Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Karen Knight, CCEP
10/18/2019
Advancing to IG from RIMMore than just changing an acronym!
Your Workshop LeaderKaren Knight, CCEP Principal Consultant with Cohasset Associates Former Chief Compliance Officer 25+ years corporate and consulting experience Author and educator 312 718 8855 [email protected]
2
AGENDA
Information Governance
YOUR IG Program Business Case
The Culture Dynamic
IG Program Implementation
3
Polling Question
4
What is the state of IG in YOUR organization?A. Planning
B. In progress
C. Suspended / frustrated
D. Completed
E. Perfecting / refining
Polling Question
Information Governance
5
The comprehensive, interdisciplinary framework of policies, procedures and controls used by mature organizations to maximize the value of an organization’s information while minimizing associated risks by incorporating the requirements of e-discovery, RIM and privacy / security into the process of making decisions about information.
Source: The Sedona Conference®
6
Information Governance
7
The systematic control of
retention and disposition.
Data Governance
Information Governance
Records ManagementBusiness rules, definitions and
integrity controls to assure data conforms to
precise standards.
How IG fits, and what it isn’t…
Information Lifecycle Management (ILM)
8
Information Lifecycle
Creation or Receipt
Storage, Retrieval and
Use
Protection
Retention
Preservation
Disposition: Destruction or
Deletion
Information develops in a lifecycle
Information must be governed as it develops through each lifecycle phase
Information Lifecycle Management (ILM)
Governed information is…
9
Created to document business actions Captured as authentic, accurate, and
immutable Retained in a safe and secure environment Retrievable by and among business
processes and users Retained as needed or compelled by
business, legal and regulatory requirements Disposed of when eligible or when
required
Governed information is…
10
Facilitates the achievement of organizational goals and objectives Enhances employee productivity Harmonizes recordkeeping principles Promotes information as a critical business asset Simplifies recordkeeping implementations / deployments Sustains collaboration and focus during organizational change Satisfies regulatory requirements Mitigates legal, regulatory and reputation risk
Information Governance
11
Governance Principle How defined in your organization? What is needed?
Creation
Retrieval / Use
Protection
Retention
Preservation
Deletion
Worksheet
IG Program Business Case
12
IG Program Business Case Elements1. Problem Statement2. Rationale3. Pros and Cons4. Sponsorship5. Maturity Assessment
13
A Business Case documents the justification for an undertaking; it convinces a decision maker to approve a certain action.
Problem Statement Examples
A Problem Statement is the description of the issue(s) that must be corrected.
14
1. Information is viewed as output or a by-product; it’s NOT managed as an asset.
2. Information-related actions express as imposition NOT collaboration.
3. Essential records management input is NOT invited on technology / security projects.
4. Information-related policy is disconnected – at times conflicting.
Rationale Examples
The Rationale details the reasons why the problem must be solved. It can also outline what happens if the current state persists.
15
1. Information governance is emblematic of an organization committed to collaboration for the good of its information.
2. An organization’s IG platform is recognized as a competitive advantage.
3. Aligning the information-centric disciplines within an IG framework enhances information oriented and other risk mitigation.
4. Information is one of an organization’s most valuable assets.
Benefits1. Reputation2. Cohesion 3. Collaboration4. Competitive advantage5. Risk mitigation6. Optimized information value
Challenges1. Empire-building2. Entrenched culture3. Competing priorities4. Resource availability5. Resistance to change6. Information volume growth
Pros and Cons Examples
16
A list of Pros and Cons reveal the benefits of the implementation and the challenges it will encounter.
Sponsorship Qualifications
On behalf of the organization, the Sponsor owns the Business Case.
17
1. The sponsor owns the project elements of the Business Case and works closely with the project manager.
2. The sponsor likely already has a recordkeeping role, and may become the IG Program Director.
3. The sponsor identifies and lobbies for the best executive IG Program Tone at the Top.
4. The sponsor is skilled at collaborating with and influencing IG stakeholders.
Business Case Elements
1. Problem Statement2. Rationale3. Pros and Cons4. Sponsorship5. Maturity Assessment
18
Worksheet
19
Business Case Elements
Problem Statement
Rationale
Pros and Cons
Pros Cons
Sponsor
The Culture Dynamic
20
Dynamic: A force that stimulates change or progress.
Culture: The beliefs, customs, behaviors and social institutions of a group.
21
“Managing our information is a battle!”
“Information Governance is wishful thinking.”
We hear it… have you said it?
22
You still believe in
IG Programs?
I asked Santa Claus for
a new IG Program.
23
Culture eats strategy – just ask Peter Drucker.
Culture is powerfulAn organization’s culture can stall or
new ideas.
24
Culture eats strategy – just ask Peter Drucker.
Culture is powerful Culture matters a great deal to successful
and sustainable outcomes. The recognition and care of culture
comes first – and last – it must be thoughtful and on-going.
Organizational Culture Types
25
United we standDiversity
Involvement
Collaboration 1
SystemsCertainty
StandardizationOrder
Control2
CreativityPurposeGrowth
Meaningfulness
Cultivation4
ExcellenceProfessionalism
Continuous improvement
Competence3
Polling Question
26
What is YOUR organization’s culture type?
Polling Question
1. Collaboration
2. Control
3. Competence
4. Cultivation
Worksheet
27
Culture Types Influential Moderate Insignificant
CollaborationInvolvementDiversity“United we stand”ControlSystem and processCertaintyStandardizationOrderCultivationCreativityPurposeMeaningfulnessGrowthCompetenceExcellenceProfessionalismContinuous improvement
Fact or cliché?
28
ToneMood
Buzz
Without tone at the top, forget mood in the middle and buzz at the bottom!
These three phrases were coined in response to a series of major corporate accounting scandals.
Tone at the Top was emphasized in the 2002 Sarbanes – Oxley Act.
Today, the phrases are used beyond accounting, across business settings.
The C-level member most aligned with the premise of IG Chief Compliance Officer Chief Legal Officer (GC) CEO Chair of a Board sub-
committee CIO
Focused and persistent IG support Authorize and announce the IG Program
and its documents Include IG-related content with
organization-wide senior and executive communications Assure IG Program funding and staffing Mandate IG training Add an IG-related question to the annual
Ethics or Compliance Certification Include IG-related responsibilities and
metrics in compensation, and performance or bonus plans
29
…is both the person and their actions
Tone at the Top
Tone at the Top
YOUR pitch to the C-level
30
1. IG supports strategic goals2. The IG investment improves compliance and business
performance3. Statistics correlate increased productivity to information-
related efficiency4. Controlling the increasing volume of information reduces
business, reputation and other risk5. Replay the cause and effect of a recently experienced
information-related mishap
Interdisciplinary Collaboration
31
Facilitates regulatory compliance
Enables information-oriented goal alignment
Supports organizational strategy planning and achievement
Mitigates legal, regulatory and reputation risk
YOUR Organization
32
Ethics and Compliance
Records ManagementInformation Security
Privacy
Legal
Information Technology
YOUR Organization
Risk Management
Data Governance
Internal Audit
Legal Holds
ProcurementBusiness ContinuityInformation Governance unifies for the good of the organization’s information
IG Program Council
33
Information Governance Council
Risk ManagementInternal Audit
Ethics and Compliance
Data Breach PreventionDisaster Recovery
Business Continuity
ProcurementContract Administration
Information SecurityInformation Technology
Data Governance / Analytics
Records ManagementLegal (Litigation) Holds
Legal Privacy
IG Program Implementation
34
• aligned with business goals
• measurable• achievable• simple• flexible
IG Program implementation strategy
Information will be managed asan asset, in accordance with IG policies and standards that are:
35
36
A Maturity Assessment guides advancement from RIM to IG.FIRST 10 Action Items
1. Identify an IG Program executive sponsor
2. Convene an interdisciplinary IG Council and Working Groups
3. Appoint an IG Director and two team members
4. Adopt an aggressive IG Program advancement timeline
5. Develop and implement IG Program Policy and Standards
37
FIRST 10 Action Items
6. Establish IG performance metrics for the IG Program Team and Council
7. Design and mandate IG training
8. Develop and implement a Where to Store and Share Plan
9. Automate deletion across electronic / digital environments
10.Facilitate collaboration using technologies that support sharing
A Maturity Assessment guides advancement from RIM to IG.
Challenges Responses
Training and education IG Council IG Working Groups Program Documents Compliance and Legal collaboration Technology and process Branding Annual attestation
Implementation
Culture Legacy and tradition Staffing and resources Litigation profile Regulatory influencers Systems Turf
39
Balance is crucial
Change Benefit
Sustain momentum
• Tone at the Top
• IG Council
• Seat at the table
• Stakeholder engagement
• Vendor compliance
• Annual attestation
• Performance metrics
Review - Measure - Report
40
Information Governance
RIM
You PlanDon’t allow a crisis to go to waste.
Push, the right amount – but not too hard.
Add value, NOT work.
Cultivate and leverage your Tone at the Top.
Align IG work to support your organization’s most important information.
Collaborate – don’t impose.
Identify friendlies, initiate IG Program advancement with their information.
41
Your questions…
42
Advancing to IG from RIM
Management Consulting Guide domestic and multi-national clients’
advancement to Information Governance Align information lifecycle controls with business
priorities, resulting in: Ongoing regulatory compliance Effective risk mitigation Measurable business efficiencies
Instill change across our clients’ business operations Solve problems (no product sales) Utilize seasoned consultants with 15 or more years
of exceptional experience Participate actively with the Sedona Conference
Education and Training Present at national and international
conferences and seminars Develop client communications and
awareness campaigns Prepare training content for delivery
to executives, management and all employees
Conduct sessions for clients
Cohasset Associates
Effect change by making records management and information governance
concepts actionable
43