Is Your Organization At Risk?
Why Legal, IT and Business Need to See Eye-to-Eye

Senior executives take note: If legal, IT and business do not come to terms with regards to why corporate information is to be managed, the manner in which content is to be managed, when and how it is to be stored and archived, and who can access this corporate information (e.g., emails, Word documents, financial records, audit reports, quarterly statements, SEC filings, etc.), you and your organization will be at risk and potentially adversely affect corporate earnings. Just as important as having a clear game plan is the execution of that game plan to meet these legal, IT and business needs. Today, no single group has all of the answers-and that's why managing your organization's content according to corporate policies and regulations can be difficult. The purpose of this article is to discuss why legal, IT and business need to collaborate with one another to manage, store and archive content, to define a successful approach to managing content today and for the future, and to determine how to reduce corporate risk, increase corporate profits and improve business efficiencies.

A wise man once told me: "It's easier, cheaper and much more powerful to integrate content at the content level than at the application level." He was amazed that more organizations had not come to this realization, while they continued to spend millions of dollars in integrating applications, adding and splitting off legal entities (mergers and divestitures)—all while trying to stay profitable. When you consider these business activities in tandem with efforts to manage an organization's content and comply with a plethora of operational, legal, regulatory or self-imposed quality assurance (QA) requirements, you quickly reach an untenable situation. At present, compliance initiatives have become the de facto standard for certain industries if you truly want to be competitive-it's the equivalent of "anteing up" at a poker game.

Having experienced multiple acquisitions, mergers, divestitures, ERP implementations, TQM and ISO certification programs, data warehouse projects, e-commerce projects, etc., I knew firsthand that what this wise man was saying was absolutely true.

The Wrong Road to Travel

For example, I was the customer service/order management team leader for an enterprisewide ERP implementation. The project, which was ultimately rolled out in four phases globally, consolidated 127 separate systems into one ERP system (SAP) and consolidated 16 legal entities into four strategic business units. After the first three phases—three years in total—we had spent $125 million dollars ($20 million on software and $105 million on services) and decided to stop; our APAC operations had to wait. Six months after the implementation, things had settled down a bit and folks were becoming accustomed to the new order. Only then did IT announce that it was time to start shutting down the legacy applications. "WHOA!" I and a host of other managers cried. "We still depend on information in the legacy applications... you know, for all of those operational, legal, regulatory or quality assurance requirements and audits. You can't shut them down." For the most part, IT was forced to keep them running for far longer than anyone had planned. As a result, this organization was unable to fully realize one of the primary benefits/justifications for the ERP implementation. In another six months, when we sold off one of the original 16 business units, we went through an exceedingly tough time trying to split it out from one of the newly formed, aggregated strategic business units. Six months after that, our company merged with another organization which, of course, had its own ERP implementation underway. Soon after the other organization completed its implementation, we embarked on the merge project, which involved moving from two highly customized versions of SAP to one "vanilla" instance. Two years and another $75 million dollars later, we were finally all on the same system.

Throughout all of these arduous, very expensive application consolidation projects, several things became self evident: We painstakingly designed most of our own reports, including operational, departmental, corporate, management, etc., and output (e.g., purchase orders, billing invoices, dunning notices, etc.) and found the challenge with a real-time system was that everyone generated output and reports every day. This tended to tax system resources and slow down production. Then, we would all be evaluating the "same" reports/output—which really weren't the same. They contained different content and data because we had run the reports/output at different times.

Ultimately, we opted for a data warehouse as our information center, as this produced far less strain on the production environment and provided more versatile reporting capabilities. By this point, I was a global supply chain director. My manager—in charge of one of the strategic business units—didn't trust information coming from the data warehouse; instead, he asked me to run reports from SAP and compare them to what was coming from our data warehouse; this became a weekly chore. Was this overkill? In some cases, he was right to be skeptical—data mapping from systems like SAP can be very tricky, and the data warehouse could not be relied upon in all cases. Although the data warehouse provided benefits, in the end it was another growing database that needed to be managed, with its own high volumes of reports. Further, the manual comparison of SAP- and data warehouse-generated information introduced yet further risk into the equation.

What we really needed was to generate the output once from SAP (or any other application, including the data warehouse)—and then index, archive and automatically distribute the appropriate sections to those who needed them. Not only that, but if the data coming from various applications had the same index value, it would have been ideal to create a new report from the archive that summarized the data across applications. Further, it would have been wonderful to audit the archived content to ensure correctness across the enterprise and alert us for items that were potential problems. We needed this type of solution, but weren't certain such an animal existed...

We weren't the only organization experiencing an explosive growth of enterprise content; this was and is a major challenge for most firms and this scenario has only grown more intense. How can information (content and data) be managed comprehensively and consistently across all departments? We, along with hosts of other organizations, were hard-pressed to produce relevant documents in compliance investigations and e-discovery cases. And, there were many of them; we averaged between 35-50 audit/e-discovery cases per year, and failure to produce accurate and complete records was leading us down a path to huge fines. Compliance investigations and e-discovery cases continue to grow in number and intensity. In a recent survey conducted by UBM TechWeb entitled The State of Content Management in Financial Institutions, 62% of survey respondents indicated that their organizations handled more than 50 e-discovery events a year, with approximately half of those identifying more than 150 cases annually.