Recognizing the Value of Controlled and Flexible Governance
Organizations are overwhelmed by the wealth of their own data. It is an embarrassment of riches. Most of them realize that information management is a double-edged sword. Too much information, held beyond its legal retention requirements, can cause problems in the guise of an e-discovery request. Too little information can cause issues when audited by regulators. There are hundreds of examples where too much or too little information resulted in negative outcomes. If information is the lifeblood of the organization, successful organizations are the ones that are best able to manage their information. Information is an asset.
But simply collecting the information isn’t the endgame; the real payoff is to use it to improve the organization. This is where the conversation always turns to information governance. The simplest definition of information governance is the management of information assets within an organization with the end result being compliance and information value creation. The challenge is to implement the controls of compliance while allowing the flexibility to create value from information.
Getting Back to Basics
One question posed to technologists and records managers is, “What is the difference between data and information?” The overwhelming response is, “Information is data with context.” One of the most elementary principles of records management is records should be available, consistent, and reliable. When data is available, consistent, and reliable – and provided within context – it is transformed into information. In other words, when data is useful, it becomes information. As simple and humble as it sounds, usefulness has become the gold standard for systems, applications, and data. Information allows organizations to make better decisions, respond to client requests, and ensure transparency. In a harsh business climate, information allows organizations to survive – and even thrive.
Considering the Framework
Information can be both an asset and a liability and can be astonishingly dynamic. Information can drive a process, be required to complete a step in a process, or be generated as a result of a process. Generated at an alarming rate, as regulatory and compliance mandates raise pressures on organizations, the need to control diverse forms of content has increased tenfold.
Controls are wonderful things. Technology departments will say that security is a primary part of their job. Today, organizations are subject to many regulations governing data retention, confidential information, financial accountability, and business continuity. However, too much control, especially in the manner of information lockdown, can stymie business units.
How does an organization align control measures with business agility? How does an organization allow its business units the agility they need to be successful? The answer is for organizations to establish a governance framework that allows policies to be created, conflicts to be resolved, and the flexibility to foster the provision of services to business units. Simply put, information frameworks allow organizations to put structure around how they align control and agility.
The information governance framework has four parts: people, policies, technology, and risk management. People and policies are the organizational enablers, supported by the discipline of risk management, which is shored up by technology as a foundational component. This allows resources and risk to be managed, while fostering the creation of information value. Much like blood pumping through the body, this information gives the business units power and agility. Ultimately, the goal of the governance framework is two-fold: compliance and value creation. A controlled, yet flexible, governance framework fosters agility in business processes and service delivery.
Exploring the Four Parts
The four parts of a governance framework are important enough to discuss in more detail. Organizing the framework in the following manner is integral to the success of your information management endeavor and will allow your organization to be proactive rather than reactive. In this economy, information governance is power.
It’s so important to start with the human element. The success of any organizational endeavor is directly linked to the engagement of the organization’s members. Information management is truly a collaborative process, so in addition to getting executive sponsorship, you must engage the management and staff in the strategy. If their needs aren’t considered, you might as well shut off the lights and go home. The most successful strategic implementations begin with forming a stakeholder committee that includes department heads, users, and legal, technology, and records managers.
A good governance structure provides useful systems and manageable controls that give staff the needed access to information assets, allowing them to work in the most efficient and effective way possible. If implementations of information management controls are cumbersome or systems aren’t useful, staff will work around them and they will fail. The reason most information governance efforts falter is that they didn’t take the business units’ work methods in mind.
There’s no one-size-fits-all suggestion that can be made in terms of governance policies, but a few suggestions follow. Instead of focusing on the limits, focus on outcomes. When policy-making is approached in this manner, business units are much more likely to cooperate because they will see value. For example, rather than have staff members wait in line at a records counter for information, consider implementing a controlled system that allows instant, individualized information access. This way, it’s less about lock-down and more about empowerment.
Technology is a foundational component of the information governance framework. When planning an enterprise, be agile in the systems approach. Consider implementing an enterprise content management (ECM) application. Implementing this type of technology will allow automation to the organization’s information management, which ensures consistency. Here are three common avenues taken in ECM implementations:
Use ECM as the universal repository for the organization’s information assets and as the single point of control for complete information lifecycle management. Adopting an ECM, which can interpret information context and apply rules for classifying and managing information without user intervention, is a good way to automate records retention and disposition policies. To be even more effective, it is important to ensure the information being captured in the content repository is worthy of being retained. As a wise person once said, “Garbage in, garbage out.”
Have the ECM function as middleware, which connects other software applications or components. This information architecture is friendlier from the user perspective and provides an opportunity to be agile in your technology implementation. Known as “dynamic personalization,” this method allows users to access information in the manner and environment in which they are most comfortable. They can access the ECM application directly or through any other application through which they work. In this case, ECM is functioning as a sort of integrative middleware. Middleware, by design, makes sharing information resources transparent to users and provides consistency, automation, and security.
Implement ECM as a shared-service platform. This approach is taken most often by governance-mature organizations. Enterprise information management is literally that: information shared across business units or functions. This is particularly attractive to technology departments as it allows them to develop business processes that can be repeated across the enterprise allowing optimal resource efficiency, cost, and service performance.
4. Risk Management
From an information management perspective, risk management means identifying the magnitude and impact of non compliance, most often as it relates to recordkeeping. As regulators and agencies have increased their scrutiny on organizations, it is more crucial than ever to ensure that information is consistent, reliable, and available. Therefore, a well-vetted records management policy will be essential to minimizing compliance risks.
Remember that records management needs to be deployed from an enterprise perspective across the entire portfolio of information assets. Technology – as in an ECM system – is especially effective here, as it ensures consistency. Ideally, the records management structure can be implemented transparently, which allow business units to work in the most efficient way possible while maintaining the organization’s recordkeeping integrity. Technology also allows the establishment of monitoring and auditing processes to ensure proof of compliance and transparency.
One of the most intrusive risk management situations is the e-discovery process. At its most elementary, e-discovery is enterprise search, production, and auditing of information. This is an arduous process that can be somewhat alleviated by an established information governance framework and stringent records management policies. Technology is again helpful, as it allows an organization to cast a wide net for information and narrow down as needed. The framework that is proactively built on the frontend will make this process less painful.
Bringing About Business Agility
If successful organizations are defined as those best able to thrive in their current environment, and information is considered the lifeblood of organizations, then an information governance strategy is crucial for all organizations to implement. Organizations that have established an information governance strategy have mitigated risk, established standards, and, most importantly, leveraged their information as an asset for making quality decisions. They have moved beyond the strict inflexible information environments to create information autonomy.
Kimberly Samuelson can be contacted at firstname.lastname@example.org.