How One Chief Data & AI Officer Ships 'Governance-as-a-Product' to Prove ROI

For many organizations, data governance is the department of "no." Often seen as a bureaucratic cost center, governance has a reputation for slowing the business down. Now, a new approach is emerging to shake up some of those outdated ideas.

As the name suggests, a "governance-as-a-product" mindset treats internal controls with the discipline of a shipped tool. Complete with owners, release cycles, and measurable outcomes, the model could help enterprises escape a culture of permission. But more importantly, it gives data leaders an actionable framework for success.

To learn more about the approach, we spoke with Jeremy Stierwalt, Chief Data & AI Officer at the strategic consulting firm Paradigm Technology and a former leader at Capco and Protiviti. With over 25 years of experience partnering with C-suite leaders at Fortune 500 companies, Stierwalt knows precisely how to bridge the gap between technology and tangible outcomes. In his experience, getting buy-in for the governance-as-a-product model usually begins with a business calculation.

"The first question has to be: What is the cost of inaction? If you don't modernize, what will happen? The answers are always about business impact. Operational inefficiency, regulatory risk, and competitive disadvantages are the real reasons organizations are forced to act," Stierwalt says.

Once the cost of inaction has leadership’s attention, the real work can begin. To rebrand the function around value, Stierwalt suggests starting with a non-negotiable prerequisite.

• Mandate from the top: Governance programs driven from the bottom up are destined to fail, he cautions. Whenever they meet organizational resistance or require significant investment, they inevitably stall. "You must have top-down buy-in from someone on the leadership team, someone with C-suite authority who has clear and direct accountability for driving the program. Without that, it won't get off the ground."
• Speak the language: One simple but effective marketing tactic can help break through negative connotations, Stierwalt explains. "It sounds simple, but sometimes just changing the name changes the entire perception. Instead of calling it 'data governance,' call it a 'data literacy program.' At Paradigm, we talk about 'data as a second language,' or DSL. Those conversations are just fundamentally easier to have with your business counterparts."
• Follow the money: To prove ROI, data leaders can reposition cost as an integral part of value creation. "Don't treat governance as a separate project. Embed it directly into your most important business initiatives. When you do that, governance stops being viewed as a compliance cost center and is correctly seen as a business enabler."

With a new brand and a clear mandate, now the "governance product" needs to deliver tangible results, Stierwalt explains. "Governance can be a nebulous topic for people, so the only way to get a program moving is to deliver tangible outcomes. You have to outline the beneficial results at a very specific level. Automation is what gives you the steroids to move faster and deliver those results."

• The real-time referee: As an example of governance-in-action, he describes a tool that proactively prevents a compliance breach instead of just reporting it after the fact. "Imagine having 'listeners' for customer service calls that can alert a representative in real time, telling them to 'walk that statement back.' The voice data becomes text, and you are actively governing what people can and cannot say in real time. That, to me, is true data governance in action."

For Stierwalt, the value of this proactive model is most apparent in direct contrast with the old, reactive way. Traditionally, a bank might scramble to produce data lineage reports after an incident just because a regulator is breathing down its neck, he explains. Instead, the new way prevents the incident from ever happening in the first place. But a successful product doesn't stop at a single feature, he continues. Instead, his long-term vision includes a scalable platform to balance enforcement with feedback loops.

• Phishing for quality: The mandate must be top-down, he advises. But the system is also strengthened by input from the front lines. "Think about your email program. When you get a phishing request, you push a button and report it so the security team can take action. We don't have that same simple capability from a data consumption standpoint. There isn't an easy mechanism for someone to say, 'Hey, this data looks wrong, let's raise the alarm and get it fixed.'"
• Define to win: Effective programs also need a clear "what," Stierwalt explains. "You must establish success metrics that are actually definable. Too often, we see metrics put in place that don't make any sense. If you know why you're doing this, you have to be able to define what success looks like and then drive the entire program toward those metrics."

Successfully shipping a governance product is how data leaders evolve from a support function into a strategic business driver, Stierwalt concludes. "Five years ago, I would have told you that the next CEO is going to come from the data side of the business, and I believe that's even more true now. Data is becoming the fundamental leader for a huge number of business initiatives. The data function is becoming a much more integral and strategic part of the business than it has ever been historically." In closing, he distills the entire philosophy into a single, straightforward piece of advice: "There's a lot of talk out there, but governance programs aren't about policies and procedures—they are about action. You actually have to do something with actionable intent behind it. Otherwise, you're just wasting your time."