 4.02, SD = 0.23, t = 31.08, p = 0.000). The results are presented, as shown in Table 9 and Figure 2.
|
FIGURE 2: Graphical depiction of all variables and overall summary of the implications of findings from the data. |
|
TABLE 9: One-sample t tests for the mean responses of theoretical variables. |
Table 9 depicts an overall summary of the implications of the findings from the data. Three of the variables, namely, applicability of the DGMEM; people, policies and processes capabilities; and expected results of implementing the DGMEM had mean scores of over 3.3880. This is evidence that respondents agreed on the ability of the model to enhance data processes within their departments. On the contrary, the results of the remaining two components – missing components on the DGMEM and alignment of COBIT 5/ISO/IEC 38500 to data processes on the DGMEM and the departments – are also considered as positive and confirm what was found in the qualitative data. As a way of ensuring that respondents were able to relate to the questions on the missing components in the DGMEM, most of the questions requested that the respondents agree or disagree on whether there were missing components, relevant to their data processes, in the DGMEM and whether the DGMEM needed to be reconstructed for it to be relevant to their departments. A negligible 2% of the respondents stated that they agreed with these statements, while 98% disagreed. The implication of this result is that respondents neither believed there were missing data components in the DGMEM nor that the model needed to be reconstructed to suit their departments’ data needs. Also, the statement, ‘I believe that the DGMEM has all the data elements for a successful data governance maturity evaluation suitable for my department’, yielded a mean of 4.28 which indicates that only one respondent disagreed with or was undecided about this statement, while the rest agreed or strongly agreed. To this end, it is reasonable to state that the seemingly low score of 2.69 for this component in Table 9 is a clear indication of the respondents’ belief that there were no significant data governance elements missing from the DGMEM. In the same vein, the results show that the DGMEM does not need to be reconstructed for it to be effective in the departments.
The second component in Table 9, which scored a mean of 2.91, was the questions regarding the alignment of COBIT 5 to the processes in the DGMEM. This is also not surprising as it is logically impossible for these respondents to reasonably project the alignment between COBIT and the DGMEM processes without a clear understanding of what is involved in these processes. All in all, the one-sample t test for the mean responses of a summary of all the theoretical variables (Table 9) confirms that the DGMEM, in line with its theoretical grounding in Design Science and a pragmatic philosophy of ‘what works’, has proved to be a fit for the departments in terms of data governance maturity evaluation. The result is summarised in Figure 2.
Ethical consideration
Ethical clearance certificate (HER061SOLA01) was obtained from the University of Fort Hare’s Ethics committee before the commencement of data collection for this study.
Implication and summary of findings
Summary of quantitative findings
From the findings presented in Table 2 above, it can be deduced that the findings from the quantitative data unequivocally confirm what was found from the qualitative data analysis: the DGMEM, if applied, can assist the government departments of the Eastern Cape in improving their current data governance processes. The results of the Cronbach’s α test, presented in Table 1, indicate an acceptable reliability score for the test variables (0.593–0.677). This confirms that the items measured in the quantitative strand of the study are a true reflection of the intended measurement of the components of the DGMEM.
The next section discusses data triangulation and how it was employed to strengthen the results of the inquiry and build confidence in the reliability and replicability of the study.
Data triangulation
Triangulation is described by Cohen, Manion and Morrison (2000) as an attempt to fully explain the richness and complexity of human behaviour by studying it from multiple standpoints. It has become a standard method when multiple sources of data have been used in a study (Creswell 2014). The process of triangulation consists of comparing information from two or more data sources. For this study, triangulation involves the comparison of data from the qualitative questionnaire, focus group discussions and the quantitative questionnaire. An important feature of data triangulation is that the datasets basically measure the same, or very closely related, constructs and through this any deficiency in one method of inquiry is compensated for by the vigour of the other. The qualitative questionnaire measured the constructs based on the conceptual model that was grounded in the literature, while the quantitative questionnaire measured the constructs of the DGMEM as a test of the data governance processes of the participating departments. Data from the three sources were used to test the DGMEM’s relevance and applicability. There were no adjustments made to the model in Figure 1, as the findings were consistent and confirmed what the literature, which informed the model, had regarded as important data governance components. In summary, the results of the empirical data collection and analysis process were consistent with the ideas and practicalities of data governance documented in current and widely quoted literature regarding the subject matter (IBM 2008; Soares 2015; Steinhart 2010; Data Governance Institute 2015).
Discussion
The objective of the DGMEM is to propose the implementation of a DGMEM for the purpose of managing data assets in government departments. The model also presents a process template of how to move from a lower level of maturity to a higher level. The DGMEM is prescriptive in nature, which therefore afforded an opportunity to both the researcher and senior managers in the departments to gain first-hand experience of the model’s ‘fit for purpose’. It is believed that the objective has been achieved as the different layers of data collection and analysis confirm the practicality and applicability of the model to government departments of the Eastern Cape province.
Conclusion
This article discusses the criticality of a sound Data Governance Programme for government departments. A conceptual data governance maturity model is proposed for the government departments of the Eastern Cape province, South Africa. The model was tested through an exploratory sequential mixed-method approach of data collection and analysis. Data were collected from four departments. The results of the survey confirm the applicability of the model in the set context and reinforce the findings in literature that maturity models can be used to improve or enhance data governance in public enterprises.
Recommendations
It is recommended that the model should be implemented for all data processes in a government department as a case study. This will enable the researchers to discover gaps that may be improved to make for more effective data governance. Furthermore, an expanded sample test to other government departments in other provinces of South Africa, or other developing economies, would serve to identify how adaptable the model is to other contexts, and lead to a more robust argument regarding its usefulness and efficacy.
Acknowledgements
The authors would like to thank the HCD-INTERBURSARY funding body for their support in conducting this research.
Competing interests
The authors declare that they have no financial or personal relationships that may have inappropriately influenced them in writing this article.
Author’s contributions
O.O. conceptualised and wrote the article, with guidance and input from supervisors. The article is an outcome of a PhD thesis in the stated topic. M.H. is the main supervisor of the doctoral study, who supervised and assisted in synthesising the contents of the article. N.W. co-supervised and offered suggestions to further improve the article.
Funding
This research was supported with funding from the CSIR HCD-Interbursary award.
Data availability statement
Data sharing is not applicable to this article as no new data were created or analysed in this study.
Disclaimer
The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of any affiliated agency of the authors.
References
Alles, M. & Piechocki, M., 2012, ‘Will XBRL improve corporate governance? A framework for enhancing governance decision making using interactive data’, International Journal of Accounting Information Systems 13(2), 91–108. https://doi.org/10.1016/j.accinf.2010.09.008
Becker, J., Knackstedt, R. & Poppelbu, J., 2009, ‘Developing maturity models for IT management: A procedure model and its application’, Business & Information Systems Engineering 1(3), 213–222.
Berson, A. & Dubov, L., 2011, Description of key data governance tools and practice as applied and defined in the private sector, 2nd edn., McGraw-Hill Media, Maidenhead, United Kingdom.
Bertram, C. & Christiansen, I.M., 2014, Understanding research, 1st edn., Van Shaik Publishers, Pretoria.
Creswell, J.W., 2014, Research design: Qualitative, quantitative, and mixed methods approaches, 4th edn., Sage, Los Angeles, CA.
Creswell, J.W. & Plano Clark, V.L., 2011, Designing and conducting mixed methods research, 2nd edn., Sage, Los Angeles, CA.
Crowston, K. & Qin, J., 2012, A capability maturity model for scientific data management: Evidence from the literature, pp. 1–9, Wiley Online Library, Hoboken, NJ.
Cohen, L., Manion, L. & Morrison, K., 2000, Research methods in education, 5th edn., Routledge Falmer, London.
Data Governance Institute, 2015, The Data Governance Framework, viewed 25 June 2016, from http://www.datagovernance.com/the-dgi-framework/
Dismute, W.S., 2010, ‘Data governance: A study of the current state and emerging trends’, Master’s thesis, Information Science Department, University of Arkansas, USA.
Department Public service and Administration (DPSA), 2013, Public service corporate governance of information and communication technology policy framework, viewed 27 June 2016, from http://www.dpsa.gov.za/.
Eckerson, W., 2014, Data governance for the enterprise: Trends in the use of data quality, master data management and metadata management, viewed 22 June 2016, from http://www.techtarget.com.
Gregor, S. & Hevner, A.R., 2013, ‘Positioning and presenting design science research for maximum impact’, MIS Quarterly 37(2), 337–355. https://doi.org/10.25300/MISQ/2013/37.2.01
Hamel, F., Herz, P.T., Uebernickel, F. & Brenner, W., 2013, ‘IT evaluation in business groups: A maturity model’, Applied Computing Conference in SAC ‘13- proceedings of the 28th annual ACM symposium on applied computing 1410–1417, Association of Computing Machinery (ACM), Coimbra, Portugal, March 18–22, pp. 1410–1417. https://doi.org/10.1145/2480362.2480627
Hendriks, C., 2012, ‘Integrated financial management information systems: Guidelines for effective implementation by the public’, South African Journal of Information Management 14(1), 1–9. https://doi.org/10.4102/sajim.v14i1.529
Huner, K.M., Ofner, M. & Otto, B., 2009, ‘Towards a maturity model for corporate data quality management’, SAC 09 – Proceedings of the 2009 ACM symposium on applied computing, pp. 231–238), Association of Computing Machinery (ACM), New York, NY.
IBM Data Governance Council, 2008, Data will become an asset on the balance sheet and data governance a statutory requirement for companies over next four years, IBM Data Governance Council, Armonk, New York, NY.
Information Systems Audit and Control Association (ISACA), 2013, COBIT 5 Framework, viewed 22 February 2016, from http://www.isaca.org/COBIT/Pages/COBIT-5-Framework-product-page.aspx.
Jacobson, D.D., 2009, Revisiting IT governance in the light of institutional theory, pp. 1–9, IEEE Computer Society, Waikoloa, Big Island, Hawaii.
Johannesson, P. & Perjons, E., 2012, A design science primer, 1st edn., CreateSpace, Atlanta.
Khatri, V. & Brown, C.V., 2010, ‘Designing data governance’, Communications of the ACM 53(1), 150–152. https://doi.org/10.1145/1629175.1629210
Koltay, T., 2016, ‘Data governance, data literacy and the management of data quality’, IFLA Journal 42(4), 303–312. https://doi.org/10.1177/0340035216672238
Korhonen, J.J., Melleri, I., Hiekkanen, K. & Helenius, M., 2013, ‘Designing data governance structure: An organizational perspective’, GSTF Journal on Computing (JoC) 2(4), 11–17.
Kushner, T. & Villar, M., 2008, Managing your business data: From Chaos to confidence, Racom Books, Chicago, IL.
Kzneducation.gov.za, 2008, Minimum information security standards, viewed 17 June 2015, from http://www.kzneducation.gov.za.
Meyer, J.W. & Rowan, B., 1977, ‘Institutionalized organizations: Formal structure as myth and ceremony’, American Journal of Sociology 83(2), 340–363.
Moher, D., Liberati, A., Tetzlaff, J., Altman, D.G. & PRISMA Group, 2009, ‘Preferred reporting items for systematic reviews and meta-analyses: The PRISMA statement’, Annals of Internal Medicine 151(4), 264–270. https://doi.org/10.7326/0003-4819-151-4-200908180-00135
Naicker, V. & Jairam-Owthar, D., 2017, ‘The linkage of information quality to an executive decision support framework for the financial service sector of a developing economy’, South African Journal of Information Management 19(1), 1–9. https://doi.org/10.4102/sajim.v19i1.781
National Archives and Records Service (NARS), 2006, Managing electronic records in governmental bodies: Policy, principles and requirements, viewed 17 June 2015, from http://www.national.archives.gov.za.
Okongwu, U., Morimoto, R. & Lauras, M., 2013, ‘The maturity of supply chain sustainability disclosure from a continuous improvement perspective’, Journal of Productivity and Performance Management 62(8), 4–14. https://doi.org/10.1108/IJPPM-02-2013-0032
Olaitan, O. & Flowerday, S., 2016, ‘Successful IT governance in SMES: An application of the technology–organisation–environment theory’, South African Journal of Information Management 18(1), 1–8.
Peffers, K., Tuunanen, T., Rothenberger, M.A. & Chartterjee, S., 2008, ‘A design science research methodology for information systems research’, Journal of Management Information Systems 24(3), 45–77. https://doi.org/10.2753/MIS0742-1222240302
Pries-Heje, J. & Baskerville, R., 2008, ‘The design theory Nexus’, MIS Quarterly 32(4), 731–755, Minneapolis, MN, USA.
Poppelbub, J. & Roglinger, M., 2011, What makes a useful maturity model? A framework of general principles for maturity models and its demonstration in business process management, pp. 1–13, AIS Electronic Library (AISel), Helsinki, Finland.
Sarsfield, S., 2009, The data governance imperative: A business strategy for corporate data, 1st edn., IT Governance Publishing, Cambridgeshire, UK.
Seiner, R.S., 2014, Non invasive data governance: The path of least resistance, 1st edn., Techniks, Pennsylvania, PA.
Soares, S., 2015, The chief data officer handbook for data governance, 1st edn., MC Press, Boise, ID, USA.
Statistics South Africa (STATSsa), 2010, Demographic Information Booklet, viewed 22 June 2016, from http://www.statssa.gov.za/standardisation/SASQAF_Edition_2.pdf.
Steinhart, G., 2010, ‘DataStaR: A data staging repository to support the sharing and publication of research data’, International Association of Scientific and Technological University Libraries 1–11, USA, 31st Annual conference of the International Association of Scientific and Technological University Libraries, viewed 13 August 2015, from http://docs.lib.purdue.edu.
Thomas, G., 2015, How to use The DGI data governance framework to configure your program, viewed 08 August 2017, from www.datagovernance.com.
Weber, K., Otto, B. & Osterle, H., 2009, ‘One size does not fit all – A contingency approach to data governance’, Journal of Data and Information Quality 1(1), 1–27. https://doi.org/10.1145/1515693.1515696
|