Challenges of Maintaining Information Management Systems
Whether through their desire to mature business processes or fulfil compliance obligations, organisations are increasingly challenged by the overheads of maintaining multiple management systems and retaining their certifications. The seemingly administrative task of managing document sets is complicated by the differing lenses – risk, cyber governance, information lifecycle, privacy, quality, etc. – through which different information management systems view the same core policies and processes.
Management System Obstacles
Our clients frequently describe near-future compliance requirements as the main driver in adoption of a management system. The close horizon for these projects often produces a management system which is insular and focused solely on a specific customer compliance requirement. Supporting broader business objectives can be an afterthought.
As the organisation grows, additional management systems are added, but the lack of communication and coordination between these systems results in duplication of processes and documentation, and confusion as to precedence and scope.
Systems are frequently developed and managed by separate business teams, resulting in increasingly costly fiefdoms which duplicate effort and inflate the costs of maintenance.
We have found that clients experience similar hurdles in operating multiple management systems and retaining their certifications:
+ Relinquishing certifications due to costs and complexity
+ Duplicated and conflicting documentation, processes and policies
+ Inflated audit costs and associated downtime
+ Management systems locked into organisational silos
+ Little appetite to adopt new standards due to existing overheads
+ Poor staff engagement due to a jigsaw of unconnected processes
+ Lack of clarity as to the capabilities each system governs
+ Focus is on keeping the plates spinning, rather than advancing
The lack of coordination across multiple systems, or the failure to future-proof a single system in an organisation wanting to expand, results in common pain points:
Duplication of effort, processes and documentation
Costs of repeated auditing of common process areas
Start-from-scratch approach to adopting new standards
Paradoxically, organisations can be overwhelmed by maintaining multiple systems when their purpose is to improve business operations, quality and security. The upside from bringing systems into harmony with each other, and with your business practice, is to realise expected business outcomes. An Integrated Infomation Management Systems offers outcomes greater than the sum of its parts:
Processes and policies are synchronised across business systems
Administration and audit costs are reduced
Staff understand and can utilise the collected system toolsets
Vital Advisory’s Approach
Integrated Information Management System
To address the difficulties in maintaining a suite of management systems and then stretching to adopt further standards, we recommend an Integrated Information Management System (IIMS), which synchronises all your activities.
Firstly we work with you to understand your business and its objectives. Once this context is analysed, we review your system suite to identify:
+ Existing capabilities
+ Common processes
+ Duplicated policies and documentation
+ How staff resources are applied to system maintenance
+ Existing audit structures
+ Current benefit realisation
A core component of our Integrate Management System approach is a Capability Framework. The capabilities framework maps and details the business functions in each system: processes, controls, services, knowledge sets. This then becomes the common reference point for each management system to describe key functions.
Paired with the Capability Framework is a Maturity Model. This provides an at-a-glance assessment for each capability of its:
+ Implementation status
+ Calculated maturity level
The maturity model provides management with an easy to understand view of the strengths and weaknesses in your business processes and controls. This simplifies decision making on where to invest resources to strengthen your business.
Best Practise Foundations
Vital Advisory’s IIMS, capability framework and Maturity Model have been developed in alignment with aligned with best practise models, such as ISACA’s COBIT model, to ensure that effective governance structures are in place, regardless of the business line you are in.
Connecting management systems into an integrated whole is only part of the support Vital Advisory can bring to your information governance approach. We offer a number of supporting services to assist in implementation, review and preparation for certification:
We provide internal audit services for multiple standards. Our audit personnel have a combined experience measured in decades.