Success with Information Governance Mike EverleyLaurie FischerRobin Martin Second Vice PresidentManaging DirectorSecond Vice President AmeritasHuron Consulting.

Slides:



Advertisements
Similar presentations
St. Louis Public Schools Human Resources Support for District Improvement Initiatives (Note: The bullets beneath each initiative indicate actions taken.
Advertisements

A centre of expertise in data curation and preservation DCC Workshop: Curating sApril 24 – 25, 2006 Funded by: This work is licensed under the Creative.
IBM Corporate Environmental Affairs and Product Safety
The Impact of Auditing on Records Management Risk and Compliance Susan B. Whitmire, CRM, FAI Manager, Enterprise Records and Information Management BlueCross.
Life Science Services and Solutions
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
Course: e-Governance Project Lifecycle Day 1
Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.
1 Secrets to Success: Inside the Charter Online Information Network (COIN) Dan Vasey, Director Records & Information Management Charter Communications.
How a Large Company Used the Principles to Establish its Corporate Information Governance Robin Woolen, MBA, IGP President / Principal.
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Enterprise Architecture. 2 Agenda What is Enterprise Architecture (EA)? Roles in EA? Why is EA Important? Tangible Benefits from EA? What Do We Need to.
Developing a Records & Information Retention & Disposition Program:
1 © Copyright 2008 EMC Corporation. All rights reserved. Litigation Response Planning: eDiscovery Best Practices Stephen O’Leary Sr. eDiscovery and Compliance.
INFORMATION GOVERNANCE (IG) What Does That Really Mean? Donna Read, CRM, CDIA+ November 18, 2014 Florida Gulf Coast ARMA Chapter 1.
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
Measuring the effectiveness of government IT systems Current ANAO initiatives to enhance IT Audit integration and support in delivering Audit outcomes.
Audit Program: Introduction. Our role Located within the Tasmanian Archives and Heritage Office (TAHO), the Government Recordkeeping team.
Euseden INTERNAL AUDIT & ASSURANCE SERVICES.
High-Level Assessment Month Year
Purpose of the Standards
RECORDS MANAGEMENT City of Oregon City “ That was then… this is now!”
Benchmarking at Saudi Aramco
Created May 2, Division of Public Health Managing Records What is a Record? What is a Records Retention & Disposition Schedule? Why is this Important?
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Chapter 7 Database Auditing Models
The Principles: How we incorporated them into our Business Process by Lawrie Barroner.
Internal Auditing and Outsourcing
Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM or
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.
DMV’s Service Transformation Program AASHTO Auditor’s Conference Tom McClellan, DMV Administrator and Dawn Farr, Interim STP Lead Oregon Department of.
Compliance Presented by: Marty McNulty, ARMA Board Member.
Continual Service Improvement Process
Electronic Records Management: What Management Needs to Know May 2009.
THE REGIONAL MUNICIPALITY OF YORK Information Technology Strategy & 5 Year Plan.
IAEA International Atomic Energy Agency Reviewing Management System and the Interface with Nuclear Security (IRRS Modules 4 and 12) BASIC IRRS TRAINING.
The Challenge of IT-Business Alignment
Principle of Protection By C’Les Jensema About ARMA International and the Generally Accepted Recordkeeping Principles® ARMA International (
Generally Accepted Recordkeeping Principles Generally Accepted Recordkeeping Principles ® Registered Trademark of ARMA International.
Ecords Management Records Management Paul Smallcombe Records & Information Compliance Manager.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Records & Information Management (RIM) Risk: Is Your Company Exposed? March 19, 2013.
General Principles for the Procurement of Goods and Services Asst. Prof. Muhammad Abu Sadah.
Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Shaping a Health Statistics Vision for the 21 st Century 2002 NCHS Data Users Conference 16 July 2002 Daniel J. Friedman, PhD Massachusetts Department.
1 Accounting systems design & evaluation Karen Lau 25 Feb 2002.
Proventures reconnect session on Project Portfolio Management (PPM)
1 1 Building RIM Programs Chattanooga Chapter of ARMA International by Helen Streck President and CEO Kaizen InfoSource LLC.
Corporate Services Restructuring 31 March Introduction  The AG completed the restructuring of Corporate Services in November 2005  The restructuring.
Generally Accepted Recordkeeping Principles Generally Accepted Recordkeeping Principles ® Registered Trademark of ARMA International.
Unit-5 Introduction to IS/ISO 9004:2000 – quality management systems – guidelines for performance improvements. Presented by N.Vigneshwari.
Generally Accepted Recordkeeping Principles: The Principle of Transparency Alaska Chapter of ARMA International Presented by: Tara Carey, ARMA Board Member.
Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.
Information Resource Stewardship A suggested approach for managing the critical information assets of the organization.
Information Security Office: Function, Alignment in the Organization, Goals, and Objectives Presentation to Sacramento PMO March 2011 Kevin Dickey.
Maximizing the Value of Information Information Governance As A Strategic Framework Presenter: Margaret Hermesmeyer, MLIS, IGP, CRM Division Chief Information.
Presenters: Margaret Hermesmeyer, MLIS, CRMKevin Waldrup, MBA, CRM Chief, Records Management Division Records Management Administrator Office of the Attorney.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
“The Role of CPSB and CASB in the Transformation and Growth of Counties” By CS Peterson Mwangi.
EECS David C. Chan1 Computer Security Management Session 1 How IT Affects Risks and Assurance.
© 2016 Chapter 6 Data Management Health Information Management Technology: An Applied Approach.
Data Architecture World Class Operations - Impact Workshop.
RECORDS AND INFORMATION
Information Governance Part 2
Presentation transcript:

Success with Information Governance Mike EverleyLaurie FischerRobin Martin Second Vice PresidentManaging DirectorSecond Vice President AmeritasHuron Consulting GroupAmeritas

Introductions / About Ameritas Background: RIM at Ameritas Assessment / Gap Analysis / Maturity Model Compliance and Remediation Plan Information Governance Lessons Learned and Next Steps 2 © 2014 Huron Consulting Group. All rights reserved. Proprietary & Confidential. Overview

About Ameritas offers competitive insurance, retirement and investment products –Life insurance –Annuities –Individual disability income insurance –Group dental, vision and hearing care insurance –Retirement plans –Investments –Mutual funds –Asset management –Public finance 3 © 2014 Huron Consulting Group. All rights reserved. Proprietary & Confidential.

Over 2,500 Employees Home Office: Lincoln, Nebraska –Administrative Offices: Cincinnati, Ohio; Bethesda, Maryland; San Antonio, Texas; Austin, Texas; Wayne, Nebraska Technology Environment –Lotus Notes for –Mix of applications – commercial and custom built –Oracle DB for structured records –Transitioning from Novell to Microsoft for file shares –Imaging since mid-1980s Image more than 12 million documents per year Transitioning from custom application to Documentum xCP 4 © 2014 Huron Consulting Group. All rights reserved. Proprietary & Confidential. About

RIM at Ameritas in 2010 Components –Records Retention Schedule –Records Management Policy –Procedures Focused on physical records management –Relatively mature program Tactical, not strategic, approach to RIM 5 © 2014 Huron Consulting Group. All rights reserved. Proprietary & Confidential.

General Observation Information Management Maturity Model 1 6 © 2014 Huron Consulting Group. All rights reserved. Proprietary & Confidential. Many organizations have done a good job in the past managing paper records and typically rate around a “4” Those same organizations have not yet applied the same rigor to the management of electronic information 90% of corporate information is in electronic format In Development Developing recordkeeping awarenessDeveloping recordkeeping awareness Sub-standard Recordkeeping ad hoc / unaddressedRecordkeeping ad hoc / unaddressedProactive Information Governance integration in business decisionsInformation Governance integration in business decisions Transformational Routine compliance with program requirementsRoutine compliance with program requirements Essential Policies and Procedures in placePolicies and Procedures in place Increased record awarenessIncreased record awareness Citation:

2011 Assessment: Three-Phased Approach 7 © 2014 Huron Consulting Group. All rights reserved. Proprietary & Confidential. Current State Assessment Review all relevant policies and procedures Stakeholder interviews and focus groups to define current state of information management practices Identify RIM vulnerabilities and develop key observations of “as is” state Analysis and Recommendatio ns Identify best practice standards and benchmarking targets Evaluate current information management processes against standards and industry best practices including “The Principles” Assign maturity rating and develop recommendations for the enhancement of information management practices Strategy and Roadmap Summarize assessment, methodology and recommendations Validate with sponsors Develop strategies Develop tactical project plans for each strategy Develop implementation roadmap

Information Management Principles Used as Foundation to Assessment and Gap Analysis 8 © 2014 Huron Consulting Group. All rights reserved. Proprietary & Confidential. PrincipleDescription Accountability A senior executive (or person of comparable authority) shall oversee the information governance program and delegate responsibility for records and information management to appropriate individuals. The organization adopts policies and procedures to guide personnel and ensure that the program can be audited. Transparency An organization’s business processes and activities, including its information governance program, shall be documented in an open and verifiable manner, and the documentation shall be available to all personnel and appropriate interested parties. Integrity An information governance program shall be constructed so the information generated by or managed for the organization has a reasonable and suitable guarantee of authenticity and reliability. Protection An information governance program shall be constructed to ensure a reasonable level of protection to records and information that are private, confidential, privileged, secret, classified, essential to business continuity, or that otherwise require protection. Compliance An information governance program shall be constructed to comply with applicable laws and other binding authorities, as well as with the organization’s policies. Availability An organization shall maintain records and information in a manner that ensures timely, efficient, and accurate retrieval of needed information. Retention An organization shall maintain its records and information for an appropriate time, taking into account its legal, regulatory, fiscal, operational, and historical requirements. Disposition An organization shall provide secure and appropriate disposition for records and information that are no longer required to be maintained by applicable laws and the organization’s policies.

Current State Findings: RIM Program Governance RIM Policy and Procedures primarily reflected management of physical records RIM Governance Infrastructure was sufficient for a traditional recordkeeping environment but did not cover the broader needs for Information Governance –Well-established role of “Department Records Representatives” Records Retention Schedule and foundational legal research in need of a comprehensive refresh (last refresh was 2008) No standardized compliance review practices in place 9 © 2014 Huron Consulting Group. All rights reserved. Proprietary & Confidential.

Current State Findings: RIM Practices and Procedures Procedures for the lifecycle management of hardcopy records were established and consistently practiced –Inactive Records Storage –“Clean Your Files Week” –Annual attestation process –Legal Hold Orders Procedures originally developed in 2008 – in need of update Procedures for managing electronic information lacking Training provided sporadically 10 © 2014 Huron Consulting Group. All rights reserved. Proprietary & Confidential.

Current State Findings: Electronically Stored Information Consistent application of retention policy wasn’t occurring in either the unstructured content or structured data environments Shared drives / hard drives primarily used as unstructured content repositories Limited use of Oracle content management Although many structured data systems are considered the “system of record,” none could be considered a true recordkeeping system 11 © 2014 Huron Consulting Group. All rights reserved. Proprietary & Confidential.

Current State Findings: Electronically Stored Information No ESI Data Map or Data Source Catalogue size and time limit quotas are set, but users can request more space and manually “archive” up to five years Ambiguity regarding the use / retention of “backups” 12 © 2014 Huron Consulting Group. All rights reserved. Proprietary & Confidential.

Based on gap analysis, series of recommendations: –RIM Program Infrastructure Refinement –Retention Schedule and Legal Research Update –Update Policies and Procedures –Enhanced training and education –Strategy for Unstructured Content Management –Structured Data System Remediation Pan –ESI Data Map 13 © 2014 Huron Consulting Group. All rights reserved. Proprietary & Confidential. Recommendations

What Have We Accomplished So Far? Updated Records Retention Schedule, RIM Policy and Procedures (primarily for hardcopy) Established Standards –Imaging –Electronic Recordkeeping Standards Established Structured Data System Remediation Plan –Identified critical systems –Defined risk-based assessment process –Developed “Compliance / Remediation Plan” process 14 © 2014 Huron Consulting Group. All rights reserved. Proprietary & Confidential.

Structured Data Remediation Plan For each identified system: –Does the system contain “records” and how does this relate to the retention schedule Issue of relational databases, transactional systems, etc. –Risk / cost analysis of over-retention –Remediation options Manual Systematic 15 © 2014 Huron Consulting Group. All rights reserved. Proprietary & Confidential.

Obstacles to Success Structured Data Remediation Resource Issue –Although RIM and IT were partnering, issues that were much broader needed greater holistic approach –Resource limitations pushed completion timeline out unacceptably –One-up, tactical “projects” versus holistic strategy 16 © 2014 Huron Consulting Group. All rights reserved. Proprietary & Confidential.

RIM vs. Information Governance Records Management is tactical Information Governance is strategic To be strategic, you need partners, sponsors, and a network © 2013 Huron Consulting Group. All rights reserved. Proprietary & Confidential. 17 Tactical vs. Strategic Characteristics TacticalStrategic Client-drivenBusiness driven Top downUp, down, and across Silo’d accountabilityCollective accountability Difficult to valueMeasurable

Information Governance The coordinated, inter-disciplinary approach to satisfying information compliance requirements, managing information risks and optimizing information value Encompasses and reconciles the various legal and compliance requirements and risks addressed by different information-focused disciplines Involve a top-down, overarching framework, informed by the information requirements of all information stakeholders that enable an organization to make decisions about information for the good of the overall organization and consistent with senior management’s strategy 18 © 2014 Huron Consulting Group. All rights reserved. Proprietary & Confidential.

Information and Records Management Advisory Team Identified senior-level stakeholders –RIM, IT, Legal, Business Units Defined Mission and Strategic Objectives Developed Charter Meeting Agendas and Scheduling First Meeting: March 19, © 2014 Huron Consulting Group. All rights reserved. Proprietary & Confidential.

Information Governance Infrastructure 20 © 2014 Huron Consulting Group. All rights reserved. Proprietary & Confidential. Information & Records Governance Sponsors CIOGeneral CounselRecords Management Advisory Team Legal & Corporate Secretary Information Technology * AccountingBroker DealerCorporate ActuarialCorporate Facilities * GroupHuman ResourcesIndividualPlanning & Communication Retirement PlansInvestment Advisor Audit Services* co-chairs Working Teams Structured Systems Remediation Team Unstructured Content Team Change Management / Communication Team

Benefits so far Increased awareness of information management –Advisory team wants to move at a faster pace –Project methodology Resource Issue –RIM as well as business Silo’d Decisions Averted Priorities Redefined –Structured vs. unstructured 21 © 2014 Huron Consulting Group. All rights reserved. Proprietary & Confidential.

Lessons Learned Importance of senior management support Flexibility is key Socialize the Principles Don’t under-estimate the need for tight collaboration – Legal, RIM, IT, key business stakeholders –Establish Information Governance sooner versus later Issue of resources What’s Next? 22 © 2014 Huron Consulting Group. All rights reserved. Proprietary & Confidential.

Thank you! For more information, contact: Laurie A. Fischer Managing Director Huron Consulting Group Tel: Cell: © 2014 Huron Consulting Group. All rights reserved. Proprietary & Confidential.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.