Welcome the Ark Information and Data Governance Connected Forum.I am here on behalf of Deloitte to talk about both WRITING and IMPLEMENTING information governance policy and am why it is of ever increasing importance.I am part of the Strategy & Operations practice here in Sydney as come to you today as a bit of an ‘Eddie Macguire’ or ‘Who wants to be a Millionaire theme’ not because I am out leaking Deloitte’s IP across the globe and making millions but because today I am representing my Enterprise Information Management colleagues who like a number of you today are experts in the field of Information and Data Governance and therefore when it comes to Question time, there a bit of ‘ask the audience’ or ’50:50’ and if I still can’t lock it in... Of course the good old ‘phone a friend’ when I can get in touch with either;Andrew FordBelinda FouldsWho are some of my director colleagues from Canberra and MelbourneBut on their behalf I am going to;Set the scene of today’s information environment looking at both where we are and where we are goingStep through the benefits of having a well implemented information governance Run through the ever topical Wikileaks case study that highlight the risk associated with not adopting structured and comprehensive information and data governance4. And then tie all together with how we at Deloitte help organisations prevent their own ‘Wikileak’ whilst ensuring staff are empowered with enough information to work effectively.
So what is on your to do list and what are the challenges we face.The opportunities we have all seen many times over what social media can achieve and most of us our grappling with how we can share in the benefits and the growthHow do we do this in a controlled but effective way?And finally, How far is too far where exposure to the risks outweigh the benefits?
So first of all a word from our sponsor…Deloitte is a global consulting firm, currently ranked #2 in the world by Kennedy Research.We have world wide presence and con comfortably and proudly wear our ‘sliver’ medal but as our Global growth rate signifies, we have ‘gold’ medal aspirations.What makes Deloitte unique is that our services span right through from;Strategy,Through operations,Into implementation, andOnto Outsouringmaking us an end to end solution.This is an attribute that very few of our competitors can offerr and our broad selection of clients are a testament to this.
Not only are Deloitte dedicated to providing high quality authentic client services in Enterprise Information Management Space but we also -Practice what we preach.We not only advise on and deploy Enterprise 2.0 solutions to our clients but use a broad range of them in our service delivery including;D Wiki for employees to collaborate on client engagements and internal activities through the DWiki knowledge sharing portalAndDeloitte Innovation where rather than collating knowledge and experience we collect ideas and foster innovation for both client and internal initiatives
Now I am actually a trained pharmacist so when we sat down and Pete Williams one of the Deloitte knowledge leaders in Enterprise Information management told me we needed to talk about ‘Clomosoda’I thought one of our pharma companies had come out with a new product line that was a Adrink you might have to have if you get a particularly unpleasant diagnosis?* But no – CLOMOSODA is affecting all of us and is the;Migration towards the cloudThrough the use of mobile technologyBringing together social mediaTherefore creating cast quantities of data
I think this is quite and interesting picture, it give a 20 year picture of the net, albeit in a slightly nauseating array of colours.It captures volume changes in net usage patterns and paints a strong picture of what is to come which is reallyVideoVideoVideoAnd this is not just apparent in the data but is echoed when we are out with are clients like Telstra who see this and the direction of tomorrow.
So it is here to stay;-there are over 1.9billion people in the global online population and this is growing exponentially-it is in our pocket and we are 24/7 users – who here can’t admit to checking their emails from bed or worse still in the middle of the night before even saying good morning to their partners-however it is social, it is no longer about work communication or being locked away playing computer games it is about interaction and it probably connects you with more people more efficiently that actually getting out to a cocktail party.
So why is it important ?* Firstly, it is hard to believe but email is yesterday – social media is going to take over* Secondly, adoption of smart phones is on the up and with them come apps that we need understand and inform* Thirdly, the impact is enterprise wide with team working trending towards organisational working* Next, this is not just work it is social so the desire to get involved is higher* And, this brings with it the risk is not managed appropriately
Social Media eco system: or view on the structure of Social mediaToday : focus how do organizations (companies) utilize Social media for its customer relationship* It is also important because of vendor packaging and how features are being bundled to streamline implementation and integration costs* It is essential to cope with the volume of information and ensuring relevance in display and search* It is required for monitoring and demonstrating compliance to the regulators around what we are doing and how we are doing it* It is important as communities develop outside of the org chart that grow and change organically* And, lastly is can happen passively and in small discrete elements such microblogging but the impact is till huge when you play the volume game
So what is Social Media??Social media is the use of electronic and Internet tools for the purpose of sharing and discussing information and experiences with other human beingsIt is user generatedIt is controlled by them not us it is about interaction and dialogue so 2 way rather that oneAndI it embraces the wisdom of the crowd and created collective value
This slide is an attempt at a summaryof what is out there.They can be catergorised in a number of different ways some are open and some are closed, some perform different functions and others appeal to different markets.And I guess this is probably a good time for a bit of ask the audience as we think to ourselves, which of these impact my organisation. which of these are we adequately protected with regards to the proliferation of employee activity- Do we know what they are using it for? Declaration of Open Government Office of Information management started in November 2010 Commissioner of Office’s key responsibilities is to implement default position of publishing rather than protection
This slide digs a bit further it articulates not just where we are going with social media over on the RHSBut also showsHow it is different? From traditional media* Not only are the characteristics different but you see the extra arrow
Pick key words;---
Declaration of Open Government Office of Information management started in November 2010 Commissioner of Office’s key responsibilities is to implement default position of publishing rather than protection
Behavioural, cultural, technological measures... Get people thinking differently!What could have been done to prevent WikiLeaks?- 1 in 2 million risk that happened- All because there was a change in the risk management framework after 9/11 rather than having it siloed
- Information sharing was the big driver.- In order to meet this challenge there was a move away from need to know toward an obligation to share
Required changes in the Budget---
Vision by former director Mike McConnel who said silos need to be broken-information shared seamlessly
ToolsA-space = who set of communities of practiveIntellipedia = wikipedia within intelligence communityProblem emergeedbecuase of unvetted access to these spaces by one officer in iranCrossed the the DNV to Julian Assange
Move way from need to know to obligation to provide* Talk about the arrows Enterprise sharing vision Agency centric to enterprise centric
Governance is the most important building blockWikileaks is governance not tight enoughCase study summary and key learning1. Whilst understandable to see why we need to move the pendulum has swung too far2. US state official has said pendulum needs to swing back, therefore more command and control is expectedLessons are here for organisation around reputation of a company.If there is malicious intent and has information that can damage you it
We have a framework and it is equally applicable to tradition and social media and these are the components
Once we have framework we need to implement* Focus on actions
1. Social Media: the Good, the Bad and the UglyThe importance of Information Governance in the digitally networked age<br />India Hardy for Deloitte<br />Ark Conference: Information and Data Governance (Sydney)<br />14 December 2010<br />
2. How can companies today:1. Exploit the value of collaboration tools such as social media?2. Manage the right balance between ‘need to know’ and ‘obligation to share’?3. Minimise the risk of inappropriate sharing of company information through effective governance? <br />
3. What’s happening?<br />
4. Deloitte is one of the leading global strategy consulting firms with a broad international Social Media expertise.<br />Worldwide Presence<br />Leading Global Strategy Consulting Firm*<br /><ul><li>More than 165,000 employees in 140 countries
5. More than 50% of the world’s biggest companies work with Deloitte
6. Corporate Finance
7. Tax</li></ul>Four service areas<br /><ul><li>Audit
8. Consulting</li></ul>Strategy<br />Operations<br />Implementation<br />Outsourcing<br />McKinsey<br />BCG<br />Bain<br />Roland Berger<br />Booz<br />Oliver Wyman<br />A.T. Kearney<br />Deloitte<br />Accenture<br />CapGemini<br />IBM<br />Bearing Point<br />Uniquely Combining Strategy and Operations<br />Selection of global Enterprise 2.0 and Business 2.0 clients<br />* Global Consulting Marketplace 2009, Kennedy Consulting Research, Statistics based on different fiscal years<br />4<br />
9. Deloitte walks the talk – by deploying Enterprise 2.0 tools which positively impact collaboration, communication and knowledge sharing.<br />Deloitte Internal Social Media Projects<br />D Street<br />Official social networking sites where practitioners connect with others<br />Social Media Community of Practice<br />Global forum for the contribution and exchange of information, knowledge and experience about Social Media<br />D WikisUsers collaborate on a variety of work from client engagements to internal activities<br />Gartner: D Street Case study<br />Socialcast<br />Unofficial social networking site where global practitioners connect and discuss about trending topics<br />Deloitte Microblogging via YammerDeloitte’s microblogging platform (based on Yammer) grows rapidly in terms of signups and usage, currently containing 1,883 members and 5,812 messages.<br />Deloitte Innovation <br />An innovation portal was established to collect ideas and facilitate cross-department collaboration<br />5<br />
10. Major trends in a word:<br />‘Clomosoda’<br />Cloud + Mobile + Social + Data<br />
11. The way we use and interact with the web is in a constant state of change.<br />
12. Today the web rules our world – from the way we move information, to the way we consume content.<br />The web is social.<br />Global online population is 1.9 billion.<br />Today we carry the internet in our pockets.<br />
13. The ongoing integration of Enterprise 2.0 into business software demonstrates the increasing role of Social Media in companies.<br />1<br />Increasing social networking use will replace e-mail usage <br />Social networking services will partly substitute e-mail as the primary vehicle for interpersonal business communications, as social networking will prove to be more effective than e-mail for certain business activities such as status updates or internal communication<br />4<br />Enterprise platforms get a social layerA growing number of established software vendors include Enterprise 2.0 features into their product lines, driving the implementation of Social Media tools in large corporations<br />2<br />Employees’ adoption of smart phones will rise constantly<br />Firms can expect and have to react to getting increasing adoption and use from smart phoneapplications by all but especially younger employees<br />5<br />3<br />Social computing policies become increasingly important<br />Multiple options of informal information sharing through Enterprise 2.0 applications include the risk of information leakage and PR disasters requiring strict policies that define the purpose and usage of Enterprise 2.0<br />Intranet is becoming the single entry point to Enterprise 2.0 platforms<br />While the current usage of Social Media tools is often limited to small, disconnected teams without a broader enterprise strategy, the ongoing, integrated implementation of Social Media into corporate organizations will make the intranet the enterprise wide single entry point for Enterprise 2.0 applications, favored also by the growing options for customization of the starting site<br />Source: Deloitte Research, Forrester, Gartner<br />9<br />
14. Further growth and trends will reshape the importance of Enterprise 2.0 in coming years.<br />6<br />9<br />Increased bundling of Enterprise 2.0 tools<br />Companies benefit from growing Enterprise 2.0 feature-bundlings of vendors, as they reduce implementation, integration and licensing costs<br />Rising need for community management<br />To efficiently manage moderation, administration and participation of social communities as well as to foster in the initial engagement with employees, a centralized community management gets increasingly important<br />7<br />Increasing relevance of social search functions, analytics and filtering<br />To benefit from the growing volume of information available through Enterprise 2.0 tools, search functions and filtering of information becomes the key to make Enterprise 2.0 an efficient working tool<br />10<br />Microblogging will be subsumed as a feature in enterprise social software suites<br />Enterprises will increasingly use activity streams including microbloggingbut prefer integrated software solutions over stand-alone enterprise microblogging services<br />8<br />Automated compliance monitoring as an increasingly important feature of Enterprise 2.0 <br />Especially public companies and regulated industries where the usage of Enterprise 2.0 contains the problem of detecting local and foreign compliance violations, benefit from automated compliance monitoring as a feature of Enterprise 2.0 software solutions<br />Source: Deloitte Research, Forrester, Gartner<br />10<br />
15. Introduction tosocial media and Gov2.0<br />
16. Social media refocuses the organisation on to the individual, and can open transparent dialogue across boundaries.<br />“Social media is the use of electronic and Internet tools for the purpose of sharing and discussing information and experiences with other human beings” – Wikipedia.com<br />Social media shifts focus from the organisation to the users. Social media can be best described as:<br /><ul><li>A paradigm shift to user-generated content: text, images, video or audio created by users of a service and published on that service, such as videos on YouTube. Social media encourages dialogue, and users’ input into these dialogues may take a variety of forms.
17. Extending the control and flow of information to the users and communities that consume it. Personalisation, customisation and rating and reviewing content are some ways that information is being managed by consumers.
18. Opening new channels of communication to drive interaction and dialogue. Older models of one-way broadcast communication are being enriched with technologies which encourage dialogues and ongoing communication between parties.
19. Embracing collaboration and “wisdom of the crowds” for collective value. When presented to a larger audience, complex problems can be approached from a multitude of ways, and group decisions offer improved satisfaction for end users.</li></ul>Amazon encourages users to provide feedback on products being sold, feedback which helps other users make purchasing decisions<br />BigPond uses Twitter to respond to customer concerns and trouble-shoot technical difficulties<br />Source: Deloitte research<br />12<br />
20. Understanding how social media tools and technologies can be used for different purposes helps structure collaboration.<br />Social media includes an ever-growing range of technologies and tools – and choosing the right platform is crucial to ensuring success.<br />Source: Deloitte research<br />13<br />
21. The move from traditional media to social media affects the relationship between the content publisher and the audience. The top-down relationship is updated with a collaborative, two-way relationship, characterised by a dynamic, personal experience.<br />Social media<br />“Engage the individual”<br /><ul><li>Flexible
24. Engaged users
25. Top-down, bottom-up, and lateral</li></ul>E.g.: social bookmarking tool, showing popular news articles and allowing commenting on them<br />Traditional Media<br />“Interrupt the mass audience”<br /><ul><li>Structured
27. One size fits all
28. Passive audience
29. Top-down, one-directional</li></ul>E.g.: newspaper publishing, providing one structure and content of news for all readers<br />Organisation<br />Organisation<br />Versus<br />Push<br />Pull<br />Provide<br />Push<br />Mass audience<br />Targeted<br />participative <br />audience<br />Power lies with: users, communities, and experiences<br />Power lies with: institutions, platforms, and technology<br />Source: Deloitte research<br />14<br />Shifting from traditional media models to social media models creates a new engagement model. <br />
30. Understanding Gov 2.0 – adopting a truly collaborative approach.<br />“Government 2.0 involves a public policy shift to create a culture of openness and transparency, where government is willing to engage with and listen to its citizens.” – Engage: Getting on with Government 2.0.<br />Gov 2.0 refers to how governments can use the power of Web 2.0 tools – including social networking, wikis and blogs – to change the way they operate, in three main areas:<br />The relationship with the audience/users is most relevant. Improving engagement through Gov 2.0 provides specific benefits :<br /><ul><li>Integrating dialogue in the task of sharing information with the individuals and communities who consume it, allowing two-way transparency and responsiveness, and helping audience understand information provided.
31. Offering additional and varied methods of engaging with individuals and communities, driving active participation and engagement in the activities of government, and receiving feedback on effectiveness of these activities.
32. Opening up public sector information (PSI) for wider usage, identifying data reuse, repurposing and republishing opportunities which can drive new knowledge and insights, and increasing accuracy, efficiency and effectiveness of activities which draw upon PSI.
33. Creating new and improved opportunities for establishing connections between previously separate entities, leading to opportunities for improved processes, simplification of paths of communication, and increased information sharing and discussion.</li></ul>Source: Deloitte research<br />15<br />
34. Other government Gov 2.0 engagements.<br />Other governments and organisations around the world are engaging in social media for Gov 2.0 purposes, breaking down barriers to communication and encouraging citizens to share their thoughts and opinions.<br />16<br />
35. Australian Gov 2.0 documents.<br />The Australian Federal Government has led the world with their ground-breaking research into Gov 2.0, “Engage: Getting on with Government 2.0”. This and other documents are listed below for further reading.<br />17<br />
36. Case study:Risk Management Framework deployed for the US Intelligence Community<br />
38. Markle Foundation<br />Government<br />Accountability Office<br />WMD Commission<br />Report of the Inquiry intoAustralian IntelligenceAgencies (Flood)<br />9/11 Commission<br /><ul><li>Provide incentives that promote information sharing
39. Bring the national security institutions into the information revolution
40. Create decentralized, trusted information networks across the federal government
41. Build a networked community for homeland security
42. Reduce gaps across federal agencies and with state and local government and the private sector
43. Create horizontal information sharing and integration
44. Need for improved coordination across information sharing initiatives
45. Acknowledged that information sharing is a ‘High Risk Area’ for the U.S. Government
46. Improve federal-state-local arrangements
47. Create a single focal point for information sharing under DNI
48. Establish uniform standards and break down policy and technical barriers
49. Expand beyond Intel Reform to share all intelligence, not just terrorist-related data
50. Communication between agencies is extensive and constructive
51. Division of effort between assessment agencies needs refinement and contestability better managed</li></ul>Information<br />Sharing<br />Focus<br />Examine failures in uncovering the 9/11 plot owing to poor information sharing across agency boundaries<br />Study the nature of information sharing with an emphasis on decentralized, trusted networks<br />In several reports, assess progress toward improving information sharing in intelligence, HLS, and CIP<br />Analyze the sharing and analysis of intelligence leading up to the second Iraq War<br />Provide advice on the current division of labour among intelligence agencies and communication between them<br />MajorFindings On<br />Information<br />Sharing<br />Quotable<br />“The biggest impediment to all-source analysis is human or systemic resistance…”<br />“Every day our LE and intelligence agencies…and private companies receive information that might be relevant to uncovering a terrorist plot…”<br />“The DNI could take an important, symbolic step of jettisoning the term ‘information sharing’ in favor of information integration or access”<br />“In developing a new architecture, the IC should review architectural principles and seek to maximise the opportunities for collaborative intelligence across the community”<br />“In the absence of comprehensive information sharing plans, many aspects of homeland security information sharing remain ineffective and fragmented”<br />The need for better information sharing across Intel agencies has led to the adoption of a number of information sharing strategies.<br />Source: ODNI/CIO, Joint IC/DoD Data Services: Addressing the Challenge of Transforming Enterprise Information Sharing, 27 May 2008; and Flood Review (July 2004)<br />
52. Dimensions<br />The US IC has determined that there are a number of constraints that need to be overcome to enable better information sharing.<br />Policy<br /><ul><li>Policy doesn’t exist to enable information sharing through common data and interface standards
53. Certification and Accreditation are complex and lead to information stove-pipes
54. Current Security Policies are focused on a “Need to Know” paradigm which provides limited support for the unanticipated user
55. A complication exists for Commonwealth partners where there is a need to operate in accordance with the policy, legal and technical channels established under agency-agency counterpart arrangements</li></ul>Process<br /><ul><li>Limited governance process in place to ensure IC-wide controls are in place for reusable services and data standards
56. Current CM processes are based on independent systems and source code with minimal external system dependency tracking
57. Process gaps exist between the IC and Defence which is impeding information sharing across boundaries</li></ul>Budget<br /><ul><li>IT Portfolio Management and Budget decisions are based on multi-year acquisition programs which are resistant to change
58. Operations and maintenance costs are a rising percentage of the budget
59. Duplicate data entry and manual data reconciliation create higher labor costs
60. Integrating data stovepipes is expensive</li></ul>Technology<br /><ul><li>Differences in architectural platforms make it difficult to re-use existing systems in traditional architectures
61. Information cannot be securely discovered and consumed outside of the controlling institution, and often cannot be discovered within
62. Analysts often have no mechanism to search across multiple data sources, aggregating the data to run through applications and other processes</li></li></ul><li>The DNI Information Sharing Strategy articulates a technical vision for closer integration and collaboration across the US IC.<br />“The existing agency-centric IC must evolve into a true Intelligence Enterprise established on a collaborative foundation of shared services, mission-centric operations, and integrated mission management, all enabled by a smooth flow of people, ideas and activities across the boundaries of the IC agency members…This must be built on a robust information infrastructure, based on a culture of information sharing, and supported by a range of common services”<br />“The information sharing strategy is focused on developing a ‘responsibility to provide’ culture in which we unlock intelligence data from a fragmented information technology infrastructure spanning multiple agencies and make it readily discoverable and accessible from the earliest point at which an analyst can add value”<br />Former Director of National IntelligenceMike McConnell<br />VISION: “An integrated intelligence enterprise that anticipates mission needs for information by making the complete spectrum of intelligence information available to support all stages of the intelligence process”<br />
63. This is a snapshot of some of the Social Media tools currently being deployed across the US IC.<br />National Intelligence Priorities Framework (NIPF)<br />Integrated Collection & Analysis Requirements System (ICARS)<br />Executive Intelligence Summary (EIS)<br /><ul><li>Means to capture issues of critical interest to senior IC customers and communicating those issues to the IC for action
64. Updated semi-annually providing a common foundation from which IC managers can make collection and analytical resource decisions
65. Provides a common environment for nominating gaps, researching whether those gaps are already covered by existing requirements, and if not, enabling the creation of new requirements for submission.
66. Piloted in Aug 08 and made available via a standardised web service
67. Daily, web-based compendium developed by ODNI on the JWICS to summarise relevant, high-quality finished analytical products from across the IC and organised either by issue or region
68. Now contains automated ingests from European Command & Central Control, DHS, DIA and CIA</li></ul>A-Space: Enriching analysis<br />Intellipedia: Collaboration through Wikis<br /><ul><li>A common collaborative workspace for IC analysts, providing a shared access to corporate data and to numerous databases maintained by individual IC organisations
69. Configured as special enclave in JWICS, and accredited to handle HUMINT CS and sensitive COMINT, open to over 9,000 analysts
70. IC version of Wikipedia available on TS/SI/TK/NOFORN via JWICS, SIPRNet and at unclassified level
71. Now containing over 40,000 registered users and 349,000 active pages</li></ul>Analytical Resources Catalogue (ARC) and Analyst Yellow Pages<br />Library of National Intelligence (LNI): Making discovery easer<br /><ul><li>ARC is a database on JWICS maintained by ODNI that captures basic contact data on IC analysts as well as information on skills, expertise and experience. Yellow Pages is a classified web-based phonebook derived from the ARC.
72. ARC has updated data for over 18,000 analysts and is being further developed into an IC Capabilities Catalogue (C3)
73. Authoritative IC repository for all disseminated product, regardless of classification
74. Launched in Nov 07, currently holding 750,000 products, growing by 20,000 products per week</li></ul>Catalyst: Linking disparate and dispersed data to aid intelligence discovery, analysis and warning<br /><ul><li>Relies on tagging data entities including such items as time, location, person names, etc in the raw intelligence, and linking this to metadata used by multiple IC agencies
75. Multi-INT experiment currently underway to address metadata sharing, a common semantic ontology, and linking to indexed content in LNI and A-Space</li></ul>Source: ODNI/CIO, Analytical Transformation, Unleashing the Potential of a Community of Analysts, September 2008<br />
76. At the heart of this approach is a need to move from a ‘need to know’ culture to one where there is an ‘obligation to provide’.<br />VISION: “An integrated intelligence enterprise that anticipates mission needs for information by making the complete spectrum of intelligence information available to support all stages of the intelligence process”<br />Strategic keystones, goals & objectives<br />Strategic keystones<br /><ul><li>Intelligence retrieval and dissemination moves toward maximizing availability
77. All intelligence is discoverable and all intelligence is accessible by mission
78. Sharing requires greater trust and understanding of mission imperatives
79. Developing a culture that rewards information sharing is central to changing behaviours
80. Creating a single information environment (SIE) will enable improved information sharing</li></ul>Strategic goals& objectives<br /><ul><li>Institute uniform information sharing policy and governance
81. Advance universal information discovery and retrieval
82. Establish a common trust environment
83. Enhance collaboration across the IC</li></ul>The ‘responsibility to provide’ culture is predicated on managing risks associated with the ‘dynamic tension’ between mission effectiveness and unauthorised disclosure of sensitive information.<br />Source: ODNI United States Intelligence Community Information Sharing Strategy, February 22, 2008<br />
84. Governance is an important part of the building blocks needed to address the multiple dimensions of the information-sharing challenge. <br />Degree of difficulty:<br />Easy<br />Hard<br />Transformational impact on the IC:<br />None<br />Large<br />Building Blocks<br />Key Questions<br />Description<br /><ul><li>Who are the program stakeholders?
85. Is there a clear value proposition among partners, i.e., quid pro quo or negotiated trade-offs? Are MOUs or service-level agreements required?
86. Have common needs and objectives been identified?
87. What do customers/stakeholders expect of the organization?</li></ul>Oversight and leadership that helps govern information sharing. How managers drive initiatives within organization and in cross-agencies. Standards and guidelines to ensure a consistent approach.<br /><ul><li>Are laws in place that authorize, mandate and/or enable the organization to share?
88. Do laws/regulations impede or constrain the organization/ people from sharing?
89. Are privacy and civil liberties sufficiently protected?
90. Is the organization in compliance with current laws? </li></ul>National policies, internal policies, rules of engagement, standards, and role of players internal and external to the organization.<br /><ul><li>Is there a common language or taxonomy and system for organizing, identifying and searching?
91. Can participants push and pull data?
92. Is the system accountable and auditable?
93. Are tools/mechanisms available to manage identities, authorize and authenticate users, and ensure confidentiality?</li></ul>The technology, systems, and protocols that provide the platform for enabling the sharing of information and that address security and privacy issues.<br /><ul><li>How is the organization structured?
94. Does the organization communicate across all levels?
95. How does the organization adapt to change? How responsive is the organization to stresses and opportunities?
96. How are decisions and conclusions reached? </li></ul>The organizational approach and philosophy around sharing information and its ability to ‘realign’ and adapt as circumstances change.<br /><ul><li>Has sufficient funding been appropriated to support the initiative?
97. Have incentive structures been developed?
98. Is the funding reaching the appropriate level within the enterprise to fully implement the sharing program?
99. Who funds/should fund the initiative, i.e., public, private, or a combination of the two? </li></ul>Ability to obtain and provide resources for information sharing initiatives and external pressures (e.g., budget) that influence how resources are allocated and managed.<br />
100. Deloitte’s Data and Information Governance Framework<br />
101. Information Governance – a framework for business aligned information management. <br />Information governance can help organisations to share information securely, in a trusted and considered way, whilst delivering direct business benefit.<br />Implemented successfully, effective Information Governance will enable an organisation to:<br /><ul><li>maximise their ability to exploit information assets – ultimately driving greater fact based decision making and insight
102. embed effective structures and processes to actively monitor, improve and protect information
103. promote a common understanding of the enterprise’s assets to enable information to be effectively repurposed
104. leverage technology to support the monitoring and management of information assets </li></ul>Information governance is not only about technology, it is <br /><ul><li>a business driven initiative to effectively control and manage business information – ultimately focused on quality data
105. focused on driving accountability across the enterprise from the top down
106. strategic and therefore linked to continuous improvement programs – it is not a once off project to fix data quality </li></ul>“Many enterprises lack a framework to ensure business alignment with their information management (IM) strategies. Yet sound strategy is critical for prioritizing IM investments. Business issues driving the urgency for a revitalized strategy include a renewed effort to use information as a strategic asset” – R. Karel & J.G. Kobielus, Forrester Research 2009<br />
107. Information Governance – information moves around an organisation like a currency, creating an economy that requires regulation.<br />The impetus for undertaking information governance initiatives may vary between organisations - from poor data quality, changes to the regulatory landscape, to just “we need a better way to manage our documents” – however, the ultimate benefits delivered are the same. <br /><ul><li>IT initiatives typically spend in the order of 30% - 40% of their effort sourcing and transforming data - effective information governance can halve data management effort
108. Significant decrease in operational effort to produce accurate reporting across functions
109. Without a coordinated approach to data,technology platform work remains fragmented and delivers only a fraction of planned benefits
110. Effective data governance will reduce complexity and increase transparency of data dependencies to better serve customers
111. Deliver immediate improvement in marketing campaign effectiveness
112. By combining data governance and integrated branch data, a leading Australian Bank publically claims a doubling of the number of customers served in under two minutes
113. More effective sharing and reconciliation of data across functions (e.g. Finance, Asset Management) – reducing manual manipulation
114. A lack of effective governance will propagate resource dependencies ultimately degrading operational efficiencies gained through enterprise application delivery
115. Link enterprise data to enterprise KPIs – e.g. “How does my department support doubling EBITDA?”
116. Greater ability to leverage information across multiple business domains to gain enterprise insight
117. Improved transparency of information will enable effective risk management – all decisions are made on shared facts not interpretation of information </li></li></ul><li>Embedding a culture of ownership and accountability for information isn't simple – success is based on a number of key factors. <br />Embedding an effective Information Governance capability <br />Establish continuous and visible executive support from Information Technology and Business<br />Design a lean and pragmatic governance structure <br />Start conceptually – don’t focus on organisational charts <br />Ensure a strong and continued focus on Communications and Change Management - training is essential <br />Focus on the process and people aspects first – you can’t retrofit your organisation around technology solutions<br />Be prepared to sell the benefits <br />Ensure the right balance of resources – they should span operations, technology and improvement <br />Conduct a phased rollout of Governance Capability<br />
118. Early and visible support from the executive is essential and will ensure the commitment within the enterprise from the outset.<br /><ul><li>Champion the strategic importance of data governance across senior business and technology stakeholders
119. Ensure early, sustained and visual buy-in – Information Governance must be driven top-down </li></ul>Establish continuous and visible executive support from Information Technology and Business<br /><ul><li>Focus on defining key governance capabilities and requirements first
120. Early attempts to depict organisation charts tend to distract people from required practice and behavioural changes necessary for data governance to be effective</li></ul>Start conceptually – don’t focus on organisational charts <br /><ul><li>Technology alone will not solve people and process problems
121. Focus on the key processes and interaction points of Information Governance and drive the need for technology to enable and automate key activities </li></ul>Focus on the process and people aspects first – you can’t retrofit your organisation around technology solutions<br /><ul><li>Initiatives must bring together a the right mix of operational, technology, continuous improvement and change management resources
122. Close engagement with IT is necessary to ensure that decisions or strategy are cognisant of information architecture, technology tools and standards, and systems</li></ul>Ensure the right balance of resources – ensure they span operations, technology and improvement <br />
123. Deploying governance requires tact – change management and quick wins will be critical in building a sustainable capability. <br /><ul><li>Aim for the least number of data owners possible – the more regional and departmental overlays, the greater the complexity
124. Avoid meetings for the sake of meetings. Engage the right business and technology expertise when the issue or required decision demands it </li></ul>Design a lean and pragmatic governance structure<br /><ul><li>Engage and communicate continually with stakeholders to ensure they understand data governance vision, benefits and key activities
125. Individuals nominated for governance roles must be equipped with the appropriate concepts, processes and tools to effectively meet their responsibilities. Deliver role-based, rather than generic training</li></ul>Ensure a strong and continued focus on Communications and Change Management - training is essential <br /><ul><li>Ensure that the value of Information Governance can be easily articulated to stakeholders – this cannot be a theoretical exercise in the management of information
126. Link Information Governance to program outcomes – value of enterprise solutions can’t be maintained without quality & control of data </li></ul>Be prepared to sell the benefits <br /><ul><li>Commence rollout for a single business initiative and/or data domain
127. Use strategic initiatives to deploy information governance capabilities
128. Deliver tangible value early and refine structure, roles and mechanisms appropriately before extending more broadly across the organisation</li></ul>Conduct a phased rollout of Governance Capability<br />
129. A proven structured approach to deploying Information Governance. <br />Defined Structure and Implementation Model <br />Refined model ready for full rollout <br />Agreed Approach <br />4. Extend data governance into BAU operations<br />3. Initial rollout of data governance<br />2. Establish data governance organisation<br />1. Define current information governance <br /><ul><li>Assess data landscape:
130. information scope
131. business unit scope
132. systems scope
133. existing data practices
134. Define data governance capabilities and roles
135. executive sponsorship
140. Assess benefits and develop prioritised roadmap for implementing data governance across the organisation
141. Define implementation model for prioritised areas
142. Identify and train staff for data governance roles
143. Plan for initial rollout of data governance capability
144. Implement data governance for one (1) subject area / business unit / region
145. Review outcomes and identify required improvements to the data governance model
146. Extend refined data governance model to other subject areas / business units / regions
147. Regularly review data governance performance and implement improvements</li></ul>Deliver communications and change management to build support for data governance<br />Develop supporting data strategy, methods and technology to deliver data governance<br /><ul><li>Data Quality Methods and Tools
148. Metadata Management
149. Master Data Management
150. Metrics & Reporting </li></li></ul><li>Data Governance Maturity Framework<br />The Data Governance Maturity Framework was used as a guideline to assess the current maturity levels of each of the data governance components across the Client X<br />1<br />2<br />3<br />4<br />5<br />Maturity:<br />Reactive<br />Proactive<br />Managed<br />Optimized<br />Aware<br />Components:<br />No information governance policies or standardization outside mandatory external standards<br />Information governance policies, standards & guidelines live in pilot areas<br />Information governance policies, standards & guidelines defined covering external and internal information<br />Information governance policies, standards & guidelines implemented in key LOBs/Functions/ Geographies<br />Implementation of and compliance with defined and implemented policies, standards & guidelines <br />Policies, Principles & Standards<br />Recurring measurement of information governance performance in key LOBs/Functions / Geographies<br />Group measurement of information governance performance linked to continuous improvement<br />No measurement of information governance performance. Need is recognized<br />List of key performance metrics and scorecards for information governance compliance defined<br />Baseline measurement of information governance performance in selected areas<br />Governance <br />Metrics<br />Key information governance processes operational in selected areas<br />Group wide compliance with key information governance processes<br />Fragmented change or quality processes. Process need recognized<br />Key information governance processes defined and drafted<br />Key information governance processes operational in key LOBs/Functions/ Geographies<br />Processes & <br />Practices<br />Data technology blueprinted. Core technology components LIVE<br />Data technology strategy and requirements defined<br />Group wide compliance with technology & data architecture<br />Rudimentary/island solutions only. Technology necessity recognized<br />Core technology LIVE in key LOBs/Functions/ Geographies<br />Tools & <br />Technology<br />Key architectural components and capabilities defined <br />No architectural frameworks available. Recognize importance<br />Data architecture strategy and requirements defined<br />Key capabilities implemented in key LOBs/Functions / Geographies<br />Group wide compliance with architectural capabilities<br />Data Architecture<br />Basic information governance & stewardship steering vehicles operational<br />Need for information governance and stewardship recognized<br />Information governance & stewardship model, key roles & responsibilities defined<br />Information governance & stewardship model operational in key LOBs/Functions<br />Group wide coverage of and compliance with information governance and stewardship model<br />Organization<br />Manage Change<br />