Institute for Management, Business, and Accounting Studies Institute for Management, Business, and Accounting Studies

Data Governance as a Strategic Management Capability Rather Than an Information Technology Compliance Function

Original Research | Open access | Published: 18 March 2025
Volume 5, article number 81, (2025) Cite this article
You have full access to this open access article.
Download PDF
,
  1. Department of Business Digitization and Strategy, Faculty of Economics, Sorbonne University, Paris, France
123 Accesses

Abstract

Data governance has become a central organisational concern as firms depend increasingly on data for analytics, digital transformation, regulatory compliance, and operational coordination. Yet many organisations still locate data governance within information technology departments and define it primarily through technical controls, data quality rules, security standards, and regulatory obligations. This article argues that such a framing is too narrow for contemporary data-intensive organisations. When data governance is treated only as an IT compliance function, it is separated from strategic decision-making, business model innovation, customer trust, managerial accountability, and competitive renewal. The objective of this perspective article is to reconceptualise data governance as a strategic management capability. This means understanding data governance not merely as the administration of data assets, but as the managerial capacity to define decision rights, allocate accountability, shape data use, manage risk appetite, and convert data into organisational value. The perspective shows that strategic data governance changes the role of managers, the meaning of risk control, and the metrics by which governance success should be judged. It concludes that organisations seeking to compete through data must elevate data governance from a technical support function to a core management capability owned by senior leaders.

Explore related subjects
Discover the latest articles in related subjects:

Introduction

Data governance programmes have expanded rapidly as organisations confront growing volumes of data, increasing regulatory pressure, and rising expectations for trustworthy digital operations. Foundational reviews define data governance as the allocation of decision rights, responsibilities, standards, and control mechanisms for data assets, yet organisational practice often reduces it to technical stewardship and compliance monitoring [1]. This reduction is reinforced when data governance is housed primarily in IT, where the dominant priorities become security, metadata, access control, and quality assurance rather than strategic value creation. The result is that data governance becomes visible mainly when failures occur, rather than when strategic opportunities are being designed.

The assumption that data governance is a technical support function is increasingly untenable in firms that depend on analytics, digital platforms, artificial intelligence, and data-intensive customer relationships. Research on information governance and big data analytics shows that governance affects innovation, decision quality, and organisational performance, not merely data control [2]. If data governance shapes what data can be trusted, shared, combined, monetised, or ethically used, then it directly influences strategy execution. Treating it as a back-office IT responsibility therefore obscures its role in competitive positioning.

This article advances the perspective that data governance is, at its core, a strategic management capability. A strategic capability view asks how organisations build repeatable, managerial routines that allow data to support value creation, adaptation, and renewal under uncertainty [3]. It also aligns with dynamic capability arguments showing that firms must sense, seize, and reconfigure digital resources rather than merely install technologies [4]. From this standpoint, data governance determines not only how data is protected, but how data becomes usable, accountable, and strategically productive.

The article proceeds by first presenting the central perspective that the IT compliance framing is a category mistake. It then critiques the limits of treating data governance as a narrow control function and contrasts this view with the strategic capability perspective. The later sections develop the managerial, business value, and risk control implications of this reframing, drawing on evidence about analytics capability, governance mechanisms, privacy, digital transformation, and data-driven performance [5]. The practical aim is to provide managers with a clearer logic for moving data governance from IT administration to strategic leadership.

Central Perspective

The central perspective of this article is that framing data governance as an IT compliance function misclassifies the problem. Data governance certainly requires technical expertise, but its essential questions concern who may use data, for what purposes, under what conditions, with which accountability, and toward which organisational goals [6]. These are not merely system administration issues; they are managerial questions about authority, risk, value, and organisational design. When governance is delegated only to IT, the organisation confuses the infrastructure of governance with the strategic purpose of governance.

This category mistake matters because data is not a passive technical resource. Studies of big data analytics capabilities show that firms gain performance benefits when data-related resources are embedded in managerial, organisational, and dynamic capabilities rather than isolated as technical assets [7]. Data governance therefore should be understood as a capability that coordinates data quality, decision rights, business ownership, accountability, and value realisation. Its purpose is not simply to prevent misuse, but to enable disciplined and strategically aligned use.

A strategic management view also reframes risk. In the compliance view, risk is something to minimise through rules, restrictions, and defensive controls; in the strategic view, risk is governed through explicit managerial choices about acceptable data use, innovation boundaries, customer trust, and organisational resilience [8]. This does not weaken compliance; it strengthens it by connecting compliance obligations to business judgement and strategic accountability. The issue is not whether IT should participate in data governance, but whether general management will accept ownership of the decisions that data governance makes unavoidable.

Figure 1 illustrates the article’s central reframing of data governance from an IT compliance function into a strategic management capability.

Figure 1. Reframing Data Governance as Strategic Management Capability: From Technical Control to Managerial Value Creation
Figure 1. Reframing Data Governance as Strategic Management Capability: From Technical Control to Managerial Value Creation

Limits of Treating Data Governance as IT Compliance

The IT compliance paradigm is attractive because it appears concrete, auditable, and controllable. It translates governance into policies, standards, access rules, and technical checks that can be documented and monitored [9]. However, this same strength becomes a limitation when governance success is judged mainly by adherence to rules rather than contribution to strategic outcomes. A data governance system can be formally compliant while still failing to improve decision-making, innovation, customer value, or competitive responsiveness.

A second limitation is that compliance-led governance tends to privilege standardisation over experimentation. Standardisation is necessary for data reliability, but when treated as the dominant goal it can slow down analytics initiatives and discourage business units from exploring new data-enabled opportunities [10]. Research on big data value creation shows that firms struggle to realise value when data governance and analytics capabilities are disconnected from organisational learning and strategic use [11]. In this sense, excessive control can produce a paradox: the organisation protects data so tightly that it weakens its capacity to learn from data.

A third limitation is that IT-led governance often uses metrics that are detached from business outcomes. Measures such as policy completion, data quality scores, issue resolution time, and system access compliance are useful, but they do not reveal whether governance improves revenue, reduces operational friction, accelerates decisions, or increases customer trust [12]. Studies on effective big data use indicate that managerial alignment, organisational readiness, and governance mechanisms influence whether data resources become valuable in practice [13]. Table 1 contrasts the IT compliance perspective on data governance with the strategic management capability perspective.

Table 1. Data Governance as IT Compliance Versus Strategic Management Capability: Fundamental Differences in Goals, Scope, and Impact

Dimension

IT compliance perspective

Strategic management capability perspective

Primary purpose

Ensure adherence to rules, policies, security requirements, and regulatory obligations

Enable value creation, responsible innovation, strategic decision-making, and organisational resilience

Organisational location

Mainly positioned within IT, data management, security, or compliance functions

Owned jointly by senior management, business units, IT, risk, legal, analytics, and strategy leaders

Core governance question

How can the organisation control, secure, standardise, and document data use?

How can the organisation govern data so that it creates value while staying within acceptable risk boundaries?

Dominant logic

Defensive, risk-averse, procedural, and audit-oriented

Strategic, capability-based, opportunity-seeking, and accountability-oriented

Key actors

IT managers, data stewards, security teams, compliance officers, system owners

Board members, executives, chief data officers, business leaders, governance councils, analytics leaders, and IT specialists

Decision rights

Focused on technical access, data definitions, quality rules, and system controls

Focused on business ownership, data use priorities, investment choices, risk appetite, and value accountability

Success metrics

Policy adherence, audit completion, data quality scores, access control, issue closure

Business value realised, analytics maturity, decision speed, innovation outcomes, trust, efficiency, and risk-adjusted performance

View of risk

Risk is mainly a compliance problem to be minimised

Risk is a strategic management problem to be governed, balanced, and made explicit

View of data

Data is an object to be stored, secured, cleaned, and controlled

Data is a strategic asset whose value depends on managerial capability, organisational routines, and responsible use

Main limitation

Can become bureaucratic, reactive, and disconnected from strategy

Requires senior ownership, cross-functional coordination, and sustained organisational change

A final limitation is that compliance-led governance isolates data governance from strategic planning. Digital transformation research shows that firms must redesign organisational routines, roles, and governance arrangements when digital resources become central to value creation [3]. If data governance enters strategy discussions only after systems are procured or risks are detected, managers lose the chance to shape data use proactively. The strategic failure is therefore not poor IT execution, but delayed managerial ownership.

Data Governance as Strategic Management Capability

Data governance becomes strategic when it is understood as a management capability rather than a technical arrangement. A capability view shifts attention from policies alone to the organisational ability to define decision rights, assign accountability, coordinate data use, and convert data assets into business outcomes [1]. This reframing is especially important because cloud, platform, analytics, and artificial intelligence environments make data governance inseparable from organisational design and strategic execution [14]. In this view, data governance is not the ownership of databases; it is the ownership of the conditions under which data becomes valuable, trusted, and responsibly actionable.

The resource-based view helps explain why strategic data governance can become a source of advantage. Data resources are abundant in many firms, but the ability to organise them, interpret them, protect them, and deploy them across functions is far less common [15]. Analytics studies show that performance gains depend not simply on possessing data, but on building complementary capabilities that connect data, people, processes, and decision routines [16]. Strategic data governance therefore turns data from a scattered organisational input into a managed resource whose value depends on governance quality.

Dynamic capabilities theory further strengthens this perspective because data governance must evolve as markets, technologies, regulations, and business models change. Strategic data governance enables firms to sense emerging data opportunities, seize them through accountable decision-making, and reconfigure data processes as conditions shift [17]. This is particularly relevant in data-driven transformation, where rigid governance can block adaptation, while absent governance can create uncontrolled risk [4]. The managerial challenge is to design governance that is disciplined enough to protect the firm and flexible enough to support renewal.

This reframing changes the objectives and metrics of data governance. Instead of measuring governance success only through compliance completion or issue closure, managers should evaluate how governance improves analytics maturity, innovation capacity, operational efficiency, customer trust, and strategic responsiveness [18]. Research on information governance and analytics-driven innovation shows that governance mechanisms can support innovation when they are aligned with business goals rather than treated as restrictive controls [2]. The strategic capability view therefore does not replace compliance; it embeds compliance within a broader value-realisation logic.

Figure 2 presents data governance as a dynamic strategic capability that links data resources, managerial routines, and value-realisation outcomes.

Figure 2. Data Governance as a Dynamic Strategic Capability: Linking Data Resources, Managerial Routines, and Value Realisation
Figure 2. Data Governance as a Dynamic Strategic Capability: Linking Data Resources, Managerial Routines, and Value Realisation

Managerial Responsibilities and Decision Rights

If data governance is strategic, then senior leaders cannot delegate it entirely to technical specialists. Boards and executive teams must define the organisation’s data principles, investment priorities, accountability structures, and risk appetite, because these choices determine how data supports strategy [19]. Data governance affects mergers, digital platforms, customer relationships, analytics, artificial intelligence, and regulatory exposure, all of which exceed the boundaries of IT administration [20]. Managerial ownership is therefore not symbolic; it is necessary for aligning data use with organisational purpose.

The Chief Data Officer should be positioned as a strategic partner rather than a technical gatekeeper. In a compliance-only model, the role is often limited to enforcing data quality standards, managing stewardship, or coordinating technical controls. In a strategic model, the Chief Data Officer helps translate business priorities into data priorities, mediates between risk and innovation, and ensures that governance decisions are connected to measurable business value [21]. This requires authority across business units, not merely responsibility inside a data management office.

Cross-functional governance councils are essential because data decisions usually cut across organisational boundaries. Customer data, operational data, financial data, human resource data, and platform data are rarely confined to one department, which means that unilateral IT ownership produces incomplete accountability [22]. Governance councils should include business leaders, analytics specialists, IT, legal, risk, privacy, and operational managers so that data decisions reflect both value potential and risk exposure. Such councils are most effective when they make explicit decisions about ownership, use rights, prioritisation, escalation, and performance consequences.

Decision rights are the practical core of strategic data governance. Without clear decision rights, organisations may have policies without authority, data stewards without influence, and analytics teams without trusted access to usable data [6]. Strategic governance clarifies who decides what data matters, who can use it, who is accountable for quality, who approves high-risk use, and who measures business impact. This is why data governance belongs in strategic planning and performance management, not only in IT policy manuals.

Business Value and Risk Control Implications

Strategic data governance creates business value by making data more usable, credible, and actionable across the organisation. Big data analytics research shows that firms achieve stronger outcomes when analytics capabilities are supported by organisational routines, decision processes, and governance mechanisms [11]. Governance improves value creation by reducing ambiguity over definitions, ownership, access, and accountability, which allows managers to make faster and more reliable decisions. In this sense, governance is not a brake on analytics; it is part of the infrastructure that allows analytics to matter.

Strategic governance also supports innovation and new forms of value creation. When firms know which data assets they possess, who may use them, and how risks will be managed, they can experiment more confidently with analytics, artificial intelligence, digital services, and data-enabled business models [5]. Research on digital ecosystems shows that organisations face growing complexity when data moves across platforms, partners, and external infrastructures, making governance central to value creation beyond firm boundaries [22]. Table 2 summarises the business value and risk control implications of treating data governance as a strategic capability.

Table 2. Business Value and Risk Control Implications of Strategic Data Governance: Value Drivers, Risk Mitigation, and Performance Outcomes

Strategic data governance domain

Value creation implication

Risk control implication

Expected performance outcome

Data ownership and decision rights

Clarifies who can mobilise data for strategic and operational decisions

Prevents accountability gaps, duplicated control, and unmanaged data use

Faster decisions, clearer responsibility, and stronger execution discipline

Data quality and shared definitions

Improves analytics reliability and cross-functional comparability

Reduces errors, inconsistent reporting, and poor managerial interpretation

Better decision quality and more reliable performance monitoring

Business-aligned analytics governance

Connects analytics initiatives to strategic priorities and measurable value

Prevents technically impressive but strategically irrelevant analytics projects

Higher analytics return, stronger prioritisation, and improved resource allocation

Privacy and customer trust governance

Enables responsible customer data use and trust-based value creation

Reduces privacy violations, reputational harm, and regulatory exposure

Stronger customer confidence and more sustainable data-driven growth

Cross-functional governance councils

Coordinates data priorities across business, IT, risk, legal, and analytics teams

Reduces siloed decisions and conflicting interpretations of risk

Better organisational alignment and lower coordination failure

Platform and ecosystem data governance

Supports data sharing, partner collaboration, and ecosystem innovation

Manages dependency, access, interoperability, and third-party exposure

More resilient participation in digital ecosystems

Artificial intelligence and algorithmic governance

Enables responsible model development, monitoring, and deployment

Reduces bias, opacity, misuse, and unaccountable automated decisions

More trustworthy artificial intelligence and stronger organisational legitimacy

Data monetisation and value realisation

Identifies opportunities for new products, services, and revenue models

Prevents reckless exploitation of sensitive or low-quality data

Balanced innovation, revenue growth, and risk-adjusted value creation

Strategic risk appetite

Makes acceptable data use explicit at senior management level

Avoids both excessive restriction and uncontrolled experimentation

Better balance between innovation, compliance, and resilience

Risk control also changes meaning under a strategic capability view. Rather than treating privacy, security, and compliance as separate defensive tasks, managers should define the organisation’s risk appetite for data use and connect that appetite to strategic goals [8]. Data privacy research demonstrates that trust, fairness, and responsible use are central to market relationships, not merely legal constraints [8]. Therefore, risk control becomes a source of legitimacy and customer confidence when it is governed as part of strategy.

The business value and risk implications are particularly visible in artificial intelligence and process-intensive environments. Governance for trustworthy artificial intelligence requires organisations to manage data quality, accountability, transparency, and public value, not only technical model performance [20]. Similarly, process mining research shows that data governance determines whether process data can be used responsibly and meaningfully for organisational improvement [23]. These examples demonstrate that strategic data governance is both an enabler of value and a mechanism for controlling the risks that arise when data becomes central to organisational action.

Practical Recommendations

Managers should first reposition data governance structurally. Instead of locating it solely in IT or compliance, organisations should establish executive sponsorship, board-level visibility, and cross-functional governance councils with authority over strategic data priorities [19]. The Chief Data Officer should report into a structure that allows influence over business strategy, analytics investment, risk management, and performance outcomes [21]. This repositioning signals that data governance is not a service desk function but a managerial capability for coordinating value and accountability.

Second, governance metrics should be tied directly to business performance indicators. Traditional measures such as policy adherence and data quality remain necessary, but they should be complemented by metrics for decision speed, analytics adoption, innovation outcomes, customer trust, operational efficiency, and risk-adjusted value creation [12]. Research on big data decision-making capability shows that governance mechanisms matter because they shape whether data improves managerial judgement and organisational performance [24]. Managers should therefore ask not only whether data is compliant, but whether governed data is improving strategic action.

Third, organisations should build a maturity pathway from IT compliance toward strategic capability. Early stages may focus on standards, stewardship, and risk control, but later stages should integrate governance into strategic planning, analytics portfolios, artificial intelligence oversight, ecosystem participation, and digital transformation [25]. This pathway requires board-level data literacy, explicit decision rights, investment in governance routines, and a balanced approach to experimentation and control [26]. The goal is not to abandon compliance, but to make compliance part of a broader capability for responsible, value-generating data use.

Figure 3 outlines a managerial pathway for transforming data governance from reactive IT compliance into a proactive strategic capability.

Figure 3. Managerial Pathway for Transforming Data Governance from IT Compliance to Strategic Capability
Figure 3. Managerial Pathway for Transforming Data Governance from IT Compliance to Strategic Capability

Conclusion

Data governance remains underused when organisations define it mainly as an IT compliance function. This narrow framing encourages managers to see governance as a technical obligation rather than a strategic discipline that shapes value creation, innovation, trust, and resilience. The central argument of this article is that data governance should be elevated to the level of strategic management capability.

The strategic capability perspective changes what data governance is expected to accomplish. It places decision rights, accountability, risk appetite, analytics value, customer trust, and organisational learning at the centre of governance. It also clarifies that IT expertise remains essential, but insufficient, because the most consequential data governance decisions are managerial decisions.

Management scholars and practitioners should therefore lead the transformation of data governance. Organisations that continue to treat data governance as a defensive compliance function will struggle to realise the full value of their data assets. Organisations that treat it as a strategic capability will be better positioned to compete, innovate, and govern responsibly in data-intensive environments.

Acknowledgements

None

Conflict of interest

None

Financial support

None

Ethics statement

None

References

Abraham R, Schneider J, Vom Brocke J. Data governance: A conceptual framework, structured review, and research agenda. Int J Inf Manag. 2019;49:424-38.
Mikalef P, Boura M, Lekakos G, Krogstie J. The role of information governance in big data analytics driven innovation. Inf Manag. 2020;57(7):103361.
Vial G. Understanding digital transformation: A review and a research agenda. Managing digital transformation. London: Routledge; 2021. p. 13–66.
Warner KS, Wäger M. Building dynamic capabilities for digital transformation: An ongoing process of strategic renewal. Long Range Plann. 2019;52(3):326-49.
Grover V, Chiang RH, Liang TP, Zhang D. Creating strategic business value from big data analytics: A research framework. J manag inf syst. 2018;35(2):388-423.
Alhassan I, Sammon D, Daly M. Critical success factors for data governance: A theory building approach. Inf Syst Manag. 2019;36(2):98-110.
Mikalef P, Pappas IO, Krogstie J, Giannakos M. Big data analytics capabilities: a systematic literature review and research agenda. Inf Syst E-Bus Manag. 2018;16(3):547-78.
Martin KD, Murphy PE. The role of data privacy in marketing. J Acad Mark Sci. 2017;45(2):135-55.
Al-Ruithe M, Benkhelifa E, Hameed K. A systematic literature review of data governance and cloud data governance. Pers Ubiquit Comput. 2019;23(5):839-59.
Günther WA, Mehrizi MH, Huysman M, Feldberg F. Debating big data: A literature review on realizing value from big data. J Strateg Inf Syst. 2017;26(3):191-209.
Mikalef P, Boura M, Lekakos G, Krogstie J. Big data analytics and firm performance: Findings from a mixed-method approach. J Bus Res. 2019;98:261-76.
Bodendorf F, Franke J. What is the business value of your data? A multi-perspective empirical study on monetary valuation factors and methods for data governance. Data Knowl Eng. 2024;149:102242.
Surbakti FP, Wang W, Indulska M, Sadiq S. Factors influencing effective use of big data: A research framework. Inf Manag. 2020;57(1):103146.
Al-Ruithe M, Benkhelifa E. Analysis and classification of barriers and critical success factors for implementing a cloud data governance strategy. Procedia Comput Sci. 2017;113:223-32.
Wamba SF, Gunasekaran A, Akter S, Ren SJ, Dubey R, Childe SJ. Big data analytics and firm performance: Effects of dynamic capabilities. J Bus Res. 2017;70:356-65.
Mikalef P, Krogstie J, Pappas IO, Pavlou P. Exploring the relationship between big data analytics capability and competitive performance: The mediating roles of dynamic and operational capabilities. Inf Manag. 2020;57(2):103169.
Mikalef P, Boura M, Lekakos G, Krogstie J. Big data analytics capabilities and innovation: the mediating role of dynamic capabilities and moderating effect of the environment. Br J Manag. 2019;30(2):272-98.
Elia G, Raguseo E, Solazzo G, Pigni F. Strategic business value from big data analytics: An empirical analysis of the mediating effects of value creation mechanisms. Inf Manag. 2022;59(8):103701.
Black S, Davern M, Maynard SB, Nasser H. Data governance and the secondary use of data: The board influence. Inf Organ. 2023;33(2):100447.
Janssen M, Brous P, Estevez E, Barbosa LS, Janowski T. Data governance: Organizing data for trustworthy Artificial Intelligence. Gov Inf Q. 2020;37(3):101493.
Shamim S, Zeng J, Shariq SM, Khan Z. Role of big data management in enhancing big data decision-making capability and quality among Chinese firms: A dynamic capabilities view. Inf Manag. 2019;56(6):103135.
Volz F, Münch C, Lohmüller M, Küffner C. From data jungle to data governance in digital ecosystems: Empirical evidence from a multiple holistic case study. J Bus Res. 2025;201:115747.
Goel K, Martin N, ter Hofstede A. Demystifying data governance for process mining: Insights from a Delphi study. Inf Manag. 2024;61(5):103973.
Shamim S, Zeng J, Khan Z, Zia NU. Big data analytics capability and decision making performance in emerging market firms: The role of contractual and relational governance mechanisms. Technol Forecast Soc Change. 2020;161:120315.
Al-Badi A, Tarhini A, Khan AI. Exploring big data governance frameworks. Procedia Comput Sci. 2018;141:271-7.
Christ AS, Carl KV, Kurtz C, Lobschat L, Mueller B, Zimmer MP. Taking digital responsibility for data: Toward a governance model for user-generated data. Schmalenbach J Bus Res. 2025;77(3):527-56.

Author information

Victor Dupont & Elise Morel contributed to this work.

Authors and affiliations

Department of Business Digitization and Strategy, Faculty of Economics, Sorbonne University, Paris, France
Victor Dupont & Elise Morel

Corresponding author

Correspondence to Victor Dupont

Rights and permissions

Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.

About this article

Cite this article

Vancouver
Dupont V, Morel E. Data Governance as a Strategic Management Capability Rather Than an Information Technology Compliance Function. J. Digit. Bus. Manag. Stud.. 2025;5:81.
APA
Dupont, V., & Morel, E. (2025). Data Governance as a Strategic Management Capability Rather Than an Information Technology Compliance Function. Journal of Digital Business and Management Studies, 5, 81.
Received
05 December 2024
Revised
20 January 2025
Accepted
05 March 2025
Published
18 March 2025
Version of record
18 March 2025

Share this article

Easily share this article with others using the link below:

Data Governance as a Strategic Management Capability Rather Than an Information Technology Compliance Function
Scan to access
this article

Ready to submit?
Start a new submission or continue a submission in progress:
Submission Portal Instructions for authors

Follow this journal
Get notified of new updates and articles.