Information Governance

Tuesday, July 1, 2008 - 09:54

Good information management is about more than just databases. It can make or break a business. By Ann-Maree Moodie

When the board and management of a food company specialising in products with ingredients such as omega-3 analysed its business, it was apparent that while the company was successful, inherent disorganisation was causing it to miss the profitable opportunities in the market.

The company produced 'functional foods' in the form of products such as bread and yoghurt. It used new combinations of traditional nutrients, such as protein, carbohydrates, vitamins and minerals, to create recipes to client specifications. The scientists were creative and innovative, and the customers were pleased with the results.

The problem was that the information was stored in disparate locations, in the minds, PCs and paper files of individual employees. This situation made it hard for the business to exploit the commercial and operational values of individual recipes.

The answer lay in collecting all the information and then sorting, collating and storing it in a central database of recipes: a library of tools and ideas that had two purposes. From an operational perspective, the database meant the information was able to be accessed and used by other employees. Commercially it gave the company a valuable asset.

While the database may have simply been seen as an act of tidying up, in reality it was much more. It was a cumulative act of risk management, asset protection, customer service and product enhancement. In short, the database was ultimately a prime example of information governance.

Information governance

Defined as how an organisation's information resources are managed optimally to support business performance, information governance is a relatively new and more apt term in the business lexicon, replacing terms from the past like 'information management' and 'records management'.

However, it isn't simply a term dreamed up by consultants to garner new or more clients, but rather a reflection of how managing information is a governance issue. Information governance is as much about compliance with the law as it is about running an efficient, profitable business.

"There are two aspects to information governance," says Dr Kate Andrews, the Principal of Knowable, a Brisbane-based knowledge asset consultancy. "On the one hand information governance is about identifying risk and compliance issues, and on the other it is about maximising the useful information. The power of information governance is that it brings these two together."

The key driver to formulating an information governance policy is the legal obligation to collect, store and use information protected by laws concerning privacy and confidentiality. For example, companies are legally required to treat customer information carefully, and unless this data is properly organised and managed, confidentiality can be breached in many unsuspecting ways.

Linked to these concerns is the potential for valuable information to be divulged to a third party, usually a rival or possible rival, which can use it for a range of potentially damaging activities. Often it's the case that valuable information is given away in complete ignorance of its real worth to the business.

Information is an asset

The decision to redress information governance needs within the company is usually triggered by staff having to spend too much time finding or retrieving information. If corporate information is stored in a variety of places and in different forms - like paper records, email inboxes, technical databases and in personal computer files - it may not be readily accessible. Some employees forget they have the information. Some hoard data as part of a personal agenda not to share information in a bid to build a powerful position in their workplace.

The source of frustration felt by employees can be heightened if the information, once accessed, is out of date, ambiguous and unverifiable. Multiple duplications can also result in wasted time and productivity. How many workplaces have documents that have been edited so often that the latest version is entitled '.final_final_final.doc'?

"Companies that formulate an information governance policy do so because they realise that information is not just a by-product of the business," says Andrews. "Companies realise information is an asset of the business."

At Charles Darwin University in the Northern Territory, information governance is a key part of the university's overall governance framework. "Information governance is defined as the way we manage corporate information; in particular, personal and sensitive information," the university's website states. "It provides a framework to bring together all the requirements, standards and best practices that apply to the handling of our corporate and personal information, thus allowing compliance with the law and year-on-year improvement plans."

"Information governance isn't about managing all information as if it is a priceless resource," says Andrews. "It's about asking three questions: the first question is 'What information is most influential within the framework of our organisational strategy?'. The second question is 'How do I organise this information so that it is readily accessible, updated and verified?'. Thirdly we ask, 'Who is responsible for managing it?'."

The implementation of an information governance policy and framework is driven usually by the chief executive officer, or the chief information officer, who commonly engages an independent consultant. An external adviser is advantageous because internal staff sometimes don't have the time or energy.

Assigning responsibility

According to Brenda McConchie of Canberra-based consultancy Solved at McConchie, it's not uncommon for an information governance policy to state that the board has the overall responsibility for information management through a board subcommittee or a management committee.

"An information governance policy needs to clarify who is accountable for information management, how information will be managed, what legislative obligations must be met, and for what reasons might the policy be changed," says McConchie.

"By comparison, an information governance framework concerns how information sits in the overall business of the organisation, how it relates to business processes, what sort of technology and tools are needed to manage it, and what skill set is necessary for those managing it."

It is a mistake to think that the skill set of an IT expert is sufficient to manage information, as this expertise is different to that of a records manager.

"It's easy to think that if the company has an IT system or a records management system then the information is under control, when in actual fact, it isn't," says McConchie.

"Often the board and senior management believe that if enough money is paid for a new IT system that will be the end of it, when in reality, it's just the beginning. If you don't know what is important, and how it should be stored and retrieved, then there's no point in having an expensive IT system."

New technology

An information governance policy and framework needs to consider methods of releasing information through email, SMS, blogs, wikis or podcasts.

"A key issue in managing information today is the increasing flexibility of technology, which allows disparate work groups to form," says McConchie. "The larger the number of work groups, the more stringent the information policy needs to be."

Just like professional personal organisation consultants make the claim that our home environment is a reflection and outcome of the state of our inner selves (a messy house indicates inner turmoil), so too does sloppy records management in the world of work point to a poorly-led and managed organisation.

Lack of attention on how information gathered is identified, sorted, catalogued, stored and retrieved, leaves the organisation exposed to any number of risks including noncompliance with its legal obligations, loss of a competitive edge, and unlocked value that could boost its balance sheet.

Information governance is at the peak of a professional management hierarchy, which includes information management, knowledge management and records keeping.

The board is accountable through an information governance policy, and management through a direction from an information governance framework.

"Information is a significant asset for every business," says McConchie. "If it isn't governed properly, with the right people managing it, then the company board is abrogating its responsibility."