Advancing to IG from RIM - VAGARA...Internal Audit . Ethics and Compliance. Data Breach Prevention....

Karen Knight, CCEP

10/18/2019

Advancing to IG from RIMMore than just changing an acronym!

Your Workshop LeaderKaren Knight, CCEP Principal Consultant with Cohasset Associates Former Chief Compliance Officer 25+ years corporate and consulting experience Author and educator 312 718 8855 karen.knight@cohasset.com

2

AGENDA

Information Governance

YOUR IG Program Business Case

The Culture Dynamic

IG Program Implementation

3

Polling Question

4

What is the state of IG in YOUR organization?A. Planning

B. In progress

C. Suspended / frustrated

D. Completed

E. Perfecting / refining

Polling Question

Information Governance

5

The comprehensive, interdisciplinary framework of policies, procedures and controls used by mature organizations to maximize the value of an organization’s information while minimizing associated risks by incorporating the requirements of e-discovery, RIM and privacy / security into the process of making decisions about information.

Source: The Sedona Conference®

6

Information Governance

7

The systematic control of

retention and disposition.

Data Governance

Information Governance

Records ManagementBusiness rules, definitions and

integrity controls to assure data conforms to

precise standards.

How IG fits, and what it isn’t…

Information Lifecycle Management (ILM)

8

Information Lifecycle

Creation or Receipt

Storage, Retrieval and

Use

Protection

Retention

Preservation

Disposition: Destruction or

Deletion

Information develops in a lifecycle

Information must be governed as it develops through each lifecycle phase

Information Lifecycle Management (ILM)

Governed information is…

9

Created to document business actions Captured as authentic, accurate, and

immutable Retained in a safe and secure environment Retrievable by and among business

processes and users Retained as needed or compelled by

business, legal and regulatory requirements Disposed of when eligible or when

required

Governed information is…

10

Facilitates the achievement of organizational goals and objectives Enhances employee productivity Harmonizes recordkeeping principles Promotes information as a critical business asset Simplifies recordkeeping implementations / deployments Sustains collaboration and focus during organizational change Satisfies regulatory requirements Mitigates legal, regulatory and reputation risk

Information Governance

11

Governance Principle How defined in your organization? What is needed?

Creation

Retrieval / Use

Protection

Retention

Preservation

Deletion

Worksheet

IG Program Business Case

12

IG Program Business Case Elements1. Problem Statement2. Rationale3. Pros and Cons4. Sponsorship5. Maturity Assessment

13

A Business Case documents the justification for an undertaking; it convinces a decision maker to approve a certain action.

Problem Statement Examples

A Problem Statement is the description of the issue(s) that must be corrected.

14

1. Information is viewed as output or a by-product; it’s NOT managed as an asset.

2. Information-related actions express as imposition NOT collaboration.

3. Essential records management input is NOT invited on technology / security projects.

4. Information-related policy is disconnected – at times conflicting.

Rationale Examples

The Rationale details the reasons why the problem must be solved. It can also outline what happens if the current state persists.

15

1. Information governance is emblematic of an organization committed to collaboration for the good of its information.

2. An organization’s IG platform is recognized as a competitive advantage.

3. Aligning the information-centric disciplines within an IG framework enhances information oriented and other risk mitigation.

4. Information is one of an organization’s most valuable assets.

Benefits1. Reputation2. Cohesion 3. Collaboration4. Competitive advantage5. Risk mitigation6. Optimized information value

Challenges1. Empire-building2. Entrenched culture3. Competing priorities4. Resource availability5. Resistance to change6. Information volume growth

Pros and Cons Examples

16

A list of Pros and Cons reveal the benefits of the implementation and the challenges it will encounter.

Sponsorship Qualifications

On behalf of the organization, the Sponsor owns the Business Case.

17

1. The sponsor owns the project elements of the Business Case and works closely with the project manager.

2. The sponsor likely already has a recordkeeping role, and may become the IG Program Director.

3. The sponsor identifies and lobbies for the best executive IG Program Tone at the Top.

4. The sponsor is skilled at collaborating with and influencing IG stakeholders.

Business Case Elements

1. Problem Statement2. Rationale3. Pros and Cons4. Sponsorship5. Maturity Assessment

18

Worksheet

19

Business Case Elements

Problem Statement

Rationale

Pros and Cons

Pros Cons

Sponsor

The Culture Dynamic

20

Dynamic: A force that stimulates change or progress.

Culture: The beliefs, customs, behaviors and social institutions of a group.

21

“Managing our information is a battle!”

“Information Governance is wishful thinking.”

We hear it… have you said it?

22

You still believe in

IG Programs?

I asked Santa Claus for

a new IG Program.

23

Culture eats strategy – just ask Peter Drucker.

Culture is powerfulAn organization’s culture can stall or

new ideas.

24

Culture eats strategy – just ask Peter Drucker.

Culture is powerful Culture matters a great deal to successful

and sustainable outcomes. The recognition and care of culture

comes first – and last – it must be thoughtful and on-going.

Organizational Culture Types

25

United we standDiversity

Involvement

Collaboration 1

SystemsCertainty

StandardizationOrder

Control2

CreativityPurposeGrowth

Meaningfulness

Cultivation4

ExcellenceProfessionalism

Continuous improvement

Competence3

Polling Question

26

What is YOUR organization’s culture type?

Polling Question

1. Collaboration

2. Control

3. Competence

4. Cultivation

Worksheet

27

Culture Types Influential Moderate Insignificant

CollaborationInvolvementDiversity“United we stand”ControlSystem and processCertaintyStandardizationOrderCultivationCreativityPurposeMeaningfulnessGrowthCompetenceExcellenceProfessionalismContinuous improvement

Fact or cliché?

28

ToneMood

Buzz

Without tone at the top, forget mood in the middle and buzz at the bottom!

These three phrases were coined in response to a series of major corporate accounting scandals.

Tone at the Top was emphasized in the 2002 Sarbanes – Oxley Act.

Today, the phrases are used beyond accounting, across business settings.

The C-level member most aligned with the premise of IG Chief Compliance Officer Chief Legal Officer (GC) CEO Chair of a Board sub-

committee CIO

Focused and persistent IG support Authorize and announce the IG Program

and its documents Include IG-related content with

organization-wide senior and executive communications Assure IG Program funding and staffing Mandate IG training Add an IG-related question to the annual

Ethics or Compliance Certification Include IG-related responsibilities and

metrics in compensation, and performance or bonus plans

29

…is both the person and their actions

Tone at the Top

Tone at the Top

YOUR pitch to the C-level

30

1. IG supports strategic goals2. The IG investment improves compliance and business

performance3. Statistics correlate increased productivity to information-

related efficiency4. Controlling the increasing volume of information reduces

business, reputation and other risk5. Replay the cause and effect of a recently experienced

information-related mishap

Interdisciplinary Collaboration

31

Facilitates regulatory compliance

Enables information-oriented goal alignment

Supports organizational strategy planning and achievement

Mitigates legal, regulatory and reputation risk

YOUR Organization

32

Ethics and Compliance

Records ManagementInformation Security

Privacy

Legal

Information Technology

YOUR Organization

Risk Management

Data Governance

Internal Audit

Legal Holds

ProcurementBusiness ContinuityInformation Governance unifies for the good of the organization’s information

IG Program Council

33

Information Governance Council

Risk ManagementInternal Audit

Ethics and Compliance

Data Breach PreventionDisaster Recovery

Business Continuity

ProcurementContract Administration

Information SecurityInformation Technology

Data Governance / Analytics

Records ManagementLegal (Litigation) Holds

Legal Privacy

IG Program Implementation

34

• aligned with business goals

• measurable• achievable• simple• flexible

IG Program implementation strategy

Information will be managed asan asset, in accordance with IG policies and standards that are:

35

36

A Maturity Assessment guides advancement from RIM to IG.FIRST 10 Action Items

1. Identify an IG Program executive sponsor

2. Convene an interdisciplinary IG Council and Working Groups

3. Appoint an IG Director and two team members

4. Adopt an aggressive IG Program advancement timeline

5. Develop and implement IG Program Policy and Standards

37

FIRST 10 Action Items

6. Establish IG performance metrics for the IG Program Team and Council

7. Design and mandate IG training

8. Develop and implement a Where to Store and Share Plan

9. Automate deletion across electronic / digital environments

10.Facilitate collaboration using technologies that support sharing

A Maturity Assessment guides advancement from RIM to IG.

Challenges Responses

Training and education IG Council IG Working Groups Program Documents Compliance and Legal collaboration Technology and process Branding Annual attestation

Implementation

Culture Legacy and tradition Staffing and resources Litigation profile Regulatory influencers Systems Turf

39

Balance is crucial

Change Benefit

Sustain momentum

• Tone at the Top

• IG Council

• Seat at the table

• Stakeholder engagement

• Vendor compliance

• Annual attestation

• Performance metrics

Review - Measure - Report

40

Information Governance

RIM

You PlanDon’t allow a crisis to go to waste.

Push, the right amount – but not too hard.

Add value, NOT work.

Cultivate and leverage your Tone at the Top.

Align IG work to support your organization’s most important information.

Collaborate – don’t impose.

Identify friendlies, initiate IG Program advancement with their information.

41

Your questions…

42

Advancing to IG from RIM

Management Consulting Guide domestic and multi-national clients’

advancement to Information Governance Align information lifecycle controls with business

priorities, resulting in: Ongoing regulatory compliance Effective risk mitigation Measurable business efficiencies

Instill change across our clients’ business operations Solve problems (no product sales) Utilize seasoned consultants with 15 or more years

of exceptional experience Participate actively with the Sedona Conference

Education and Training Present at national and international

conferences and seminars Develop client communications and

awareness campaigns Prepare training content for delivery

to executives, management and all employees

Conduct sessions for clients

Cohasset Associates

Effect change by making records management and information governance

concepts actionable

43