South African companies outside of the financial services industry are earnestly looking for data or information governance frameworks to meet statutory and regulatory requirements on the one hand and handle their data management lifecycle (DMLC) on the other. That’s the word from Johann van der Walt, MDM practice manager at Knowledge Integration Dynamics (KID).
The uptick in interest outside of the financial services industry is significant because it indicates that markets beyond the traditional technology leaders are recognising that they need to be compliant but more significantly that there are business benefits to be had by managing the life of their data assets.
Demand is in fact so strong that the team of data experts at KID have recorded a written information governance framework suitable for any industry. The framework can be rapidly customised to cater for organisation-specific operational systems and processes at each client. Clients can then implement the framework in consultation with KID or entirely on their own where they already possess the necessary skills.
“There has been a surge in demand from companies across industries,” says Van der Walt.
“Companies are realising the need to meet regulatory requirements, in some cases because auditors are starting to ask some challenging questions around data and controls, but in many cases because investigations into the root causes of business problems lead companies back to the quality and control of data assets.
“Companies therefore realise that there is enormous benefit to be had by implementing a functional information governance framework apart from purely meeting compliance requirements.”
Van der Walt says, depending on the type and size of an organisation and the industry or industries in which it conducts business, there can be in excess of 40 Acts in South Africa that impact data processes that stipulate minimum control requirements. The figure can grow substantially if the company is subject to international statutes and accords.
“Some companies, due to their size or complexity of operations which results from organic or acquisitive growth, need help understanding where they are on the journey to compliance. Others have a firm idea of where they are and need no assistance.
“Either way, they need a framework that outlines the strategy based on an analysis of the organisation’s information or data landscape, which will be architected to consider the generic and specific uses of that data, as well as processes, technology coverage and maturity assessments. They need a roadmap, policies, procedure, standards and guidelines plan, and a process of how to employ them.”
“The terrible truth about most businesses today is that they don’t have a strong sense of their data environments,” says Van der Walt.
“In the past they could get away with it for a variety of factors, including that there was little to no regulatory requirement and almost no pressure brought to bear to force compliance.
“Today, though, there is compliance pressure being brought to bear and there are many other issues: markets are more competitive, labour issues put pressure on companies to perform better, and shareholders are increasingly risk-averse, to name a few.”
One of the common problems that companies face is keeping customer information secure. When companies acquire a new customer and simultaneously gather information about that customer they must undertake to protect that information.
For example, a business may offer a service for which customers can pay by credit card and then outsource that payment service to a third party. The startling revelation is that the company is still responsible for securely handling that information even though it does not capture or store the information on internally controlled or owned systems.
“The information governance framework highlights the need to review the terms of contracts and SLAs with third parties to ensure that service providers are responsible and accountable to the company for breach of control incidents and that a level of transparency into governance controls and incidents is established,” says Van der Walt.
He says that not all companies are embarking on these projects as business-wide though; many assess and make changes in stages, by division, department or subsidiary.
“We’ve had enterprise architects looking for assistance with enterprise architecture projects to satisfy information governance requirements,” he says.
“We’ve had risk managers who need to fulfil their mandates and in some cases we’ve been approached by information governance managers who simply don’t have the time to deal with all the fine details that this type of project requires.”
“While the motivations differ all businesses ultimately want the same thing: to operate efficiently, to improve revenues, reduce costs and increase profits,” he says.
“Listed companies have shareholders who want to know their companies are compliant but they still want a return so most business people realise the need to manage information in a way that maximises revenue opportunities at least cost.”
Work strategies of Companies in SA is commendable.