Corporate governance has become a priority in the aftermath of scandals such as Enron and Worldcom, highlighting the consequences of accounting irregularities and a lack of transparency, processes and controls within an organisation. The need to create measures or a means of managing information in a logical way, allowing for risk management, easy accessibility, retrieval and retention of information has been driven by regulations such as Sarbanes-Oxley, Basel II and the locally drafted guideline, King II.

Compliance requirements have seen the birth of new methodologies, processes and technologies such as information lifecycle management (ILM), aiding companies to understand the value of information and the management thereof.

ILM is an holistic process or management practice of smart content, process and resource management, providing proactive information management. ILM provides true value when striving for compliance and improved corporate governance.

The role of information has grown and will continue to do so, yet this gives rise to the critical issue of how we manage and protect these assets. ILM enables organisations to obtain maximum value from information at every point in the information lifecycle.

ILM's roots are found in indexing systems, providing companies with an overview of its information and where it is stored. This transparency eases retention efforts as it becomes easier to determine which information could be discarded and which information should be retained based on regulatory or legal requirements. Regulatory compliance mandates that companies must store, secure, recover data easily and then destroy the information once its lifecycle has ended, therefore has become a driver of ILM.

Therefore, the traditional IT approach of storing all information should be questioned, as not all information is vital and the value of information changes as it progresses through the information lifecycle. ILM consultants can assist companies to classify and value its data and establish the correct management strategies, in compliance with regulatory requirements.

ILM requires an integrated technology approach where combinations of solutions enable compliance, minimise legal risk and reduce costs. Each solution contributes toward improved content and process control thus improving compliance in a holistic way. The essential suite of enterprise solutions that contribute towards compliance efforts include:

* Imaging and document management.

* Workflow.

* Enterprise content management.

* E-mail management and archiving.

* Collaboration.

* Record management.

* Fixed content storage.

A number of excellent enterprise technologies are available locally that could be implemented to manage the process of acquiring, reviewing or accessing, managing or aggregating, distributing, storing and, once no longer required, destroying information. Well-structured ILM solutions should not only enable quick and easy accessibility to information but should also 'push' information proactively to the correct person. Protecting information is also paramount within the ILM approach and ensuring restricted access to information is rated as important as the necessity for firewalls, network and system protection. User rights, defined by roles and access rights to processes, ensure stringent controls are in place ensuring sensitive information is not accessed by the incorrect person. Securing information is vital as regulatory compliance mandates that data authenticity and integrity is irreproachable.

As the lifecycle of information reaches completion, storage provides the means to maintain information for the required period of time. Corporate governance is one of the main drivers of the retention component within ILM and keeping a record of information and data results in a storage strategy.

Archiving information and being able to access the information quickly forms part of the compliance issues within the ECT act, making hierarchical storage a popular choice.

ILM solutions should also provide the functionality to recognise retention periods and delete data and information as it reaches the end of its lifecycle. This provides compliance through retention strategies outlined in the ECT Act. As data increases exponentially it impacts on storage costs and it is important to ensure only relevant information is kept on record and the rest is deleted freeing up valuable storage space.

The role of the information systems (IS) department in assisting enterprises to comply with regulations is key to ensuring processes and controls are in place. ILM is rapidly gaining recognition as an effective route towards the achievement of compliance within organisations and as businesses adopt the combination of technologies and toolsets that enable an effective approach to corporate governance, so too will efficiencies increase within the company. ILM might seem like a large step to take to realign the organisation more effectively, yet return on investment is realised within a short period of time, proving the investment to be worthwhile.



For more information contact Zunaid Mohidin, Customised Business Solutions, 011 327 6323, zunaid@cbs-it.co.za