The approach recommended by this tutorial is people and process centric. Platform (i.e. technology) initiatives only make sense after the critical people and process issues have been addressed. That said, the approach does include the development of a technology framework within which platform solutions can be implemented. In short, the proposed approach is integrated and comprehensive. It encompasses the legal, business and technical implications inherent in the development of an effective ERM policy.
Before further discussion, it is critical that key terms be defined. The following list provides more precise definitions of key terms used throughout the remainder of the tutorial.
Notice that the policy definition is quite broad. This is as it should be. A policy must represent more than just a document. It must be a "living thing" with the requisite electronic enforcement capabilities. Sans the latter it becomes vacuous for all intents and purposes. That is, it is likely to be of little value either operationally or legally.
There is simply no way that a document alone can provide operational value from day to day, quarter to quarter, and year to year. Likewise, no credible "good faith" legal argument can be built with a document as its only foundational support. In order for an ERM Policy not to become just one more organizational dead letter, it needs "electronic and procedural teeth."
The process by which this is accomplished is discussed in the next two sections: 1) Capturing the "As Is"; and 2) Developing the "To Be." However, before proceeding it is instructive to consider for a moment what is meant by a "living document" and the abstraction represented by the phrase "electronic and procedural teeth." A good way to think about this is embodied in Peter Senge's seminal book "The 5th Discipline" and the Systems Thinking concept developed therein. A good summary of the book's foundational concepts is found here.
An effective ERM policy provides governance not merely by the operative words that it contains (e.g. a purchase order must be retained for the following period of time), but by the description (i.e. blueprint) of the system required to ensure compliance. Given that we live in an electronic world, this blueprint must describe the technological computing framework by which governance is enabled and the organizational processes that underpin it.
In other words, the policy is a "living document" with "electronic and procedural teeth" when it describes the system by which compliance is achieved and the roles and responsibilities of various organizational stakeholders required to administer it.
|Internet eDiscovery Lawyers. People. Process. Platform.|