The 7 Most Important Things a Compliance Officer Must Know to Be Smart About Information Governance

Want to know whether something’s a fad or an actual trend? Keep tabs on the job requirements being posted for positions related to the issue you’re investigating! Companies tend not to want to throw money at things they don’t believe have traction, so if they’re asking for it, chances are it’s real.

This is precisely the case where compliance meets information governance, as an increasing number of job postings include language that speaks to both of these disciplines. So if you’re looking to enhance your career prospects in either one, then you may find the following bits of painfully-gained wisdom to be especially useful as organizations seek people with these twin skillsets.

  • Compliance begins with information access, for without it, monitoring and reporting simply can’t happen. Done properly, big parts of the job include conducting spot-checks to ensure people are doing what they’re supposed to be doing, reading reports of possible or actual violations, and reviewing the corrective actions taken – but none of this is possible without the ability to connect to siloed document repositories, or to read workflow logs, or to otherwise keep an eye on things.
     
  • To that end, be aware that your organization probably has groups within it that you don’t even know about – as well as groups that don’t know about you! We see it all the time, and the result is that it makes casting the necessary “broad net” nigh impossible (until or unless something bad happens). So it is important to go manager by manager and inventory who does what with which pieces of information. Only then might you catch wind of a significant majority of what’s going on.
     
  • More technology doesn’t equal better compliance – in fact, it can exacerbate the problem by creating information and technology siloes. Piecemeal efforts to overlay governance on disjointed stacks usually just complicate the implementation, monitoring, and enforcement of standard practices, and actually work at cross-purposes to what you set out to do.
     
  • Still, standard procedures are a must. Allowances can and should be made for departmental variations in, say, vocabulary or administrative business process. But these should be baked into the overarching program, not left to evolve on their own, lest they corrode the order and discipline you are seeking to install and thereby give auditors a convenient stick to beat you with.
     
  • Trust but verify. However strongly your managers affirm their commitment to supporting your compliance initiative, be sure to keep tabs on how well they are sticking to the protocols you develop. Because compliance is not their job, it’s likely to be one of the first things to be let go when their project deadlines loom and other pressures mount.
     
  • If a document exists, it’s subject to audit. Never mind that the original paper is long forgotten in a dusty box on the back stairs of the basement annex, or an archive of backup tapes contain copies going back years – if there’s a serious enough inquiry, someone will find it, and your organization could be penalized for not producing it when demanded.
     
  • It also doesn’t matter whether that document is on paper or electronic, or what electronic format it’s in, or which system it’s housed in. Rather, it’s the nature of the content itself that determines whether or not it’s part of the compliance conversation.

These are my top 7 – what would you add?

About the author: Steve Weissman

Steve Weissman is Principal Consultant at Holly Group and Co-Founder of Information Coalition. A trusted advisor for more than 20 years, he is a recognized expert in information governance and process innovation – or as he defines it, in the “’care and feeding’ of critical business information and the technologies used to manage and protect it.” Known as The Info Gov Guy™, Mr. Weissman leverages a proven proprietary methodology to optimize everything from your strategic planning and needs assessment to your vendor selection and user adoption. He is a member of the AIIM Company of Fellows and holder of numerous industry designations, and can be reached at steve@hollygroup.com or 617-383-4655.

Leave a Reply

Your email address will not be published.