Adhering to appropriate content standards and frameworks Ark EDRM Evolution Conference October Sydney 2007
Information management governance
What am l covering today? <ul><li>“ governance is a multi-faceted discipline that not only includes the formulation and im...
The governance framework of ECM…… <ul><li>“ the audit identified that there is an increasing range of legislation, standar...
ECM standards <ul><li>ISO 15489 Records management by IT/21 (Standards Australia) </li></ul><ul><li>ISO9000 Quality certif...
ECM regulation <ul><li>Disposal schedules  </li></ul><ul><li>National Archives Australia (2006). Functional requirements f...
ECM legislation 7 case law <ul><li>Common law </li></ul><ul><li>Evidence Act 2004 (NT)  </li></ul><ul><li>Commonwealth Evi...
Cost of non compliance – Valuing information models <ul><li>“ the wealth of an organisation is based on its accumulation o...
Information valuation models <ul><li>Tobin's Q, economic value added (EVA), Market-to-Book Value, Intellectual Asset Valua...
Cost of non compliance <ul><li>Tax compliance </li></ul><ul><li>Knowledge recreated/lost </li></ul><ul><li>Damages awarded...
Case study – Government Owned Corporation   <ul><li>NT Power Generation Pty Ltd v Power and Water Authority [2004]  </li><...
Case study – Private Sector – British American Tobacco <ul><li>McCabe v British American Tobacco Services Limited (BAT)  <...
Case study – Health provider <ul><li>H v Health Service Provider  [2007] PrivCmrA 10 </li></ul><ul><li>Inappropriate discl...
Case study – Law firm KATRINA NUGENT 9.39am: Yesterday I put my lunch in the fridge on Level 19 which included a packet of...
Case study – Health department Registry files  Physical forms AAA Keyword Thesaurus Physical files MyHR/PIPS Staff leave G...
Case study – Health department
Case study – Web 2.0 <ul><li>“ twenty years from now, email could be defunct. A combination of social networking and text ...
How to achieve buy in <ul><li>Fear & Failure </li></ul><ul><li>Change management strategy </li></ul><ul><li>Communication ...
References <ul><li>http://www.anao.gov.au/uploads/documents/2006-07_Audit_Report_61.pdf </li></ul><ul><li>Chua and Van Too...
Contact details C HARLES DARWIN UNIVERSITY Anastasia Govan  BA(IM)GradDip(Mgt)PCP AIMM MACS AALIA MRMAA Senior Lecturer Ch...
 
Upcoming SlideShare
Loading in …5
×

Privacy ark oct 2007

1,163 views
1,047 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,163
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • When we talk about adhering to standards we are really talking about information governance – ECM is the suite of Technology tools that is just one of several other aspects that assist us to manage information. In creating business cases and project initiation documents we all need to be mindful of the legislative framework from which policies, processes, peoples behaviour, standards and audits arise from.
  • So my paper today is essentially about governance structures surrounding ECM and what they mean in when applied to real situations The ASX states………….. Today l will give an overview of the governance areas of Standards, regulations and legislation compliance for ECM; a state, national and sector analysis  The cost of non compliance; Case studies across sectors  Buy in for compliance; a Northern Territory case study
  • In 2006 the Australian National Audit Office published it’s findings on the audit results of recordkeeping, including electronic document management, of The Attorney General’s Department, The Australian Electoral Commission and The Department of the Prime Minister and Cabinet. The Auditors identified “ that there is an increasing range of legislation, standards, policies and guidance that is issued by a number of Australian Government entities that has recordkeeping implications. The status of this material ranged from mandatory legislative requirements to better practice advice and guidance, the majority of which is issued by Archives. The ANAO found there was differing levels of awareness of this material in the entities audited”. By the end of my session today you may have an improved awareness of the legal framework governing ECM, (click)
  • So first of all we have numerous standards that your functional specification or business case should identify. Most of these are International Standards denoted by the ISO prefix. ISO/TC171/SC2N450 - ISO/DTR 22957 and the one below it are currently undergoing comment through Standards Australia Committees The extent of governing legislation is growing. For instance l recently had to take into account W3C – Advising government – implementing ice zero footprint on the desktop as there are deployment and contract management issues with the service provider so now have to take into consideration this
  • Context of regulation under an act by governing body Litigation Document Management Plan. The object of such a plan would be, inter alia, to prove that document destruction is routine and follows policy, that there has been no actual and/or intentional spoilation, and to review an organisation’s ability to produce evidential documents in ‘ reasonable time’. The plan should also consider the safe and secure retention and custody of documents that would otherwise have been destroyed in the event of litigation when they are in fact relevant for litigation purposes. Disposal schedules – what applications apply these automatically
  • Commonwealth Evidence Act 1995 (No 2)35 now states that copies are just as admissible as originals and that copies produced “by a device that reproduces a document” are assumed to be just as good as original documents, with the abolition of the ‘Original Document Rule’. Furthermore, section 146(2) of the Act uses the example of a photocopier and states that “it would not be necessary to call evidence to prove that a photocopier normally produced complete copies of documents and that it was working properly when it was used to photocopy a particular document.” Tax ruling Other requirements have been published for electronic records for taxation purposes. The Australian Tax Office accepts electronic records as long as they are not altered, are retained for five years and can be retrieved by Tax Office staff. The ATO will accept such records as authentic if they are a “true and clear reproduction of the original paper records”36.
  • Placing a financial value on information can quickly highlight to busy managers the importance of managing information appropriately and what the knowledge capital of the organisation is. Strassman (1996) states &amp;quot;The wealth of an organisation is based on its accumulation of useful knowledge - its knowledge capital. The value added to an organisation by information, discussed ..... under `information productivity&apos; can be regarded as an annual return on its accumulated knowledge capital.&amp;quot; Whilst identifying information assets at a business level is important, The measurement and subsequent value of information is important also at a global level. The economic viability of countries are tracked by the United Nations as the extent to which they are a &apos;Knowledge Nation&apos;. The term Knowledge Nation has given rise to several Australian government strategy, policitical platform documents and task force recommendations. The importance of a Knowledge Nation is outlined by Department of Economic and Social Affairs. (2003) in &apos;Expanding Public Space for the Development of the Knowledge Society: Report of the Ad Hoc Expert Group Meeting on Knowledge Systems for Development&apos; as;   &amp;quot;Knowledge measurement tools and methodologies assist nations in analyzing and benchmarking their competences and capabilities as knowledge-based economies. Such assessments can facilitate adoption of good policies and practices as well as growth of national knowledge systems for holistic development. Knowledge systems consist of national institutions, frameworks, and infrastructures that can facilitate effective use, sharing, creation, and renewal of knowledge for socio-economic growth.&amp;quot; (p. 71)
  • Peter Straussmans website A return on investment is difficult to identify from a whole of government perspective as records management is currently completed differently within work groups within agencies and between agencies with costs such as productivity losses due to change in business practices dependent upon option endorsed by NTG IMC. Most EDMS benefits are intangible, such as reduced search and recreation time of knowledge for which benchmarks across government are not currently available. In 2002 Power Water Corporation calculated net benefits to be $-2,927,178 in year one and $-379,404 in year 5 indicating a high Net present value in year 1, a low benefits to cost ratio, a low payback period, low alignment to corporate goals, a medium risk factor with an overall Medium ranking on a Benefits Harvesting ratio. The Power Water Corporation scenario included upgrading, training all staff and significant changes to business processes. NPV calculation PWC PWC technical reports collection – consultancy fee = cost of the report
  • There are several case studies recorded on the rmaa website – here l will go through a couple of examples from different sectors PWC subsequently spent $1.67m + to introduce e signatures, email management, clear desk policy, capturing and tracking mail electronically, pop up, migrated the library database to TRIM and significantly raised the awareness levels within the organisation Equivalent in federal government to a GBD
  • McCabe v British American Tobacco Services Limited (BAT) is illustrative12. Ruth McCabe had been a long-term heavy smoker. She developed cancer and sued the tobacco company for compensation. The initial trial judge found that, on the advice of its lawyers, Clayton Utz, BAT had established a deliberate program of destroying documents that could prove harmful to the company should litigation arise. BAT had destroyed documents in ‘anticipation’ of litigation. The trial court ruled that as a result of this document management policy, Ruth McCabe was effectively denied a fair trial and the court struck out BAT’s defence entirely. Whilst the case was overturned on appeal, the issues raised in that case remain pertinent – when should documents be retained or destroyed? What should be done to ensure that destruction is not construed as an obstruction of justice? BAT was unable to produce many of these documents because over a period of years they had been destroyed pursuant to a number of document retention policies devised by the Company. estruction of documents in advance of the issuing of legal proceedings
  • Facts: The complainant underwent a medical test at a medical centre.  The results of this test were disclosed to a third party, and the complainant raised this matter with the medical centre.  After further pursuit of the matter by the complainant, the disclosing employee was reprimanded for the disclosure.  However this did not satisfy the complainant and they raised the issue with the Privacy Commissioner.
  • an exchange of emails between two secretaries within a large Sydney law firm, Allens Arthur Robinson – about lunch components that had gone missing from one of the firm’s fridges – illustrates how electronic documents can impact upon a firm’s and an individual’s reputation very quickly. The email trail began innocuously – two secretaries discussing the whereabouts of a missing sandwich lunch. Unfortunately, this series of emails rapidly became quite abusive and personal details were disclosed. Worse, the ‘Reply to all’ button had been hit and several groups of people, in addition to the two secretaries, were circularised. Within hours, this exchange, together with photographs of the two protagonists, had left the offices of the law firm and had been forwarded to the inboxes of many accounting and law firms as well as investments banks – not only in Sydney but elsewhere in Australia and overseas. Allens immediately terminated the employment of both secretaries (raising questions about unfair dismissal) and the incident was well publicised in the media. A spokesperson for the firm warned that their experience was a lesson to all organisations and individuals about the improper use of corporate email and intranet services. Assume they had an email policy
  • Devils advocate DHCS Community Health section all the information tools they have and the different applications to manage them
  • The complexity of managing information for management reporting through the datawharehouse Given that there are 3 slides of regulatory environment for managing the information what is the degree of risk that the organisation is going to comply? Are we overgoverned
  • Blogging – outside corporate network Wikki’s Service oriented architecture mashups Digital repositories - Each posting is the copyright of the poster Tagging – del.i.cious The IP/copyright is vested in the individual posts creating a km nightmare but the need to be able to track who posted what or are we just not going to be able to manage the content Gartner predicts e-discovery software will be added to the ECM mix
  • Even though the PWC case cost them a reported $40m – they budgeted less than $2m to implement governance structures. Compared to businesses systems $6-12m records teams still have an uphill battle to convince management of the need for information management. So how do we get buy in?? A PWC case study Got the corporate lawyer on side and convinced him the risks were very large – increased his knowledge on knowledge management Got the CFO onside – Sarbane Oxley risk mitigation – Made him Chair of the Steering Committee Talk to the management team individually about any concerns When Business case tabled for endorsement – make them afraid – jail and $$$ Change management strategy – 8 week program before rollout User group who endorsed the functional spec, test drives the system, decides on business rules and then becomes the issues group representing their areas Extensive marketing campaign Ensure the project manager is communicative, accessible and listens to people 9. Make sure Records and access controls to business systems are apart of all audits 10. Offer to sit on the Quality team 11. Put the requirements on duty statements 12. Value your information resources This could be changing – recently Microsoft techo espoused the greats of IM management and sharepoint to me so things could be changing – or techo’s have just found there’s more money in the NT in addressing strategic issues such as records than cutting code.
  • Privacy ark oct 2007

    1. 1. Adhering to appropriate content standards and frameworks Ark EDRM Evolution Conference October Sydney 2007
    2. 2. Information management governance
    3. 3. What am l covering today? <ul><li>“ governance is a multi-faceted discipline that not only includes the formulation and implementation of strategy, but the establishment of systems and processes that enable effective risk management as well as legal and regulatory compliance.” </li></ul><ul><li>ASX Corporate Governance Council (2003) </li></ul><ul><li>“ information governance is emerging as a critical competency” </li></ul><ul><li>Gartner (2007) </li></ul>
    4. 4. The governance framework of ECM…… <ul><li>“ the audit identified that there is an increasing range of legislation, standards, policies and guidance that is issued by a number of Australian Government entities that has recordkeeping implications. The status of this material ranged from mandatory legislative requirements to better practice advice and guidance, the majority of which is issued by Archives. The ANAO found there was differing levels of awareness of this material in the entities audited.” </li></ul><ul><li>Australian National Audit Office (2006) </li></ul>
    5. 5. ECM standards <ul><li>ISO 15489 Records management by IT/21 (Standards Australia) </li></ul><ul><li>ISO9000 Quality certification compliance </li></ul><ul><li>ISO 2788:1986 Guidelines for the establishment and development of monolingual thesauri </li></ul><ul><li>ISO TC 46 SC11 Archives/Records Management </li></ul><ul><li>ISO/TC171/SC2N450 - ISO/DTR 22957 Document management - Analysis, selection, and implementation of Electronic Document Management Systems (EDMS) </li></ul><ul><li>ISO/TC171/SC2N451 - ISO/CD 12029 Electronic imaging – Forms design optimization for electronic image management </li></ul><ul><li>W3C Web content accessibility & Mobile Web Best Practices a Candidate Recommendation </li></ul><ul><li>AS 5037-2005 Knowledge management </li></ul><ul><li>AS17799 s. 9 – Information Technology Code of Practice for Information Security Management - design and use of access controls & digital signatures </li></ul><ul><li>AS17799 - section 8.7.4 security risks and guidelines for items to be included in an email management policy </li></ul><ul><li>Australian Government Locator Service/Dublin core metadata </li></ul><ul><li>Anglo American Cataloguing rules </li></ul>
    6. 6. ECM regulation <ul><li>Disposal schedules </li></ul><ul><li>National Archives Australia (2006). Functional requirements for Electronic Records Management Software </li></ul><ul><li>International Model requirements for the management of electronic records (MorEq) </li></ul><ul><li>Policy and procedures identified by Archives as delegated by the relevant Act </li></ul><ul><li>Designing and Implementing Recordkeeping Systems (DIRKS) </li></ul><ul><li>Codes of ethics – NSW Professional Conduct regulation </li></ul><ul><li>VERS toolkit </li></ul><ul><li>Private sector Privacy Codes </li></ul><ul><li>Litigation plan </li></ul><ul><li>US Department of Defense (DOD) Directive 5015.2 </li></ul>
    7. 7. ECM legislation 7 case law <ul><li>Common law </li></ul><ul><li>Evidence Act 2004 (NT) </li></ul><ul><li>Commonwealth Evidence Act 1995 </li></ul><ul><li>Archives Act 1983 </li></ul><ul><li>Legal Deposit </li></ul><ul><li>Sarbanes Oxley 2002 </li></ul><ul><li>Tax Ruling TR 2004/D23 </li></ul><ul><li>Electronic Transactions Act 1999 (Commonwealth) </li></ul><ul><li>Corporations Act </li></ul><ul><li>Income Tax Assessment Act 1936 </li></ul><ul><li>Crimes (Document Destruction) Act 2006 </li></ul><ul><li>Information Act </li></ul><ul><li>Freedom of Information </li></ul><ul><li>Copyright </li></ul><ul><li>Privacy Act 1988 (Cth) </li></ul><ul><li>Case law </li></ul><ul><li>Consistency of behaviour – policy and procedures </li></ul>
    8. 8. Cost of non compliance – Valuing information models <ul><li>“ the wealth of an organisation is based on its accumulation of useful knowledge - its knowledge capital. The value added to an organisation by information, discussed ..... under `information productivity' can be regarded as an annual return on its accumulated knowledge capital.“ </li></ul><ul><li>Strassman (1996) </li></ul>
    9. 9. Information valuation models <ul><li>Tobin's Q, economic value added (EVA), Market-to-Book Value, Intellectual Asset Valuation, Total Value Creation, Total Value </li></ul><ul><li>Creation, Knowledge Capital Earnings, citation weighted patents, etc. (see for instance: Stewart (1997); Bontis (2001); Bontis et al. (1999); Lev (1999); Sullivan (2000)) </li></ul><ul><li>Value Chain Scoreboard Lev (2002) </li></ul><ul><li>Net Present Value (NPV) </li></ul><ul><li>Intangible asset monitor (Sveiby, 1997); </li></ul><ul><li>Balanced scorecard (Kaplan and Norton, 1992; 1996;75 2000); </li></ul><ul><li>Skandia value scheme (Edvinsson and Malone, 1997). </li></ul><ul><li>IC-Index Model and HVA Model (Roos and colleagues 1997) </li></ul><ul><li>Technology Broker Model (Brooking (1996, pp. 13-14) </li></ul>Focus on market capitalization, return on assets, and other monetary valuations. Focus on human, customer and structural capital
    10. 10. Cost of non compliance <ul><li>Tax compliance </li></ul><ul><li>Knowledge recreated/lost </li></ul><ul><li>Damages awarded </li></ul><ul><li>Loss of business critical records </li></ul><ul><li>Loss of reputation </li></ul><ul><li>Fines </li></ul><ul><li>Job loss </li></ul><ul><li>Lost productivity </li></ul>$$$
    11. 11. Case study – Government Owned Corporation <ul><li>NT Power Generation Pty Ltd v Power and Water Authority [2004] </li></ul><ul><li>&quot;There is no other procedure established under the PAWA Act by which the minister could control the operations of PAWA. As a matter of practice, as the communications between PAWA and the minister demonstrate, the procedure of a minute from the chief executive officer and his response by endorsement on that minute was the normal means by which the minister (where he considered it appropriate) gave directions under s 16 of the PAWA Act. There is no evidence to indicate any other means by which directions under s 16 were given.&quot; </li></ul><ul><li>S. 132 </li></ul><ul><li>PAWA has not demonstrated error in the reasoning of Finkelstein J. PAWA took this Court to some oral evidence of Mr Gardner in an endeavour to counter Finkelstein J's conclusion that the Minister's desire to have PAWA act as he wished was not always conveyed by direction. That oral evidence was vague, was undermined by other evidence, and, in any event, did not falsify Finkelstein J's conclusion. The PAWA Act does not stipulate that s 16 &quot;directions&quot; are to take any particular form, and the Court was not taken to any other legislation which did. Even if Mr Gardner's evidence establishes that he thought he had received a s 16 direction in August 1998, that does not prove that he did. Everything depends on the terms of the briefing note: no other possible &quot;direction&quot; was relied on. But it is not possible to infer from the briefing note that any direction was given. The acceptance of the recommendation in the briefing note was too vague to amount to a s 16 direction. It did not refer to s 16, yet citation of the source of power could be a crucial matter in the event of later political or forensic controversy about whether any directions had been given or obeyed - for Mr Gardner had a duty to obey them. It did not speak in the language of command or mandate or instruction - it did not direct. </li></ul>
    12. 12. Case study – Private Sector – British American Tobacco <ul><li>McCabe v British American Tobacco Services Limited (BAT) </li></ul><ul><li>Review was completed by Professor Peter A Sallmann in May 2004 for the Victorian Attorney-General on Document Destruction and Civil Litigation in Victoria </li></ul><ul><li>Resulted in the Document Destruction Act 2006 </li></ul><ul><li>Fines of $314,430 for companies and $62,886 or 5 years imprisonment for individuals </li></ul>
    13. 13. Case study – Health provider <ul><li>H v Health Service Provider  [2007] PrivCmrA 10 </li></ul><ul><li>Inappropriate disclosure of information </li></ul><ul><li>National Privacy Principles 2 and 4 in Schedule 3 of the Privacy Act 1988 (Cth) breached </li></ul><ul><li>Extensive Privacy Commissioner audit of processes and policy </li></ul><ul><li>Medical centre offered complainant compensation without admitting liability </li></ul>
    14. 14. Case study – Law firm KATRINA NUGENT 9.39am: Yesterday I put my lunch in the fridge on Level 19 which included a packet of ham, some cheese slices and two slices of bread which was going to be for my lunch today. Over night it has gone missing and as I have no spare money to buy another lunch today, I would appreciate being reimbursed for it. MELINDA BIRD 9.55: Katrina, There are items fitting your exact description in the level 20 fridge. Are you sure you didn't place your lunch in the wrong fridge yesterday? KATRINA NUGENT 10.06: Melinda, probably best you don't reply to all next time, would be annoyed to the lawyers. The kitchen was not doing dinner last night, so obviously someone has helped themselves to my lunch. Really sweet of you to investigate for me! MELINDA BIRD 10.14: Katrina, since I used to be a float and am still on the level 19 email list I couldn't help but receive your ridiculous email - lucky me! You use our kitchen all the time for some unknown reason and I saw the items you mentioned in the fridge so naturally thought you may have placed them in the wrong fridge. Thanks I know I'm sweet and I only had your best interests at heart. Now as you would say, &quot;BYE&quot;! KATRINA NUGENT 10.15: I'm not blonde!! !MELINDA BIRD 10.16: Being a brunette doesn't mean you're smart though! KATRINA NUGENT 10.17: I definitely wouldn't trade places with you for &quot;the world&quot;! MELINDA BIRD 10.19: I wouldn't trade places with you for the world... I don't want your figure! KATRINA NUGENT 10.21: Let's not get person (sic) &quot;Miss Can't Keep A Boyfriend&quot;. I am in a happy relationship, have a beautiful apartment, brand new car, high pay job...say no more!! MELINDA BIRD 10.23: Oh my God I'm laughing! happy relationship (you have been with so many guys), beautiful apartment (so what), brand new car (me too), high pay job (I earn more)....say plenty more... I have 5 guys at the moment! haha.
    15. 15. Case study – Health department Registry files  Physical forms AAA Keyword Thesaurus Physical files MyHR/PIPS Staff leave GAS mainframe Finance PIPS mainframe Payroll Breastscreen Well Womens Cancer Screening Hearsoft Hearing Shilo Data wharehouse Virtua Library database Dspace Digital repository TRIM/My Source Matrix Federated search engine Health Connect e-perscription PKIS Remote health patient files CCIS Community Health centre patient files Carsys Hospital Patient files TRIM Disposal schedules Accept by clicking ok Logon script Corporate drive Linked spreadsheets TRIM Physical Mail TRIM MS Office Lotus Notes Email My Source Matrix Web content management Application Function
    16. 16. Case study – Health department
    17. 17. Case study – Web 2.0 <ul><li>“ twenty years from now, email could be defunct. A combination of social networking and text messaging will replace electronic mails” </li></ul><ul><li>Accenture’s Chief Technology Architect (2007) </li></ul><ul><li>“ corporate blogging has doubled to 8 per cent in the past year” </li></ul><ul><li>Accenture’s Chief Technology Architect (2007) </li></ul><ul><li>“ wikis will also become mainstream collaboration tools in 50 per cent of enterprises by 2009” </li></ul><ul><li>Gartner Group (2007) </li></ul>
    18. 18. How to achieve buy in <ul><li>Fear & Failure </li></ul><ul><li>Change management strategy </li></ul><ul><li>Communication </li></ul><ul><li>Staff involvement </li></ul><ul><li>IT audits </li></ul><ul><li>Project reviews </li></ul><ul><li>Duty statements </li></ul><ul><li>Valuations </li></ul>
    19. 19. References <ul><li>http://www.anao.gov.au/uploads/documents/2006-07_Audit_Report_61.pdf </li></ul><ul><li>Chua and Van Toorn (2005). Documents, risk and the fate of your organisation:Document management in the age of corporate accountability </li></ul><ul><li>Priest, M. (2006). Document destruction could be costly. Australian Financial Review, 8/9/2006, p. 58 </li></ul><ul><li>Moneycontrol.com (2007). Blogging will be the future management tool: Accenture </li></ul><ul><li>Standards Australia </li></ul><ul><li>www.austlii.edu.au </li></ul>
    20. 20. Contact details C HARLES DARWIN UNIVERSITY Anastasia Govan BA(IM)GradDip(Mgt)PCP AIMM MACS AALIA MRMAA Senior Lecturer Charles Darwin University Information & Knowledge Management Director & Consultant Whitehorse Strategic Group Chair ACS & RMAA NT Executive Council PO Box 2096, Darwin, NT, Australia, 0801 Phone 0428836405 [email_address] www.inforg.com.au

    ×