Why invest in information governance? 

May is Information Awareness Month, with the aim to increase awareness of the importance of information and how managing information assets across an entire organisation can better support your business outcomes.

This year’s theme: Investing in Information Governance.

Which leads us to the question: why should we invest in information governance?

And even more basic: what is information governance?

You can easily find arguments about the importance of information governance and the impacts organisations face without an effective information governance framework. But these articles all too often focus on elements like compliance, retention, accountability or data.

While these are all parts of information governance, there doesn’t appear to be a universally accepted definition of information governance, and particularly nothing that explains “why?”, “what does it involve?” and “what’s in it for me?”.

So I’ve developed my own version of what I believe information governance should be defined as:

Information Governance aims to maximise the value of an organisation’s information while minimising associated risks and costs through a program that establishes and manages the processes, roles, standards and metrics to ensure the effective and efficient use of information.

Essentially, information governance is a program that ensures you:

  1. Get the most value out of your information to better achieve your organisation’s goals, while at the same time,
  2. reducing risks (such as compliance, loss or breaches), and
  3. reducing costs (storage, duplication of information).

Many organisations don’t think of information in the same way as other assets, simply because information is often intangible.

But everyone would agree that buildings, employees and vehicles are assets – and we all agree they require proper controls to ensure they are managed, maintained and optimised for the organisation to achieve its goals.

So let’s think of it like this: turning information into cars.

You are responsible for managing a fleet of vehicles for your organisation. These vehicles are critical for employees to perform their job. The condition and performance not only affects the operation of these vehicles, but if they’re not performing to an expected level then employees will be restricted from performing their job.

If two or more of these vehicles are out of operation for whatever vehicle-related reason the organisation is not fully operating at its peak and therefore, not realising the full value that could be achieved through using these vehicles. The organisation is also now at an ever-increasing risk of losing revenue, damaging reputation and even losing customers.

On top of this, what is stopping employees from misusing the vehicles for personal use? How do you prevent damage or theft? Who makes the decision to buy or sell vehicles? Which type of vehicles do we need? What about the legislative and regulatory requirements of owning a vehicle? Do you always know who is driving or accessing each vehicle?

This all requires a level of control and governance to minimise these risks – to manage a fleet of vehicles you’ll need things like:

  • Audit logs that provides a history of the vehicle’s drivers and maintenance services
  • Reporting of the fleet’s performance, status or incidents to inform accountable decision-makers
  • Roles and responsibilities as someone (or people) must be accountable for the fleet’s performance

So what does this have to do with investing in information governance?

The same principles apply with treating information as a business asset. Without a level of control and governance around your information assets you risk:

  • No clear direction around the management and use of the organisation’s information
  • Non-conformance with legislative and regulatory information holds
  • Little to no accountability for failure
  • Lack of trust and integrity in the information used to make decisions
  • Restrictive and/or unnecessary access to information
  • Information ‘silos’ through the lack of interoperability
  • Duplication and data quality issues
  • Disconnect between retention schedules and how the business operates
  • Large costly paper mountains

Through an information governance program, organisations create the required policies, processes and standards to govern information, devise an accountability framework that determines the roles and responsibilities for each information asset, align the use of information to meet the business needs and measure performance and targets.

Overall, an investment in information governance will ensure the effective and efficient use of information across the organisation.

Mark Salmon

Senior Consultant