Data Management Approach Analytics Information Management Solutions Deloitte

Data Management Approach Analytics & Information Management Solutions Deloitte Bulgaria, October 2019

Content Data Challenges & Benefits 3 Deloitte Data Governance Framework 4 Data Governance Strategy 5 Policies 6 Organization, Roles & Responsibilities 7 Processes 8 Tools & Technology 9 Data Governance Metrics 10 Deloitte Approach 11 Deloitte Team & Contacts 14 Deloitte Bulgaria 2019 2

Data challenges and benefits of introducing Data Governance There are several major trends driving change in enterprise data — growing requirements of data users, rapid accumulation of ever more complex data and increasingly stringent data requirements introduced through various regulations. Increasing regulatory compliance and reporting requirements Data Challenges Rising business complexity and growing volume of data The constant effort to develop new products for new or existing markets/customers is a key driver of rising data volumes and leads to an increasingly complex enterprise data management landscape comprising of numerous silos. There are increasing industry specific and regulatory reporting requirements such as SREP, BASEL, BCBS 239, Mi. FID, Solvency II and GDPR, which legislate or recommend enhanced data management capabilities – such as data quality, proof of the trustworthiness of reports, or ensuring compliance with data usage and other policies. Data Governance Benefits Reduce complexity • • • Streamline processes (resolution of issues, maintenance, integration, reporting, etc. ) Decrease time to market Improve data exchange with less redundancies Standardize data landscape Increase re-usability of data through clear data definitions and taxonomies Improving data quality and master data management In the age of transformation, all organizations collect data, but one of the most expensive and difficult problems to solve is the quality of that data. Data analysis is useless if organizations do not have reliable data, because the answers they derive from it could deviate greatly from reality. Consequently, organizations could make bad decisions. Manage operational risk • • • Data governance delivers a repeatable framework that reduces the effort required to comply with each new regulation, and makes it easier to show compliance. Helps organizations to respond efficiently to (new) regulatory requirements Leads to improved data security Data is a valuable asset for every organization and a resource which can be exploited to obtain economic and competitive advantage. Organizations struggle to monetize their data and cannot benefit from additional revenue streams, new products and services, or business models and increased customer loyalty. Some of the greatest barriers for that include data quality issues, regulation challenges and lack of appropriate analytics tools. • • Standardize and govern data models to reduce data redundancy Transparency by consistent data semantics and taxonomies Implement integrated metadata framework incl. business glossary For many organizations data gathering and aggregation is manual and cumbersome process that is usually associated with heavy load of manual processing, performing additional control procedures and it involves significant human resource. This ineffective and inefficient process leads to increased risk of errors and less confidence and reliance on data. Enhance analytics capabilities Improve data quality • Automated and realtime reporting Data driven decision making • • Better decision making Improve analytic modeling capabilities Build trust in data used in analytics Achieve 360° view on data Reduce operating costs • • Improve availability for data consumers Lower reporting cost Harmonize system landscape Enable process automation

Deloitte Data Governance Framework helps to define a Data Governance strategy and embed all Data Governance elements in an organized and structured way. Continuous improvement processes ensure a sustainable Data Governance function. Governance Policies & Metrics Principles Tools & Technology Data Governance Strategy • Data Governance is an end-to-end approach, being a central element among other Data Management disciplines, including Data Architecture, Metadata, Data Quality, Data Operations. • A collaborative framework of roles and responsibilities, processes and technology facilitates decision making and accountabilities through efficient rules. • It is ongoing process, which needs overall organizational commitment to achieve clarity of thought, action and purpose. • The more important data is for a company’s business model, the greater the necessity is for coordinated Data Governance approach across the enterprise. • In line with the management of other assets such as financial capital or human resources, data governance ensures value driven management of the business asset data, which is leveraged via analytics based decision making. Roles & Responsi- Processes WHEN? WHERE? bilties © Deloitte Bulgaria 2019 WHY? WHAT? Deloitte Data Governance Framework • While Data Governance programs are often incorporated in existing Business Operations, IT or Compliance structures, the target operating model must be carefully chosen considering the desired business outcomes. • As soon as information is shared across business areas, processes and applications, formal Data Governance is required to sustainably manage data across the enterprise, to comply with regulations and to enable insights from analytics. 4

Data Governance Strategy A requirement-driven, future-proof target model, which is embedded in the IT Strategy should be defined. Based on that the Data Governance organization should be designed and pertinent processes must be developed, in order to get the desired benefits. Critical Business Needs Data Value Components Governance policies & principles Quality Develop a single source of truth for corporate data Make better informed decisions to steer the business Costs Manage resources efficiently and more effectively Reduce efforts to manage dayto-day operations Time © Deloitte Bulgaria 2019 Building Blocks of a Data Governance Strategy Decision | Rights | Guiding Principles Governance organization Bodies | Roles & Responsibilities Governance Procedures Governance processes Communication | Tools & Technology Governance Controls & Monitoring 5

Policies Deloitte's methodology guides the evaluation and creation of policies across eight building blocks that drive strategic alignment in your organization. Policies are binding guidelines for the different Data Management functions that the Data Governance oversees. Strategy Ensuring sustainability of Data Governance across the organization Governance Scope & Mandate Applicable Legal Rules & Regulations Master Data Standards Service Level Agreements Data Governance Policies Information Quality Management Information Retention Information Security & authorization Respect and involvement of existing data functions Organization commits on aligned direction for data governance Increase awareness and foster compliance through ongoing communication about policies Functional and non-functional requirements can be raised in implementation projects based on policy Information Lifecycle Management Involving individuals to commit to the policies Encouragement to bring in valuable knowledge and to share concerns Solution and clear objective with a direct connection to the stakeholder’s goals Improvements to be compatible with their operations Easy adoption and visibility of innovation Operational Principles © Deloitte Bulgaria 2019 6

Organization, Roles & Responsibilities The Deloitte approach includes the definition of the organization model, including the definition of Data Governance roles and responsibilities. The precise design of the roles and responsibilities depends on the preferred organizational model, as well as corporate structure and culture. A Data Management organization depend on the size and organizational structure of the company. There are three main parties, which can have different names and roles depending on the respective case: Data Consumer Communicates information definition and seeks improvement ideas Data Steward Executive Sponsor: Interaction Model Data Custodian Chief Information Officer | Chief Data Officer | Chief Governance Officer Deals with the actual nuts and bolts of transforming and storing data, rather than issues around what data is going into the system and why • • • receive and take notice of senior management data governance report Data Governance Unit (Center of Excellence) Data Governance Committee | Data Governance Group | Data Governance Team Enables the organization to take control and govern all the types and forms of data and their associated libraries or repositories • • • Data Owner Responsible for the entity's master data definitions, data quality, and policy compliance Each role has its own responsibilities, which can be documented in a RACI Matrix © Deloitte Bulgaria 2019 sponsorship for resource allocation (people and budget) enact strategic data governance policies and guidelines establish data governance framework, implement standards and data controls responsibility for key data governance processes prepare quarterly senior management data governance report and present on board meetings Local Data Stewards & Data Owners IT Department | Compliance team | Domain Manager • supervise data and service deliveries according to SLAs and trace back data supply chain in the event of issues or SLA breaches • • coordinate data quality improvements within the respective business domain operational responsibility for data management activities 7

Processes The required processes need to be determined individually based on the drivers for the Data Governance initiative and business needs. Typically, a set of 6 to 12 governance processes makes up the Data Governance Process Model, which is owned by the Data Governance organization. Improve data quality Exemplary Processes (non-exhaustive) Improve data quality • • Enhance analytics capabilities • Tailored Data Governance Manage operational Risk Reduce complexity Deloitte Bulgaria 2019 Data Governance Driver Reduce operating costs Data standard definition Data quality rule definition KPI reporting Issue resolution and escalation management Data ownership change handling Enhance analytics capabilities • Data dictionary maintenance • Data integration • Communication and change management Reduce operating costs • Create, read, update, delete processes • Portfolio management • Contract management Reduce complexity • Enterprise data model management • Change request handling Ensure regulatory compliance • Policy maintenance • Data privacy management • Compliance monitoring including data security 8

Tools & Technology The right tools to support Data Governance capabilities must fulfil business and IT requirements. Business and IT requirements drive the complexity for Governance Tools & Technology Business Tool & Technology requirements IT • Avoid data redundancies Enterprise-wide consistency Reliable information (Analytics and Reporting) Cost / time effectiveness • Assure data consistency and data ownership • Provide unique identifiers • Create global hierarchies and attributes • Centralize data distribution (one source) • Retrieve relevant data only Improved resource performance © Deloitte Bulgaria 2019 • Pre-calculate standard reports and use aggregates Centralized, efficient data storage Minimized data conversions and manual steps Improved system integration and standardization of infrastructure Optimized IT resource capacities and minimize network traffic 9

Data Governance Metrics When defining Data Governance metrics, it is important to include corrective measures in order to achieve improvement. Deloitte calls this the Governance Control Model, which supports achievement of your Data Governance objectives. Governance Control Objectives Governance Control Model Corrective Actions Objective Bundle • Defined Results and Purpose to be achieved • Resources are used efficiently Data Governance Metrics Governance Process Model Plan Build Measure • Risks are managed Control Activities Run • Conformance to standard and measures Control Information Quality Management Control Activities are policies, procedures, practices and organizational structures designed to provide reasonable assurance how business objectives will be achieved Why establish Governance Metrics? Need to identify the most important Governance activities, measure progress towards objectives and determine how well the Governance is performing Need to continuously improve the Governance’s maturity level for added value in operative, support and analytical business processes Deloitte Bulgaria 2019 Metrics measure the level of compliance or an improvement of behavior and outcomes Metrics are tailored for the domains of Business Areas and Processes Metrics concern to their owner and their Business Area Metrics refer to a time period such as a fiscal year, a project phase or apply in real time at any moment Metrics represent the core information for reporting and dashboarding Metrics deliver input for corrective actions and revalidation of control activities How to achieve Data Governance Success? Comply with Data Governance policies Performance of Data Governance processes Transparent success measures 10

Deloitte Approach (1/3) We adopt a four-phased delivery approach, which is adaptable, scalable and leverage our tested tools and methodologies. 1 “As-is” Phase Assessment of the data maturity of the organization and identification of key improvement areas and opportunities “To-be” Phase Development of a fit-for-purpose target operating model that meets the future needs of the organization 2 Adaptable Our modular delivery enables us to reflect the characteristics of your organization including business drivers and context, strategic focus, size, level of maturity. 3 Roadmap Phase Scalable Development of a roadmap with prioritized initiatives to support the required change Support Phase Help with the realization of the initiatives, part of the roadmap and on-going guidance by Deloitte experts © Deloitte Bulgaria 2019 Through the selection of phases and prioritization of critical dimensions and layers, you can dictate the focus and the depth to which each of the constituent analysis will be covered. 4 Leverage our tested tools The Framework leverages a wide spectrum of tested Deloitte tools, templates and accelerators, which will be tailored to your needs. 11

Deloitte Approach (2/3) We adopt a four-phased delivery approach, which is adaptable, scalable and leverage our tested tools and methodologies. 1 “As-is” Phase 2 “To-be” Phase Objectives: Assess the data maturity of the organization and identify key improvement areas and opportunities Activities: Expected deliverables: § Perform comprehensive data management maturity assessment § Review of organizational set up, governance model, key policies and processes, roles and responsibilities, etc. § Conduct targeted workshops with key stakeholders to gain more in-depth understanding regarding the organization, people, processes and technology § Validate the identified improvement areas and opportunities with key stakeholders Report that includes: § results of the maturity assessment § summary of our understanding, key observations, improvement areas and opportunities Indicative timeline (weeks)*: 1– 3 Objectives: Develop a fit-for-purpose target operating model that meets the future needs of the organization Activities: Expected Deliverables: § Determine gaps to good market practices, key trends and innovations regarding data management § Develop initial hypotheses for the future operating model and test with key stakeholders § Develop a fit-for-purpose target operating model that meets the future needs of the organization Report that includes the target operating model of the organization covering the following areas: § Data strategy § Organizational structure § Governance Model § Processes § Roles and responsibilities § Technologies § KPIs Indicative timeline (weeks)*: 2– 4 *Indicative Timeline: exemplary timeline for phase completion, which will be defined additionally based on the project scope and client specifics © Deloitte Bulgaria 2019 12

Deloitte Approach (3/3) We adopt a four-phased delivery approach, which is adaptable, scalable and leverage our tested tools and methodologies. 3 Roadmap Phase 42 Support Phase Objectives: Develop a roadmap with prioritized initiatives to support the required change Activities: Expected deliverables: § Review the current portfolio of projects and develop key initiatives that will help the organization to reach the target operating model § Prioritized strategic portfolio and validate roadmap with key stakeholders Roadmap that includes the proposed and validated initiatives and provides the following details for: § priority § benefits § scope & timeframe § key stakeholders to be involved § milestones, risks involved, etc. Indicative timeline (weeks)*: 1– 3 Objectives: Help the organization to realize the initiatives, part of the roadmap and provide on-going guidance Activities: Expected Deliverables: § Including, but not limited to support for roadmap implementation, e. g. : § Advise with policies creation § Design of data management processes § Vendor selection for specific tools § Design of custom dashboards § Support with project management Based on the support needed Indicative Timeline (weeks)*: To be defined* *Indicative Timeline: exemplary timeline for phase completion, which will be defined additionally based on the project scope and client specifics © Deloitte Bulgaria 2019 13

Deloitte Team & Contacts Professional services and flawless execution Our multi-disciplinary team of dedicated professionals brings extensive experience and expertise with up-to-date market insight. We have supported successfully public and corporate entities with their data maturity, IT and digital capability assessment, and their plans for moving closer to the future. To learn more about how your organization can be transformed, please contact: Dimitar Popov Director Deloitte Bulgaria Tel: +359 (2) 802 3155 Mobile: +359 88 280 1428 E-mail: dpopov@deloittece. com Aleksandar Ganchev Manager Deloitte Bulgaria Tel: +359 (2)802 3317 Mobile: +359 88 280 1355 E-mail: aganchev@deloittece. com Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms, and their related entities. DTTL (also referred to as “Deloitte Global”) and each of its member firms are legally separate and independent entities. DTTL does not provide services to clients. Please see www. deloitte. com/about to learn more. Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax and related services. Our network of member firms in more than 150 countries and territories serves four out of five Fortune Global 500® companies. Learn how Deloitte’s approximately 264, 000 people make an impact that matters at www. deloitte. com. This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the “Deloitte Network”) is, by means of this communication, rendering professional advice or services. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional advisor. No entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person who relies on this communication. © 2019. For information, contact Deloitte Bulgaria. 14