My opinion is that a Successful Data Governance program should start with identification of Critical Data Elements (CDEs) or Key Data Elements (KDEs). These CDEs or KDEs form the backbone of the Data Governance Program. The Data Governance program revolves around these data elements.
What makes a data to be a CDE or KDE?
There is no single answer to this question, as this depends on the organisation’s appetite to Data Risk. However the following criteria might provide a broad talking points on the identification of CDE
1) Does this data element has to be reported as mandatory to a regulator (for example Value At Risk)
2) Does this data element has to be reported to Customer? (for example trade details)
3) Does this data element is used indirectly in the reporting to a regulator / customer? (for example VaR Limits)
4) Does this data element is core to the organisation’s success (for example customer data)
Once you identify a CDE or KDE the next step is to understand the significance of such data to the organisation.
The following questions might help to explain the importance
a) What is the impact of non-reporting of this data to the regulator / customer?
b) What is the impact of mis-reporting this data to the regulator / customer?
c) If an organisation fails to report, will it involve any reputational damage?
d) Is there any history of mis-reporting such data, and what was the impact suffered by the organisation?
As I mentioned earlier, one of the crucial aspects of identification of a CDE is the firm’s appetite to Data Risk. A firm might have a very high tolerance to data risk, in that case they might choose to identify a very selected CDEs or KDEs. However, due to regulatory interventions or through data maturity in the organisations, an organisation might have a low tolerance to data risk, in such cases, the number of CDEs could be high.
In my view, there is no pure science to selection of CDE. Many organisations start small, and select a handful of CDEs and then expand the selection as an organisation achieves data maturity.