Digital governance — the balance between opportunity and risk

OpenText

By Mike Lord, Vice President, ANZ, OpenText
Monday, 21 September, 2015


Digital governance — the balance between opportunity and risk

CIOs must comply with regulations and minimise risk, while maximising value and building profit.

By 2020, disruptive technologies will be responsible for the production, distribution and fragmentation of vast amounts of enterprise information. The Internet of Things (IoT), for one, is expected to introduce a wave of new data into the enterprise, which will massively increase the amount of information available for analysis by all manner of organisations. In fact, Gartner predicts that the use of the IoT will grow exponentially, with at least 4.9 billion connected devices estimated to be in use this year. By 2020, this number is forecast to hit 25 billion.

As information rises to become the new currency in a digital-first world, executives and IT leaders will be required to develop and execute strategies for information and asset management, including robust capabilities for governance, risk and compliance (GRC). Strategies for managing GRC will help the digital enterprise maximise the value of its information while minimising risk. For many organisations, finding this balance will be critical for survival.

Fundamentally, information and asset management empowers the digital enterprise to put policies and controls in place to address compliance issues, while making critical information available to improve performance and deliver competitive advantage. With regulatory compliance listed as the most significant driver of an information governance program, according to Forrester Research, information governance has never been more critical than now.

Regulatory compliance

In every industry, organisations are under increasing levels of scrutiny to be accountable and transparent. According to Deloitte, Australian organisations spend up to $130 billion in compliance each year, driven by both external and internal factors. Externally, the flow of new rules and regulations across regional, national and international borders is continually intensifying; whilst internally, information is impacted by corporate social responsibility (CSR) pressures. How a company manages its information and operations has a direct impact on profit and shareholder value. Poor management and non-compliance can lead to business losses, financial penalties and even criminal charges.

Yet there are greater benefits associated with compliance beyond mitigating risk and avoiding penalties. Organisations that adopt information governance experience additional advantages, including business continuity; savings on storage and infrastructure; unimpeded knowledge sharing; stronger security and privacy; and the ability to respond quickly and proactively to investigations of all types.

Benefits of digital governance

As the volume of enterprise information increases, so does the need for digital governance to ensure this data is managed, secured and searchable. Moreover, laws and regulatory standards also determine compliance requirements. The heavy asset industry, for one, is increasingly adopting asset management standard ISO 55000 in a bid to strengthen its governance of assets as it prepares for digital transformation. Poor information access can impair the business — and systems that rely on paper are a prime example of this.

Take, for example, the engineering and construction sectors. Infrastructure such as buildings, transportation, power plants and oil refineries has a life cycle that spans decades, creating significant information challenges for the industry. Throughout the life cycle of a project or asset from design, construction and handover to operations, the number of assets that need to be documented, exchanged and referenced can be overwhelming. The application of ISO 55000 can assist organisations in reducing the burden of regulatory compliance and other risks.

Effective risk management

No risk can be mitigated to a 0% likelihood of occurring — so how can the digital enterprise determine which risks to mitigate and which consequences to prepare for? A risk profile helps the enterprise examine the likelihood of identified risks and their potential impact.

If an organisation is a litigation target, it makes very little sense to try and prevent court action. Defensible deletion is a better tactic, as it leads to reductions in discovery costs and legal fees. What this means is that organisations should identify, classify and govern only pertinent information — and eliminate that which brings no business value. Furthermore, keeping every single piece of data also results in higher storage and infrastructure costs. With the dramatic growth in content volume, this approach becomes less tenable.

An added benefit of a defensible deletion program is that it makes organisations more efficient by reducing the amount of irrelevant information that users have to sift through to get work done.

The protection of enterprise information should be holistic, covering all bases to avoid information risks that might violate legislation, cause non-compliance or adversely impact the organisation’s ability to perform. Digital governance allows access to information on a ‘need to know’ basis, while preserving an overall integrated archive of information.

A holistic approach

Digital governance is not just about complying with regulations and minimising risk — it’s about maximising the value of information to create a profitable business. This applies to all enterprise information, regardless of format, function or location. Digital governance doesn’t impede the enterprise’s ability to do good business — it enhances it. Ultimately, it helps the enterprise maintain stakeholder trust, improve transparency into performance and practices, reduce costs related to storage and e-discovery and, importantly, uncover new business opportunities.

To thrive in a digital-first world, the strategic CIO must steward the digital enterprise to meet ongoing compliance regulations and requirements, identify gaps and mitigate risk, as well as properly protect information to minimise risk and maximise value.

Related Articles

Is the Australian tech skills gap a myth?

As Australia navigates this shift towards a skills-based economy, addressing the learning gap...

How 'pre-mortem' analysis can support successful IT deployments

As IT projects become more complex, the adoption of pre-mortem analysis should be a standard...

The key to navigating the data privacy dilemma

Feeding personal and sensitive consumer data into AI models presents a privacy challenge.


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd