Governance, compliance integration could be key to C-suite GRC buy-in

C-suite executives usually think of regulatory compliance processes as a company expense -- one of the many "costs of doing business." But by ignoring the potential data analytic benefits afforded by compliance data governance, these companies could be missing out on a huge revenue opportunity, according to frequent SearchCompliance contributor Jeffrey Ritter.

In a recent webcast, Ritter discussed how companies can find new sources of revenue by exploring data analytic opportunities created by information governance and compliance integration. Here in part three, he outlines three fictional case studies to explore how business information governance intersects with compliance processes.

Editor's note: The following is a transcript of the third of four excerpts of Ritter's webcast presentation on the potential business benefits of integrating compliance and information governance processes. It has been edited for clarity and length.

Let's get to the essence of what we're trying to accomplish in this webcast. The driving question for today is "how can compliance and information governance succeed in meeting the economic demands of C-level executives?" Here's the answer, and the strategy is simple: We need to be able to create new markets for the information assets of the business, markets that will pay for well-governed data. In other words, can we blend compliance's negative valuation in the board room with the increasingly positive economic valuation of information governance as a business discipline?

The answer, I believe, is an unqualified yes. By looking at information governance and compliance integration, and bringing the two of them into the design lifecycle of our information systems, we can actually achieve results that have an unexpected economic outcome. This positive economic outcome changes the dynamic during those conversations between compliance officers and the board room.

What I'd like to do is provide you with three fictional case studies. These case studies are drawn directly from the course that I teach at the University of Oxford in the software and systems engineering program on building information governance. The objective with these case studies is to show you how corporate information assets that are subject to regulation can create new revenue through information governance and compliance integration, and by connecting compliance to the design lifecycle.

Each of the next three cases is very realistic. They illustrate how well-disciplined information governance design helps access emerging marketplaces in which digital information records are company assets.

Let's begin by looking at a company imaginatively called Fleur de Ville Health. Their business is collecting performance data of individuals and aggregating that data together. Fleur de Ville was growing, so they connected with a company that put computers on FitBits and similar watches that collect data so they could aggregate personal health information. Of course if it's personal data, you know that it's going to be subject to privacy laws, security laws and still be subject to the national tax requirements in terms of preserving the integrity of all of the business records that relate to income.

Webcast: Aligning governance and compliance processes

See other excerpts from this webcast presentation on information governance and compliance functions.

Second case study: GetGo Railroads. GetGo is a railroad company that was tracking the behavior of their railroads: How fast they go, their loads, their arrival times. Then they expanded their business by installing maintenance and performance censors on the trains. These censors track the consumption rate, the wear rate, [and] the load rate. They could use this data to predict how fast a ball bearing would wear out, how soon a wheel needed to be replaced, what the life-limit was on an oil change. And with that, they collected data.

But as with the first instance of Fleur de Ville, GetGo was subject to a lot of rules, rules that defined the regulations for railroad safety, environmental protection requirements. As a company, they were subject to the audit controls and integrity regulations of national tax authorities. But in both instances, with Fleur de Ville Health and GetGo, what we're seeing is an increased implementation of an internet of things methodology where devices are collecting more and more data. The data itself, however, is from behavior activities or are subject to extensive regulations for which the compliance team has a responsibility to assure the rules are being properly executed.

Here's our third example: Swell Automotive. Swell puts monitors inside the car that connect to the over 224 sensors that are part of the car engines. But Swell Automotive wanted to connect your car to the world, so they began to integrate data from cellphones so they could begin to develop better profiles of the behavior of the driver. That information is then used to be able to better understand the functionality of the cars and drivers' usage patterns.

In each of these instances, the companies are subject to industry-specific rules, design standards, customer privacy regulations and national tax requirements. To meet their compliance duties, each of these fictional companies will have to design controls that would sustain the integrity and authenticity of the data they were collecting in order to meet regulatory obligations.

View All Videos