Have questions about the Moss Adams combination? We're here to help. Submit your inquiry.

Loading...

Key considerations for auditing data governance in the AI era | Baker Tilly

Article

Key considerations for auditing data governance in the AI era

April 10, 2026 · Authored by Russell Sommers, Weston Nelson

Organizations today operate in an environment defined by exponential data growth, increasing regulatory scrutiny and rapid adoption of advanced technologies such as artificial intelligence (AI) and machine learning (ML). As a result, data governance has evolved from a technical consideration into a core business priority.

A well-designed data governance program enables organizations to manage data as a strategic asset, ensuring it is accurate, secure and usable to support decision-making, compliance and innovation.

What is data governance?

Data governance is the framework of policies, roles, processes and technologies that ensure data is managed effectively across its lifecycle. It establishes how data is created, stored, used, shared and ultimately retired.

At its core, data governance addresses fundamental questions about how data is managed within an organization. It defines ownership and accountability, clarifies how data is defined and classified, establishes how quality is measured and maintained and determines who can access data and under what conditions.

A mature data governance framework ensures that data is consistent, trustworthy and aligned with business objectives enabling organizations to rely on it for operational and strategic decisions.

Why data governance is important

The volume and velocity of data creation are unprecedented. Hundreds of millions of terabytes of data are generated daily, with global data volumes projected to exceed 200 zettabytes in the near future[1].

Concurrently, organizations face increasing risk of cybersecurity events resulting in:

Russell Sommers

Russell Sommers

Principal

Weston Nelson

Principal

Related sections

Article Tags

Data Governance AI

Data governance framework and workstreams

A comprehensive data governance program is built on interconnected components that collectively ensure data is managed effectively across the enterprise.

A leading data governance framework typically includes:

Strategy and governance structure: Aligns data initiatives with business objectives and establishes accountability.
Policies, standards and guidelines: Defines how data is created, managed and used consistently across the organization.
Data quality management: Ensures that data is accurate, complete and reliable for reporting and analytics.
Data security, privacy and compliance: Protects sensitive data and ensures adherence to regulatory requirements.
Data flow: Clearly articulating the flow of data through an organization
Metadata and data cataloging: Improves data discoverability and understanding.
Data lifecycle management: Governs data from creation through retention and disposal.
Technology and tooling: Enables automation, scalability and consistency.
Culture and change management: Promotes organization-wide accountability and responsible data usage.

Data governance is operationalized through coordinated workstreams, including:

Data strategy and program execution
Data architecture and integration
Data governance and management
Data science and analytics
Data visualization and reporting

These workstreams must be aligned to common goals and governed by a unified framework to ensure consistency and avoid fragmentation.

Data governance audit approach

Assessing the effectiveness of a data governance program requires a structured and scalable audit approach tailored to the organization’s maturity.

An effective audit typically evaluates:

Governance structure, roles and accountability
Data ownership and stewardship models
Data quality processes and measurement
Security and privacy controls
Access management and monitoring
Data integration and interoperability
Continuous improvement mechanisms

As part of this process, organizations often align their data governance programs with established frameworks and leading practices. Common standards include ISO data governance and retention standards, ARMA’s Generally Accepted Recordkeeping Principles (GARP), the DAMA Data Management Body of Knowledge (DMBOK), as well as key data relevant tenets of IT/Information Security relevant the NIST Cybersecurity Framework and SOC 2 criteria established by the AICPA.

A practical audit approach should include the following:

Alignment with governing framework – ideally including an assessment of compliance or maturity with that framework
General governance – people, process and technology of how data is managed
Data lifecycle management – process that ensures data security, integrity and compliance from ingest through destruction
Master data management – what controls are in place to ensure core business data is complete and accurate
Data analytics and key report management – how is data being validated for completeness and accuracy, how are the results being used
Third party vendor management – aligned with firm TPRM processes, but focused on data
Inherent data audit and review processes – what is covered, how are results reported and how are action items tracked

This lifecycle helps organizations move from fragmented or emerging practices toward a mature, scalable governance model.