12
Value and Data Centric Governance: A Unified Approach Richard P. Kessler KPMG Cyber Security Strategy and Governance October 17, 2018
Value and Data Centric Governance:A Unified ApproachRichard P. KesslerKPMG Cyber Security Strategy and Governance
October 17, 2018
2
The volume, variety, and complexity of data are growing. The ever-increasing amount of sources and channels is challenging traditional approaches to information and data management.
Exponential data growth
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 801037
33© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 801790
Convergent forcesThree macro trends are at play today which will have a dramatic effect on how we think about both disruptive technologies (e.g., artificial intelligence) and governance in the years ahead.
Data Data Protection Automation
4
Leadership
“I participate in over 45 (governance) committees”
Visibility
“No one person has a view of the entire portfolio of work related to data and information-driven initiatives”
Regulations
“Regulations require us to align security, lifecycle, data governance, client & employee data managing functions”
Strategy
“How are discretionary investments best targeted to maximize use of data as a strategic asset and to protect data?”
Industry testimony
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 801037
5
Information Governance“The specification of decision rights and an accountability framework to ensure appropriate behavior in the valuation, creation, storage, use, archiving and deletion of information. It includes the processes, roles and policies, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.”– Gartner
“The exercise of authority and control over the management of data assets to define, approve and communicate data strategies, policies, and standards; to track and enforce regulatory compliance and conformance to data…” etc.– Data Architecture Management Association (DAMA)
“The function that defines and implements the standards, controls and best practices of the data management program in alignment with strategy.” -Enterprise Data Management Council (EDM)
“Activities and technologies that organizations employ to maximize the value of their information while minimizing associated risks and costs.”– Information Governance Initiative
Data Governance
Data Governance vs. Information Governance
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 801037
6
Legacy information governance framework
IG senior executive committee
IG advisory and control committee
Senior executive committee(s)
Program management office – 2nd LOD (e.g., Compliance/Risk Control)
Global, dedicated information governance staff advise/challenge/operationalize
Enterprise change portfolio – including 1st LOD (e.g., self-identified Risk Issues, new efforts)
Programs, projects, policies, platforms, technologies, strategies, data, analytics, innovation, etc.
Inte
rnal
Aud
it
C-suite owner/sponsor/C-Suite/BoD
Legal TechnologyCompliance Data and information disciplines
Business lines RiskOperations
Business lines/regional representatives
Investigators (e.g., internal, aml, fraud,
litigation)
Data Governance
Data protection/data privacy
Investigative technology
Enterprise Architecture/Technology
Records and information
management
Compliance/operational risk
mgmt.
Information and cyber security
Exte
rnal
Aud
it
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 801037
7
Objectives are adapted from IBM Watson Unified Governance Integrationhttps://www.ibm.com/analytics/us/en/unified-governance-integraton/
POLICIES PROCESSES PEOPLE TECHNOLOGY INFORMATION GOVERNANCE
A unified governance structure facilitates a simpler, more aligned approach:
Make data make money
Make data make sense
Make sense of the data
Make data secure
Make data compliant
Make data available
Objectives:
Objectives of a unified approach
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 801037
8
1413
12
11
10
98
PrivacyUnified Data &
Information Governance
76
5
4
3
21
Customer Experience
Value creation
Organizations are creating value out of data through a variety of investments. The “always on” nature of the digital world leads to an abundance of data that organizations can use to make better and faster decisions.
Value enablement
Unified data and information governance enables smart decision-making powered by the understanding of data the information extracted from it across numerous, diverse domains so that an organization can pursue what it wants to achieve by addressing enablers.
Unified data and information governance
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 801037
9
Legacy information governance vs. unified governance
IG senior executive committee
IG advisory and control committee
Senior executive committee(s)
Program management office – 2nd LOD (e.g., Compliance/Risk Control)
Global, dedicated information governance staff advise/challenge/operationalize
Enterprise change portfolio – including 1st LOD (e.g., self-identified Risk Issues, new efforts)
Programs, projects, policies, platforms, technologies, strategies, data, analytics, innovation, etc.
Inte
rnal
Aud
it
C-suite owner/sponsor/C-Suite/BoD
Legal TechnologyCompliance Data and information disciplines
Business lines RiskOperations
Business lines/regional representatives
Investigators (e.g., internal, aml,
fraud, litigation)Data Governance Data protection/
data privacyInvestigative technology
Enterprise Architecture/Technology
Records and information
management
Compliance/operational risk
mgmt.
Information and cyber security
Exte
rnal
Aud
it1 New Business 8 Risk
Management 11 Privacy 12 Security 14 Lifecycle13 Investigations9 Compliance
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 801037
10
Grow business and increase revenue
Protect and secure information
Improve monitoring and surveillance
Accelerate innovation and address disruption
Develop optics on data value, quality and meaning
Enable data value and risk profiling
Mature operational risk management
Outcomes of a unified approach
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 801037
11
Call to action: getting started
Simplify by aligning and converging governance structures and roles
Build, maintain and implement principles-based mandatory requirements
Focus on value creation (e.g., business growth), but always consider enablers
Align and integrate metrics, risks, controls, and reporting across domains
© 2018 KPMG LLP, a Delaware limited liability partnership and the U.S. member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. NDPPS 801037
