Vasant Raval, DBA, CISA
A discussion on just about anything can get “cloudy.” This may be for various reasons: For example, for a written word, space may be limited and the writer’s focus is on driving the main arguments or there is no room to make explicit all of the details of the subject matter. To illustrate, the term “governance” by itself could create boundless scenarios in the mind of the reader. Without a qualifier, such as “information,” it is difficult to define the scope of discussion. And even a higher level of granularity may be necessary, for example, “data [governance]” as a subset of information governance.
And sometimes, it is not just that simple. Rather, it is quite likely that a writer touches on an important dimension of the domain but leaves out other dimensions. For example, because resources and process focus is more clearly defined, it is relatively easy to center one’s discussion on governance exclusively on that area. In part, this visibility comes from the fact that this aspect of governance has also gained considerable weight from the regulatory regime. On the other hand, there are few regulatory mechanisms in place on how to create business value. Thus, the resources and processes are emphasized more than the governance of value creation. What do you think?
One of the major challenges of information governance lies in achieving proper alignment between the resources and processes on one hand and the business value creation on the other. Perhaps the myth that risk is separate from opportunities creates a false sense of confidence that it is not only convenient but also effective to deal with processes for risk management separately from processes for value creation. Our knowledge of how to synthesize the two dimensions and the alternative ways in which to achieve alignment is quite limited. Do you have any ideas on how the alignment can be improved?
Information governance initiatives in organizations may begin with the lowest common denominator of what needs to be done to comply with laws and regulations; however, the real challenge lies in growing to a much more holistic model of information governance. In fact, the first step of limited (regulatory) compliance efforts may produce initial conditions that could be less than ideal in terms of the next move to a more holistic framework.
Again, what do you think? Do organizations first limit themselves to the requirements of the law? If so, what approach do they take to grow from there? Or do they really decide to keep it at a level of compliance with the regulations?
The author is interested in hearing from you on any aspects of information governance. Please join the conversation with your questions or comments.
Read Vasant Raval’s recent Journal article:
“Ethics in COBIT 5
,” ISACA Journal
, volume 5, 2012