Adhering to appropriate InformationManagement governance structures RMAA Industry showcase October 2008
Why are governance structures important?• You can add new text slides by clicking on the „new slide‟ icon at top or by clicking Insert then New slide• You can use the multiple slide view at the bottom to copy and paste slides.
What am l covering today?“governance is a multi-faceted discipline that not only includesthe formulation and implementation of strategy, but theestablishment of systems and processes that enable effectiverisk management as well as legal and regulatory compliance.” ASX Corporate Governance Council (2003)“information governance is emerging as a critical competency” Gartner (2007)
The governance framework of Information Management……“the audit identified that there is an increasing range of legislation, standards, policies and guidance that is issued by a number of Australian Government entities that has recordkeeping implications. The status of this material ranged from mandatory legislative requirements to better practice advice and guidance, the majority of which is issued by Archives. The ANAO found there was differing levels of awareness of this material in the entities audited.” Australian National Audit Office (2006)
Information Management standards•ISO 15489 Records management by IT/21 (Standards Australia)•ISO9000 Quality certification compliance•ISO 2788:1986 Guidelines for the establishment and development of monolingual thesauri•ISO TC 46 SC11 Archives/Records Management•ISO/TC171/SC2N450 - ISO/DTR 22957 Document management - Analysis, selection, and implementation of Electronic Document Management Systems (EDMS)•ISO/TC171/SC2N451 - ISO/CD 12029 Electronic imaging – Forms design optimization for electronic image management•W3C Web content accessibility & Mobile Web Best Practices a Candidate Recommendation•AS 5037-2005 Knowledge management•AS17799 s. 9 – Information Technology Code of Practice for Information Security Management - design and use of access controls & digital signatures•AS17799 - section 8.7.4 security risks and guidelines for items to be included in an email management policy•Australian Government Locator Service/Dublin core metadata•Anglo American Cataloguing rules
Information Management regulation• Disposal schedules• National Archives Australia (2006). Functional requirements for Electronic Records Management Software• International Model requirements for the management of electronic records (MorEq)• Policy and procedures identified by Archives as delegated by the relevant Act• Designing and Implementing Recordkeeping Systems (DIRKS)• Codes of ethics – NSW Professional Conduct regulation• VERS toolkit• Private sector Privacy Codes• Litigation plan• US Department of Defense (DOD) Directive 5015.2
Information Management legislation case law Common law • Evidence Act 2004 (NT) • Commonwealth Evidence Act 1995 • Archives Act 1983 • Legal Deposit • Sarbanes Oxley 2002 • Tax Ruling TR 2004/D23 • Electronic Transactions Act 1999 (Commonwealth) • Corporations Act • Income Tax Assessment Act 1936 • Crimes (Document Destruction) Act 2006 • Information Act • Freedom of Information • Copyright • Privacy Act 1988 (Cth) Case law • Consistency of behaviour – policy and procedures
Cost of non compliance – Valuing information models “the wealth of an organisation is based on its accumulation of useful knowledge - its knowledge capital. The value added to an organisation by information, discussed ..... under `information productivity can be regarded as an annual return on its accumulated knowledge capital.“ Strassman (1996)
Information valuation models Focus on human, customer Focus on market and structural capital capitalization, return on assets, and other monetary valuations.•Intangible asset monitor (Sveiby, •Tobins Q, economic value added1997); (EVA), Market-to-Book Value,•Balanced scorecard (Kaplan and Intellectual Asset Valuation, TotalNorton, 1992; 1996;75 2000); Value Creation, Total Value•Skandia value scheme (Edvinsson •Creation, Knowledge Capitaland Malone, 1997). Earnings, citation weighted patents,•IC-Index Model and HVA Model (Roos etc. (see for instance: Stewart (1997);and colleagues 1997) Bontis (2001); Bontis et al. (1999); Lev (1999); Sullivan (2000))•Technology Broker Model (Brooking(1996, pp. 13-14) •Value Chain Scoreboard Lev (2002) •Net Present Value (NPV)
Cost of non compliance• Tax compliance• Knowledge recreated/lost• Damages awarded• Loss of business critical records• Loss of reputation• Fines/e-discovery time• Job loss• Lost productivity
Case study – Government Owned CorporationNT Power Generation Pty Ltd v Power and Water Authority "There is no other procedure established under the PAWA Act by which the minister could control the operations of PAWA. As a matter of practice, as the communications between PAWA and the minister demonstrate, the procedure of a minute from the chief executive officer and his response by endorsement on that minute was the normal means by which the minister (where he considered it appropriate) gave directions under s 16 of the PAWA Act. There is no evidence to indicate any other means by which directions under s 16 were given."S. 132PAWA has not demonstrated error in the reasoning of Finkelstein J. PAWA took this Court to some oral evidence of Mr Gardner in an endeavour to counter Finkelstein Js conclusion that the Ministers desire to have PAWA act as he wished was not always conveyed by direction. That oral evidence was vague, was undermined by other evidence, and, in any event, did not falsify Finkelstein Js conclusion. The PAWA Act does not stipulate that s 16 "directions" are to take any particular form, and the Court was not taken to any other legislation which did. Even if Mr Gardners evidence establishes that he thought he had received a s 16 direction in August 1998, that does not prove that he did. Everything depends on the terms of the briefing note: no other possible "direction" was relied on. But it is not possible to infer from the briefing note that any direction was given. The acceptance of the recommendation in the briefing note was too vague to amount to a s 16 direction. It did not refer to s 16, yet citation of the source of power could be a crucial matter in the event of later political or forensic controversy about whether any directions had been given or obeyed - for Mr Gardner had a duty to obey them. It did not speak in the language of command or mandate or instruction - it did not direct.
Case study – Private Sector – British American Tobacco • McCabe v British American Tobacco Services Limited (BAT) • Review was completed by Professor Peter A Sallmann in May 2004 for the Victorian Attorney-General on Document Destruction and Civil Litigation in Victoria • Resulted in the Document Destruction Act 2006 • Fines of $314,430 for companies and $62,886 or 5 years imprisonment for individuals
Case study – Health providerH v Health Service Provider  PrivCmrA 10• Inappropriate disclosure of information• National Privacy Principles 2 and 4 in Schedule 3 of the Privacy Act 1988 (Cth) breached• Extensive Privacy Commissioner audit of processes and policy• Medical centre offered complainant compensation without admitting liability
Case study – Law firmKATRINA NUGENT 9.39am: Yesterday I put my lunch in the fridge on Level 19 which included apacket of ham, some cheese slices and two slices of bread which was going to be for my lunchtoday. Over night it has gone missing and as I have no spare money to buy another lunch today, Iwould appreciate being reimbursed for it.MELINDA BIRD 9.55: Katrina, There are items fitting your exact description in the level 20 fridge.Are you sure you didnt place your lunch in the wrong fridge yesterday?KATRINA NUGENT 10.06: Melinda, probably best you dont reply to all next time, would beannoyed to the lawyers. The kitchen was not doing dinner last night, so obviously someone hashelped themselves to my lunch. Really sweet of you to investigate for me!MELINDA BIRD 10.14: Katrina, since I used to be a float and am still on the level 19 email list Icouldnt help but receive your ridiculous email - lucky me! You use our kitchen all the time for someunknown reason and I saw the items you mentioned in the fridge so naturally thought you mayhave placed them in the wrong fridge. Thanks I know Im sweet and I only had your best interestsat heart. Now as you would say, "BYE"!KATRINA NUGENT 10.15: Im not blonde!!!MELINDA BIRD 10.16: Being a brunette doesnt mean youre smart though!KATRINA NUGENT 10.17: I definitely wouldnt trade places with you for "the world"!MELINDA BIRD 10.19: I wouldnt trade places with you for the world... I dont want your figure!KATRINA NUGENT 10.21: Lets not get person (sic) "Miss Cant Keep A Boyfriend". I am in ahappy relationship, have a beautiful apartment, brand new car, high pay job...say no more!!MELINDA BIRD 10.23: Oh my God Im laughing! happy relationship (you have been with so manyguys), beautiful apartment (so what), brand new car (me too), high pay job (I earn more)....sayplenty more... I have 5 guys at the moment! haha.
Achieving, auditing and maintaining compliance - Whitehorse services • Information technology governance • Information technology and telecommunications strategy, planning, and acquisition • Systems Integration and Facilities Management services • Information, records, library, and knowledge management labour hire, archiving, disposal schedules, cataloguing, advise, strategic planning • Risk evaluation and planning • IT outsourcing management • Scanning solutions through our business partner INFORG Information Solutions • Electronic Commerce, including business analysis and process design • HP Tower and Outback Imaging (Ezescan) accredited business partners • Laptop training network and Training facilities in Darwin and Melbourne • Sharepoint & TRIM installations, upgrades, integration, reviews and tailored add ons • Regional telecommunication and other infrastructure planning and implementation • Negotiation and funding access • Federal and State Government liaison • Policy evaluation, advice, business planning • ICT resource and industry research analysis publications • Project management • TRIM/Sharepoint training • Certified staff
Referenceshttp://www.anao.gov.au/uploads/documents/2006- 07_Audit_Report_61.pdfChua and Van Toorn (2005). Documents, risk and the fate of your organisation:Document management in the age of corporate accountabilityPriest, M. (2006). Document destruction could be costly. Australian Financial Review, 8/9/2006, p. 58Moneycontrol.com (2007). Blogging will be the future management tool: AccentureStandards Australiawww.austlii.edu.au