Grappling with Information Governance in a Digital World
Why implementing good data governance should be on every CIO’s radar as a way to reduce risk, ensure compliance and increase business productivity and efficiency
Businesses are literally drowning in data as employees collect, interact with and store more information across an increasing number of platforms. The sheer amount of company data residing in email and core transactional systems, as well as customer sentiments across various social media platforms is – for most organisations – getting increasingly difficult to deal with.
About 2.5 quintillion bytes of information is generated worldwide each day, which means that managing information throughout its lifecycle is more important than ever. To do this well, organisations need to implement good data governance – an approach to managing corporate data by implementing process, roles, controls, and metrics that treat information as a valuable business asset.
CIO Australia recently held a breakfast briefing where business leaders discussed why implementing good data governance should be on every CIO’s radar as a way to reduce risk, ensure compliance and increase business productivity and efficiency. The breakfast was sponsored by OpenText.
IBRS advisor Sue Johnston kicked off proceedings, highlighting why standard approaches to information governance are not working for enterprises.
“The primary focus tends to be the recognition of a best practice and the fact that you need to be compliant. But the results always vary wildly and can depend on a number of things … usually what you think is going to happen, doesn’t. So the organisation doesn’t achieve what is promised,” Johnston told the audience.
“I’ve lived through this and have some scars,” she said.
Improving culture, managing risk, and creating value
A fear of failure and being resistant to change can put the brakes on information governance initiatives, said Johnston.
“Anybody who has done anything in the public service knows there’s almost an art form to saying, ‘I can outlive your new initiative, I can ‘white ant’ you and if I hold out long enough, you will go away and my life will continue.’
Showing leadership and creating the right risk profile are also important, she says.
“If you want to have organisational change, it takes an enormous amount of energy and participation. This means that if you start on something that you have promised at the beginning, you need to execute on that.”
When creating a risk profile for the organisation, a customer’s name and address – which exists in The White Pages – is somewhat less important that what they do, what they buy and how they transact, said Johnston.
“Not all customer transactions are super sensitive and secret. Having a frank and fearless conversation about risk profile is very important if you are a start-up, a government, or bank – whatever it might be.”
Meanwhile, organisations drawing up the business objectives of any initiative need to understand the value they create whether it’s generating revenue or being responsible for the ensuring that the community has confidence in the government, said Johnston.
She says the Australian Bureau of Statistics’ Census failure last year “probably put electronic voting back 10 years.”
“They [the ABS] started to capture name and address details and there was huge community backlash against that. So they captured it [data] and spent the next little while saying, ‘We won’t use it for anything we shouldn’t use it for and trust us. But the website crashed on the day of the census!”
“If you are running a private enterprise, your value creation is what you deliver and how you deliver it. If that isn’t the first conversation you are having, it probably needs to be because it’s what gets people engaged rather than going to the CEO and asking them to say to staff, ‘look, you need to be compliant,’” said Johnston.
During a panel session at the breakfast, Joshua Bartlett, southern region manager at OpenText, said organisations are often confused about how to start their information management initiatives and how they can best engage staff.
“Tackling this as a large-scale transformation comes with a lot of challenges. Getting the right engagement with everyone in the business – not just IT – tends to be the number one barrier we are seeing for information governance to be deployed effectively,” he said.
Organisations are also often concerned about information governance projects potentially failing, he added.
To address these issues, OpenText is working with its customers move to cloud and service-based models that enable them to execute on information governance projects quickly and fail fast if they need to, said Bartlett.
“Organisations need to be able to deliver things quickly in a very iterative fashion while delivering value to the business. Under this are all the aspects of information governance, which are typically compliance-related activities.”
“But more importantly, it’s about providing a platform for the business to execute on their processes – whether they are in government, commercial, mining, whatever industry – it’s about extracting value and optimising services you deliver for internal and external customers.”
A case study in good data governance
MMG is a $13 billion global mining firm on a growth path. Historically, the organisation’s documents – mainly dealing with organisational standards, policies and procedures, were sitting in shared drives at each of its locations unused and unexamined.
According to MMG’s CIO, Peter McLure – who was a panelist at the breakfast – this presented as big challenge: critical documents such as engineering drawings were often difficult to find.
This potentially created situations where workers were not observing certain standards and procedures. In the absolute worst case, this could mean that a staff member is injured in a mine or even killed.
“This leads to a regulator coming in and saying, ‘your management system is defective because it doesn’t provide the right procedures for your workers.’”
McLure recalled a time when having more advanced information governance processes in place would have been useful.
“I remember one of our mines in Tasmania – Rosebery – there was some activity around exposure to lead in the community. We didn’t always own Rosebery – one of the oldest mines in Australia – if you look at what happened there, the lead that was sitting in tail ends or various stores was not bioactive and we could probably prove that. But to track down all the environmental measures, the sampling programs – the documents that show we were continuing to sample and prove that our exposure to the community was not harmful was difficult.”
“We had hundreds of title deeds for various things in Tasmania over time and trying to find those was very difficult as well. Often you find it’s just an exercise in hard work and discovery.”
In 2014, MMG set up a new globally-accessible and scalable information repository based on Microsoft SharePoint and OpenText technologies. The rollout is enabling MMG to standardise its processes and ensures engineers and other staff are using the same policies and procedures.
“We also wanted to make sure that we had the right kinds of linkages to our suppliers through a common procurement platform and a common approach to safety management, hazard detection and various other things,” said McLure.
The OpenText information management solution is also connected to MMG’s new SAP environment, he added.
“So when our maintenance person is doing an inspection or fixing a truck or something else, the work instructions come from the OpenText and that ensures that work is done in a safe and appropriate way.”
“I can’t say that we’ve solved every problem or have total compliance on every nirvana state you could define. Frankly, like everyone else, a lot of our business critical documents start off in email somewhere.”
“It’s always a great mystery to me how a document that starts in email ends up in an authorised repository – someone has to do something. Someone running a large engineering project would do that but the average person in the organisation neither has the time or discipline to do that so some critical documents do stay in email.”
Still, all of MMG’s critical standard, policies and construction documents as well as a vast number of engineering drawings are now in a central OpenText repository.
“Over time, we want to make the authorised repository so easy to use that people naturally gravitate to it,” McLure said.
This article appeared in CIO magazine on the 5th of May 2017 and is published with the permission of OpenText.