The question was raised by the outsourced MDM support as an honest informal comment about a remark in a supplier audit. It was a distinct reminder about the cultural differences that exists in most companies and I started to think more about it. Well, why should you follow the determined processes if there are no cops that enforce them?
In Sweden we learn from an early age what is good for us and why we have rules and limits. When we learn how to drive there is a lot of focus on getting a general understanding why we have speed limits and the correlation between speed and fatality if an accident occurs. The purpose is of course that everyone should have an attitude of obeying the rules not because you have to but because it is good for you. This approach works well assuming that you agree with the reason for the limit. In the case when you are young and don’t think an accident can strike you, then it is difficult to get the necessary understanding. In that case we need cops to enforce the speed limits.
Applied to the world of IT and MDM you have to make sure that there is the necessary level of understanding of why you have or will implement a process for example.
If you have the right level of understanding then you don’t need any cops and you won’t get the opening question. However to get there is most often impossible. There will always be a youngster out there.
You can be certain that loop holes and ways to bypass the process will be found. The only question is how high the crime rate will be.
One type of cop in the MDM world is roles and authorizations. It is often very easy to technically implement correct roles and authorizations in order to avoid bypassing of central master data maintenance processes. It is also possible to make audits to make sure that the ones who are allowed to bypass only do it in the correct manner. If you need to halt the authorization as an action due to an audit for example, then don’t forget the necessary change management activities and communicate to get the understanding of why the change is necessary. Otherwise you could end up with a riot on your hands.
Human cops can be found among the roles in the master data organization that act as gatekeepers and/or approvers. In order to avoid the creation of a police state you need to make sure that there is a set of rules as the base for their decisions. You also need to make sure that you have a legal system to allow those who want to appeal to have the ability to do so and that it will be handled by another authority.
The cops are also representatives of your data governance program. If you are aware of this you have the possibility to instruct them to act accordingly and always focus on why you have the rules, limits, and processes.
The cops should also have the power to hand out penalties. If they are gatekeepers then the penalty is a stop of the process. If there is no form of penalty when a process is bypassed then the purpose of having a cop will diminish.
The most important lesson I learnt from the opening question was that it is naïve to think that processes will be followed only because it has been set. With no understanding of the reason of having the process and no cop to enforce that process, then there is a low probability that it will actually be followed.
If something is mandatory then make sure that:
• There is an understanding of why
• You have methods to discover if it is bypassed
• That you have cops who can act if a violation is discovered
• The cops can hand out penalties
• That there is a possibility to appeal the decision
Finally, I think that everyone can focus more on establishing understanding but should always consider if a cop is needed.