Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Whsg rmaa industry showcase oct 2008 compliance
1. Adhering to appropriate Information
Management governance structures
RMAA Industry showcase
October 2008
2. Why are governance structures important?
• You can add new text slides by clicking
on the „new slide‟ icon at top or by
clicking Insert then New slide
• You can use the multiple slide view at
the bottom to copy and paste slides.
4. What am l covering today?
“governance is a multi-faceted discipline that not only includes
the formulation and implementation of strategy, but the
establishment of systems and processes that enable effective
risk management as well as legal and regulatory compliance.”
ASX Corporate Governance Council (2003)
“information governance is emerging as a critical competency”
Gartner (2007)
5. The governance framework of Information
Management……
“the audit identified that there is an increasing
range of legislation, standards, policies and
guidance that is issued by a number of
Australian Government entities that has
recordkeeping implications. The status of this
material ranged from mandatory legislative
requirements to better practice advice and
guidance, the majority of which is issued by
Archives. The ANAO found there was differing
levels of awareness of this material in the entities
audited.”
Australian National Audit Office (2006)
6. Information Management standards
•ISO 15489 Records management by IT/21 (Standards Australia)
•ISO9000 Quality certification compliance
•ISO 2788:1986 Guidelines for the establishment and development of
monolingual thesauri
•ISO TC 46 SC11 Archives/Records Management
•ISO/TC171/SC2N450 - ISO/DTR 22957 Document management -
Analysis, selection, and implementation of Electronic Document
Management Systems (EDMS)
•ISO/TC171/SC2N451 - ISO/CD 12029 Electronic imaging – Forms
design optimization for electronic image management
•W3C Web content accessibility & Mobile Web Best Practices a
Candidate Recommendation
•AS 5037-2005 Knowledge management
•AS17799 s. 9 – Information Technology Code of Practice for Information
Security Management - design and use of access controls & digital
signatures
•AS17799 - section 8.7.4 security risks and guidelines for items to be
included in an email management policy
•Australian Government Locator Service/Dublin core metadata
•Anglo American Cataloguing rules
7. Information Management regulation
• Disposal schedules
• National Archives Australia (2006). Functional requirements for
Electronic Records Management Software
• International Model requirements for the management of electronic
records (MorEq)
• Policy and procedures identified by Archives as delegated by the
relevant Act
• Designing and Implementing Recordkeeping Systems (DIRKS)
• Codes of ethics – NSW Professional Conduct regulation
• VERS toolkit
• Private sector Privacy Codes
• Litigation plan
• US Department of Defense (DOD) Directive 5015.2
8. Information Management legislation case law
Common law
• Evidence Act 2004 (NT)
• Commonwealth Evidence Act 1995
• Archives Act 1983
• Legal Deposit
• Sarbanes Oxley 2002
• Tax Ruling TR 2004/D23
• Electronic Transactions Act 1999 (Commonwealth)
• Corporations Act
• Income Tax Assessment Act 1936
• Crimes (Document Destruction) Act 2006
• Information Act
• Freedom of Information
• Copyright
• Privacy Act 1988 (Cth)
Case law
• Consistency of behaviour – policy and procedures
9. Cost of non compliance – Valuing information models
“the wealth of an organisation is based on its
accumulation of useful knowledge - its
knowledge capital. The value added to an
organisation by information, discussed ..... under
`information productivity' can be regarded as an
annual return on its accumulated knowledge
capital.“
Strassman (1996)
10. Information valuation models
Focus on human, customer Focus on market
and structural capital capitalization, return on
assets, and other monetary
valuations.
•Intangible asset monitor (Sveiby, •Tobin's Q, economic value added
1997); (EVA), Market-to-Book Value,
•Balanced scorecard (Kaplan and Intellectual Asset Valuation, Total
Norton, 1992; 1996;75 2000); Value Creation, Total Value
•Skandia value scheme (Edvinsson •Creation, Knowledge Capital
and Malone, 1997). Earnings, citation weighted patents,
•IC-Index Model and HVA Model (Roos etc. (see for instance: Stewart (1997);
and colleagues 1997) Bontis (2001); Bontis et al. (1999); Lev
(1999); Sullivan (2000))
•Technology Broker Model (Brooking
(1996, pp. 13-14) •Value Chain Scoreboard Lev (2002)
•Net Present Value (NPV)
11. Cost of non compliance
• Tax compliance
• Knowledge recreated/lost
• Damages awarded
• Loss of business critical records
• Loss of reputation
• Fines/e-discovery time
• Job loss
• Lost productivity
12. Case study – Government Owned Corporation
NT Power Generation Pty Ltd v Power and Water Authority [2004]
"There is no other procedure established under the PAWA Act by which the minister could control
the operations of PAWA. As a matter of practice, as the communications between PAWA and
the minister demonstrate, the procedure of a minute from the chief executive officer and his
response by endorsement on that minute was the normal means by which the minister
(where he considered it appropriate) gave directions under s 16 of the PAWA Act. There is
no evidence to indicate any other means by which directions under s 16 were given."
S. 132
PAWA has not demonstrated error in the reasoning of Finkelstein J. PAWA took this Court to
some oral evidence of Mr Gardner in an endeavour to counter Finkelstein J's conclusion that
the Minister's desire to have PAWA act as he wished was not always conveyed by direction.
That oral evidence was vague, was undermined by other evidence, and, in any event, did not
falsify Finkelstein J's conclusion. The PAWA Act does not stipulate that s 16 "directions" are
to take any particular form, and the Court was not taken to any other legislation which did.
Even if Mr Gardner's evidence establishes that he thought he had received a s 16 direction in
August 1998, that does not prove that he did. Everything depends on the terms of the briefing
note: no other possible "direction" was relied on. But it is not possible to infer from the
briefing note that any direction was given. The acceptance of the recommendation in the
briefing note was too vague to amount to a s 16 direction. It did not refer to s 16, yet citation
of the source of power could be a crucial matter in the event of later political or forensic
controversy about whether any directions had been given or obeyed - for Mr Gardner had a
duty to obey them. It did not speak in the language of command or mandate or instruction - it
did not direct.
13. Case study – Private Sector – British American
Tobacco
• McCabe v British American Tobacco Services
Limited (BAT)
• Review was completed by Professor Peter A
Sallmann in May 2004 for the Victorian
Attorney-General on Document Destruction
and Civil Litigation in Victoria
• Resulted in the Document Destruction Act
2006
• Fines of $314,430 for companies and $62,886
or 5 years imprisonment for individuals
14. Case study – Health provider
H v Health Service Provider [2007] PrivCmrA 10
• Inappropriate disclosure of information
• National Privacy Principles 2 and 4 in Schedule 3
of the Privacy Act 1988 (Cth) breached
• Extensive Privacy Commissioner audit of
processes and policy
• Medical centre offered complainant compensation
without admitting liability
15. Case study – Law firm
KATRINA NUGENT 9.39am: Yesterday I put my lunch in the fridge on Level 19 which included a
packet of ham, some cheese slices and two slices of bread which was going to be for my lunch
today. Over night it has gone missing and as I have no spare money to buy another lunch today, I
would appreciate being reimbursed for it.
MELINDA BIRD 9.55: Katrina, There are items fitting your exact description in the level 20 fridge.
Are you sure you didn't place your lunch in the wrong fridge yesterday?
KATRINA NUGENT 10.06: Melinda, probably best you don't reply to all next time, would be
annoyed to the lawyers. The kitchen was not doing dinner last night, so obviously someone has
helped themselves to my lunch. Really sweet of you to investigate for me!
MELINDA BIRD 10.14: Katrina, since I used to be a float and am still on the level 19 email list I
couldn't help but receive your ridiculous email - lucky me! You use our kitchen all the time for some
unknown reason and I saw the items you mentioned in the fridge so naturally thought you may
have placed them in the wrong fridge. Thanks I know I'm sweet and I only had your best interests
at heart. Now as you would say, "BYE"!
KATRINA NUGENT 10.15: I'm not blonde!!
!MELINDA BIRD 10.16: Being a brunette doesn't mean you're smart though!
KATRINA NUGENT 10.17: I definitely wouldn't trade places with you for "the world"!
MELINDA BIRD 10.19: I wouldn't trade places with you for the world... I don't want your figure!
KATRINA NUGENT 10.21: Let's not get person (sic) "Miss Can't Keep A Boyfriend". I am in a
happy relationship, have a beautiful apartment, brand new car, high pay job...say no more!!
MELINDA BIRD 10.23: Oh my God I'm laughing! happy relationship (you have been with so many
guys), beautiful apartment (so what), brand new car (me too), high pay job (I earn more)....say
plenty more... I have 5 guys at the moment! haha.
16. Achieving, auditing and maintaining compliance -
Whitehorse services
• Information technology governance
• Information technology and telecommunications strategy, planning, and acquisition
• Systems Integration and Facilities Management services
• Information, records, library, and knowledge management labour hire, archiving, disposal
schedules, cataloguing, advise, strategic planning
• Risk evaluation and planning
• IT outsourcing management
• Scanning solutions through our business partner INFORG Information Solutions
• Electronic Commerce, including business analysis and process design
• HP Tower and Outback Imaging (Ezescan) accredited business partners
• Laptop training network and Training facilities in Darwin and Melbourne
• Sharepoint & TRIM installations, upgrades, integration, reviews and tailored add ons
• Regional telecommunication and other infrastructure planning and implementation
• Negotiation and funding access
• Federal and State Government liaison
• Policy evaluation, advice, business planning
• ICT resource and industry research analysis publications
• Project management
• TRIM/Sharepoint training
• Certified staff
17. References
http://www.anao.gov.au/uploads/documents/2006-
07_Audit_Report_61.pdf
Chua and Van Toorn (2005). Documents, risk and the fate
of your organisation:Document management in the age
of corporate accountability
Priest, M. (2006). Document destruction could be costly.
Australian Financial Review, 8/9/2006, p. 58
Moneycontrol.com (2007). Blogging will be the future
management tool: Accenture
Standards Australia
www.austlii.edu.au