Blind Spot Document Governance and Maintenance

Avoid risks, reduce costs and generate significant added value

A set of rules that defines responsibility for documents in the material sense as well as their content and enables comprehensive controlling and reporting – this is generally understood as document governance. Document maintenance, on the other hand, covers all the processes involved in keeping prefabricated, reusable document content up to date.

Publisher and author principle

Material responsibility is primarily concerned with the filing, retrieval and deletion of material documents. Content responsibility, on the other hand, is about who is responsible for the correctness of a document in the sense of being error-free, correct, true or valid.

In principle, of course, the publisher and author principle applies. Whoever creates a document or has it created is responsible for the content. As simple as this sounds, it is difficult to apply and implement in a company or even an international group. Anyone who has ever had to prove who is responsible for which document and the associated presentation of a factual situation or declaration of intent in the context of a litigation knows about the costs and difficulties involved.

In business life, documents are the time-related representation of facts, the explanation of data in their concrete context of meaning, with probative value. Documents establish and describe the legal relationships that a company enters into or has entered into consciously or unconsciously.

Historically, the written document stands for integrity (immutability), the signature for authenticity (authorship) and the sealing of scrolls and envelopes for confidentiality (information security). Historically, documents were naturally addressed to humans, and in this sense were human-readable. Today, documents should be human and machine readable and ideally also “executable”. As interesting as the topic of smart documents and contracts is, especially with regard to governance, it is left out of the scope of this article.

Dichotomy of data and documents

The use of software systems, especially databases, has fundamentally changed the possibilities and habits of documenting economic processes. In many places, an artificial dichotomy of data and documents can be observed, although they are inseparably linked. This separation results in unnecessary costs, additional risks and, above all, unused value creation potential.

Additional costs arise from the duplicate capture and processing of data in systems and documents, as well as from the redundant management of the same facts in systems and documents. In this context, document management continues to pose major challenges for many companies and is often associated with high inefficiencies because documents are mistakenly viewed as unstructured content. As a result, document management is often placed in enterprise content management rather than in process and data management, where it actually belongs.

Risks arise because data and content recorded in documents differ significantly from the data in the back-end systems. In this case, the documents establish the legal relationships and not the data in the systems. One reason for the deviation is often unintentional errors due to the high manual creation effort. The automation rate for document creation and integration in core systems is shockingly low on average.

Equally significant in this context are the lack of risk awareness and the inadequate technical system support for comprehensive document governance and maintenance. Authorization concepts today generally refer to systems and, if to documents at all, then at most to the reading, modification and release of an entire document, but not to the individual clause or module. This view is far too crude to address the challenges and complexities involved in creating and handling documents.

Regulations for creation – who provides which data, texts and text variants, who is allowed to change these building blocks and what happens when a change is made – are usually completely missing. Systematic maintenance and updating of document content and modules is also non-existent in most companies.

Risks due to inadequate document governance

The causes for this deviation of the data situation in systems and documents are manifold and range from a lack of awareness of the problem to underestimating the complexity in documents, insufficient methods and, above all, a lack of technical system support. Here, many companies fail to meet the compliance requirements as described in DIN/ISO standard 19600 and as demanded by the Institute of German Auditors.

The risk of data in systems and documents falling apart will become increasingly important in the future, as it becomes easier and easier to have documents read “by machine”. Even though we are far from true artificial intelligence, the power of machine-based document analysis is growing exponentially. In the future, auditors will increasingly refer to a company’s document inventory if they are to testify to its economic situation. Those who only refer to the data situation in the systems accept unnecessary risks with regard to the presentation of the economic situation. The subsequent correction of balance sheets or, more generally, reporting requirements can result in considerable costs and litigation.

An important aspect is the data and information security of documents in connection with the General Data Protection Regulation (DSGVO) and the requirements of ISO 27001. Very few companies have a consistent and effective access and authorization concept for documents and the data and described facts contained therein, let alone deletion concepts for the targeted removal of data and information. This means that there are considerable risks due to inadequate technical and organizational measures. Non-compliance with the GDPR is known to result in severe penalties. But even individual contracts that provide for the deletion of data and documents, as provided for in the Non-Disclosure Agreement, can result in severe penalties.

Document governance as a value driver

Risk management that also extends to documents is missing in almost all companies. But even the optimization of data- and document-intensive processes is still an unaddressed area in most companies. This blind spot is all the more surprising because immense costs are associated with the creation and handling of documents. According to a study conducted by IDC in 2003 and 2012, the creation and management of documents generates direct costs averaging around 15% of a company’s revenue. According to experts, savings of 50% and more can be realized. These savings potentials must be leveraged, but above all the lost value creation potentials must be tapped.

Value creation is lost where real economic processes are slowed down or even prevented by the documents. Time-to-market is the relevant keyword here. Even today, documents are still one of the most important contact points of all; here, too, there is great potential for optimization in terms of customer experience.

However, the greatest potential for value creation lies in the systematic evaluation of documents and the associated creation processes. On the one hand, it is important to create transparency as to which data and facts are hidden in which documents – it is not for nothing that people talk about dark data here. Secondly, the creation processes and document content must be improved on the basis of the dark data. Why does it take so long to create an offer? Which paragraphs are negotiated over and over again? Where are we in the standard and when is the standard being abandoned? Based on this data, a continuous improvement process can be set up and significant value creation potential can be unlocked.

Document governance the responsibility of management
Document governance and maintenance means establishing a company-wide set of rules for the creation and handling of documents and their contents down to the clause level and anchoring them by means of technical organizational measures.

The aim of document governance is to ensure compliance and, above all, to significantly reduce legal and operational risks. A suitable approach can generate significant cost savings and create considerable added value through better access to previously unavailable data.

The topic lies dormant in many companies because it has not yet been assigned to any area of responsibility. The responsibility for documents and the associated creation processes undeniably lies with the management. Their strategic task is to design and anchor a suitable governance model for dealing with documents. The legal department could be the advisor. Ideally, responsibility is delegated to the unit where the documents are created, while the content of the documents and guidelines for handling documents are the central responsibility.

The operational implementation of the strategic guidelines should be supported by a suitable IT system. Document creation and handling must be seen as an inseparable part of the company’s core processes. Anyone who is concerned with the lifecycle of documents and contracts cannot avoid the question of integration with the company’s core systems.

The use of data in documents and the use of data from documents should proceed smoothly without media discontinuity. Authorization concepts and release workflows must be extended to the level of document modules. In this way, the collection and evaluation of dark (document and process) data becomes possible and must be a matter of course for all departments involved, from procurement and production to marketing, sales and human resources. Operational management includes requesting reports on this data and the continuous improvement process.

Data and documents as an inseparable unit belong at the center of every modern and sustainable compliance model. This requires close cooperation between Finance and Controlling (CFO), Legal (General Counsel / Chief Legal Officer), and IT and Compliance (Chief Compliance Officer). The best solution is probably to set up a separate department and establish a chief officer who is responsible for document governance and maintenance on a permanent basis.