Playing with risk in a world of big data

In this new age of big data, information is key to the corporate strategy of every business. Yet, it can also be seen as the basis of seemingly endless investment in time and money, protecting customers and businesses from endpoint data loss whilst ensuring compliance.

Whilst playing “Risk” with my family recently, it occurred to me that the big data economy is actually very closely aligned to the reality of this board game. To win you must launch daring attacks, defend yourself and sweep across your opponents with boldness; but just when the world seems within your grasp, your opponent might strike and take it all away.

In other words, the world of big data is unmasking a new range of exciting opportunities, but it’s also untying a great range of new and complex challenges which we need to learn to address.

Though winning the real-life game of Risk can be more complex than the board game, it is worth highlighting two technologies – two weapons in their arsenal if you like - that organisations should deploy to help them simplify and transform an organisation’s Governance, Risk and Compliance (GRC) goals. These technologies are Enterprise Content Management (ECM) and Business Process Management (BPM), and they can maximise the value of information while minimising risk - particularly when used together.

According to Forrester research, 89 per cent of global companies are spending more this year than they were last year on information governance programmes. So what is the problem? Unfortunately, many organisations are still struggling to achieve universal adoption of these tools and are not entirely satisfied with the results they are providing. Inadequate use of the tools is likely to limit businesses’ record management capabilities and translate into poorly optimised BPM and workflow.

In an effort to understand where the main problems lie, OpenText and the AIIM (Association for Information and Image Management) this year conducted a joint survey of 1,200 organisations aiming to find out which governance, risk and compliance goals are seen as the biggest concern to organisations. The study also considered how these companies are currently implementing ECM, BPM and other Enterprise Information Management technologies to solve their GRC challenges and discover their limitations. An in-depth analysis of the results has led to the following conclusions.

Challenges

Keeping policies and procedures up-to-date was cited as the biggest challenge for most organisations, with 40 per cent of respondents agreeing on this. The fear of new and changing regulations was seen as the biggest threat to another 26 per cent.

Considering that most organisations are a patchwork of acquired and adopted policies, this makes perfect sense. Managing paperwork to demonstrate compliance will require more complex procedures for these businesses.

Risks

In terms of risks, security (56 per cent) and information privacy (52 per cent) were seen as the top dangers to the organisations surveyed. This is understandable considering the high number of data breaches suffered by big-name retailers hitting the news today. The likes of Ashley Madison, with 37 million affected users, and the Anthem Health Insurance breach, which affected 80 million customers, are notable examples.

Execution

The survey also found a very wide range of roles claiming to “own” the GRC programme. Where the legal department or a chief compliance officer (CCO) typically is supposed to manage an organisation’s governance, risk and compliance activities, results found that 56 per cent of the surveyed organisations reported not having a CCO in place.

At least some of these organisations’ responses are likely to have resulted from lack of awareness of the role. This could easily be translating into a failure to embrace risk management properly, with the likelihood that this is preventing them from fully integrating it into their daily business lives properly.

Recurring themes

Predominantly, organisations asked about their challenges with various GRC processes agreed that the biggest issues they faced were related to the disparate systems used to manage compliance documentation, including policies and procedures, supplier/vendor information and internal audit documentation. They also complained about the inefficiency of manual processes, for example to conduct internal audits and for policy approvals. The use of spreadsheets and other home-grown tools such as internal controls mapping and compliance tracking were also a recurring theme throughout the survey.

All in all, while it may seem clear for many organisations that Enterprise Information Management (EIM) software can augment their governance, risk and compliance goals, many still have incomplete ECM and BPM implementations in place and feel unsatisfied with the results. Findings clearly emphasise the need for a central, secure repository that is the authoritative system of record for compliance-based information. This, together with the desire to move from paper-based and manual practices to automated, auditable and more efficient business processes are clear findings worth stressing.

As such, it seems fair to say that in the same way as an advancing army needs to fortify its territories to succeed in the Risk board game, organisations must use EIM technologies to regain control over their governance, risk and compliance issues to be able to successfully maximise the value of their information whilst minimising their risk.

Lubor Ptacek, VP Product Marketing at OpenText