Alteryx is an awesome data analytics and productivity tool, uncovering up entirely new possibilities for users to employ data analytics. As the population of Alteryx users grows, one topic becomes increasingly important: how are we ensuring that Alteryx workflows are well controlled and governed?
Governance can mean many things, ranging from how to properly enable and train users to ensuring analytics is ethical and accurate to governing data or building in workflow checks and controls (we may expand on these issues in subsequent posts). Here, we want to focus specifically on building a plan for governing Alteryx workflows that would be subject to an Audit or Compliance review with the goal of getting an enthusiastic nod of approval.
Many of our clients have developed their own best practices for governing Alteryx workflows, often aligned or inspired by policies and standards around change management, software development, or (statistical) model usage. Below we summarize some of the best practices we have gathered from amazing practitioners and ask you to add your own.
We acknowledge that not all analytics need audit-proofing. To maintain the ability for rapid innovation and flexible execution while providing safeguards for workflows in production, some customers use a risk classification framework and a tiered risk approach designed to replicate core elements of typical change management policies.
The exact definition of what constitutes a low vs. high-risk workflow will depend on the institution, but a common guiding principle can be whether an error in a workflow could result in a material financial impact or substantial reputation risk. Also, manipulations of confidential and sensitive data (like patient records, client information, etc.) are indications of a potential risk. Assuming that we have two risk tiers (high/low), the infographic below highlights some of the questions one may ask to determine the risk rating of a workflow.
Once the risk classification of workflows has been established, a governance “checklist” can be put together. While details may vary across industries, sectors, and use cases, some common guiding principles we observe among our clients include:
In many cases, it is useful to ask questions such as:
Lastly, while governance requirements can vary, we can probably all agree that we should make it easy for users to remember and facilitate adherence to them. To ensure that every Alteryx user is aware of best practices, consider handing out a “governance summary” during the onboarding process (or enable users to print a "checklist" they can run through as they complete their workflow), much like the document attached at the bottom of this article.
Let's hear from you! In this post, we described just a few of the techniques we hear from analytic professionals around the globe. What do you think? Do you have other tips or tricks to ensure that every user contributes to ensuring that good governance practices are implemented and followed?
Please let us know in the comments!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.