D-G4-L4-231 Data Governance Assessment Design and Implementation Deloitte LLP Service for G- Cloud IV

Transcription

1 D-G4-L4-231 Data Governance Assessment Design and Implementation Deloitte LLP Service for G- Cloud IV September 2013

2 Contents 1 Service Overview 1 2 Detailed Service Description 4 3 Commercials 8 4 Our G-Cloud Services 9 5 About Deloitte 10

3 1 Service Overview 1.1 Service Summary In a nutshell, what is it that Deloitte will do for you? In its broadest sense, data governance is about directing resources to ensure that the organisation s data is fit for purpose. Every organisation will need a tailored data governance approach to align with their existing organisational structure, culture, and to focus on the benefits they are looking to achieve. Deloitte can assess your current data governance activities and also design and help implement an individually tailored data governance solution for your organisation. Our services typically cover three stages. Assessment, Design and Implementation. Assessment: Most organisations have some elements of data governance in place, but these may be scattered or incomplete, rendering them ineffective. Based upon our experience, we have developed an assessment approach for data governance, divided into a number of key domains linking back to our data governance framework, and supported by a number of customised tools. Applying our assessment has helped our clients identify particular areas where challenges and opportunities exist, and given our extensive range of client experience, we are able to provide a comparison to the industry average, or best in class. Design: Deloitte have considered the core components that are needed in order to successfully operate data governance, linked to our data governance framework. Our data governance solution designs have helped our clients identify practical ways of governing data, based upon our extensive range of client experience. Implementation: Implementation is often the hardest step to get right, as the organisational model must be embedded, and the tangible benefits should be demonstrated quickly. We have helped our clients to successfully implement data governance through the creation of combined teams. Our experienced team works alongside our clients to develop and grow their data governance operation, offering on the job training and support throughout the process. It is important that data governance transitions to business as usual and runs without day-to-day involvement from Deloitte. We consider this the last step in a successful data governance engagement. 1.2 Business Context What situations is this service designed to be used in? Most organisations will have experienced challenges with their data, and will know that any future aspirations to improve analysis, insights and efficiency will depend on good data. Data governance plays a key role in coordinating efforts to get greater value from data, and ultimately all organisations that are successful in using and exploiting their data will need elements of data governance. D-G4-L4-231 Data Governance Assessment Design and Implementation Deloitte LLP Service for G-Cloud IV 1

4 Key benefits of good data governance include: Efficiency improvements reduced management and operating costs through simplified and more efficient processes, greater understanding of the data available, and clear coordination across projects; Reducing risk effectively understanding the data environment, opportunities for data quality improvement, risks for data loss and commercial or reputational risks throughout the flow of data; Regulatory and legal compliance accurately and efficiently producing regulatory or market reporting, and demonstrating compliance with regulatory data governance requirements; Revenue creation understanding the market and opportunities more effectively, creating cross-sell and up-sell opportunities, increasing and improving client retention and addressing new markets; and Competitive advantage improving market insight and analytics allowing for better targeting, competitive pricing, and strategic decision making. Data governance takes time to develop and implement effectively. Any approach to data governance should be based on business prioritisation and value recognition. Once established as an action orientated body it will become self-sustaining, driving value into the business. Deloitte uses a simple framework to help guide the successful development of data governance. We think of data value as being realised through a number of domains, each coordinated through data governance which sits at the centre. Drawing on our deep cross-sector experience in this area, this framework represents good practice in data governance. Our view is that data governance can be broken down into organisational competencies across six key domains and four key elements. Vision - Aligning the data strategy to the strategic objectives of the business. Domains What is governed? Data Usage - Supporting the business to extract value from its data by removing impediments and delivering enablers. Data Quality - Measuring, creating and maintaining reliable, trustworthy data. Data Security - Securing the business investment in the value of data; and meeting data privacy and protection needs. Data Management - Delivering controlled data management across the organisation, including reference, meta, and master data management, development and testing. Data Assets - Enhancing the physical and logical footprint of the data within the organisation to improve the performance of all aspects of data value. Elements How is it governed? Directing and prioritising the activities of the organisation ensuring that investment and resources are applied for maximum business benefit: Organisation - A clearly defined target operating model with the accountability and ownership to govern the organisation s data; D-G4-L4-231 Data Governance Assessment Design and Implementation Deloitte LLP Service for G-Cloud IV 2

5 Policies & Standards - Definition of common entities, attributes and their inter-relationships for the data and domains being governed; Processes - Designing and implementing the processes and controls required to govern and manage the data within the organisation; and Reporting - Providing the reporting to continuously monitor the effectiveness of data governance and the domains it governs. Our framework provides a clear and reliable structure on which to base our work, whilst still enabling us to be flexible to individual client circumstances. Embedded data governance draws upon the framework, but considers how it should operate in practice. There are a number of components that need to be considered in terms of what has already been done, and how this needs to develop in the future. A data governance solution is constructed from a number of interrelated components illustrated here. Each of these needs to be considered as part of the data governance assessment, which is the first step in understanding the maturity of your data governance capability, determining the existing elements of data governance and what is in need of development. The next steps are typically data governance design and implementation. A data governance solution is also constructed from these components, leveraging our experience of what works in practice, and what is needed, based upon the aspirations of the organisation in terms of the value to be gained from data. D-G4-L4-231 Data Governance Assessment Design and Implementation Deloitte LLP Service for G-Cloud IV 3

6 2 Detailed Service Description 2.1 Our approach Deloitte will provide a team of experts to work within your organisation to conduct the project, with the support of the Deloitte SMEs to add their experience and insight. We have a standard approach, which can be applied flexibly depending on the size and complexity of the organisation or landscape of data within. This includes each of the three stages of assessment, design, and implementation. This is illustrated at a high level below. Assess: Document review: The document review is conducted first, so that it can help to form the questions for the interview phase. We will collect and review all of the key documentation that can be made available, the typical documentation that we d request is covered in the next section. Planning: Our work will primarily be based upon your documentation and interviews with individuals from across the organisation. It is important to understand both what has been documented officially, and what is operating in practice. Based upon the documentation and support from your team, we will set out the areas of the organisation, and the key people with the relevant roles that we would like to interview. A number of examples are given in the following section, but we d look to work with you to determine the list of interviewees required. Stakeholder interviews: We will interview the employees identified in the planning stage to gauge their level of understanding of data governance, how data is currently managed, their insights into the data challenges that are faced, and their data aspirations for the future. Interviews may cover aspects of the documentation provided, and we may need to speak to some individuals more than once in order to validate our findings. Assessment review and write-up: Stakeholders will be given the opportunity to confirm our findings as part of the write-up phase, particularly in terms of the factual accuracy of what has been captured. The delivery team will structure their findings in alignment with our data governance framework, highlighting key challenges and opportunities. Design: The design phase is focussed on the development of the components of data governance, and producing the supporting documentation. This includes: o Organisational Design The overarching structure for data governance including the necessary people, committees, reporting lines etc; o Roles and Responsibilities A description of the roles required to operate the data governance organisation, including individual responsibilities, skills and time allocation. (E.g. 2 days a week); o Terms of Reference Documenting the responsibilities of each committee, their structure, reporting lines, and authority; o High Level Processes An illustration of how data governance operates, and interacts with other parts of the organisation; o Principles High level statements setting out the objectives for governance, and how this will apply to the organisation; D-G4-L4-231 Data Governance Assessment Design and Implementation Deloitte LLP Service for G-Cloud IV 4

7 o Reporting Draft reporting packs for the committees setting out the recommended metrics for monitoring data, and to support decision making; and o Roadmap High level roadmap setting out how to implement data governance across the organisation, targeting the areas of most value first. Design Review: Stakeholders will be given the opportunity to review our data governance design as each component is created, and time is allowed for a comprehensive review once the design components are complete. Deloitte review and submission: All deliverables are subject to internal Deloitte review, with additional subject matter experts, and relevant Partners leveraged to add insights and experience to the observations and recommendations. Particularly in the case of data governance, there is no one-size-fits-all solution, so we can offer the most value through our collective input. Implement: Many of the roles related to data governance are part time, and are typically performed by people who are already within your organisation. The implementation phase will identify these people and introduce them to their data governance responsibilities, though the creation of customised training materials and the delivery of training courses. Additionally the initial committee meeting(s) will be held, where we will set the approach for future meetings, and look to ratify the principles, roles and responsibilities, terms of reference and roadmap. Second Phase (not in scope): The initial area of focus for the newly created data governance organisation will be to set key policies and standards based upon the principles. It is also important to further develop the processes in alignment with the new documentation. This stage is not part of the project for the purposes of the G-Cloud proposition, but it is essential to consider how this will be delivered to place continued focus to develop and embed data governance over the coming years. Optional approaches: Some larger organisations will have more employees that can contribute to the data governance assessment; however it can be impractical to interview them all in a cost-effective manner. In these circumstances we are able to supplement our interviews with our automated assessment tool. This can be sent to relevant individuals, who will have the opportunity to complete a customised questionnaire and submit their responses. Deloitte can also assist with the development of policies and standards etc. as part of the project, or as a continuation of our assistance. In addition, we have often provided expert resource as a secondment following our projects, to help further embed and energise data governance. 2.2 Inputs We have assumed that you will be in a position to provide certain inputs to the service, which we have listed here. If you are not in a position to provide all of these inputs then please get in touch to discuss options, as it is likely we can reach agreement to alter our approach to accommodate your situation. The Deloitte team will require access to a number of pieces of documentation, where it exists, to effectively perform the information gathering phase. Typically the documentation request will include the following: Data Governance Frameworks Organisational design Roles and Responsibilities Policies Standards D-G4-L4-231 Data Governance Assessment Design and Implementation Deloitte LLP Service for G-Cloud IV 5

8 Process documentation Terms of Reference Meeting minutes Reporting packs and metrics Data issue logs We would also seek to interview a range of individuals, selected as appropriate from across the organisation. This typically might include: Data Governance Sponsor Data Governance Manager Data Governance Team Data Owners Data Stewards Data Users Data Custodians Senior Business Representatives IT Operations Change Control Team Data Quality Team Data Security Team MI Team Data Architecture team Portfolio Management team 2.3 Your Contribution Our services are designed to be delivered with you rather than to you. We have assumed that you will be able to make the following contribution to the work. If you are not in a position to take on these responsibilities then please get in touch to discuss options, as it is likely we can reach agreement to alter our approach to accommodate your situation. As described above, the Deloitte team will require access to a number of individuals to perform the assessment. The key contribution required is to help identify the right people to interview. Agreeing this early will allow the team to schedule interviews and identify the scale of the project. Your senior stakeholders will also need to review the data governance documentation as it is produced, giving their feedback to help ensure it is as tailored as possible to your organisation. Later during the implementation phase, we will need your assistance in identifying suitable candidates for data governance roles, and for the members of the proposed committees to be available to attend the kick off meetings. 2.4 Outputs What will you get in terms of deliverables, outputs and outcomes from this service? The key output of the assessment is the data governance report, structured around the data governance framework. The report will look to highlight the key issues and challenges for each domain and it will identify a series of suggested activities to improve data governance. The outputs of the design phase have been described above, but are listed again here: o Organisational Design; o Roles and Responsibilities; D-G4-L4-231 Data Governance Assessment Design and Implementation Deloitte LLP Service for G-Cloud IV 6

9 o Terms of Reference; o High Level Processes; o Principles; o Reporting pack; and o Roadmap. The implementation phase will include: o Training materials; o An introduction to data governance for the people identified for key roles; and o A kick-off meeting for the data governance committee(s). 2.5 Scale and complexity The effort involved in delivering our service is driven partly by what we will do (which we have described in section 2.1 above) and what you will do before we arrive and alongside us whilst we work (which we have described in sections 2.2 and 2.3 above respectively). It is also driven by the scale and complexity of your business situation. This section describes the scale and complexity that we have designed this service to address. If your business situation is bigger or smaller than this then please get in touch to discuss options, as it is likely we can reach agreement to alter our approach to accommodate your situation. The complexity of the data governance project will depend on the size and structure of the organisation, and will drive the volume of documentation and number of interviews. We would expect that, as part of the information gathering phase, to conduct around 20 hours of interviews and review up to 30 documents, providing us with the information needed to formulate an accurate assessment. D-G4-L4-231 Data Governance Assessment Design and Implementation Deloitte LLP Service for G-Cloud IV 7

10 3 Commercials 3.1 Cost This service is offered on a fixed price basis as described. The price is published in a separate pricing document available to download separately. The service is subject to the assumptions regarding scale and complexity or exclusions as listed in the service description. The level of detail of the reports and deliverables will be agreed with you at the start of the engagement so as to provide the maximum amount of value within the constraints of the fixed timescales, resources and price. 3.2 Location This service will be delivered predominantly in the customer's own premises. No expenses will be charged for travel to premises within the M25, but there may be additional charges for travel and accommodation expenses incurred for services delivered at premises outside the M25. These will be agreed in the Service Order. 3.3 Ordering and Invoicing Process There are two ordering routes available: 1. Visit our G-Cloud service homepage at which contains information about the service and also has an online form for ordering. 2. Send an to g-cloud@deloitte.co.uk with the following information: Your organisation s name The name of this service, which is D-G4-L4-231 Data Governance Assessment Design and Implementation Your name and contact details A brief description of your business situation Your preferred timescales for starting the work We will agree an invoice schedule in our Service Order. Our invoices will be payable within 30 days. 3.4 Exclusions Our service description in section 2 above defines the scope of what we will deliver. For the avoidance of doubt, we have listed below any activities that (in our experience) are sometimes expected to be in our scope but which are not included within this service. D-G4-L4-231 Data Governance Assessment Design and Implementation Deloitte LLP Service for G-Cloud IV 8

11 4 Our G-Cloud Services 4.1 Our G-Cloud Strategy Deloitte offers a range of services on the G-Cloud Store. Our strategy is to provide commoditised services for the public sector, which are suitable for public bodies addressing the changes required of them in a digital world. Our services cover the breadth of Specialist Cloud Services from business analysis to design and development; transition management to project specification and selection. We also offer some software-as-a-service options on the store, and intend to expand our service provision in response to customer demand in the future. 4.2 Further Information For more information about our G-Cloud strategy and services, please visit D-G4-L4-231 Data Governance Assessment Design and Implementation Deloitte LLP Service for G-Cloud IV 9

12 5 About Deloitte 5.1 Our Business Deloitte LLP ( Deloitte ) is a leading professional services firm, employing over 13,000 staff across 20 locations in the UK. Our Public Sector practice includes over 1,000 experienced specialists in central civil government, health, transport, defence and local and regional government, some of whom have previously worked at senior level. In addition, we have over 1,000 staff who can work in both the public and private sectors, enabling transfer of experience and methods. As a Big Four professional services firm, we are well positioned to draw upon skills across a wide range of service offerings to deliver Cloud-based services. We work across the public sector as a trusted advisor and as a supplier of leading edge technology services. This includes an extensive portfolio of Specialist Cloud Services available as commoditised services in the G-Cloud catalogue. Our public sector team plays an active role in the development of methodologies, value propositions and points of view to assist our public sector clients. We conduct research in areas that are of current and emerging interest to our clients, identifying best practice and new developments in the UK and internationally. In this section we outline some of the elements which differentiate us in the marketplace. 5.2 Professional Standards As a leading supplier, Deloitte operates to high standards of professionalism: We recruit highly capable staff and maintain effectiveness through training, performance management and continuous professional development Quality on every engagement is managed through a Quality Management Plan and partner sign off of deliverables on all engagements. Technology Consulting services are accredited to ISO9001, the international quality standard, which includes acting on customer feedback and continuous improvement plans As members of the Chartered Institute for IT (BCS), our Technology practice and individual members are bound to its Code of Practice and Code of Conduct which defines good practice for ICT and technology consultancy. We are also registered with the TickIT scheme We are a Green classified CESG approved company and have a number of CHECK Team Leaders Our project management methodology, which is aligned with PRINCE 2, provides mechanisms for managing all aspects of engagements, including project risks and issues. We have over 300 staff with PRINCE2 or similar PIM qualifications Our Focus on delivery includes regular contact with client management and frequent progress updates when issues can be identified at an early stage to enable easier risk mitigation and help avoid escalation Deloitte is reliable to work with and sets out to deliver the services needed. Our high reputation in the market is based on our commitment to deliver even in difficult circumstances, while building trusted relationships with our clients D-G4-L4-231 Data Governance Assessment Design and Implementation Deloitte LLP Service for G-Cloud IV 10

13 We actively promote sustainability within our supply chain and have a strong commitment to equality, diversity and corporate responsibility. Our firm is accredited to ISO14001, the international environmental management standard, and CAESAR (Corporate Assessment of Environmental, Social and Economic Responsibility). Deloitte is accredited to ISO27001, the international security management standard. We operate robust processes for safeguarding customer data and for confidentiality of information. We are registered under the Data Protection Act and have safeguards in place to protect the data of our own personnel or any personal data with which we are entrusted by clients We have processes in place to preserve the integrity and independence of the services we provide. For example, bids are subject to conflict checks to avoid conflicts of interest, all Deloitte staff are required to complete Anti-Bribery and Anti-Money Laundering training, partners and staff are subject to independence checks and there are frequent internal audits and compliance checks 5.3 Security The majority of our public sector team are vetted to Baseline Personnel Security Standard or cleared to National Security Vetting SC level. In total, this is over 1,000 people with some form of security vetting. Deloitte is a List X company. We employ a full time Security Controller and Security Team to manage security clearances, advise on development of Security Management Plans and manage compliance with security processes. We have comprehensive Business Continuity Plans in place in all locations. Staff are equipped to work remotely if client sites or Deloitte sites are inaccessible. 5.4 Responsible Business At Deloitte Responsible Business is not just a strap line. We appreciate that our everyday business activities affect wider society through our actions and through the actions of those with whom we do business. Our approach to Corporate Responsibility is fully integrated with our business strategy; as such we are fully committed to addressing requirements from the Social Value Act. In the last year we launched our inaugural Impact Report ( replacing our traditional annual report and providing the platform through which we will measure our impact and contribution to society into the longer term. 5.5 Geographical Coverage Deloitte has 20 office locations throughout the UK, plus offices in Guernsey, Jersey and the Isle of Man. We also have a National Solutions Centre which is based in Belfast and provides software engineering capabilities for our clients. 5.6 Innovation and Continuous Improvement Deloitte understands the importance of innovation to public sector clients in their endeavours to reduce costs and ensure better outcomes. Deloitte approaches public sector engagements from the standpoint of delivering tangible or measureable outcomes and effective use of resources. Cloud provides a major opportunity to challenge existing provision of IT in the organisation, and improve working practices, service levels and reduce operating costs. We are willing to challenge current ways of working in the public sector and to harness technology and lean thinking to produce satisfactory outcomes that deliver the client s objectives at lower cost. D-G4-L4-231 Data Governance Assessment Design and Implementation Deloitte LLP Service for G-Cloud IV 11

14 We seek to ensure that our people, methods, infrastructure and working practices deliver high quality services to our clients and an environment where our staff can work effectively. We recognise that this is only possible if our working procedures, methods and tools, staff skills and training continue to improve. We undertake a number of activities to set objectives for key processes, measure performance against these objectives and assess and adjust our operational and engagement procedures to sustain improvement. 5.7 Capability Transfer Deloitte prefers to provide capability, knowledge or skills transfer on most projects. We can also work in such a way that capability transfer is at the heart of the engagement. Examples include: Training client staff for team roles at the outset of an engagement to reduce costs and provide for continuity of skills after we exit from the client Providing only those services which a client cannot provide for themselves and avoid practices such as staff substitution as much as possible Delivering comprehensive capability transfer so that client staff are able to take over fully the operation or extension of a service or continue to manage a change programme from their own resources. We also have a programme of secondments both to and from the public sector, which enhances our industry insight while strengthening our relationship with public sector. 5.8 Our Business Structure Deloitte LLP comprises a number of business units. Our G-Cloud services are provided from across our business, bringing in the skills and experience we need. Because our business structure is set up as a group, some of our business units are constituted as wholly owned subsidiaries of Deloitte LLP. For the purposes of our G-Cloud services, the Deloitte MCS Limited (company registration number ) is a sub-contractor that we may rely upon to deliver service. D-G4-L4-231 Data Governance Assessment Design and Implementation Deloitte LLP Service for G-Cloud IV 12

15 Important notice This document is not an offer and cannot be accepted. Should you wish to obtain our services, please contact us using the Ordering Process described in section Error! Reference source not found. to discuss your requirements and how we may meet them. Following these discussions and our internal acceptance procedures, we would then enter into a direct order with you in accordance with these Framework terms to confirm our appointment. The information contained in this document has been compiled by Deloitte LLP and includes material which may have been obtained from information provided by various sources and discussions with management but has not been verified or audited. This document also contains confidential material proprietary to Deloitte LLP. Except in the general context of evaluating our capabilities, no reliance may be placed for any purposes whatsoever on the contents of this document or on its completeness. No representation or warranty, express or implied, is given and no responsibility or liability is or will be accepted by or on behalf of Deloitte LLP or by any of its partners, members, employees, agents or any other person as to the accuracy, completeness or correctness of the information contained in this document or any other oral information made available and any such liability is expressly disclaimed. In this document references to Deloitte are references to Deloitte LLP. Deloitte LLP is the United Kingdom member firm of Deloitte Touche Tohmatsu Limited ( DTTL ), a UK private company limited by guarantee, whose member firms are legally separate and independent entities. Please see for a detailed description of the legal structure of DTTL and its member firms Deloitte LLP. All rights reserved. Deloitte LLP is a limited liability partnership registered in England and Wales with registered number OC and its registered office at 2 New Street Square, London EC4A 3BZ, United Kingdom