Data governance

Boards do not trust data because a data team asserts the governance framework exists. They trust it when the organisation can show how a number was produced, who owns it, what happens when it fails quality expectations, and why it is the right number for the decision in front of them.

That requirement makes governance design a strategic discipline — not a technology selection or a compliance activity, but a deliberate operating model for evidencing data quality, stewardship, and control.

Why governance theatre persists

Governance theatre is not usually the result of bad intentions. It emerges from misaligned incentives and unclear accountability. A data team is asked to show governance maturity, so it produces governance artefacts — committees, glossaries, catalogues, policies — that demonstrate activity rather than control.

The structural problem is that these artefacts do not change what happens when a report is wrong. If ownership is nominal, quality thresholds are aspirational, and lineage is undocumented below the data warehouse layer, the actual decision path remains as fragile as before. The board pack arrives with contested numbers, reconciliations happen offline, and auditors rebuild evidence packs manually ahead of each review.

Theatre persists because the absence of real control is often invisible until it becomes expensive. A regulatory finding, a CFO questioning the margin figure in the board pack, or an audit exception that cannot be remediated quickly — these are the moments when the gap between apparent and actual governance becomes undeniable.

What makes governance credible

Credible governance is operational. It connects Critical Data Elements to the reporting obligations and business decisions they support. It defines stewardship where the data is understood, not merely where the technology sits. It captures lineage at a level useful for answering a control question, not just for data architecture documentation.

The practical markers of credible governance include: data owners who can answer quality questions and have the authority to resolve them; quality thresholds that trigger defined remediation rather than commentary; lineage that traces a reported number to its source system through each transformation; and an evidence model that does not require manual reconstruction ahead of each audit.

These are not exceptional standards. They are the minimum required for governance to earn board-level confidence rather than create the appearance of it.

Critical Data Elements in practice

Critical Data Elements are the subset of an organisation's data that directly affects regulatory reporting, commercial decisions, or both. Defining them is the prioritisation step that makes governance tractable.

Without CDEs, governance work spreads across the full data estate, producing shallow coverage of everything and deep control of nothing. With a defined CDE inventory, the organisation can concentrate ownership, quality measurement, lineage documentation, and metadata governance where the reporting stakes are highest.

In practice, CDE governance requires more than a list. Each element needs an explicit owner with the authority and knowledge to validate it, a quality threshold with a defined tolerance, lineage documentation that traces the data from source to reporting consumption, and a metadata record that links the element to the regulatory or business decisions that depend on it.

Work across regulated environments — including the Purview-aligned governance planning that has covered more than 500 Critical Data Elements and finance reporting views — demonstrates that this combination of ownership, quality control, and metadata discipline is what separates genuine remediation from activity that looks like remediation.

Lineage, stewardship, and accountability

Lineage and stewardship are often treated as separate governance workstreams. In practice they are the same question asked differently. Lineage asks where the data came from and how it was transformed. Stewardship asks who is accountable for its quality throughout that journey.

A lineage diagram without accountable stewards is a documentation asset without control value. A steward without lineage visibility cannot effectively govern the data they own. The governance operating model needs both.

The stewardship model that works in practice assigns ownership at the point where data is understood — not centrally to a data team, but to the business function that knows what the data means, what the acceptable thresholds are, and what the consequences of a quality failure look like. That proximity to consequence is what makes stewardship real rather than nominal.

Regulatory evidence and BCBS239

For organisations subject to BCBS239, regulatory evidence requirements give data governance work specific and verifiable standards. Aggregation capability, accuracy, timeliness, and adaptability are each defined with expectations about what evidence demonstrates compliance.

The practical governance implication is that finance and risk reporting data needs a clearly documented evidence trail: what data enters each aggregation, how it is transformed, which business rules apply, what quality checks run at each stage, and who is accountable for the result. That trail needs to survive regulatory scrutiny, not just internal review.

The same logic applies to GDPR data lineage, FCA and PRA reporting obligations, and internal audit requirements. The common requirement is that evidence is inspectable, owned, and linked to consequences — not asserted through governance language alone.

When governance earns board trust

Board trust in data is earned through evidence rather than declared through governance policy. The evidence that matters is practical and visible: fewer reconciliation arguments in the leadership team, faster evidence production for audit and regulatory queries, clearer ownership when a quality issue surfaces, and decisions that can withstand scrutiny because the number behind them can be explained.

The governance work that produces this evidence — CDE definition, stewardship assignment, lineage capture, quality measurement, metadata discipline — is not glamorous. It is the operational foundation that makes data credible at executive level.

When that foundation is in place, the commercial and regulatory benefits follow: reports that senior leaders rely on rather than question, an audit process that does not consume significant remediation effort, and a data function that is judged by the quality of decisions it supports rather than the volume of governance artefacts it produces.