Adhering to appropriate Information Management

governance structures

RMAA Industry showcase October 2008

Why are governance structures important?

• You can add new text slides by clicking on the ‘new slide’ icon at top or by clicking Insert then New slide

• You can use the multiple slide view at the bottom to copy and paste slides.

Information management governance

What am l covering today?

“governance is a multi-faceted discipline that not only includes the formulation and implementation of strategy, but the establishment of systems and processes that enable effective risk management as well as legal and regulatory compliance.”

ASX Corporate Governance Council (2003)

“information governance is emerging as a critical competency”

Gartner (2007)

The governance framework of Information Management……

“the audit identified that there is an increasing range of legislation, standards, policies and guidance that is issued by a number of Australian Government entities that has recordkeeping implications. The status of this material ranged from mandatory legislative requirements to better practice advice and guidance, the majority of which is issued by Archives. The ANAO found there was differing levels of awareness of this material in the entities audited.”

Australian National Audit Office (2006)

Information Management standards

•ISO 15489 Records management by IT/21 (Standards Australia)•ISO9000 Quality certification compliance•ISO 2788:1986 Guidelines for the establishment and development of monolingual thesauri •ISO TC 46 SC11 Archives/Records Management •ISO/TC171/SC2N450 - ISO/DTR 22957 Document management - Analysis, selection, and implementation of Electronic Document Management Systems (EDMS)•ISO/TC171/SC2N451 - ISO/CD 12029 Electronic imaging – Forms design optimization for electronic image management•W3C Web content accessibility & Mobile Web Best Practices a Candidate Recommendation •AS 5037-2005 Knowledge management•AS17799 s. 9 – Information Technology Code of Practice for Information Security Management - design and use of access controls & digital signatures•AS17799 - section 8.7.4 security risks and guidelines for items to be included in an email management policy•Australian Government Locator Service/Dublin core metadata•Anglo American Cataloguing rules

Information Management regulation

• Disposal schedules

• National Archives Australia (2006). Functional requirements for Electronic Records Management Software

• International Model requirements for the management of electronic records (MorEq)

• Policy and procedures identified by Archives as delegated by the relevant Act

• Designing and Implementing Recordkeeping Systems (DIRKS) • Codes of ethics – NSW Professional Conduct regulation• VERS toolkit• Private sector Privacy Codes• Litigation plan• US Department of Defense (DOD) Directive 5015.2

Information Management legislation case lawCommon law• Evidence Act 2004 (NT) • Commonwealth Evidence Act 1995 • Archives Act 1983• Legal Deposit• Sarbanes Oxley 2002• Tax Ruling TR 2004/D23• Electronic Transactions Act 1999 (Commonwealth)• Corporations Act • Income Tax Assessment Act 1936• Crimes (Document Destruction) Act 2006 • Information Act• Freedom of Information • Copyright• Privacy Act 1988 (Cth)

Case law• Consistency of behaviour – policy and procedures

Cost of non compliance – Valuing information models

“the wealth of an organisation is based on its accumulation of useful knowledge - its knowledge capital. The value added to an organisation by information, discussed ..... under `information productivity' can be regarded as an annual return on its accumulated knowledge capital.“

Strassman (1996)

Information valuation models Focus on human, customer

and structural capital Focus on market

capitalization, return on assets, and other monetary

valuations.

•Intangible asset monitor (Sveiby, 1997); •Balanced scorecard (Kaplan and Norton, 1992; 1996;75 2000); •Skandia value scheme (Edvinsson and Malone, 1997). •IC-Index Model and HVA Model (Roos and colleagues 1997) •Technology Broker Model (Brooking (1996, pp. 13-14)

•Tobin's Q, economic value added (EVA), Market-to-Book Value, Intellectual Asset Valuation, Total Value Creation, Total Value •Creation, Knowledge Capital Earnings, citation weighted patents, etc. (see for instance: Stewart (1997); Bontis (2001); Bontis et al. (1999); Lev (1999); Sullivan (2000))•Value Chain Scoreboard Lev (2002)•Net Present Value (NPV)

Cost of non compliance• Tax compliance• Knowledge recreated/lost• Damages awarded• Loss of business critical records• Loss of reputation• Fines/e-discovery time• Job loss• Lost productivity

Case study – Government Owned Corporation NT Power Generation Pty Ltd v Power and Water Authority [2004]

"There is no other procedure established under the PAWA Act by which the minister could control the operations of PAWA. As a matter of practice, as the communications between PAWA and the minister demonstrate, the procedure of a minute from the chief executive officer and his response by endorsement on that minute was the normal means by which the minister (where he considered it appropriate) gave directions under s 16 of the PAWA Act. There is no evidence to indicate any other means by which directions under s 16 were given."

S. 132PAWA has not demonstrated error in the reasoning of Finkelstein J. PAWA took this Court to

some oral evidence of Mr Gardner in an endeavour to counter Finkelstein J's conclusion that the Minister's desire to have PAWA act as he wished was not always conveyed by direction. That oral evidence was vague, was undermined by other evidence, and, in any event, did not falsify Finkelstein J's conclusion. The PAWA Act does not stipulate that s 16 "directions" are to take any particular form, and the Court was not taken to any other legislation which did. Even if Mr Gardner's evidence establishes that he thought he had received a s 16 direction in August 1998, that does not prove that he did. Everything depends on the terms of the briefing note: no other possible "direction" was relied on. But it is not possible to infer from the briefing note that any direction was given. The acceptance of the recommendation in the briefing note was too vague to amount to a s 16 direction. It did not refer to s 16, yet citation of the source of power could be a crucial matter in the event of later political or forensic controversy about whether any directions had been given or obeyed - for Mr Gardner had a duty to obey them. It did not speak in the language of command or mandate or instruction - it did not direct.

Case study – Private Sector – British American Tobacco

• McCabe v British American Tobacco Services Limited (BAT)

• Review was completed by Professor Peter A Sallmann in May 2004 for the Victorian Attorney-General on Document Destruction and Civil Litigation in Victoria

• Resulted in the Document Destruction Act 2006

• Fines of $314,430 for companies and $62,886 or 5 years imprisonment for individuals

Case study – Health providerH v Health Service Provider  [2007] PrivCmrA 10

• Inappropriate disclosure of information

• National Privacy Principles 2 and 4 in Schedule 3 of the Privacy Act 1988 (Cth) breached

• Extensive Privacy Commissioner audit of processes and policy

• Medical centre offered complainant compensation without admitting liability

Case study – Law firm

KATRINA NUGENT 9.39am: Yesterday I put my lunch in the fridge on Level 19 which included a packet of ham, some cheese slices and two slices of bread which was going to be for my lunch today. Over night it has gone missing and as I have no spare money to buy another lunch today, I would appreciate being reimbursed for it.MELINDA BIRD 9.55: Katrina, There are items fitting your exact description in the level 20 fridge. Are you sure you didn't place your lunch in the wrong fridge yesterday?KATRINA NUGENT 10.06: Melinda, probably best you don't reply to all next time, would be annoyed to the lawyers. The kitchen was not doing dinner last night, so obviously someone has helped themselves to my lunch. Really sweet of you to investigate for me!MELINDA BIRD 10.14: Katrina, since I used to be a float and am still on the level 19 email list I couldn't help but receive your ridiculous email - lucky me! You use our kitchen all the time for some unknown reason and I saw the items you mentioned in the fridge so naturally thought you may have placed them in the wrong fridge. Thanks I know I'm sweet and I only had your best interests at heart. Now as you would say, "BYE"!KATRINA NUGENT 10.15: I'm not blonde!!!MELINDA BIRD 10.16: Being a brunette doesn't mean you're smart though!KATRINA NUGENT 10.17: I definitely wouldn't trade places with you for "the world"!MELINDA BIRD 10.19: I wouldn't trade places with you for the world... I don't want your figure!KATRINA NUGENT 10.21: Let's not get person (sic) "Miss Can't Keep A Boyfriend". I am in a happy relationship, have a beautiful apartment, brand new car, high pay job...say no more!!MELINDA BIRD 10.23: Oh my God I'm laughing! happy relationship (you have been with so many guys), beautiful apartment (so what), brand new car (me too), high pay job (I earn more)....say plenty more... I have 5 guys at the moment! haha.

Achieving, auditing and maintaining compliance - Whitehorse services

• Information technology governance • Information technology and telecommunications strategy, planning, and acquisition • Systems Integration and Facilities Management services • Information, records, library, and knowledge management labour hire, archiving, disposal

schedules, cataloguing, advise, strategic planning • Risk evaluation and planning • IT outsourcing management • Scanning solutions through our business partner INFORG Information Solutions• Electronic Commerce, including business analysis and process design • HP Tower and Outback Imaging (Ezescan) accredited business partners• Laptop training network and Training facilities in Darwin and Melbourne• Sharepoint & TRIM installations, upgrades, integration, reviews and tailored add ons • Regional telecommunication and other infrastructure planning and implementation• Negotiation and funding access• Federal and State Government liaison• Policy evaluation, advice, business planning• ICT resource and industry research analysis publications• Project management• TRIM/Sharepoint training• Certified staff

Referenceshttp://www.anao.gov.au/uploads/documents/2006-

07_Audit_Report_61.pdf

Chua and Van Toorn (2005). Documents, risk and the fate of your organisation:Document management in the age of corporate accountability

Priest, M. (2006). Document destruction could be costly. Australian Financial Review, 8/9/2006, p. 58

Moneycontrol.com (2007). Blogging will be the future management tool: Accenture

Standards Australia

www.austlii.edu.au