Digitization has had a huge influence on all modern companies' processes, and information governance and compliance in particular. But although GRC processes face unique challenges in the big data age, companies should explore how strategic data and compliance management can benefit the entire business, according to frequent SearchCompliance contributor Jeffrey Ritter.
In a recent webcast, Ritter explained how companies can best align data governance and compliance processes to realize new sources of digital business revenue. Here in part one, Ritter discusses how compliance functions and their relationship with information governance processes have evolved in the digital age.
Editor's note: The following is a transcript of the first of four excerpts of Ritter's webcast presentation on the relationship between information governance and compliance functions. It has been edited for clarity and length.
Jeffrey Ritter: Today's topic is designing information governance and finding an unexpected financial value from compliance functions because of that information governance design. I want to begin by sharing some numbers with you. In a 2015 survey from Deloitte of over 300 chief compliance officers, records and information management was ranked near the bottom of all of the responsibilities of compliance executives. Now that statistic in itself is unsettling, but there are a couple of other things that the Deloitte survey mentioned that are almost astounding. In 2015, only 32% of the chief compliance officers were confident in their IT systems. That number is low, but it was almost a 10% decrease, in just one year. And a third number is interesting: 74% reported no budget increases for compliance from 2014 to 2015, and those who did have budget increases were spending them only on new compliance tools to look at using data for business gain and not doing anything else to improve financial or operational effectiveness.
Big data, as a resource, was barely visible in the list of things that compliance officers used to be able to do their job. Today, there are a lot of questions that arise in the intersection between information governance and compliance. How can information governance connect as a strategic tool to benefit the business objectives of compliance? How can compliance connect its processes into the information governance design lifecycle for IT systems and information assets? How can compliance make a business case for a budget that funds the resources it needs to be effective? These are tough questions, and to answer them in one webcast is challenging. But let me be very clear and straightforward as to what the objectives of what today's webcast are:
First, I hope you will be able to walk away acquiring a new strategy on how to overcome executive resistance to investing in compliance. And second, I hope you will uncover how new revenues can be produced by achieving compliance that is assisted by information governance design, including how to leverage compliance functions to benefit business records management.
Let's begin with some historical perspective. In the beginning, compliance was fairly simple: Rules were authored by the public sector, requiring companies to execute defined behaviors, refrain from prohibited behaviors and there was a sense of good faith that compliant companies would do just what they were supposed to do. But the unsettling truth that emerged in the 20th century was that corporations were often short-changing compliance and essentially hoping their sincerity would minimize liability if things blew up. But what we've noticed in the 20th century was the beginning of an evolution, and how we defined compliance changed from simply promising to do the right thing to something more.
Instead, compliance evolved to become an exercise in reporting and submitting information from the industry to the public sector. And indeed much of 20th century records management was about preserving those records that were specified to be preserved by public sector regulations. But now it wasn't just a matter of doing the right thing and keeping some records as evidence.
You see, no one seemed to think of compliance as interactive, but what was the reason that public sectors wanted the records? The reason was to be able to demonstrate that the records were evidence that the alignment of the business processes satisfied the rules. Whether it was looking at processes or production methods, employment practices, workplace safety, or product integrity, what compliance was evolving toward was keeping the records that demonstrated the processes aligned to the rules.
Government wanted more than sincerity and good faith promises. Instead, the record became a useful weapon for the public sector to be able to demonstrate the company's behavior, particularly when there was an adverse event. Compliance was actually evidential. It wasn't just maintaining the alignment of processes-specific rules, it was maintaining records as evidence. In other words, compliance became evidential management. It wasn't just a matter of preserving the records, but now there was a need to preserve them so they could be functional as testimony to the events of the past.
Webcast: Aligning governance and compliance processes
See other excerpts from this webcast presentation on information governance and compliance functions:
Despite the Deloitte survey insinuating that records management is a low responsibility, the reality, I submit, is that the essence of compliance is evidential management. Because of the regulatory public sector's reliance on corporate records as evidence, agencies in the late 20th century and even more dynamically in the last few years have begun to offer rules that define how the records are to be created and preserved, that offer evidence of the processes within the business. These rules all go to the same end: preserving the security, authenticity and the integrity of the records. Why is that occurring? It's so that in the digital age, records retain their functional effectiveness as evidence, as statements of fact that can be relied upon in evaluating whether the rule of law has been satisfied.