Data governance: Running a small business on numbers you can trust

Data can be one of the most useful things a business has. It sits in sales reports, finance systems, HR tools and shared folders that have been around for years.

When it's looked after, decisions feel easier. When it isn't, every big conversation turns into a debate about which numbers are right.

That's where data governance comes in. It's the set of habits, rules and responsibilities that keep your data accurate, safe and usable.

When you can't rely on the data

If you sit on a senior team, you might've seen this pattern.

Someone brings a set of revenue figures to a meeting. Someone else brings a different one. Both are "from the system" and both look reasonable.

Twenty minutes later, you're still trying to work out which figure to use, and the actual decision is on hold.

When this keeps happening, people start to trust the data less.

• Managers start building their own spreadsheets.

• Teams stop using central reports.

• People rely more on instinct than insight, because instinct feels safer.

Good governance tackles that problem. It gives you a shared way to define key numbers, a clear owner for each important set of data, and a basic level of quality you can expect whenever you open a report.

Simple rules that keep data in shape

At its heart, strong governance is a handful of clear agreements.

• Shared definitions. If "active customer" means one thing to sales and something else to finance, you'll never get a straight answer.

  The same goes for terms like "lead" or "order". Getting these definitions written down and agreed sounds basic, but it fixes a lot.

• Clear ownership. Every core set of data should have a named owner, not "IT" or "the data team".

  When something looks off in supplier records, payroll or stock, you should know exactly who can fix it and who can say yes or no to changes.

• Routine checks. Simple checks for missing values, odd spikes or duplicate records catch problems early.

  They cost less than trying to unpick a mistake that's already gone into important documents.

• Sensible access. People should have easy access to the data they need to do their job, and only that.

  That means role-based permissions, shared locations that are actually used and a gradual move away from critical information living in personal drives and email attachments.

• Security and compliance woven into daily work. Password rules that people follow, clear guidance on sharing files, simple steps for reporting an issue.

  Quiet discipline day to day will always beat a long policy that no-one remembers.

Signs that governance is missing

When governance is weak, the damage often builds slowly.

• You see more "offline" spreadsheets that no-one else understands.

• Teams complain that official reports don't match what they see, so they stop using them.

• Monthly close takes longer because the finance team spends days chasing and reconciling numbers.

• Data gets copied into tools and folders where it shouldn't be.

Every now and then, there's a bigger scare. A file with staff details ends up in the wrong place, or customer data goes to a supplier without the right agreement.

None of this makes headlines, necessarily, but it burns time, money and goodwill. It also makes people nervous about trying new tools, because they know the foundations are shaky.

Practical moves for senior teams

Governance only works when leaders treat it as part of running the business, not a side project. A few simple moves help.

• Set expectations about "official" sources. When decisions reach your level, ask which system or set of data they're based on. If there are three competing spreadsheets in the room, push people to fix that before next time.

• Back the tidy-up work. Cleaning customer lists, reviewing permissions and writing clear guidance isn't glamorous. But it's still essential. Make sure it has time, budget and visible support.

• Give owners real authority. If someone is named as data owner, they need the right to change processes, close down risky shortcuts and say no when a quick fix would cause issues later.

• Keep a simple view of how things are going. Ask for a short, regular update on issues raised and closed, access requests, audits and incidents. When you show interest, teams keep paying attention.

Case study from my experience

One of my clients struggled with inconsistent sales data across several of its stores. Senior managers found it difficult to track inventory and forecast demand accurately.

I supported with the launch of a data governance programme where the client:

• created a central data repository

• defined data entry standards across all locations

• assigned data stewards in each store

• implemented regular data quality checks

Within six months, the organisation reduced its unfulfilled store requirements by 15% and increased sales by 10% – all by improving how it managed its inventory.

Leaders were able to make faster, more confident decisions using data they knew they could trust.

Starting small without a big programme

If governance feels like a huge project, strip it back.

Pick one area where bad data hurts the most. That might be cash flow forecasts, customer contact details or stock levels.

For that area, answer a few questions.

• Where does the data come from?

• Where is it stored?

• Who updates it?

• Which reports rely on it?

Then agree three things – a clear definition for the key fields, a named owner and a short list of minimum quality rules. For example, "no customer without a contact method", "no staff record without a start date".

Tidy up permissions so the right people can see and update the data, and others can't.

Write down the basic process for making changes, in normal language, and put it somewhere easy to find.

Review it once a month. Look at what went wrong, what worked and what you need to adjust.

When that area feels under control, move on to the next one and reuse what you've learned.

Using AI without losing control of the data

AI tools are now part of many businesses.

They help write material, score leads, summarise calls and flag unusual patterns. But they're only as good as the data underneath.

If the information going into a model is patchy, biased or poorly labelled, the output will reflect that.

It might look confident but it won't be reliable. That's a governance issue as much as a technology one.

When AI is in the mix, a few extra basics help:

• Decide what data can and can't be used to train or feed AI tools, and write that down.

• Keep a record of where training data comes from and who approved it.

• Check for bias and inaccuracies in models that affect customers or staff, not just once but regularly.

• Involve people from data, legal, security and operations (if you have them) when introducing new AI tools, so choices are joined up.

Regulation around AI is moving quickly and will keep evolving.

If you already know what data is being used where, who owns it and how it's checked, you're in a much better position to respond to new rules or questions from regulators and clients.

Keeping trust in the numbers

In the end, governance is about trust. When people trust the numbers, they use them.

But you don't get there in a week. You get there by choosing a few important areas, agreeing clear ownership, tightening simple rules and sticking with the routine checks.

Over time, that steady work turns data from a source of friction into something the whole business can rely on.

People also viewed

• Why businesses need to use AI with care and governance

• How to use data to drive business success

• Lunch and Learn: Using digital data to grow your business