No financial value is gained by practising compliance, risk management, disaster recovery and other enterprise defence strategies. They are often simply expenses that eat into the bottom line.
Charles Darwin's theory of evolution would be perfect but for one nagging problem: the missing link. The same has held true for compliance projects. There was little value to be found in them: until now, that is, with the emerging discipline of business information governance (BIG).
BIG, more than anything else, moves companies away from the traditional approach of different stakeholders focusing on their own sector of the business. Just as at the business level, risk management, compliance efforts and other corporate functions often operate as standalone silos. These silos often deal with the same types of information, but because each silo has its own name for the pieces of information, they are treated as separate entities.
While this has resulted in the potential for overlap and duplication with any combination of these silos dealing with the same information, albeit by different names, it has resulted in an equal measure of potential gaps appearing in the compliance perimeter.
Information governance creates a layered approach across business silos, which ties the business unit's need for profitability and efficiency to the enterprise need for compliance and management of risk. For example, in a financial services organisation, corporate banking, credit card, home loans, retail banking and other divisional silos would be meshed with corporate strategy and drivers, business unit or function strategy and drivers, incorporating compliance, risk management, security and other corporate initiatives. Tying everything together with a master plan will ensure that all perspectives of the BIG architecture are met and deliver value to the business.
Compliance and strategy
Legislative compliance will be settled across all business units and business functions while still delivering against the traditional business drivers of profitability, productivity and enhanced customer service. It will factor in legal compliance, corporate governance, transparency and reporting, with necessary links to risk management, and underpinned by information held in company records and documents.
Risk will be highlighted as a key aspect of corporate governance to ensure business continuity, protect company assets, take care of operational risks by factoring in internal processes, people and systems plus external events; documents and records will expose much of the operational risk and e-mail and electronic document risk will be reduced. From an operational perspective, the business will be able to enhance the triple bottom line. Profitability, sustainability, customer service, revenue generation, cost minimisation and employee productivity will improve.
And, according to Gartner: "If internal and external content is not brought under control, time wasted on document-related non-value tasks will increase to between 30% and 40% by 2003." The principle remains as valid today as it did in 2002. A master plan will reduce the time employees spend on non-productive, non-document-centric processes.
Applied in this manner, BIG is essentially finding the area of overlap in three areas: compliance, risk and operations. Adopting an information-centric approach will deliver enhanced business results, as long as it is applied on standards such as the one suggested above.
The value this delivers is seen in its execution. This will unite the information requirements of the different parts of the business, link various business unit requirements, prioritise areas for improvement and ensure that the organisation is in line with the best globally accepted policies and procedures.
The entire framework rests on a solid and reliable inventory of business information. Without this, chaos reigns supreme. You must first ask yourself: do you know that all records are catered for? Only then, apply good retention principles and ensure standardisation across the business for records of the same type. In this way you will turn compliance from a straight cost into one that provides a return.
Paul Mullon, information governance executive at Metrofile