Document governance is a set of rules that defines responsibility for documents in the material sense as well as their content and enables comprehensive controlling and reporting. Document maintenance, on the other hand, covers all processes involved in keeping prefabricated, reusable document content up to date.
Material responsibility is primarily concerned with the filing, retrieval and deletion of physical documents. Responsibility for content, on the other hand, is about who is responsible for the correctness of a document in the sense of it being error-free, correct, true or valid.
In general, the publisher and author principle applies. The person who creates a document or has it created is responsible for the content. As simple as this sounds, it is difficult to apply and implement in a company or even an international group. Anyone who has ever had to prove who is responsible for which document and the associated representation of a factual situation or declaration of intent in the context of a litigation knows about the costs and difficulties involved.
In business life, documents are the time-related representation of facts, the explanation of data in their concrete context of meaning, with probative value. Documents establish and describe the legal relationships that a company enters into or has entered into consciously or unconsciously.
Dichotomy of data and documents
The use of software systems, especially databases, has fundamentally changed the possibilities and habits of documenting economic processes. In many places, an artificial dichotomy of data and documents can be observed, although they are inseparably linked. This separation results in unnecessary costs, additional risks and, above all, unused value creation potential.
Additional costs arise from the duplicate capture and processing of data in systems and documents, as well as the redundant management of the same facts in systems and documents. Risks arise because data and content recorded in documents differ significantly from the data in the back-end systems. Yet, the documents establish the legal relationships, not the data in the systems.
One reason for the deviation is often unintentional errors due to the high manual creation effort. The automation rate for document creation and integration in core systems is, on average, shockingly low. Equally significant in this context are the lack of risk awareness and the inadequate technical system support for comprehensive document governance and maintenance.
Authorization concepts today generally refer to systems and, if to documents at all, then at most to the reading, modification and release of an entire document, but not to the individual clause or module. This view is far too rough to do justice to the challenges and complexity involved in creating and handling documents.
Regulations for the creation are usually completely missing. Systematic maintenance and updating of document content and modules is also lacking in most companies.
Risks due to inadequate document governance
The reasons for this discrepancy between the data in the systems and the documents are manifold and range from a lack of problem awareness to underestimating the complexity in documents, inadequate methods and, above all, a lack of technical system support. In this regard, many companies do not meet the compliance requirements.
The risk of data in systems and documents falling apart will become more important in the future, as the power of machine-based document analysis is growing exponentially. In the future, auditors will increasingly refer to a company’s document inventory if they are to certify its economic situation.
Those who only refer to the data in the systems accept unnecessary risks with regard to the presentation of the economic situation. The subsequent correction of balance sheets or reporting requirements in general can cause considerable costs and entail litigation.
An important aspect is the data and information security of documents in connection with the General Data Protection Regulation (GDPR) and the requirements of ISO 27001. Very few companies have a consistent and effective access and authorization concept for documents and the data and described facts contained therein, let alone deletion concepts for the targeted removal of data and information. This means that there are considerable risks due to inadequate technical/organizational measures.
Document governance as a value driver
Risk management that also extends to documents is missing in almost all companies. Even the optimization of data- and document-intensive processes is still an unaddressed area.
This blind spot is all the more surprising because immense costs are associated with the creation and handling of documents. Value is lost where real economic processes are slowed down or even prevented by the documents. Time to market is the relevant keyword. Even today, documents are one of the most important contact points of all, and there is great potential for optimization in terms of the customer experience.
However, the greatest potential for value creation lies in the systematic evaluation of documents and the associated creation processes. On the one hand, it is important to create transparency as to which data and facts are hidden in which documents; called dark data. Secondly, the creation processes and document contents must be improved on the basis of the dark data. Based on this data, a continuous improvement process can be set up and significant value creation potential can be unlocked.
Management in charge of document governance
Document governance and maintenance means establishing a company-wide set of rules for the creation and handling of documents and their contents down to the clause level and anchoring them by means of technical organizational measures.
The goal of document governance is to ensure compliance and, above all, to significantly reduce legal and operational risks. A suitable approach can generate significant cost savings and create considerable added value through better access to previously unavailable data.
In many companies, this topic has not been assigned to any area of responsibility. The responsibility for documents and the associated creation processes undeniably lies with the management. Their strategic task is to design and anchor a suitable governance model for dealing with documents. The legal department could be the advisor. Ideally, responsibility is delegated to the unit where the documents are created, while the content of the documents as well as specifications for handling documents are the responsibility of the central unit.
The operational implementation of the strategic requirements should be supported by a suitable IT system. Document creation and handling must be seen as an inseparable part of the company’s core processes. Anyone concerned with the lifecycle of documents and contracts cannot avoid the question of integration with core systems of the company.
The use of data in and from documents should proceed smoothly without media discontinuity. Authorization concepts and release workflows must be extended to the level of document modules, which enables the collection and evaluation of dark data. Operational management includes requesting reports on this data and the continuous improvement process.
Data and documents as an inseparable unit belong at the center of every modern and sustainable compliance model. This requires close cooperation between Finance and Controlling (CFO), Legal (General Counsel/Chief Legal Officer) and IT and Compliance (Chief Compliance Officer). The best solution is probably to set up a separate department and establish a chief officer who is responsible for document governance and maintenance on a permanent basis.