Clarity Mag

Data governance - a decision making approach

Data governance - a decision making approach

Over the past year, PKF, working with the Governance Institute of Australia, Macquarie University’s DataX Research Centre, and other expert organisations, has supported an important research study to assess the data governance landscape in Australia. The findings are unexpected and motivating.

Survey participants and process

In August 2023, the Governance Institute of Australia initiated an online survey on data governance. A total of 345 responses were received over a one-month period.

The largest cohorts of respondents were senior governance or risk management professionals (25%) or CEO or C-suite executives (21%). As such, the survey results reflect the strategic thinking and high-level planning of organisations relating to data governance.

While the survey respondents represent a diverse set of Australian organisation types, it is dominated by not-for-profit organisations (36%) and government (21%) organisations, with small to medium commercial enterprises forming 18 per cent of respondents and ASX listed companies forming a mere 10 per cent. This may perhaps suggest that the commercial sector is presently somewhat hesitant to engage in data governance discourse.

This may further reflect an appreciation of the potential commercial risks and reputational damage associated with not having an appropriate data governance strategy, and the imprudence of communicating on this matter without due consideration and formal endorsement.

As the data governance practices and policies of organisations develop and crystallise, we can expect greater involvement in such surveys by the commercial sector. We have seen such a trajectory in relation to digital data privacy, where initial uncertainty and a reluctance to engage has been replaced with greater confidence and transparency on privacy policies and practices.

Key learnings and conclusions

The study delivered important key findings and conclusions into the data governance landscape in Australia.

Governance infographic 1


  • Governance structure: A clear majority of the surveyed organisational leaders are of the view that data governance forms part of wider ICT governance, relates to privacy and security, and should be part of information and records management.
  • Data governance understanding: However, opinion is divided as to whether the boards of organisations have ‘sufficient’ understanding’ of the organisation’s current data governance strategies. For those who believe that the board lacks understanding, this is primarily attributed to a lack of formal technology skills and education
    and a failure to prioritise data governance. 
  • Data assets: While survey respondents are divided as to whether boards have sufficient understanding of data governance, the majority are of the view that their board understands the organisation’s most important data assets and how they are protected. Such confidence is strongest for ASX listed companies and lowest for
    non-profit organisations. 
  • Reporting to board: While an overwhelming number of respondents believe that their
    organisation’s data governance is ‘linked’ to the organisation’s overall governance and risk management strategy, there is no such consensus on the related question of reporting to the board. A clear majority respond that reporting to the board is done on a quarterly or less frequent basis. In light of the serious loss that can be generated by inadequate data management and breaches, this is of concern and needs to be addressed. 
  • Data governance framework: The risks associated with a lack of reporting to the board is exacerbated by the fact that a majority of respondents work for organisations that do not yet have a data governance framework.

Recommendations for good data governance

Building on the analysis, we make the following recommendations for organisations in relation to data governance.

1. Provide greater education and training to members of the organisation, including senior leadership, on: 

  • Identifying the various data assets of the organisation
  • Quantifying the value of data assets held by the organisation
  • Identifying the level of risk associated with each such data asset.

2. Develop guidelines for designing, implementing and maintaining an effective data governance framework, including:

  • Identifying the parties within the organisation who are responsible for data
  • Delineating the nature and extent of their responsibilities 
  • Enacting policies and oversight mechanism to support safety and trust
  • Formalising lines of reporting and accountability, including to the board.

3. Create mechanisms for collaboration between all relevant parts of an organisation, including:

  • Delineating the respective roles of technical, financial, risk management, legal, administrative, human resources and others
  • Developing a reporting and accountability framework that connects the work of these different domain experts to a central cohesive data management and security plan.

4. Implement methods to measure the success of data governance frameworks, including:

  • Aligning these measures to an organisation's existing governance and privacy reporting policies and procedures
  • Updating the data governance framework, as needed, in light of evolving technologies and emerging threats.

Contact your local PKF Audit and Assurance expert for any assistance to address the data governance needs of your organisation.

Related articles

Contact us

Thank you for visiting us here at PKF. 

Please do not hesitate to contact us if we can provide any further information to assist you or your business.

Madina 2000x1600

Subscribe to our newsletter


Propel your career

Learn more about Careers

Follow us

Find your closest office


Read our latest Clarity mag

View now

About the firm

Transparency reports