The principles
This presentation is the property of its rightful owner.
Sponsored Links
1 / 24

THE PRINCIPLES: PowerPoint PPT Presentation


  • 81 Views
  • Uploaded on
  • Presentation posted in: General

THE PRINCIPLES:. Compliance. Presented by: Marty McNulty, ARMA Board Member. One Reason to use The Principles.

Download Presentation

THE PRINCIPLES:

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


The principles

THE PRINCIPLES:

Compliance

Presented by:

Marty McNulty, ARMA Board Member


One reason to use the principles

One Reason to use The Principles

  • New regulation of Dodd-Frank mandate new enforcement for financial, credit, investment and other organizations such as Energy Companies, Electric and Gas utilities, Chemical, Mining and Mineral, Airlines, Agribusiness, and Consumer Products.

  • Information Management, Pulzello, Fred and Bhavsar, Sonali, November 2011.


Dodd frank act

Dodd-Frank Act

  • Focus on Information Governance

  • ECM Capabilities

  • Management Tools

    “Dodd-Frank’s “Title VII-Wall Street Transparency and Accountability” emphasizes the principles of accountability and transparency for recordkeeping”.

  • Information Management, Pulzello, Fred and Bhavsar, Sonali, November 2011.


The principles1

The Principles

  • ARMA International’s Governance Maturity Model

  • Purpose: Provide a solid foundation for an Information Governance Structure

  • Objective: Ensure companies are meeting their operating needs, legal and regulatory obligations.


The principles2

The Principles

  • 1. Accountability

  • 2. Integrity

  • 3. Protection

  • 4. Compliance

  • 5. Availability

  • 6. Retention

  • 7. Disposition

  • 8. Transparency


How can adopting garp principles help an organization in legal matters

How can adopting GARP principles help an organization in Legal matters?

  • Adherence to the PRINCIPLES indicate how an organization is on top of its statutory and regulatory recordkeeping requirements. Overarching all this is the Principle of Compliance, which means that organizations must be sure that they are complying with recordkeeping and overall information governance requirements. In terms of “Legal matters,” compliance with The Principles should mean that the organization has a RIM program that is legally defensible, including the all-important Legal Holds policy and procedures to avoid sanctions for spoliation (i.e., the wrongful destruction of documents or evidence).

  • John Isaza is a California-based attorney and founding partner of the HowettIsaza Law Group, a law firm that specializes in electronic information governance, records management and overall corporate compliance.


Compliance

Compliance:

The recordkeeping program shall be constructed to comply with applicable laws and other binding authorities, as well as, the organization’s policies.


Compliance1

Compliance

  • It is the duty of every organization to comply with applicable laws, including those maintaining records. An organization’s credibility and legal standing rest upon its ability to demonstrate that it conducts its activities in a lawful manner.

  • The absence of and/or the poor quality of records may impair or jeopardize a business’s right to conduct business.


Compliance2

Compliance

Duty:

  • 1. The recordkeeping system must contain information documenting that the organization’s activities are conducted in a lawful manner.

  • 2. The recordkeeping system is subject to legal requirements (i.e. tax, environmental, engineering, etc.).


Steps to achieve compliance

Steps to Achieve Compliance

  • Step One: Identify the Key Stakeholders

    • Compliance – Legal and regulatory agencies and their associated staff members.

    • Legal – understand the firm’s litigation profile

    • Information Technology – understand technology infrastructure of the firm.

    • Risk Management

    • Business Unit Line Managers


Steps to achieve compliance1

Steps to Achieve Compliance

  • Step Two: Gather Existing Information

    • Policies and Procedures

    • Data Maps

    • Functional Workflows


Steps to achieve compliance2

Steps to Achieve Compliance

  • Step Three: Define Desired Compliance Outcome and Criteria

    • Use five level grading criteria

      • Substandard

      • Indevelopment

      • Essential

      • Proactive

      • Transformational


Steps to achieve compliance3

Steps to Achieve Compliance

  • Step Four: Identify Gaps between Current and Desired Compliance Criteria-Practices

    • Use the Principles Assessment Tool

    • Conduct a Gap Analysis

    • Establish Benchmarks and/or Set Criteria


Steps to achieve compliance4

Steps to Achieve Compliance

  • Step Five: Prioritize Gaps to be addressed

    • List Gaps and set priorities

    • Make them simple and clear


Steps to achieve compliance5

Steps to Achieve Compliance

  • Step Six: Develop a Roadmap to the Desired Compliance Criteria/Practices

    • Determine the actions to take along a timeline to reach the desired Compliance State with the new Criteria/Practices

    • Identify/assign resources to deliver action items.


Steps to achieve compliance6

Steps to Achieve Compliance

  • Step Seven: Develop a Roadmap to the Desired Compliance Criteria/Practices

    • Determine the actions to take along a timeline to reach the desired Compliance State with the new Criteria/Practices

    • Identify/assign resources to deliver action items.


Steps to achieve compliance7

Steps to Achieve Compliance

  • Step Eight: Deliver New Criteria and Audit Reporting

    • Setup a Compliance auditing tool with the new criteria

    • Schedule an audit annually and measure against previous year’s compliance.

    • Report Compliance Grade and Findings

    • Submit Recommendations to close gaps and address findings.


Maturity model for information governance

Maturity Model for Information Governance

  • Level 1 – Substandard

  • Level 2 – In Development

  • Level 3 – Essential

  • Level 4 – Proactive

  • Level 5 - Transformational

  • Maturity Model can be found on ARMA website at: http://www.arma.org/r2/generally-accepted-br-recordkeeping-principles/metrics/metrics-compliance


Maturity model

Maturity Model

  • Level 1 (Sub-standard): This level describes an environment where recordkeeping concerns are either not addressed at all, or are addressed in a very ad hoc manner. Organizations that identify primarily with these descriptions should be concerned that their programs will not meet legal or regulatory scrutiny.


Maturity model1

Maturity Model

  • Level 2 (In Development): This level describes an environment where there is a developing recognition that recordkeeping has an impact on the organization, and that the organization may benefit from a more defined information governance program. However, in Level 2, the organization is still vulnerable to legal or regulatory scrutiny since practices are ill-defined and still largely ad hoc in nature.


Maturity model2

Maturity Model

  • Level 3 (Essential): This level describes the essential or minimum requirements that must be addressed in order to meet the organization's legal and regulatory requirements. Level 3 is characterized by defined policies and procedures, and more specific decisions taken to improve recordkeeping. However, organizations that identify primarily with Level 3 descriptions may still be missing significant opportunities for streamlining business and controlling costs.


Maturity model3

Maturity Model

  • Level 4 (Proactive): This level describes an organization that is initiating information governance program improvements throughout its business operations. Information governance issues and considerations are integrated into business decisions on a routine basis, and the organization easily meets its legal and regulatory requirements. Organizations that identify primarily with these descriptions should begin to consider the business benefits of information availability in transforming their organizations globally.


Maturity model4

Maturity Model

  • Level 5 (Transformational): This level describes an organization that has integrated information governance into its overall corporate infrastructure and business processes to such an extent that compliance with the program requirements is routine. These organizations have recognized that effective information governance plays a critical role in cost containment, competitive advantage, and client service.


In summary

In Summary

Compliance is the umbrella of all of The Principles. All firms are legally responsible to perform recordkeeping practices that are legally defensible and responsible. This level of compliance can be achieved by using

The Principles.


  • Login