Good Corporate Governance Is Built Upon Good Information and Data Governance
As you may know, COSO provides the overarching enterprise framework for corporate governance. This includes operations, reporting, and compliance. A key objective for COSO is the holding of individuals accountable for their internal control responsibilities. The COSO process typically starts by accessing risks and developing sets of control activities to mitigate discovered risks.
On an ongoing basis, organizations then need as well to generate relevant, quality information to evaluate the functioning of established internal controls. And finally they need to select, develop, and perform ongoing evaluations to ascertain whether the internal controls are present and functioning appropriately. Having said all of this, the COSO framework will not be effective without first having established effective Information and Data Governance.
So you might be asking yourself as a corporate officer why should you care about this topic anyway. Isn’t this the job of the CIO or that new person, the CDO? The answer is no. Today’s enterprises are built upon data and analytics. The conundrum here is that “you can’t be analytical without data and you can’t be really good at analytics without really good data”. (Analytics at Work, Thomas Davenport, Harvard Business Review Press, page 23). What enterprises tell us they need is great data—data which is clean, safe, and increasingly connected. And yes, the CIO is going to make this happen for you, but they are not going to do this appropriately without the help of data stewards that you select from your business units. These stewards need to help the CIO or CDO determine what data matters to the enterprise. What data should be secured? And finally, they will determine what data, information, and knowledge will drive the business right to win on an ongoing basis.
So now that you know why your involvement matters, I need to share that this control activity is managed by a supporting standard to COSO, COBIT 5. To learn specifically about what COBIT 5 recommends for Information and Data Governance, please click and read an article from the latest COBIT Focus entitled “Using COBIT 5 to Deliver Information and Data Governance”.