dim4ik69 - Fotolia
A company's data governance and regulatory compliance processes are heavily reliant on following rules that dictate how information moves throughout its network. Too often, however, companies fail to see how pooling their resources can improve data process controls across the company, according to Jeffrey Ritter, a frequent TechTarget contributor and an External Lecturer at the University of Oxford.
In this Q&A, Ritter discusses how compliance and information governance programs can partner up to secure the funding required to meet both their objectives -- and improve the company's digital value in the process.
Why do compliance programs struggle to secure the funding and resources GRC executives believe are essential to be effective to do their jobs?
Jeffrey Ritter: Historically, compliance has always been recorded on the books as an expense. Complying with public laws and regulations does not sell more product or services, and essentially any operating costs not associated with products or services directly reduce the net profits available to shareholders. As a result, compliance teams are often competing with the shareholders to justify the funding needed to fulfill compliance duties and obligations.
One of the biggest impacts of this collision in priorities is on the failure of compliance functions to introduce continuous monitoring and performance metrics as a means of evaluating the alignment of their processes with adhering to regulatory mandates. As a result, compliance programs often focus only on personnel training and corporate culture, rather than data–intensive surveillance of operations.
Have compliance and information governance processes become more reliant on performance records?
Ritter: As the digital age accelerates, both information governance executives and regulators share a passionate commitment to ensuring that the information and records they rely upon are authentic, preserved with integrity, and accessible for evaluation. This shared set of objectives is producing a shared commitment to adopting and mandating that information systems -- and the related information and business records -- conform to widely known, published standards, such as those produced by the ISO.
How does this influence the compliance function?
Ritter: Historically, the compliance function has often operated independently from records management and, in today's environment, information governance. But both compliance and information governance rely on standards, creating an opportunity for the compliance function to move into the early phases of the design and launch of new IT systems and information assets. This helps align compliance standards with the same rules that dictate the information governance function. This creates incredible efficiency for the company: The information assets conform to the same rules for both compliance and information governance, and thereby can be more efficiently used to meet regulatory obligations.
Where do big data analytics fit into this picture?
Ritter: Big data analytics requires that corporate information assets be comparable. In most instances, this means that the information to be ingested must conform to certain rules and criteria, because apples cannot be mixed with oranges. When a company designs its information asset management processes against known, published standards, the resulting records have a higher value to big data analytics. Not only can the records support internal analyses, but they gain economic value in the information marketplace. Big data firms are constantly seeking new sources of information to be mashed up for industry analyses, but the data must be comparable to have any meaningful economic value.
So, can well–designed compliance records actually produce new revenues?
Ritter: Yes, absolutely. Here is where compliance moves from being purely an expense on the corporate balance sheet to being an income–producing business unit. Not only can the income generated by licensing compliance records for big data analytics offset the investments, strategically–inclined businesses may actually gain a first–strike advantage that yields them persistent competitive opportunities that could actually produce a positive net income from regulatory compliance.