Government Information Strategy Unit GISU Tasmanian Archive Heritage Office Why the audit Digital transformation has given way to digital disruption as social media cloud and the rapid evolution of emerging technologies change the face of information creation capture sharing and collabo ID: 792397
Download The PPT/PDF document "IM Maturity Assessment – An introducti..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
IM Maturity Assessment – An introduction to the AuditGovernment Information Strategy Unit (GISU)Tasmanian Archive + Heritage Office
Slide2Why the audit?Digital transformation has given way to digital disruption, as social media, cloud and the rapid evolution of emerging technologies change the face of information creation, capture, sharing, and collaboration
.
The consumerisation of IT has transformed the way
our communities expect
to interact with information, and access
government services. Increasing
pressure
is being placed on service delivery, collaboration and communication channels by increasingly technologically sophisticated individuals, and tools.
Exponential growth of information, and
emerging
technologies have made the control and governance of agency information more complex.
Agencies
may be feeling overwhelmed by the size of the perceived task, and under-equipped in terms of
skills and capability to meet modern information challenges.
Whilst
government is busy
trying to
keep up,
the business value of information being stored and shared via these new systems is typically unknown and unmanaged, opportunities are missed, process inefficiencies abound, and
risk is
increasing.
Slide3The information agenda
1
Open Data information portal for government datasets and increased
community collaboration
http://www.egovernment.tas.gov.au/stats_matter/open_data/tasmanian_government_open_data_policy
2
Shared systems for internal business efficiencies, analytics, and information portability, e.g. Empower, EDI
3
Integrated information exchange in response to community expectation, e.g. “Safe Families
Tasmania”
http
://www.dpac.tas.gov.au/safehomessafefamilies
4
Shared systems to support digital service delivery, e.g.
iPlan
http://www.iplan.tas.gov.au/Pages/XC.Home/Home.aspx
5
Tasmanian Cloud initiative (Networking Tasmania
III)
http://www.tmd.tas.gov.au/__data/assets/pdf_file/0004/266584/Tasmanian_Cloud_NT_III_Information_Sheet.pdf
Slide4A need for incremental improvementThe revision of Guideline 1 Records Management Principles, and the introduction of the information maturity assessment is intended to:
Support a strategic approach to records management as agencies transition to digital business
Introduce new key concepts (information governance and information risk)
Promote a culture where agencies value their corporate information as a strategic business asset
Cover records and information outside of ‘traditional’ recordkeeping systems
Align with whole of government policies such as information security
Progress foundational IM practice and governance, in order to support
collaboration and government information initiatives
Ensure agencies commence working towards a defined ‘minimum standard’ for RIM
Slide5The audit – a key piece of the puzzle
Key to understanding the agency information environment and identifying ‘current state’ issues and risk
exposure, includes:
conducting
an information maturity
assessment
building
an inventory of information
assets
assessing
existing organisational resources and
skills
These
are fundamental steps for any business undergoing digital transformation, and developing Information Governance capability.
Agencies may be
under-resourced, or
lacking the in-house capability to undertake environmental assessments unassisted.
The introduction of the audit, together with the
provision of an information maturity assessment and recommendations, is seen as a key support function GISU can provide to government agencies. It also provides an opportunity to derive insight that will allow us to continue to support each agency with targeted advice, specific to individual circumstances.
Slide6The audit process
WhoWhat
GISU
Notify agency of intention
to audit, and commence scheduling
Agency
Collate
and submit evidence requested to GISU
GISU
Review of submitted evidence
GISU
Conduct audit interview and site inspections
GISU
Results reviewed and report compiledGISUAudit report presented to agency identifying key recommendationsAgency
Action plan developed and submitted to GISUGISUSupport and progress monitoring
Slide7The evidence checklistThe evidence checklist is sent to the agency with the initial ‘notification’ email, outlining the audit process.
A nominated officer shoul
d complete the evidence checklist, indicating where the agency has developed tools. Room for comments is provided.
Copies of agency documentation, ‘screen dumps’
etc
, should be submitted back to GISU along with the completed checklist by the due date specified.
Review of these materials helps to inform the subsequent audit interview.
Please note:
there is NO requirement for the agency to retrospectively create tools in order to attempt to ‘fill gaps’ prior to interview
agencies are not expected to have ALL of the examples listed (you may not have any!)
agencies may have other documents (not specifically listed) that serve the same (or similar) purpose. These should be indicated where relevant on the checklist and supplied as evidence.
Slide8The audit interviewA GISU audit officer will attend the agency to interview key personnel. Where possible, this should include the most senior officer with RIM accountability (CIO, GM, Manager – Corporate Services,
etc) as well as specialist RIM staff.
Where agencies operate out of multiple sites, and do not have a centralised RIM function, representatives from each site should be in attendance, either in person, or via video/phone link.
The agency’s current (last 12 months)
Register of Records Destroyed
will be required to be produced for inspection during the interview process.
The GISU audit officer will also need to undertake inspection of physical storage areas managed by the agency (either on site or offsite secondary storage), and complete an inspection checklist.
Note this may require appropriate transport arrangements to be made in advance
.
Slide9The key recommendations
Whilst the audit report will also provide detailed findings, we have deliberately limited the key recommendations
for each agency to three. This is to
ensure adequate time is available between audit cycles to implement each of these improvements effectively.
The key recommendations, once implemented, will support improved service delivery by providing the agency with foundational information management practice.
Implementing robust
building
blocks will further support an information framework that promotes innovation and collaboration, and improves risk identification/management, legislative compliance and business efficiency.
Slide10The action plan
In order to confirm the agency’s commitment to the incremental improvement
of RIM practice, and progress
the key recommendations,
a
template for an Agency Action
plan has been developed for use
The Action plan should specifically address each of the key recommendations in turn, and allocate each action with a timetable and responsible agency officer.
Submission of the agency’s endorsed Action plan to GISU will enable us to provide appropriate guidance and support to the agency personnel working on action items,
and
monitor
agency progress.
Additional resources are available via the GISU website, including templates and guideline/advices, to support agencies actioning key recommendations.
Slide11Summary of audit requirements An evidence checklist will require completion and submission, along with copies of existing records & information management related policy, procedures, plans and other tools, currently in use.
Where an agency has multiple sites that are not managed by a centralised records unit, a representative of each site needs to be in attendance. This may be arranged via video/phone link.
Inspections of storage facilities for physical records maintained by the agency must be undertaken, so transport arrangements may be required (where storage
is located offsite)
.
Results will be presented to senior executive, in addition to the provision of a detailed report.
Three key recommendations will be identified for agency implementation between audit cycles.
An endorsed action plan in response to the audit’s key recommendations should be submitted to GISU post-audit
Slide12Need some advice?Contact details:Allegra Huxtable – Manager GISULevel 4, 91 Murray StreetHobart TAS 7000e:
Allegra.Huxtable@education.tas.gov.aup: 03 6165 5580