Advertise on ITWeb         Fri, 19 Jan, 07:05:58 AM

Data Governance Council
An IBM event in partnership with ITWeb

Fine-tuning governance focus

There are two views regarding information governance: one focuses on the governance of information, the other on governance of technology. There needs to be a distinction between the two groups to ensure information assets are being governed and managed efficiently.

This is the view of Elize van der Linde, GM of the Absa Data Governance Organisation, who spoke at the IBM Data Governance forum held in partnership with ITWeb, last week. She adds that a governance framework needs to be explicit and identify exactly which policies for data governance are necessary.

“The board should ensure there are systems in place for the management of information, including information security, information management and information privacy.”

According to Van der Linde, the South African Data Governance Forum was established in March 2009 and is affiliated with IBM's International Information and Knowledge Governance Council, which was formed in 2004.

08:00 Registration and refreshments
09:00 Welcome address
Elize van der Linde,
General manager: Data Governance Organisation – Absa, Chairperson for IBM South Africa Data Governance Council
09:30 Keynote address
Steven Adler, Program Director, IBM Data Governance Solutions
10:45 Tea break
11:00 Onramps to data governance
Sunil Soares is the director of Information Agenda Industry Solutions
12:00 Close
14:00 Lunch
She said the forum provides an opportunity for networking and exploring the common challenges in data governance, by working on various case studies that tackle the issues relevant to the South African market.

Inside, out

Van der Linde noted that there are two types of organisational issues affecting data governance: external and internal factors.

“External factors include regulatory and legal requirements, which signal a new era of compliance and risk management,” said Van der Linde. She noted there is a demand for more rigors in governance frameworks.

Van der Linde added that data security is also an issue. “There is an increase in information-related crimes in the form of identity theft and phishing attacks.” Information security is also an internal factor, according to Van der Linde, and procedures need to be in place to stop data leaks from occurring within the organisation.

She commented that data quality falls under both roles, where standards for data accuracy and completeness need to exist. “By identifying the weakness in data, we can assess the impact on reporting for risk mitigation.”

A look inside

“Absa's data governance journey started in 2008 and has been going for almost two years,“ said Van der Linde. “It has often had to stop, and go through U-turns or pot holes along its journey, but the operating model has remained constant over the years.”

She said since its inception, Absa has made strides in improving understanding of business requirements, priority and risk appetite due to the active support of a risk director.

Van der Linde highlighted the need for a high level of visibility to action data governance. “There is a need to understand what is important to the company, and it takes time to get to know the people and what information is important to each division.”

“Direct interaction is key – it motivates and helps resolve issues in the company. It is important to understand key areas and potential issues,” said Van der Linde, stating the need for an open forum for people to engage with each other, if an open environment is to be harboured.

Limited understanding

“People don't understand the distinction between technology and information,” she noted, using the analogy of water flowing through a pipe system. She attributes the technology to the pipes of the system, through which the information needs to flow.

“There are several places in the system where a contamination can occur, and often it is difficult to discover where the information is being contaminated,” she explained. There are also risks leading to information becoming tainted, which affects the entire system, to which she posed the question: “Can you trust the information that comes out the other end?”

Van der Linde added that good governance requires one to look through the entire scope of the system, and to audit continuously. “Good governance is an outcome of strategy, leadership and focus,” she concluded.
Click here for the presentations and audio.


IBM and Data Governance
With high-profile data breaches and incidents skyrocketing, the challenge to protect and manage data has become a universal concern for organizations. To help better understand the emerging space, IBM created a leadership forum in November 2004 for chief data, security, risk, compliance and privacy officers concerned with data governance issues. Since then the IBM Data Governance Council has steadily grown to comprise nearly 55 leading companies, universities and Business Partners, including large financial institutions, telecommunications organizations, retailers and even public sector governments.

Who should attend?

The King III report on Corporate Governance will come into effect on 1 March 2010 and will become operative on 1 July 2010. The King III report, for the first time, includes IT governance and its strategic alignment with business. According to chapter 5.6 of the King III report, the board should ensure that information assets are managed effectively. Furthermore, the board should ensure that processes have been established to implement a formal information security management system, to ensure:
The confidentiality, integrity and availability of information
That company information is adequately protected
That personal and sensitive information has been identified and is protected according to relevant laws and regulations