That apporach does not protect against competant fraudsters nor against the risks we now face as companies cut costs to survive and files are copied by those made redundant or given away or sold, knowingly or not, by administrators after the business goes bust.
The banking crisis has also drawn attention to the relevance, accuracy and timeliness of the information used to make policy decisons. Those at the top were clearly unaware of the risks being run within complex computer-based operations. The regulatory and compliance regimes relied to much on tick box methodologies which also failed to reveal those risks.
Meanwhile the Audit Commission (not to be confused with the National Audit Office, the NAO) has reported on the breathtaking inaccuracy of some of the public sector records and reporting systems they audit: including in health and law enforcement. Performance related pay leads to systematic distortion, not just random error. We have forgotten the reasoning behind the Northcote Trevelyan report which led to a public service ethos that was once the envy of the world.
Tony Collins' recent article on Labour's Unlucky 13 IT projects quotes an NAO report that the main "lesson" from one was "don't build IT to support existing ways of working but re-work and simplify processes first". I remember my father telling me that, shortly after I got my first job in 1969. It was the core message at a workshop he had attended at the Civil Service College at Sunningdale. Recently I wrote an article for one of Sunningdale's current publications, Transformation, on "Why do we never learn". That article was itself an update of a presentation I had done five years earlier for Kable, making points that friends in the NAO had long wanted said by some-one else on a public platform.
The "rules" for good information management and governance are not in the least new but seem to need re-learning by every generation .The good news is that the audience appears receptive. The Directors Round Table on Information Governance being organised by EURIM on 24th November is already fully booked, save a few plaes in reserve for those who submit advance papers to aid the discussion. This will be less on what needs to happen than on how to ensure that it does happen (e-g. don't just buy ever more expensive e-nappies to combat fear of e-diarrhoea but stop trying to combat data obesity with e-laxatives)
The aim is to re-set the political and regulatory agenda and the conclusions will then form the basis of the "business plan" for the EURIM Information Governance Group in 2009 - 10