0

DEREK SMITH: IT governance vital in data-driven world

photo

Derek Smith

Changing economic conditions, access to global markets, evolution of information technology and an increased demand for enhanced corporate governance are all contributing factors to the growth of the Board’s role in governance. I had the opportunity to discuss governance with the Institute of Internal Auditors’ Bahamas Chapter last week. I welcomed the conversation as internal auditors are crucial to governance because they provide objective assurance and insight on the success and efficiency of risk management, internal controls and governance processes.

According to the Insurance Commission of the Bahamas (ICB) guidance note for corporate governance oversight assessment criteria: “Corporate governance and oversight refers to board and management functions, processes, structures and information used for directing and overseeing the operations of an institution.” Additionally, the Central Bank of The Bahamas (CBOB) guidelines for the corporate governance of banks and trust companies notes that such practices are related to the interaction of a company’s Board, management, shareholders and other stakeholders, including its employees and customers. Globally, according to the Cadbury Committee (1992), which is viewed as establishing the UK’s first governance code: “Corporate governance is the management system which directs and controls companies.”

The role of governance is to ensure consistent management, cohesive policies, guidance, processes and decision-rights for a given area of responsibility in order to meet and/ or exceed a company’s desired goals. Considering that October is cyber security awareness month, I wish to highlight the importance of data governance and information security governance.

Data Governance

The purpose of data governance is to manage data to optimise business outcomes and drive business development. Arguably, outside of human capital, data is the most important asset for a company. Business decisions are based on data. Data management and protection involves people, processes and technologies. A well-designed data governance programme is critical to ensuring data maximisation. The framework is considered a hub and must, at a minimum, include a data architecture, data modelling and design, data storage and operations, data quality, metadata, data warehousing and business intelligence and data security.

Information Technology (IT) governance

It is a triple-pillar approach of structure, participation and process. The structure speaks to the mode of operation selected for implementation. Participation involves the mechanisms implemented to engage all parties and ensure transparency in the decision-making process. The use of multiple IT standards and frameworks to best facilitate effective governance and controls around IT governance is the process.

Conclusion

In short, as companies address the growing array of risks created by new technology, cyber security, regulatory and disruptive innovation, being agile while compliant with corporate governance and oversight requirements is key to capitalising on opportunities.

  • NB: About Derek Smith Jr

Derek Smith Jr. has been a governance, risk and compliance professional for more than 20 years. He has held positions at a TerraLex member law firm, a Wolfsburg Group member bank and a ‘big four’ accounting firm. Mr Smith is a certified anti-money laundering specialist (CAMS), and the compliance officer and money laundering reporting officer (MLRO) for CG Atlantic’s family of companies (member of Coralisle Group) for The Bahamas and Turks & Caicos.

Comments

Use the comment form below to begin a discussion about this content.

Sign in to comment