Subscribe

Data Governance as Risk Management, Not Documentation

Published on 
Data Governance as Risk Management, Not Documentation
Photo by Sasun Bughdaryan / Unsplash

This is the third post in our learning series on Modern Data Governance, leading up to a free webinar on April 2nd. Start here if you missed the earlier learning posts on data standards and shadow systems.

Webinar Registration

Many data governance initiatives in higher education start with documentation.

Data dictionaries. 
Glossaries. 
PDFs describing how metrics are calculated. 

These efforts are well intentioned. But governance is not fundamentally a documentation problem. 

It is a risk management problem

Universities operate complex data environments that support critical decisions about enrollment, finances, staffing, and public reporting. When those environments are poorly governed, the risks can show up in ways that feel surprisingly familiar to many institutional leaders: 

  • conflicting enrollment numbers presented to leadership 
  • sensitive data ending up in uncontrolled locations 
  • dashboards using incorrect metric definitions 
  • Senate-approved numbers later discovered to be wrong 
  • analysts spending weeks reconciling reports instead of producing insights 

None of these problems are caused by a lack of documentation. 

They are caused by a lack of shared understanding about how data is defined, transformed, and used across the institution

Why Documentation Alone Doesn't Work 

One of the most common failure modes in data governance initiatives is an overemphasis on documentation. 

Institutions invest time building large data dictionaries or glossaries. Governance committees are established. New definitions are created and catalogued. 

But over time something becomes clear: the documentation exists, yet the underlying problems remain. 

I often hear governance initiatives evaluated based on metrics like: 

  • how many definitions were added to the glossary 
  • how many data elements were documented 
  • how many meetings the governance committee held 

These activities are easy to measure. Unfortunately, they rarely move the needle on the problems institutions are actually trying to solve. 

A perfectly documented data environment can still produce incorrect dashboards, inconsistent reports, and governance disputes if the documentation is disconnected from how data actually moves through the institution. 

Governance Problems Are Risk Problems 

When governance issues become visible, they usually appear as risk events. 

Sometimes this is a security risk — sensitive student or employee data appearing in places it shouldn't. 

Sometimes it is an operational risk — analysts spending weeks reconciling conflicting reports. 

Sometimes it is a reputational risk — public reporting numbers later discovered to be inaccurate. 

And sometimes the issue only becomes visible through an audit finding or external review. 

What these situations have in common is that the institution has lost clarity about how data flows through its systems and where critical definitions live

Without that clarity, even well-intentioned reporting processes can produce fragile outcomes. 

The Role of Shadow Systems 

In my previous post on shadow systems, I discussed how spreadsheets, local databases, and departmental extracts often emerge to fill gaps in institutional systems. 

These environments solve real problems for the people using them. But they also make governance more difficult because they introduce additional places where data is transformed, interpreted, and reused. 

Over time, the official architecture diagram of institutional data begins to diverge from reality. 

Governance efforts that focus only on documenting central systems can miss large portions of the data environment where important transformations and decisions actually occur.

What Effective Governance Looks Like

If governance is fundamentally about risk management, then the goal of governance initiatives should be to reduce uncertainty about how institutional data is used

In practice, the most effective governance efforts I see tend to focus on practical improvements rather than exhaustive documentation. 

For example: 

  • running contained governance pilots focused on a specific reporting problem 
  • creating shared understanding around how key metrics are calculated 
  • identifying the system of record for important datasets 
  • mapping data lineage before making changes to pipelines or reporting processes 

These efforts may not produce hundreds of new glossary entries, but they often produce something far more valuable: institutional alignment around how data works.

Governance as Living Infrastructure

For governance to be effective, it also needs to be living

Institutional data environments evolve constantly. New dashboards are built. New data pipelines are created. New reporting requirements emerge. 

Static documentation struggles to keep up with that pace of change. 

Governance practices that emphasize visibility — such as understanding data lineage and systems of record — allow institutions to maintain a current view of how their data environment actually operates. 

This makes governance more useful to the people doing the work and more effective at managing risk. 

Governance That Works 

Ultimately, data governance is not about creating documentation. 

It is about helping institutions answer practical questions with confidence: 

  • Where did this number come from? 
  • Which system should we trust? 
  • What will break if we change this pipeline? 
  • Who owns this data? 

When governance helps institutions answer those questions reliably, it stops feeling like administrative overhead and starts functioning as something much more valuable: 

Infrastructure that allows institutions to trust their data. 

Webinar: Modern Data Governance is Live

Date: April 2nd
Time: 10:00am (PT)
Presented by: Andrew Drinkwater
Register here: Teams Webinar

If you're a data governance committee member, data steward, Registrar, IT leader, Dean, or manager interested in taking a modern approach to data governance, this webinar is for you.

All registrants will receive a free Active Data Governance Self-Assessment tool and Identity Lifecycle Mapping worksheet. By working through the assessment and worksheet (alongside reading this series), you'll not only have an understanding of where on the scale of static-to-live governance your institution is, but what gaps exist in a process map, and where shadow datasets and processes might exist. These sheets not only help you understand where your challenges are, but can give you the launch pad to take your concern back to your governance or leadership team.

In the webinar, Andrew will cover how static data dictionaries and handbooks decline in accuracy over time, and how live metadata is an investment in risk reduction. We'll talk about efficiency, lineage mapping, why visual mapping data flows matters, and how to do data governance that is more than just documentation-focused. We'll show practical examples of how metadata management is used by IR, IT, HR, and/or Registration offices. Andrew will also take questions from the attendees at the end of the webinar.

The webinar will be recorded if you are unable to attend in person.