COBIT makes it easier to implement information governance and records management in two ways. First, at the higher level, COBIT provides the overall business / IT governance guidance that makes information-governance initiatives more successful more quickly. Second, at a more operational level, because of COBIT’s end-to-end breadth, COBIT and ARMA International’s Generally Accepted Recordkeeping Principles (GARP) map nicely with each other. GARP provides a lower level of detail for COBIT’s management practices in this area. It is through this bridge that IT and records-management professionals can work together to more quickly and easily meet the needs of business owners to both protect and drive value from business information.
Q: You mentioned in a recent webinar some of the difficulties in implementing improved practices in information governance and records-management projects. Can you explain?
A: Sure, let’s take just two examples. One person asked about focus on USB drives and data protection. Many records and information-management projects begin at these technical points, especially given recent data breaches. It’s also natural for people with security backgrounds. Yet, that technical focus misses the larger opportunity to manage information flowing through its lifecycle to drive profitable revenue for the business. A second example is where sharp people want to focus on those business objectives. Yet, their efforts on information governance and records management are frustrated because they are striving in a vacuum—without broader support of healthy enterprise governance of IT.
Q: Who is accountable for effective information governance and records management?
A: The classic answer is that “the business” owns its data and the benefits produced in terms of products, marketing, sales, operations, customer satisfaction and more. That said, a variety of support functions have responsibilities—IT, legal, records management, HR, compliance and more. The difficulty is getting people to cross the silos. That’s a traditional problem. According to a Forrester/ARMA International survey, 20% of records managers report to CIOs. Still, there are many silos to cross. Bridging these silos is the point of the “triads of traction” discussed in the webinar—where the triad roles change based on the type of data.
Brian Barnier, CGEIT, CRISC
Principal Analyst & Advisor, ValueBridge Advisors
We welcome your comments! Please log in using the Sign In link at the top right of this page and then leave your comment in the box at the end of the post. To view all blog posts, please click on the ISACA Now link in the blue box on the left.