For SOX compliance, we assigned data owners based on Financial Business Processes: Order to Despatch, Despatch to Cash, Procure to Receipt, Receipt to Pay, Fixed Assest, Financal Statement, etc
IT Proposed suitable candidates for the business process as Business Process Owners (BPO) for Excom to approve. BPO also owned the data in their business process.
Defined the roles and responsibilities (R&R)for BPO, including reviewing and approving request for changes in the system, owning the data for their BP (DO), review user list every 6 months, raising forms to inform IT to terminate users when they left the company or transfered to another positions, review audit log of master file changes, etc…
Once Excom approved the BPO listinng and the R&R of BPO, IT called a meeting, present the Excom decidion and explain what they have to do as BPO.
IT inform HR to add BPO to their Job Description
Every changes to BPO, BPO’s boss would inform IT as well as proposed the replacement canidate for Excom to approve.
Hope this helps.