Strategic CEOs know that their biggest challenge in setting corporate strategy is not the formulation, but the implementation. What most CEOs don't realize, however, are the resources already right under their noses: Enterprises with effective IT compliance strategies and information governance policies have great -- and often underutilized -- potential to support corporate strategy.
Think about it: The further into the future an organization extends its strategic planning, the more unanticipated risks it's likely to encounter. That's why strategic planning and execution must be an exercise steeped in risk management, rather than tightly focused on activities: The more competence the organization builds in tracking assumptions and managing risk, the better it will execute its overarching strategy without unexpected speed bumps.
To get started on this exercise, you must first understand how to build an effective information governance policy. This policy relies on three interlocking tenets that are not only critical to governance, but can also bolster the execution of a broader corporate strategy.
A strong information governance policy will offer a number of corporate-wide strategic advantages.
In short, you need to leverage risk management to build effective policies that ensure data quality. Ask and answer the question, "What could go wrong?" Once you've identified potential snags, explore the probability and impact of such risks, and validate your assumptions to suppress false alarms. Then, look to develop policies to mitigate estimable risks; to support these policies, you need a technical architecture that maintains and promotes accessibility, version control and integration.
Once in place, your information governance policies should serve as your organization's cornerstone for data quality. The No. 1 reason for faulty strategic decision-making is reliance on poor information, so your governance policies should ensure the generation of -- and easy access to -- useful and digestible data. In this case, high-quality information means more than just the raw output from data systems -- it also refers to the processes in place aimed at maintaining data integrity.
A strong data governance policy will offer a number of corporate-wide strategic advantages. For starters, it's much easier for an organization to adopt a vision for a corporate strategy when it's supported by clear policy, which also makes it easier for leadership to demonstrate that its decisions align with long-term goals. In other words, following information governance policies can drive home a clear corporate strategy, which in turn lends the organization credibility.
More on information governance
Metadata management and information governance strategy
The information management challenges for the modern business
Since plotting new corporate strategy invites inherent risks, you should also focus on rooting out assumptions, probabilities and alternatives, which are just as important to corporate strategy as tasks, dependencies and resource assignments. To do so, you should catalog, track and validate these assumptions and risks in the same way that you sync your IT governance and risk management processes -- a model that, with very little modification, can be ported over to corporate strategy.
To partner better with the CEO -- for the good of the compliance function and the organization as a whole -- I urge compliance officers and records managers to evangelize their value to the top brass. Rather than treat compliance as a necessary evil, the best companies learn to integrate strategy with compliance functions. You can start today by assessing your own internal information governance efficacy in relation to your company's approach to risk, policy and data-quality management. When you feel good about your own information governance operation, it's time to have a conversation with upper management about incorporating it into your overall corporate strategy.
John Weathington is president and CEO at Excellent Management Systems Inc., a San Francisco-based management consultancy. Write to him at firstname.lastname@example.org. For IT compliance news and updates throughout the week, follow us on Twitter @ITCompliance.
This was first published in October 2012