There are two views regarding information governance: one focuses on the governance of information, the other on governance of technology. There needs to be a distinction between the two groups to ensure information assets are being governed and managed efficiently.
This is the view of Elize van der Linde, GM of the Absa Data Governance Organisation, who spoke at the IBM Data Governance forum held in partnership with ITWeb, last week. She adds that a governance framework needs to be explicit and identify exactly which policies for data governance are necessary.
“The board should ensure there are systems in place for the management of information, including information security, information management and information privacy.”
According to Van der Linde, the South African Data Governance Forum was established in March 2009 and is affiliated with IBM's International Information and Knowledge Governance Council, which was formed in 2004.
She said the forum provides an opportunity for networking and exploring the common challenges in data governance, by working on various case studies that tackle the issues relevant to the South African market.
Inside, out
Van der Linde noted that there are two types of organisational issues affecting data governance: external and internal factors.
“External factors include regulatory and legal requirements, which signal a new era of compliance and risk management,” said Van der Linde. She noted there is a demand for more rigors in governance frameworks.
Van der Linde added that data security is also an issue. “There is an increase in information-related crimes in the form of identity theft and phishing attacks.” Information security is also an internal factor, according to Van der Linde, and procedures need to be in place to stop data leaks from occurring within the organisation.
She commented that data quality falls under both roles, where standards for data accuracy and completeness need to exist. “By identifying the weakness in data, we can assess the impact on reporting for risk mitigation.”
A look inside
“Absa's data governance journey started in 2008 and has been going for almost two years,“ said Van der Linde. “It has often had to stop, and go through U-turns or pot holes along its journey, but the operating model has remained constant over the years.”
She said since its inception, Absa has made strides in improving understanding of business requirements, priority and risk appetite due to the active support of a risk director.
Van der Linde highlighted the need for a high level of visibility to action data governance. “There is a need to understand what is important to the company, and it takes time to get to know the people and what information is important to each division.”
“Direct interaction is key - it motivates and helps resolve issues in the company. It is important to understand key areas and potential issues,” said Van der Linde, stating the need for an open forum for people to engage with each other, if an open environment is to be harboured.
Limited understanding
“People don't understand the distinction between technology and information,” she noted, using the analogy of water flowing through a pipe system. She attributes the technology to the pipes of the system, through which the information needs to flow.
“There are several places in the system where a contamination can occur, and often it is difficult to discover where the information is being contaminated,” she explained. There are also risks leading to information becoming tainted, which affects the entire system, to which she posed the question: “Can you trust the information that comes out the other end?”
Van der Linde added that good governance requires one to look through the entire scope of the system, and to audit continuously. “Good governance is an outcome of strategy, leadership and focus,” she concluded.
Share