 I want to thank you for joining this month's installment of the Monthly Data Diversity Webinar Series, the Chief Data Officer's Agenda, moderated each month by Data Diversity Founder and CEO, Tony Shaw. This month, Tony will be joining guest speaker, Sue Segoutis, to discuss the need for information governance controls. She'll give just a couple of points to get things started due to the large number of people that attend these sessions. You will be muted during the webinar. For questions, we'll be collecting them via the Q&A in the bottom right-hand corner of your screen. Or if you like to tweet, we encourage you to share, highlight, or questions via Twitter using hashtag CDOVision. As always, we will send a follow-up email within two business days containing links to the slides, the recording of the session, and additional information requested throughout the webinar. It is my pleasure to introduce to you and turn over the webinar to Data Diversity Founder and CEO, Tony Shaw. Tony is responsible for the business strategy of the company and subsidiaries, including DataDiversity.net, SemanticWeb.com, and Mature Conferences, all of which conduct educational conferences, training, and publishing activities focused on the area of enterprise data management. Prior to founding Data Diversity, he also started a dot-com in the identity management space called Big ID and was the president of Technology Transfer Institute, TTI. He still facilitates TTI Strategic Technology Forum for CTOs called TTI Vanguard. With that, I will turn over the webinar to Tony to introduce today's topic and speaker. Hello and welcome. Thank you. Appreciate it. Hello, everybody. Please be with me. We've changed the schedule on the CTO agenda webinars for those of you who may be wondering, we were previously running sessions on the first Tuesday of every month, but we have shifted to the first Thursday from the state forward. We've also shifted our subject matter over the past couple and upcoming couple of presentations. We're covering information governance today. Our next session is on data quality and what the CTO needs to know about data quality, and that session will be by Danette McHill Ray on September the 4th. So we will be covering a wide variety of topics over the course of the year in the event, and this happens together with the discussion for the next couple. I hope you can join us for those. I'm pleased to have with us Steve to do this today. Steve is the CEO and President of Meta Governance. It's fair to say that Steve may shake up your classic notions of data governance a bit today. Through his leadership, his company is implementing a new program in information governance that puts into practice the technology necessary in a regulated world, and he's in regulation through governance processes and controls. He's an entrepreneur, consultant, and he has considerable experience consulting to major organizations around the world with some emphasis in the financial services arena, but certainly in areas like oil and gas and computing and hardware as well. Among Steve's clients in the past are companies like Standard Oil, PPC, IBM in the computer space, Gox, and one of the 12 federal home banks in the financial services area. So Steve has a rich history of experience and practical perspective to this week's presentation. I'm pleased to get us off today to Steve Zegutis. Welcome, Steve. All right. So I'm going to talk about information governance controls and I'm going to go over several different topics here. I'm going to take a quick point to ask questions throughout the presentation. Tony told me he'd help moderate those. If you want to continue the conversation, just send me an email or something. I'd be happy to expand on some of these ideas because there's quite a bit of material to cover here. I just kind of want to expand on what Tony said. In the past 15 years, I have been focused on governance in finance long before governance was even talked about from a data governance perspective. Really, my goal was to auto report to our financial institutions, work in the role of disautomated disclosures against the increased backdrop of regulatory requirements. And I spent quite a bit of time in petroleum with my year at the British Petroleum putting in data governance across Europe, across 12 countries, and really spent some time in healthcare trying to understand how to help that vertical move forward. Most of my work has been to come in and solve issues around failed reporting applications, be it some data warehouses, massive use of spreadsheets, the fundamental problem that the business just could not trust the data they were using for reporting and turn this into a systemic solution to the chronic problem. Quite often clients came to me because of restatements, regulatory findings, the nutritional efficiency, just spending so much time having to check the checkers. And now that things are coming in more where people are talking to me at the board level, they seem to integrate technology into automation of controls. Okay, so with that I'm going to go down through some of the trends, and I'm also going to go through what in my mind is a progression towards the move of information governance. So yes, clearly information is being addressed as the corporate asset. And again, the data emails from American Banker or any of the articles out there, information is going further and further up into the organization. And these are requiring tremendous content integrity. This has been true of finance in the past four years. And now the care regulators are coming in quite a bit with the Affordable Care Act and some of the changes to HIPAA. You know, obviously we've got the ISO standards. You can pay more for efficiency. And as I said, the governance has actually moved up to the board room. 15 years ago when I was doing this, I was getting discussions from Amazon and from data architects. And I started moving into discussions with the governance professionals, CDOs, and now CEOs of COOs and then moving into the business suite. Notice that there are just too many overlapping systems. All right. We're going to go through some more under this discussion today, but the business really doesn't know where to get the information from. There are just over a lot of systems. A lot of this is because the actual discipline of data architecture and information architecture was really the last of the formal architectures to develop. What is the technical architecture and the application architecture is we're going along, you know, and gaining popularity and development back in the 90s. Well, you know, up through the 90s and up to even early in the next 10 years ago, data architecture was considered a part of application. Now, that has spun out how information architecture is breaking as is business. Now, what this means is that many of the data systems that created over the past 20 years, the devices and all the tables were put in at the convenience of expediency and the application movement as opposed to looking at by an enterprise-wide view of the content. And then we left quite a bit of inconsistent data repositories, which there are just massive spreadsheets being used to go through and figure out how to do the reporting and make corrections. And so we're going to see a little bit what's going out to the regulators just doesn't agree. So a simple example, as you know, the problem in organizations is just much worse than this. Here are three systems, a corporate system, an operational system, and a sales system that are all being used to run the business. The data you see here is all for journaling from the subledger to the ledger. It's going to your house and it's going to a significant amount of spreadsheets that are being used for reporting. All right. What my clients and when I was working in-house for this, what I would see is when you step back and you look and when outside the bank or the company was quite different. What went to a tool like a Q or M or algorithmics which are used for forecasting models, that did not agree to the set that was used for reporting. So there's this amount of discrepancy here. And in the absence of a governance framework, people are allowed to figure out which one is correct and often because of time pressures they have that luxury so you end up dealing with discrepancy. The next thing from what I can see in the industry is that model of just using a data that was convenient to you scrubbing it to the best of your ability and going along with your reporting efforts is no longer acceptable. And that's because at the top you've got the increase in oversight and I just basically have taken some of the key acts on the finance and the healthcare side. Battle three is of significant interest to me because battle three basically says you have to have as one of the 14 principles controls at the data barrier of the organization to prove that data movement across that organization is accurate. I'm adding to this a little farther you're going to see that those controls while critical are not completely active in providing robust reporting infrastructure. I'm just saying because of the volume of data that's been coming out that keeps being used now big data is the amount of content that is available out there is skyrocketing and the actual true accuracy of the data is increasing at a point in time when it needs to be increasing to meet industry and regulator speculation. So Tony said many years of experience out there this is what we are seeing helps explain why that we're seeing the attendance at the data governance conferences are just increasing year after year after year because we're starting to realize that the solution to this problem lies outside of their own department and lies at the enterprise level which is all all kind of goodness in my mind. Now let's look at this transition across time in to influence this is an emerging discipline we're talking a little bit about how I see data governance and information governance is different we don't want to spend a lot of time talking about the significant differences today I'd be happy to take that conversation offline with anyone we go back as the early 1980s when I just got out of school there was a thing called data administration I didn't even put this on my chart this is where big companies like BP and standard oil I worked had large groups of key edit folks and their job was to basically edit data key data get their main frames and then to the mid 90s this discipline of enterprise data management started to emerge in force and that has continued through the day starting about you know in 19 or 2005 you see a real formal definition of data governance coming into the organization and conference conferences like the ones that diversity sponsors really started getting very active if I remember correctly in 2007 2008 time frame as the folks of information and data moved closer and closest to the business you start getting companies some of the big firms are now talking about enterprise information management and I'll go over slides to hint at some of those differences here with information and a lot of this came because back in that same time period there's a discipline of business architecture or relating everything that we're doing in IT and everything we're doing in the business back to the business through that architecture you start to see a lot of more emphasis going towards the content management as opposed to this raw data in my mind the information governance that is a discipline you started to see coming in the actual terminology of around 2012 or so at the most recent conferences I attended there was quite a big discussion about metadata governance speaking on it's a very complicated topic because you take metadata which is complicated and it's open and then you bring them together I see the industry going here is that organizations are going to realize to really get control of their information they have control of all the identifiers of that information all this metadata and the bubbles in my mind all merge together back to the world of controls one of the things is that manual controls which were really done outside of a system moved into cheat controls when tools like Excel back in the 90s became so prevalent a strong focus on data controls because of the movement between systems I think being requested or on their own was putting in a control that said I have records here I moved a thousand records there and the organizations start to realize that what they're really sending to their boards to their management to operations or outside of the company is raw data it's to write information to make a transmission out to the SEC of total income for the quarter that's a raw data point that raw data point is made from probably thousands to tens of thousands pieces of data that are together in a tool like a Cognos or an SAP or a Managing or a ClickView it doesn't matter the tool but the key here is that there is a mapping layer particularly what we see on the back end sorry on the other end to what the computer sees on the back end and the controls that we're going to be talking about have to factor in mapping because then income total income total sales whatever attribute you want to talk about they're quite often derived through the reporting layer so just asking the fact that you moved a thousand rows from point A to point B is not going to protect you and making certain that total income from two years is the same as the reporting layer of controls that I start to see emerging and this is what we're going to get into from an information governance control framework we're going to briefly talk about my division of data governance and information governance what was looking at the most recent DGIQ conference there was a board posted where we're putting up their definitions of data governance and the university sent out a summary that if you don't have it it's really interesting to look at because those definitions were literally all over the place and people believe data governance to be and so when you start looking at how this relates to your own organization there's a lot of useful information in that list so really data governance is an intersection of data and context and the focus is very much on data it's on big data unstructured data data domain, data models, databases set up in columns and the focus that is in play is focused on making certain that data is as accurate as that data can be and then there are procedures policies in place that look at what happens when it's not accurate this really is getting into the fundamental definitions of stewardship that are out there and on the other side what I want to see is on the data governance side you've got an awful lot of finance accounting and operational units and reporting people at the table they get into the values of KPIs they're getting into domain values they're starting to get into the areas of the success factors that run the business and they're starting to look at metadata primarily metadata as it relates to the data architecture so that's a significant advancement from what we had even ten years ago when people were trying to get their arms around this thing called data and data quality so history has moved to a formal discipline and I think the term that is most used is the stewardship framework of protecting and protecting the data this one step forward you start to get information governance and my mind is really starting to blow up this balloon I have some mentors that were extremely instrumental in my early career years and they made it crystal clear that when I was talking about data or information I need to be certain about what I was talking about from a business and an operational perspective I could not use those terms of synonyms and get away with it for a long time one of the reasons I'm so sensitized to the fact that when I'm dealing with direct information coming out of a business projects repository dealing with raw data I'm dealing with data this raw data assets and you look at these as something that's produced for consumption of business operations many years working in the petroleum industry when I first came out of school and the keys that were given to me was that standard oil at the time had assets of raw crude oil and crude oil was totally useless to me who wanted to drive my car across town they had to find into something that I could consume and that metaphor worked for me on data versus information where the data was the raw asset and information became the gasoline that I could consume and you look at the raw data and you put it into the business context of course information is created and this is what I see now particularly at the senior level at the board level where the interest is you start dealing with security you start dealing with reputational risk you start dealing with disclosure in my mind you've moved up to the information and the governance then becomes the control oversight of these assets D. Hock D. was the person who invented Visa back I believe in the early 1970s I speak at the Noetic Science Conference in the 1980s and he gave a really fascinating description about the difference between data and information and then he went on to knowledge wisdom and further he was interested in a hierarchy similar to Maslow's work on data and D. Hock's study is quite fascinating the other blows up considerably and I want to point out some of the big differences here so on the slide what shaded is really what was on the old data governance slide and what is black is areas that when I talk to companies that have formalized data governance they're starting to bring these into discussion now when you start looking at first of all let's talk about the context these are now of finance accounting and disclosure because now we're looking at decision support we're looking at the need for signatures we're looking at the risk factor here like the case of automation without losing control or integrity now the risk factor of information alright so in this context this information could be reports it could be websites it could be anything that's coming out of data assets or external sources the right part here is who's showing up to the table on the governance front so primarily operational units often my phone calls are either directly or indirectly because legal is getting involved security is getting involved data security information security you're also not getting involved so moving into the idea of a regulatory and a relational oversight of the piece of content that that organization has set up for purposes of business or disclosure the idea that it was just primarily operational units and financial units trying to be efficient discovery and information governance is becoming very important to folks that are dealing with SEC inquiry or any legal inquiry a lot of the industry banks I worked recently the idea was that there was a retention period for data to extend to any report or any email or any site that contained that data the retention period was over that data was gone so there was a legal reason to have it have it retained so the idea of retention both not too long not too short can put a governance umbrella and then you can see the whole content piece is expanding so I'm going to direct information websites user applications the real source of information this started to expand I'd be happy to entertain discussion offline online as if anyone is interested so if you want to say what really is one of the major things to have effective information governance program do we need we need a fundamental understanding of the source and use of information across the enterprise one thing that I'm continually amazed by when I start an initiative with the company is they don't have a good idea they don't have the same department where would it be coming from or is it actually going to be accurate so this is a system of record one of my colleagues that works for one of the large banks clearly articulated the concept of providing a point which was any place that I could get data or information from since we said the system of record there needs to be one only one system of record for a class of data and then the visioning points are places where you can get that from and I do have a few slides to expand on that a little bit the key is there needs to be a shared model in people's heads of what that is not the mystery that goes on briefly because there are many presentations that are available on this but I'll talk about key information governance terms from a meta-governance perspective I've actually changed these because at one point I talked about information owners as the ones that were the subject matter experts and really knowledge base of the content and that was a responsibility to protect that information through a section of duty and I realized that by introducing another term Stuart owner which are used as synonyms across so many discussions I was confusing things so basically said information Stuart or information owner whatever works for your company is really the subject matter expert and the ones that have ultimate accountability and responsibility for the content and a person is coming in and they're dealing with an SEC restatement there is clear accountability that could be signed as to why did we get in the statements the way that we were and I think it could be just because there was a different interpretation of an accumulation this happens quite often a company can work it one way and then you will make a change that say no that's not our interpretation the old banks where I worked had this problem in 2005 where they had to restate many years of debt just because the SEC clarified an interpretation of the short cut statement or treatment excuse me so it's not a data problem but quite often the restatements are due to data errors the idea of delegate when you get into a separation of duty issue within a company and I can speak mostly on finance which because of a protection of the company an auditor or management team will say this department can no longer maintain data after the change in action has gone to a certain point in time so after the change in loans once the loan is funded the customer services can no longer change the loan data it has to be changed by accounting because the company realize there's way too many errors in customer service getting the loans correct after the fact that they're directly down to accounting there's a delegate here that basically the customer service in this case is delegating that responsibility off the customer is clear people that are using that information and the custodian also is clear those who are responsible for protecting it if it's a production system that custodian is going to be IT if it's a user application that custodian is going to likely be the business it's important to standardize subject areas of data classes of data the bank that I was working at had 20,000 discreet pieces of data because of the systems and the systems and the spreadsheets that would do 150 plus classes of data so that would be done at the class level and you can see an example trade loan, adjustable rate loans the blueprints of people that are using it the dollar reports the delegates in there and custodians so just step back and present this type of view to a working group or a management committee opens up tremendous dialogue as to say I had no idea your department used adjustable rate loans why are you using that data? where are you getting it from? one of the values of going through this exercise being able to capture this and the other moments come in when you have that dialogue just move forward just to give you an example here of the need for these controls for example, I've got three applications I've got a system an underwriting system and a GL this is always much more complicated than three but I'm just trying to keep this trade forward those systems have three underlying databases loan, credit and GL and the loan system has its own data warehouse the credit system has its own data warehouse and the loan system is the way so that people can see both loans and credits together that's an enterprise data warehouse and we need to know of these what happens time and time again with warehouses and because the data wasn't accurate in the warehouse there were moments being made we know it breaks the rule but it happens and some adjustments were being made in the spreadsheet was being extracted both from the GL and from the data warehouse so the question here is always where's the system of record that is clarified and because of the red box the data warehouse and accounting the system of record is not the loan system or the credit system that whole point of control has shifted to those other systems as an example I'm trying to show department use so credit accounting and treasury get it from the loans credit always complies get it from the credit get it from the warehouse and accounting uses their spreadsheets for the data so counting the data both from the loan system and from the I've been working in this field for 20 plus years and I've never seen something other than this this is the norm what we know these things are all in balance I'm not going through the detail is that the systems I've talked in and talked about they're nothing more than a record count so I have 100 records in the loan database I have 100 records in the loan data warehouse while the clients there was absolutely nothing just tell me that the records were the same so the development in the loan that development may or may not have made its way to the warehouse depending on whether there were triggers in that loan database but I have 100,000 records on both so this is a scenario of totally ineffective controls so what's wrong with that? well first of all departments are pulling data from different systems it's inconsistent because of manual updates departments are not going to use depending on where they pull the data from some systems are not validating content only record counts some of the controls and the examples don't have any controls at all from these flows and this is going to result in reports and disclosures being inconsistent across the enterprise so that's probably why the fundamental root cause of the slides I started with is that you get different answers coming out the back so I'm giving you some very experiences to one of the primary reasons the data warehouse initiatives that have gone on for the past 20 years there's a popular conception of automated reporting that data sources go into a warehouse and they go out the back end or they go to operational units I think that's the misconception of the reporting and the reality is that when people have spent so much time and so much money and so much effort in the data warehouse nobody wants to talk about what they have to do between the warehouse and the ultimate use of that information the flow of the information across the company there are impacts coming out of sources and the way those extracts are being manipulated by well-meaning people who are trying to get their reports after it an example of why this happens time and time again in the world of transactions there are things called retroactive adjustments and in the world of adjustments let's say this is August 7 if I realize that I am closing my business there was a loan to a customer for $50 million that was $500 million July 15 I'm going to go back and I'm going to fix the system and my system will allow me to backdate it back to July 15 if I think to do that the worst scenario is I put that loan that difference at $450,000 into August business I put it in July business but the accrued interest does not roll forward correctly so because accounting knows that they fix it in the spreadsheet the folks that are using it out of the data warehouse and the loan system have incorrect data time and time again I see this so this does not agree in the current state of what we are doing about it anchor last week that basically said our processes have become so complicated we have checkers checkers I forget what I was talking about about that and this is not sustainable what is happening is that you are getting into operating county and marketing all checking the same data against what source you are using and then you have auditors checking to make certain that everything is valid and then you have another team which are looking on behalf of executive management just try to verify that the information flow coming in their direction is consistent 20 to 25 percent of a data worker's time is spent collecting and validating data in order to do his or her job and that is a significant operational efficiency I mean if you are thinking in the manufacturing world it has a lot of mootah or waste that you can start out of the information manufacturing process you become more efficient so the manipulation control framework is needed to break the cycle and waste I was really interested and really fascinated by this for many many years and about five years ago I just grabbed the term because I thought it was such an interesting concept of a framework for resolution control not just a picture but a detail what you need to see is not that the loans are accurate sorry not that the rows are accurate you need something to give you the proverbial warm fuzzies that the data is accurate an example on the first one loan database loan data warehouse don't just tell me I have a thousand records go in there and say that my accrued interests and my outstanding principle from a loan basis agree between the systems right so what I'm doing is giving me the control level demands but it's also the manual controls that the departments particularly accounting are doing so why not automate that process and share those results with all the stakeholders which are identified as consumers and you can start to see the value of coming this kind of content verification right and keep in mind that some of these these controls may require math as an example if one system has a dirty price which financial finance means it includes accrued interest as well as balance and another system has an accrued amount and the other system has an outstanding balance amount you have to add the two attributes creating a derived information item in the system to be able to balance back to the other this is is quite often never one-to-one comparison most of the framework is that you have a triangulation that takes place between the ledger and the transactional systems and if you step back and think about it there would be A to A to A to A because A to A is duplicated across so many systems an example here the loan system the credit system has consistently both would have member information so that's an A to A scenario so if a loan derived characteristic or even a member-to-member I.D. comparison is part of the framework that's not really shown on this diagram the sense is confirming that the sub ledger agrees with the reporting engine which is just called the Verbial Data Warehouse in this case you're coming through and saying can't there be any evidence that the Data Warehouse is an accurate reflection of some of the information that exists within the transactional systems to automate reporting some of those that I've worked with to make this level of control because if it's not enough when you automate a report you take away an accounting work paper and when the accountants or anyone that's reconciling reports for internally or a regulator have produced evidence that the report is accurate they produce more spreadsheets they call them work papers that give evidence that what they did was accurate again that's more more work done is the and more potential for risk so the definition of a sub ledger to a warehouse control was mandatory before they would hit the button to transmit out to the external entity so the comparison of A to B with the sub ledger a loan system to the Data Warehouse then being performed by counters to the penny and many different departments who reconciled their work back to the balance sheet of the company to make sure that they have the complete portfolio of business to their own tolerance so that they are able to reconcile that piece and then the third leg because quite often you start putting GL balances into a Data Warehouse if you think about a report to the Office of Finance or to the SEC those are combined raw instrument data and they have aggregates that are coming from a general ledger so on that report you need both transactional aggregates and GL aggregates in a warehouse. What is an information framework that triangulates all the copies that are sold to you as the Governance Administrator with the stakeholders of where they get information from where from what's written and what they care about. Let me answer a minute because we have a question here Q&A section at the bottom right but Chris is asking what methods of tools can be used to document and communicate how it might be filtered as it comes out of the Data Warehouse and into various reports? I'm not seeing that question Tony so thank you for bringing that up. The key here is that the tools that are being used so just look at the slide that's present right now there's a whole variety of data movement tools that are out there and it's a call to send me an e-mail I'll be happy to expand on them I don't want to go into vendors here but there's a whole class of data movement tools and if you look at the Gartner or the Forrester to discuss the Governance Tools most of them really were data movement tools so they're looking at the InterSystem point-to-point transfer Now that's fine for these dark blue arrows and those tools will tell you where they came from and because of Basil they will show you where you need to put the emphasis on where you can put them in consistent with the system and the red arrows become a little more difficult and the first red arrow is directly out of the Data Warehouse so let's just assume that we're using Cognos which I believe is an Oracle product I don't remember any more they keep their ownership but I believe it's an Oracle product and Cognos when you plug Cognos into the system you are using what's called a framework with SAP it's called a universe your data movement tool isn't tapping for that framework which is called a romantic layer it's not going to know these aggregates of total loans which are in loop boxes at the bottom so these tools that look at the physical data structure through an ODBC connection will not get the fact that the data being taken out by some other tool loses that visibility the fact that you've got data coming into a spreadsheet and the fact that you've got data being keyed into a spreadsheet that lineage is also extremely difficult to have and if you look at the end point which is the right arrow of the reports coming down this really is what I get into from an information governance control perspective if you look at the end state of the results and the end state has to be factored into any of your controls and that is the point that many of these data movement data and fatality controls or quality controls fall apart because they're not bringing in those red arrows so the shorter answer here is there are a whole series of tools out there that will monitor the data movement across the arrows the first or the gardener reports on ETL or data governance tools will give the question or that information then there are a few tools that will cover the red and I think you don't know of any off top in my head that will protect the group which is why we need to factor the controls into the actual output by far the most part unless you've got a tool that can read those reports using the same tool you're using to render the output so I'll give you some of those objects as an example you need to use business objects to see what happens hopefully if it didn't there I can connect you with the question or afterwards I know you have three or four slides to go here Steve so I'll defer the other questions that you've been asked until afterwards I'll give you a record before we move on CognoSwizz a tool purchased by IBM as opposed to Oracle Thank you Thank you for this idea and the point here is integrating control framework right into the flow of information I'm showing external external that could easily have been a feed to QRM or that could easily have been a feedback to operations through the flow of information putting this control appointment right in the middle of that thing in order to result in significant increases in efficiency and what I'm trying to get into here is that because of what we're doing these are gained in operational efficiency so as I said if 20% of time is spent collecting and validating data you've got the value of a corporation of the fundamental governance awareness of the source use corrective systems of record and known provisioning points for any class of data right correctly eliminates where do I get it from you know effective reporting layer that they don't have to take it to a spreadsheet but they do it correctly that's even more efficiency if you're redundant checking between systems you're getting even more operational efficiency these can be quantified and these can actually go into testing efforts or go into other areas where people are saying is this the same and I guess the quality tool can easily hop a system and check a value at the day but not at the not at the integrated information layer quite often is the reduction in risk as I said many of my clients for the many years I've been in finance healthcare at these days is more interested in operational efficiency because the world has been turned upside down by the change in the healthcare industry what happens in healthcare is that because of the risk or lack of redundant payment unless they can prove a procedure was not done in the last 30 days there's going to be a lot of risk to income that can be factored through governance but the ability to have businesses that are fundamentally sound basically not have to look over your shoulder for audits or statements matter requiring attention, findings whatever you call it and being able to get into regulatory reputation risk reduction this is a byproduct that companies get into governance to be able to solve and a cohesive framework that in conjunction with AT the business and information layer of a company is in line with operational flow of information Steve we have three or four questions here which I'm going to try to put to a meaningful sequence we have a couple from Richard I'm going to start with what I think might be the easier one of these I do think that someone is saying the audio went out I can hear you fine okay I think Simon said it occurs on an individual basis the question is where do we document the owner of the control controls the frequency and other requirements controls in one place so the answer to that question is with a governance piece of software and so the key here is that you're looking at the company through information and the classes of information are then looked at from who's using them that's the consumer who's the owner or steward depending on your term so that's one group so that can be stored in a metadata relationship and the offline I could give all or some tables layouts that will do that as well as the presentation I gave you on a most recent conferences now let me just say for that subject area what are a few key data of the consumers in a warm fuzzy that's accurate an example on the slide let's say we're talking about loans well loan count the family member for each loan the total interest and the total outstanding principal those are critical key objects as I would call them and I'm going to associate those as an attribute in the metadata table directly at the subject area associate as an attribute in that metadata table the event who has approved the controls and other than the data steward or owner depending on your term who has approved the controls and very important I'm going to also have a flag that the consumers have approved the controls also so that's a piece that's often missed that it's not just the owner that has to approve the control the equation governance working group has to facilitate feedback from consumers that they are in agreement this will support their business need if you add that that you end up with as ineffective controls at the level and another distinction that you're going to capture again as a metadata attribute of the control is the tolerance level at the traditional level because if you're running a hundred billion dollar portfolio into a modeling tool my total for loans may be one percent if I'm within one percent of well one hundred million I'm not going to be enough so if I'm going to be a red control and send off a bunch of alarms if I'm at an acceptable tolerance level I know there's a problem which might be a yellow control but a kind of a penny I mean that's the penny that's what we do gap standard so the difference is if it's off the penny so again if you think about a subject area and a meta model of subject areas as part of the pun there the attributes of that table will include the control points needed for the control the prudent and the tolerance levels for those control points the next question we'll take here is a relatively straightforward answer so Derek's asking actually knowing that there's a difference is not sufficient and that you need to know what that difference is and that you'd need record level comparison what that works is you're summing up the individual components let's say I'm comparing the loan system to the general ledger and I'm comparing fixed rate loans and variable rate loans I'm summing up the comparison of fixed rate loans and comparing them to 1, 2, 3 in the GL and variable rate loans to account 5, 6, 7 then I'll share about row level details basically my records screen if that doesn't work and it's at points that I care about it because it's outside of my tolerance for error I want to go back just the offending rows so if I go back 50,000 rows and make me reconcile give me back the free that we're out if you're correct that you need row level detail for aggregation but you need to have the row level detail for the term what row level detail only for bearing back an error you're agreeing or acknowledging Dirk's point there and move on one of the earlier questions that Richard had asked to you is something that I was going to also so I get the need to control and these controls are automated and very granular you can end up with hundreds of these if not thousands I would think one of the things that can be in one of your diagrams is every additional information element or type is added I mean you're essentially adding complexity at an exponential rate keep these organized or how do you govern the control itself so that there's transparency my question of that question would be how do you deal with this this level of complexity or break it down in order to to simplify the management of it alright there's a couple questions in the bed there and Tony I'll try to be brief not my strong suit always the key attributes that you're using to control typically can be found within a company's 10k or 10q filings the company measures that the company has to report total outstanding balances you cannot use every single or even 20% of the attributes to the call point would be just overkill and if the control framework starts generating noise then they're not going to use it so we deal with a critical success factor or key control object sorry it's a better term the key control object really has to be meaningful and for all of the work I've done for many years I've really never had more than five per project area of information so with five control project objects I consider if your entire loan portfolio is accurate across the system point number one the second point here is the goal through information governance is to know where people are getting the data from and to steer them away from sources that are known to be an accurate so if I run systems that have advanced data and as a company I can agree that I'm not going to use seven of them because they're bad I'm going to put my controls on top of the three that I've agreed will use so I have to go from you know nine to eight to seven etc so as I decommission a system or a spreadsheet I can't control off so I recognize this through the subject areas through the working group and it really does not get that complicated at that level okay the 11.58 on my clock I'm sitting in California I don't know that we have time to deal with the rest of the questions Benita did ask I think in reference to your last answer what's an example of one of these success controls crude interest for the world is going to be a crude interest it's going to be an outstanding principle it's going to be a current interest rate it's going to be a key of a loan to a customer in the world of finance sorry in the world of healthcare in the world of beds in the application stay rate current payment rate so it would be whatever you have these folks look in the finance reports company you'll see the measures that become part of the MD&A and again and I'm hoping I'm hoping that that addressed your question to Gail so if not feel free to send me an email address it to us and we'll follow it with Steve afterwards Steve mentioned a a comment from the last presentation that you would include for one of the questions I think we should distribute that to everybody if you're okay with that because I think everybody would be interested the one presentation that was given at EDW in April is specific on this subject the conference was on a long-term metadata governance so the June EDW was what would cover this okay so we can we can pull that out we're going to have to wrap things up there folks we're right at the hour quick mention again of the of the next one in the series on what the CEO needs to know about data quality with Danette McGill-Grand September the 4th thank you Steve very much for sharing your presentation with us today writing the questions that you did she will be following up with you shortly and then I'd like to thank our audience as well for staying with us for the full hour Shannon I will hand back to you thank you and thank you Steve for this great presentation and as always thanks to our attendees for being so engaged and asking such great questions throughout this presentation just a reminder I will be sending a follow-up email to everyone with links to the links to the recordings within Tuesday so for this webinar by end of day Monday if you don't get to see that in your inbox by Tuesday let me know and we'll be sure and get you those pieces of information and thanks everyone I hope you all have a great day okay thank you okay bye bye folks