STANDARDS & CONTROLS: TAILORED INFORMATION GOVERNANCE POLICIES AND PROCEDURES
CD: To what extent can a global organisation standardise information governance (IG) policies and controls across countries? In your experience, how challenging is this process?
Bryant: Organisations should strive to standardise policies at a high level across organisations to drive a consistent culture of compliance, and a strong baseline from which to operationalise processes and procedures. Standardisation of enterprise technology solutions also enables these processes to be consistent globally and will simplify compliance as well as improve efficiency and reduce costs. However, inevitably, there are likely to be some local variations required, and these may be due to either differing local legislation, variation in the scale of operation and resources or the availability of specific technology, such as intranets, collaboration or content management systems and HR systems. For example, while one country might have individual managers or teams for marketing, HR, website management, privacy, legal, risk and compliance, some smaller countries might only have one or two people fulfilling all these roles. Processes and related workflows, therefore, need to be developed flexibly with the ability to scale up and down depending on the size of local teams. However, if possible, these variations are best kept at a local process level, with minimum change to policies unless there is a very specific legal justification. Standardisation is inevitably challenging as it requires us to change and adapt to someone else’s view of the world. It is therefore essential to make the benefits of change clear, to demonstrate how new processes or solutions will save time, enable compliance, provide central storage locations or audit trails and ultimately reduce cost and risk.
Jan-Mar 2020 issue
FTI Consulting