Letter from the Governance Institute of Australia Chair

The Governance Institute of Australia, working in conjunction with PKF, is delighted to share this year’s key thought leadership project — Data governance in Australia. This report forms the fifth in the Governance Institute’s digital thought leadership series.

This project also heralds the commencement of key strategic partnerships with Governance Institute with Macquarie University’s DataX Research Centre and the CSIRO’s National AI Centre. The purpose of these collaborations is to enable our members to address some of the major challenges and risks technological advancements are having on organisations.

Data is an increasingly valuable asset. It is critical that organisations design, introduce and implement an effective data governance framework to maximise customer service and commercial value of data while also minimising risk particularly reputational risk.

In this year’s survey, the Governance Institute asked its members to examine how organisations are making appropriate decisions about their data. The results have revealed a number of important insights into the challenges of keeping pace with technological advances, reporting to the board, protecting assets and maintaining the trust of stakeholders.

In relation to the role of boards, while we have seen a small rise in the number of board directors with experience in the technology sector, it’s clear that there are very differing opinions as to the most effective board structures to best navigate data governance. The most commonly cited structure is to include it as part of the existing audit and/or risk committee, but fewer than half of the respondents selected that option.

Twenty-three per cent think the role of data governance should be elevated to the board level, 12 per cent as part of a separate risk committee and 10 per cent recent as part of a separate technology committee.

Just under three quarters of organisations link data governance to the overall governance/risk management strategy. Less than half report data governance to the board, and if they do, the variation on the frequency of reporting is significant.

With data analytics, machine learning and generative AI now an integral part of running a business, how an organisation manages the data it uses, alters and shares is crucial to its long-term viability.

The majority of respondents are not that positive about how their organisation manages and protects data. While 34 per cent said it was excellent or very good, 57 per cent rated it only average and four per cent said it was poor. But 88 per cent have plans for improvement, which is why reports and road maps like this are essential to help bring directors and leaders up to speed.

The results, while skewed somewhat towards the not-for-profit sector, indicate that it’s often the smaller organisations with fewer resources that are likely to be more exposed to risks due to a lack of data governance structures.

As we have seen in recent times, high-profile data breaches have had a sizeable impact on action, with 56 per cent of companies having changed their process and procedures since those events took place. But it’s the smaller companies that are less likely — due to resourcing constraints — to have been able to make these changes.

An effective data governance framework is critical in protecting an organisation from potentially catastrophic internal and external threats and ensures a responsible, legally compliant and efficient use of data assets. We also cannot underestimate the role of governance as we move towards safe, responsible and ethical creation and usage of AI and the protection of vital data. We know there is a skills and knowledge gap that organisations must address as a matter of urgency.

I would like to sincerely thank our sponsors of this thought leadership project, PKF, for recognising the urgent nature of these issues.

The following report analyses the results of the survey. It has been prepared by the DataX Macquarie Research Centre, with contributions from:
Professor Niloufer Selvadurai, Macquarie Law School
Professor Hanlin Shang, Department of Actuarial Studies and Business Analytics
Professor Bamini Gopinath, Macquarie University Hearing
A/Professor Babak Abedin, Department of Actuarial Studies and Business Analytics
A/Professor Jessica McLean, Macquarie School of Social Sciences
A/Professor Michael Proctor, Department of Linguistics
A/Professor Anthony Chariton, School of Natural Sciences

I would also like to thank our panel of expert advisers in this space who have provided insightful contextual analysis around the report’s findings.

They are:
Ken Weldin FGIA FCG, Partner, PKF
Karin Geraghty FGIA FCG, Non-Executive Director, Strategist, Digital Transformation Consultant
Stuart Harrison, General Manager Cyber Defence, nbn Australia
Sue Laver FGIA, Company Secretary, Telstra
Eve Lillas, Senior Associate, Gadens
Andrew Methven, Head of Risk and Compliance, Hearing Australia
Joanne Moss, Board Chair, Non Executive Director, and Gadens Partner
Megan Motto FGIA FCG, CEO Governance Institute of Australia

We recommend that you use this report to better identify threats and challenges, understand the broader data governance environment, and design effective data governance policies and procedures to support the responsible, legally compliant and efficient use of data.

For any assistance with addressing the data governance needs of your organisation, do not hesitate to contact your local PKF Audit and data governance expert.