GRC Journal - (Page 57) Governance, risk & Compliance A Pilot Can Build Confidence and Credibility Effective information governance has historically been difficult to execute. One frequent cause of difficulty is attempts at a “big bang” approach to implementation. The effort becomes overwhelming and simply not sustainable. A practical alternative to the big bang approach is a phased program that includes a pilot program. This enables organizations to start small, implement incrementally and show effective progress – or take corrective actions – after each increment. Companies often experience problems when producing reliable information reports. Despite the use of innovative software products, many companies still struggle to answer basic questions about reports, such as: “Where did this information come from?” “Is it complete and accurate?” “What business and data rules were applied to it?” “Can I trust the information enough to make accurate decisions?” One component of a pilot program that can help to quickly build credibility for EIG is the development of a Source to Report Control Facility (SRCF). An SRCF provides a detailed process mapping of all the critical information control points, with measurable outputs and metrics, for a subset of key business reports such as management reports, customer reports (on metrics such as profitability or retention) or product reports (on metrics such as profitability or growth). This information can be captured and benchmarked against systems of record, or it can be revealed – via a metadata repository – to data owners and business users. As a result, users often have better insight into the information they have received and the business rules applied to the information. An SRCF can also give data owners the ability to put standards, processes and technology in place to validate information that is produced and distributed. In addition, the delivery of enterprise reports to information consumers can be improved. An SRCF can also provide users with the ability to determine whether the information they have received matches data sets provided by source systems of record. Furthermore, with an SRCF, users can gain insight into data quality statistics – such as missing customer information, ghost product codes, invalid financial accounts and inappropriate geographies – that can materially impact reporting accuracy. Moreover, when an SRCF is implemented, the integrity of information can be more effectively monitored before it is published as users gain confidence in the integrity of the information that they access and use for reporting. Starting the Journey We believe the availability of timely, accurate, transparent and reliable information is a critical issue for most organizations. Companies that effectively deal with this issue can gain a competitive edge, better provide their employees with the information they need to do their jobs well, provide management with the information they need to monitor and manage business performance, and enable better governance, risk management and compliance. A key to better information is taking an enterprise perspective to information governance. An effective EIG program provides significant benefits and can help overcome IQ problems. In implementing an effective program, we recommend using a phased implementation approach that emphasizes building the right governance, organization, model and team. We believe organizations that effectively govern their information will be better able to monitor and manage their business performance. And, in today’s fiercely competitive, increasingly regulated and scrutinized business environment, companies that improve the quality of their information can demonstrate more effective governance, risk management and compliance, while meeting or exceeding their long-term goals. mark Zozulia, Senior manager at Deloitte Consulting LLP, contributed to this article. This publication contains general information only and Deloitte Consulting LLP is not, by means of this publication, rendering business, financial, investment, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte Consulting LLP, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this publication. lee dittmar deloitte consulting llp lee dITTmar is a Principal with Deloitte Consulting LLP where he leads the Enterprise Governance consulting practice, and serves as Co-Leader of Deloitte’s GRC services. Lee is a highly sought-after speaker for governance, risk management, IT strategy, and how companies can improve information quality and performance by aligning IT assets with GRC needs. Treasury and Risk Management magazine identified him as among the 100 most influential people in finance in 2005 and again in 2006. Consulting Magazine named him to its list of The Top 25 Consultants in 2006. tim walsh deloitte consulting llp TIm walsh, a Senior Manager in Deloitte Consulting LLP’s Information Dynamics practice, focuses on the design, implementation, and operation of information management and governance solutions for large complex organizations. Tim specializes in project management and solution architecture, and has implemented a number of data warehouses, executive performance dashboards, data cleansing systems, master data management systems and data governance models. In addition, Tim conducts audits of information management programs and projects and develops risk mitigation strategies with his clients. www.BTQuarterly.com Business Trends Quarterly 19 http://www.BTQuarterly.com
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.