A Data and IT Governance Journey: Finding Truth Amid the Quicksand

min read

Developing an effective, efficient data governance process can be a long, strenuous task, but the result is well worth the struggle it requires, particularly when a pandemic shows up.

A hole in the sand
Credit: petrov-k / Shutterstock.com © 2020

From the Chief Data Officer's Perspective

Imagine you and a dozen other employees are seated around a conference table and the new president of your institution is at the helm. Your president asks the group for a report of admissions application trends for the past five years, and you all nervously look down as you write yourselves notes to work on that report. At your meeting the following week, half a dozen employees present half a dozen different reports on admissions applications. The president begins to review them and quickly becomes frustrated by the inconsistencies and disparities. Less than five years ago, this is what happened at our institution, Northern Arizona University.

At that time, I was the associate vice president for Institutional Research (IR), and as such, the issue was mine to resolve. How could I tell our new president that application data was coming from five different business processes, landing in multiple data systems, and using inconsistent data definitions and that IR did not even have access to all of the data? How was the president supposed to make data-informed decisions when we were incapable of providing her such basic information? Significant enrollment growth had resulted in a highly decentralized institution with many data silos and a lack of communication. Our need for data governance had never been greater.

We set down the path to develop a data governance model that would address data quality, security and access, and the development of new data sources, as well as to establish advisory committees to guide those efforts. Our model started as a list of bullet points, inadvertently grew into a diagram that looked like a flower, and eventually evolved into an "onion" with multiple layers. The more we discussed the issues we needed to resolve, the larger that onion grew. The model developed over the course of a year, during which time we hired our new chief information officer and my title changed to chief data officer. Together, we worked to refine the model and establish advisory committees for both data and IT, and we officially launched our data governance initiative in September of 2016.

Great. We had a model, we had committees, and we knew in concept what we wanted to accomplish. But now what?

The Data and IT Governance Trustees, a subset of the vice presidents from the president's executive team, were convened and began to meet monthly. We identified specific governance project priorities and established quarterly goals for our first year. The goals were widely shared with the advisory committees, the president's executive team, and the president's cabinet, and subsequent updates on governance progress were regularly provided to these groups (see figure 1).

Figure 1. Data governance quarterly milestones

In our first three months, it became clear the governance participants were not all speaking the same language and we needed to develop a data dictionary. We selected Data Cookbook as our software solution and established a workgroup to tackle the data dictionary development work. Our need for some quick wins led us to first develop definitions for the most commonly used reports we had in place. Employees throughout the institution were already familiar with these reports, so our hope was that these definitions would provide supplemental information and a smoother introduction to the tool. It felt like we were gaining momentum!

At the same time, a Survey Policy Committee was formed to address a lack of institutional survey oversight. Survey response rates were lower than national averages, and as an institution, we really did not have a handle on who was surveying which populations or when. This was the first time I felt as if governance was leading us into a bit of quicksand. What began as a policy development group quickly turned into a research and data analysis group when we determined we needed a solid assessment of our current state before we could propose a future state or an associated policy. We fell a bit deeper into that quicksand when we realized our university community had been sent more than 700,000 survey invitations in a two-year span of time. As we attempted to resolve what we had initially identified as key problems, we found ourselves falling deeper into the quicksand of related issues, data problems, and conflicting business processes. We were still making progress, but everything was taking far longer than expected!

The Data and IT Governance Trustees, along with Governance Advisory Committees in both the data and IT areas, continued to make progress on addressing security, data integrity issues, developing policies and protocols, and ultimately sparking effective and productive communication throughout the institution. A number of subcommittees and workgroups successfully implemented Data Cookbook, developed and implemented a survey policy and review process, designated Qualtrics as the institution's survey software, and launched Tableau to provide campus-wide dashboards. A Training Workgroup developed in-person training sessions focused on data governance, student data, financials, human resources, survey software, and Tableau. These free sessions were available to all employees, and when the demand for sessions surpassed all of our expectations, we created online training modules to keep that momentum going. By 2018, it finally felt as if data governance was fully ingrained in our institutional culture. Issues were being routed through various governance committees for resolution, employees were asking to participate in those committees, and the trustees were respected as providing authoritative guidance for anything in the governance realm.

As we look back on our first four years of formal data governance, it is rewarding to see what we have accomplished. Certainly, we encountered challenges and lots of quicksand, but stopping along the way and celebrating our successes has been an important part of the process.

Key Challenges

  • Everything takes longer than expected. Beware of the quicksand! You may think you are setting out to resolve a particular issue, but do not be surprised if your path forward is not linear. Often the resolution of an issue requires the analysis and resolution of other issues and processes first. The degree-tracking project we had slated for completion in our first year is still in progress (and almost complete!) four years later.
  • Even when data governance structures are valued, employees will still be frustrated by adherence to process. In the past, employees would "back-door" technical development requests (often working with a buddy who worked in IT) to get their particular task done quickly. This behavior undermined the progress of the development teams who should have been fully dedicated to institutional priority projects.
  • Prioritization is hard. Prioritizing projects within your particular unit or division is challenging enough, but that process becomes significantly more difficult when prioritizing across the institution. To effectively deploy both technical and functional resources, we implemented a project review and prioritization process as part of our governance effort. This has forced the trustees to make some difficult prioritization decisions but has been beneficial in ensuring that the work being done is fully in support of institutional priorities and goals. Prioritization is guided by the university's strategic plan, institutional goals, and enterprise metrics, providing solid justification for decisions.

Significant Successes

  • The development of an accepted and respected governance structure created numerous benefits. The Data and IT Governance Trustees provide clear direction and support. Data Governance Advisory Committees and subcommittees consist of fully engaged members who value having a forum for bringing issues forward for resolution. State auditors have become increasingly interested in our data governance initiatives and have found them to provide a well-documented, transparent structure that helps ensure accountability while driving a culture of data-driven decision-making. Clear policy and regular audits reinforce the importance and value of governance in the context of achieving high levels of confidentiality, integrity, and availability of data.
  • The campus community has come to appreciate the value of quality data. Before our formal governance structure was implemented, IR was often in the position of having to justify why accurate data was important. We were often met with comments like, "IR can just fix that on the reporting side—it doesn't impact students directly." The increased availability of data via dashboards and other reports has emphasized the importance of getting the data right from the beginning. If we have a business process that perpetuates bad data, we now work to improve those processes. If we have an employee who consistently enters bad data, we work to retrain the employee and explain why their work matters. More than 300 users now use dashboards, and most refer to the dashboards on a daily basis to monitor admissions funnels, enrollment trends, enrollment eligibility, retention trends, graduation rates, and grant award spending.
  • The university is able to leverage and adapt. We now have a structure of processes, tools, communication channels, and documentation that allow us to more quickly adapt to immediate crises such as the COVID-19 pandemic. Our existing enrollment dashboards were quickly enhanced to provide additional details related to dropped enrollments, significant changes, and student campus changes to allow for closer monitoring of the situation and future impacts. New dashboards were developed to provide hourly monitoring of on-campus testing and positivity rates. An increased demand for data to inform budget decisions for next year in light of COVID-19 has led to additional requests for dashboard access and training (which we are now able to facilitate promptly).

From the Chief Information Officer's Perspective

The president had hired me during the summer of 2016 to centralize IT at the university and to develop and execute a strategy of efficiency and effectiveness while fostering productive collaboration and innovation—a challenging task for the most experienced CIO. This wasn't my first CIO gig—it was my fifth. I had learned that CIOs were most often hired for strategy and fired for operations. Even with the challenges of centralization, I expected a large public research institution that had had great stability in the CIO role for nearly two decades to be a well-oiled machine when it came to basic operations and governance structures.

Every new CIO has that "hmmm" moment, when you realize the job is going to be different from what you expected. For me, that occurred when I asked the question, "How do you make decisions about which projects are prioritized and funded?" The responses ranged from bewilderment to explanations of undocumented rituals and the suggestion that Divine Intervention played a key role. No governance. No well-oiled operational procedures. And so there I was, standing in quicksand.

Of course, "quicksand" in the context is a perfect metaphor for culture. The more you struggle with it, the faster it tries to consume you. As I would soon discover, our "governance" was a complex matrix of individual trust relationships developed over many years. This culture was enabled during a period of rapid institutional growth and prior leadership that was conflict-avoidant. "Don't bother anyone..." was the standard when security policies were written. The ERP implementation was highly modified and celebrated to accommodate individual needs that avoided the bother of coordinating with other offices on process, policies, or shared inter-divisional priorities. IT work was uncoordinated and disjointed. In one instance, three competing projects of solving a problem were all independently moving forward simultaneously because three people had programmer friends who would help them solve it their way. Now came the realization that the quicksand was deep. And like the adventure character Indiana Jones, I needed a rope, even if it might be a snake.

Fortunately, I found a colleague with a rope in the chief data officer. We shared similar concerns and challenges concerning governance and a culture. As she describes, we crafted a governance model based on the best practices we could find, formed the Data and IT Governance Trustees, identified various committees, and launched our data governance initiative.

Key Challenges

As the CIO, I encountered the same three key challenges as did the chief data officer, but through a different lens.

  • Everything takes longer than expected. You cannot rush people into new ideas, particularly if they have been part of an established culture for a long time. Changing culture involves changing rituals. Our challenge was to define new rituals that reflected a culture of collaboration and strategic prioritization within the context of shared governance. Setting up committees with broad representation that could meet on a regular basis to do real work, not just discuss topics, was a key "ritual" that needed to be established. Identifying contributors for committees on topics such as security, education, research, administration, and project planning was relatively easy. What is hard and takes longer is transitioning trust from personal relationships to governance relationships, particularly when issues between areas are contentious or where competition for resources exists.
  • Even when governance structures are valued, employees will still be frustrated by adherence to process. As governance was created and operationalized, some people continued to exercise those previous trust relationships and work around governance. Some vocally expressed the new governance as "bureaucratic," "unnecessary," and a "hindrance to productivity." When we were able to identify individuals working around the system, we would engage them and their leadership to redirect them back to the new governance procedures. Years later, although some of this "friend network" is still active, it is limited, and more and more people see the overall benefits of governance to the university. These new processes demonstrate the importance of aligning with institutional goals and objectives. In this way, governance stimulates open discussion and debate while keeping everyone aligned on important outcomes like marketing and recruitment, student success, stewardship of resources, and driving efficiencies in work. The policies and projects that flow out of governance seem less random and tactics are more widely adopted in the context of their strategic value.
  • Prioritization is hard. Within any organization are an infinite amount of work, limited resources, and competing priorities. This is particularly acute in higher education institutions, which are very complex and often include departments that differ greatly in their organizational missions. IT is increasingly at the intersection of these competitions. In the centralization of IT services, I wanted to create a department charged with engaging business units on their needs. I formed a new group within ITS called Strategic Planning and Institutional Effectiveness, affectionally referred to as "the SPIEs." The SPIEs represented the critical interface between ITS and the business units providing systems and business analysis functions and project management services. We also created a key governance group, the Strategic Project Review and Resourcing Committee (SPRRC) or "Spark." The charter for this committee was essentially to identify a method of collecting, prioritizing, and identifying the resources needed for IT, data, and administrative projects across all divisions on a quarterly basis. Through numerous iterations and trials, members of SPRRC created a methodology to prioritize requests and match them with talents on a quarterly basis. The process is far from perfect, but it creates a transparent system for assessing and assigning project work. SPRRC drives new rituals and, hence, forges new culture around our governance model.

Significant Successes

  • The development of an accepted and respected governance structure created numerous benefits. Some of the governance committees have had more success than others in developing standards and tactics and enabling change. All have served to create broad engagement and transparency around policy and practices. Including faculty senators and other constituency group leadership in committees has enriched the conversation and served to establish credibility of these governance components. Because of the high-level engagement of Data and IT Governance Trustees, issues are thoroughly vetted and decisions made quickly. This, in turn, supports efficient and effective implementations, and front-line contributors feel supported. When broad representation is given a voice and executives actively support governance, the campus community adopts new governance and culture and see it as a prudent change and valued asset.
  • The campus community has come to appreciate the value of quality data. Governance allows IT to establish standards that guide technology choices and services. Standards are raised rather than lowered to a common denominator. Governance has also broadened the conversation and thinking about solutions and strategies, allowing the institution to move in new directions. Every problem does not look like an ERP nail and a PeopleSoft hammer. Governance has provided new context for expanding the conversation about the role of systems in the overall student experience and the importance of high-quality systems that present a modern user interface and act as the system of record. Quality systems lead to quality data, and having both under the same governance facilitates quality in institutional management and decision-making.
  • The university is able to leverage and adapt. Governance has allowed us to identify gaps in capabilities and inconsistencies in data and to establish standards and move difficult issues forward. For example, governance provided a basis and a means for developing new security policy and standards that address confidentiality, integrity, and availability controls while underscoring personal the responsibility of protecting institutional IT and data assets. It has also provided the vehicle for adopting operational standards, such as the IT Infrastructure Library (ITIL), that provide clear operational procedures (rituals) for the efficient and effective operation of IT services. Combined with the new security standards, governance provided the means for meeting or exceeding institutional and state audit expectations for IT operations.

Lessons Learned from the Quicksand

Despite a deeply rooted culture and many distractions and complications, we have experienced significant success that is fundamentally transformative. We were able to establish a shared governance structure that provides broad engagement, transparency, and mutual accountability. We were able to establish a shared sense of responsibility for quality data as a foundation for a culture of data-driven decision-making. And we were able to drive the adoption of new tools, communications, and participation and create new organizational constructs that drove digital transformation at all levels of the institution.

Following are some insights into lessons learned, reflections from stakeholders, and hard-earned advice for those who endeavor to challenge established culture and create new governance structures that broadly engage communities to elicit efficiencies and effectiveness amid the chaos and complexities of higher education in 2021 and beyond.

Build Shared Understanding and a Coalition of the Willing

Similar to being in quicksand, the more you fight and struggle to free yourself of culture, the faster you sink. Instead, keep calm and remain open to receiving help from others. Where possible, find common ground and ways of working with existing culture to cultivate a coalition for change.

Start at the top and build support for a shared vision that can be articulated by university leadership. Broad consensus support and consistency of messaging for why IT and data governance is needed is a critical aspect for successful shared governance.

At NAU, the CIO and the CDO found that common ground and worked together to build a strong coalition of executive support through transparent discussion of real situations with executive stakeholders and front-line data and IT actors.

"The implementation of our data governance structure has transformed our work. We are genuinely a data-driven student success campus. The single source of data and shared understanding of that data ensures we are consistent with our strategies and initiatives and that we assess and evaluate consistently, which is the only meaningful way to make improvements and advance our work." —Erin Grisham, VP Student Affairs

Create New Rituals to Transform Culture

Rituals in this context means establishing new capabilities, procedures, committees, meeting schedules, celebrations, and other activities that surround—and to a large degree define—governance. There will be resistance to change and adoption of these new rituals, but eventually they will become the norm and be seen as "the way we've always done it."

For example, one ritual that needed to be addressed at NAU is how we prioritize our work amid increasing needs and with limited resources. We reinvented committees (e.g., SPRRC, security, and the Data and Business Process Advisory Committee) and ensured that they comprised broad representation and were charged to identify, classify, and scope expressed needs as a precursor to project prioritization, planning, and assessment on a quarterly basis.

"Prioritization is a challenge—a great one! It allows for trustees to get out of their own silo, often getting out of their own way, to think long-term about the benefits to the entire enterprise. Ultimately this allows for a comprehensive look, using data to ensure ongoing student success." —Anika Olsen, VP Enrollment Management

Also, clear documentation and communication about new rituals and procedures are, in themselves, critical rituals. Sharing outcomes openly, broadly, and repeatedly at all levels through various vehicles (university news, meeting minutes/outcomes, strategic plans, newsletters, open forums, etc. ) helps reinforce new ways of being and doing and ultimately strengthens governance.

Make a Big Deal out of Governance by Creating Small Wins

As a mentor once suggested, "Think globally, act locally." This seems particularly appropriate to IT and data governance. Real governance and culture are reflected in the front-line managers who interact with staff who are performing work. Front-line talent creates small wins every day. Getting these managers and their people on board with governance, demonstrating how leadership can support them in their work, setting and supporting reasonable expectations, and recognizing success no matter how small are formative to establishing the value proposition of governance and creating advocacy where it really counts.

Be Patient and Use the Winds of Change

We can't expect our organizations to change behaviors overnight. It takes patience and thoughtful, empathetic engagement to make lasting change. Like sailing into the wind, a good captain reads the winds, currents, and signs of the reefs and adjusts course accordingly while keeping the intended destination constantly in view. As leaders, one of the hardest things to do is have the patience to give people the chance to come to good conclusions through indirect ways. That means avoiding punitive measures and reinforcing positive behaviors while repeatedly communicating the "why" and the "how" around IT and data governance. In doing so, you'll ensure that diverse viewpoints are incorporated into your thinking and governance program, and people will come to promote new ways because they participated in ways that were ultimately meaningful to them. With people, slow is fast.

Leverage Governance to Drive Institutional Strategies

You can use governance to create agility in the organization and drive the strategic plan. During the early days of the COVID-19 crisis we needed to act fast and change the focus of an entire institution quickly so we could implement prudent changes. Panicked, some institutions may have struggled harder, or entrenched themselves in their silos, hastening the gripping effects of the quicksand. Instead, NAU fell back on its governance to elicit quick changes in priorities and strategies, reallocate and organize resources, and execute plans aligned with new institutional tactics.

"Having accurate, enterprise-wide data during the COVID-19 crisis allows us to immediately pivot to make decisions and implement solutions; we don't just spin our wheels assembling various reports from multiple systems." —Anika Olsen, VP Enrollment Management

Embrace the Benefits of Shared IT and Data Governance

As we reflect on this writing and the outcomes of IT and data governance, we identified these major benefits that resulted from the ideas and practices leveraged at NAU:

  • Preference toward a shared-services model for certain positions and services offered across the institution
  • Significant increase in cross-divisional business processes and projects that require strong leadership, facilitation, and coordination of multiple stakeholders across the institution
  • Drive toward increasing adoption and improving the efficiency and effectiveness of processes and applications across the institution (shifting from one-off applications, minimizing customizations, streamlining redundant or overly complex processes, driving deep adoption of existing systems)
  • Proliferation of custom applications and third-party applications at NAU requiring business analyst support to develop, integrate with other applications, support upgrades, manage maintenance, and adjust business processes impacted by the acquisition of these applications
  • A balancing of business analyst support within divisions that do not currently have anyone providing these services
  • Increased credibility and shared voice
  • Diversity of thinking


Our four-year journey to shared IT and data governance was born out of the necessity to provide a single trusted source of institutional data. The process of developing data governance required patience and fortitude of leadership to overcome resistance to change through collaboration and education. And we struggled to escape the quicksand of localized thinking and acting to realize the value of shared institutional data governance. Our governance is far from perfect, but we now have a framework for strategically growing the institution's data capabilities. That framework played a significant role in our ability to quickly change and adapt in the face of the COVID-19 pandemic. We have emerged more effective in our ability to leverage data to inform institutional strategy and more efficient in the use of data to drive improved operations. It's never too late to start the IT and data governance journey, and, despite the myths, the quicksand is never too deep.

Laura Jones is the Chief Institutional Data Officer at Northern Arizona University.

Steve Burrell is the Vice President for Information Technology and Chief Information Officer at Northern Arizona University.

© 2020 Laura Jones and Steve Burrell. The text of this work is licensed under a Creative Commons BY-NC 4.0 International License.