2/20/2013. Information Governance Matters: Real-World Lessons. Real-World Events. Information

Transcription

1 Information Governance Matters: Real-World Lessons Peter Sloan Deborah Juhnke, CRM Real-World Events Information 1

2 Real-World Consequences Information Governance is an integrated approach to: Ensuring information compliance and Controlling information risk, while Maximizing information value. Information compliance is meeting legal requirements for: Records creation, retention, management, disposition Information Compliance Preserving & collecting relevant information for litigation Information protection 2

3 Control Risk Maximize Value Achieve Compliance Internal control is a process, effected by an entity s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives related to operations, reporting, and compliance. COSO Internal Control Integrated Framework, Executive Summary at 20 (September 2012) Internal Control Framework Control Environment Risk Assessment Control Activities Information & Communication Monitoring Activities COSO Internal Control Integrated Framework, Executive Summary at (September 2012) 3

4 Establishing Enterprise Strategic Tactical Enterprise Objective: To maximize information value while satisfying information compliance requirements and controlling information risks. Assess Analyze Act Audit 4

5 Identify Strategic Define Tactical Establish Program Elements Audit for Accountability Assess Analyze Act Audit Identify Strategic Reducing Unnecessary Information Managing Records Protecting Information Preserving Information Strategic Objective: Reducing Unnecessary Information 5

6 Strategic Objective: Reducing Unnecessary Information Dispose of information not required for legal compliance or business need (Control Risk) Reduce creation of unnecessary information (Control Risk) Realize cost-savings through decreasing the amount of unnecessary information (Maximize Value) Define Tactical Performing Root Cause Analysis Identifying Desired End State Prioritizing Tasks Developing Tactics Tactical : Control volume of Control volume of unstructured data in network drives Control volume of off-site paper 6

7 Establish Program Elements Seeking Entry Points Developing Program not Project Enabling Decision making Addressing Culture Information Management Information Asset Map Records Retention Schedule File Plan Policies Processes Training & Guidance People Technology Information Governance Integrated Information Governance Matrix Integrated Information Governance Policies Aligned Personnel & Technology 7

8 Audit for Accountability Establishing Individual Responsibility Collecting Metrics Providing Continued Support Seeking Continued Improvement Metrics: Total volume of Average volume of per user Age of Identify Strategic Define Tactical Establish Program Elements Audit for Accountability Unnecessary Information Root Cause Analysis Records Management Desired End State Information Protection Prioritization Preservation Tactics Seek Entry Points Individual Responsibility Program not Project Metrics Enable Decision making Continued Support Address Culture Continued Improvement Assess Analyze Act Audit 8

9 Real World Lessons Good enough today won t be good enough tomorrow Risk reveals importance Process is paramount Auditing is necessary Accountability must be clear Thank you! Peter Sloan peter.sloan@huschblackwell.com Deborah Juhnke, CRM deborah.juhnke@huschblackwell.com 9