Final project term about information governance
pimrypie
Boonchoodiscussw2.docxOnce you have created your Risk Management plan (after surveying legal requirements, specifying compliance requirements, creating a risk profile, performing risk analysis and assessment), you need to develop metrics to measure the success or shortcomings of the
execution your plan. As Smallwood said; “Information Governance (IG) is not a [one-off] project, but rather an ongoing program” (Smallwood, 2014). First of all, before you manage, you must define appropriate metrics to measure your programs. The executive committee will set the IG program's goals. There are many factors to consider to align the metrics with the goals of information governance, such as; an organization's size, industry, and regulatory environment. Benefits include improving regulatory compliance, securing confidential, personal information, reducing IT storage and cost, reducing litigation risk, and increasing productivity. Measuring your IG Program's status is essential and can only be achieved by developing well thought out relevant metrics tailored to your organization’s goals and objectives. Smallwood lists an example of several specific metrics that could be relevant, such as:
· Reduce data lost on stolen laptops by 50% over last year
· Reduce the number of hacker intrusions events by 75% over the previous fiscal year
· Provide information risk training to 100% of the knowledge-level fork-force
· Reduce e-discovery collection and review cost per GB by 25% over last year
The type and number of metrics will vary among projects depending on the organizational goals and identified risks (Smallwood, 2014).
Metrics is a tool that helps an organization to look after their business, employees, and resources, and compliance to regulatory and safety regulations, etc. Accurate quantitative tracking will tell you what is actually happening and form a basis, for improvement. It also helps the organization to achieve its targets. Performance tracking will show light on important information about a process, project, plan, management, operations, performance, results, etc., It is used to measure, analyze, compare, values, and make an informed decision. All the understanding gained in the IG program, especially in Information Risk Planning and Management, can be represented, viewed, and analyzed in terms of numbers, making it easy, simple, meaningful, and satisfactory.
Once your project is completed and you are collecting metrics in accordance with your Risk Mitigation Plan, now you have to evaluate the effectiveness of those metrics for the completed project. This step will also be beneficial to inform the next project. Six Ten discussed seven Risk Management Metrics to track; I will discuss four here.
Tracking the number of risks that occurred is beneficial because it tells us the number of
actual risks that occurred and turned into issues. If lots of risks are tracked but do not turn into issues, then maybe the wrong risks are being tracked. If risks are tracked, but none turn into an issue, this could mean that the team is not tracking the correct metrics.
Tracking the number of risks that occurred more than once can tell us that lessons are not
being learned and that more management attention should be given to this issue.
Cost of risk management is a critical metric that tells us the cost of risk versus the
budgeted cost. Tracking this also informs us to the cost of risk on project.
Tracking the number of risks closed number of risks closed is a worthwhile metric because it can tell how effective our risk mitigation plan is (Six, 2019).
Metrics are developed to measure compliance levels and determine those responsible for executing the new risk-mitigating processes. In the Information Governance program, values are demonstrated through metrics to describe the impact of Information Governance. The metric is the measurement of the achievement of the organizational leaders' and stakeholders' education about Information Governance's objectives and purpose. Metrics show how an organization embarking on Information Governance will achieve its goals in numbers. Metrics treat information as a valuable business asset. A business or a program's metric is quantifiable measure organizations use to track, monitor, assess the success or failure, or perform various business processes and programs.
Reference:
Six, T. (2019, February 25). 7 Risk Management Metrics You Should Be Tracking. Ten Six Consulting. https://tensix.com/2019/02/7-risk-management-metrics-to-track/.
Smallwood, R. F. (2014). chapter 4. In Information governance: concepts, strategies, and best practices (p.50). John Wiley & Sons.
Smallwood, R. F. (2014). chapter 5. In Information governance: concepts, strategies, and best practices (p.61). John Wiley & Sons.
