Too many organizations equate "information governance" with "information lock-down." This is a mistake.
Risk mitigation shouldn’t be the only factor driving your information governance strategy.
According to Gartner, information governance “includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.” While mitigating risk is certainly a worthy goal, it’s unlikely that it’s the reason your organization is in business. (Unless you work for a law firm, in which case, mea culpa.)
But far too many information governance programs are reactionary. They’re built because an organization gets an unexpected audit or e-discovery request and everyone panics. Resources are pulled willy-nilly from wherever they’re needed, disrupting business and causing angst across the board. Afterward, the organization decides that this kind of fire-drill response can never happen again, and it decides to build an information governance program.
This type of effort often starts at the department level -- the department that is most affected by the request. Of course, the department most affected is typically Records Management or Legal, both of which are more apt to be concerned with offsetting risk than driving value.
In contrast, a successful information governance strategy accelerates decision-making, increases transparency and eliminates unnecessary compliance risks. Its real purpose is to boost business value -- not simply to avoid data breaches, compliance infractions, sanctions and fines.
Applying Lean principles to your information governance strategy can help your organization build a program that both mitigates risk and wrings every last ounce of value from its information.
A Closer Look at Lean
Lean is a management strategy that focuses on driving value and eliminating waste. Pioneered by Toyota in the 1950s and 1960s, it has been widely adopted by process-based manufacturers and continues to gain traction in a variety of other industries.
There are five core principles of Lean, and a brief summary of how they apply to information governance:
1. Specify the value desired by the customer
When it comes to information governance, it’s important to think about the value desired by internal customers. What are the key interests and concerns of the various business stakeholders within the organization? What information matters most to them and to their end users? What business processes are supported?
2. Map the value stream
Outline your current process for managing information and identify all the waste. For example, a lack of integration between your customer relationship management (CRM) and enterprise content management (ECM) system creates waste, because information in one system must be re-entered into the other. Relying on paper documents leads to wasted time when staff members can’t find the information they need quickly.
According to Lean, there are eight types of waste. Here is a list that includes examples that apply to information management:
- Transportation: If an organization is using ECM as the universal point of control over its information assets, is the path those assets take to arrive in the ECM system circuitous? For example, are you capturing information at the point of creation, or does it float around your organization before it ends up in the ECM? What effect does web capture and multiple device capture have on your information? Is your organization using e-forms and if so, are they integrated with your ECM?
- Inventory: Does your organization have clear policies for records retention and destruction? Is the process automated so that no records are retained past their cutoff? Do you have policies in place for version control of documents that are not classified as records? If not, the organization may be setting itself up for large e-discovery fees.
- Motion: Does information move through unnecessary steps in business processes?
- Waiting: Recent estimates show that the average office worker spends 12 minutes processing a hardcopy document -- nine of which are spent finding, filing and refiling it. Finding digitized and electronic documents can be difficult, too, if the organization doesn’t have a properly designed content repository, consistent filing conventions and a good search engine. How much time do employees spend waiting for the right information? How does this impact customer service?
- Overprocessing: Are you collecting the same information from customers on a variety of forms and repeatedly entering the same information into different systems?
- Overproduction: Is the organization producing more information than employees need? Is it producing and retaining records that are not required (or are no longer required) to meet external mandates or internal compliance initiatives? The retention of excess information leads to wasted time for business unit employees, records managers and lawyers who must sift through the clutter. Plus, from a risk management perspective, there are records that organizations should dispose of at the earliest opportunity.
- Defects: What is your organization’s quality assurance (QA) process for information capture? How close to the point of capture is QA performed? The further out it is, the more defective information enters your line-of-business applications. In addition, if your organization asks business users and the legal department to determine which pieces of content should be retained as records, do you have a formal QA process for declaration in place?
- Skills: Are employees who could be producing value for the organization spending time looking for documents or rekeying data into a variety of systems?
3. Reengineer your process to eliminate waste
Just as organizations can reengineer business processes like contract management and HR onboarding by eliminating unnecessary steps and automating the ones that remain, so too can organizations refine their approach to information management. Many organizations find the following activities useful:
- Implementing an ECM system to reduce employees’ reliance on paper and decrease the number of paper-based business processes in effect.
- Integrating ECM with other software applications, allowing users to access information in the manner and environment in which they are most comfortable. For example, when ECM is integrated with the organization’s accounting application, invoice approvers can access all the content they need to approve payment through their core application, without being forced to toggle between screens. Integration makes sharing information resources transparent to users and provides consistency, automation and security.
- Automating records management with a system that can interpret information context and apply rules for classifying and managing information without user intervention.
4. Introduce “pull”
In the manufacturing world, this means that your organization only makes what customers are asking for. In the context of information governance, it means supplying the right information to the right people -- or the right agencies, when compliance with outside mandates is required -- at the time they need it. (Assuming, of course, that they are permitted to have it.)
To do this, it’s important that you've scored, or specified, the value of your information and its value as a record correctly so that the organization can direct it -- via thoughtful standardization, centralization and automation -- toward the people, processes and business outcomes (including compliance) that are most important to the organization.
This is the step where many organizations remind themselves not to lock down all their information. Users should not have to struggle to obtain the information they need. And they certainly shouldn't have to sift through unnecessary information. It’s a delicate balancing act, but the right policies, paired with the right technology, will enable success.
5. Strive for continuous improvement
This concept, of course, has become something of a cliché in the business world, but it’s important nonetheless. To successfully evolve its information governance program, your organization must have a governance committee that meets regularly to review progress. The three departments that have the biggest influence on governance are IT, Legal and Records Management because they manage the records and have horizontal influence. But don’t let your business units fall by the wayside! They’re the ones who are actually using the information to produce business value, so they must be represented if the organization truly wants to ensure that the program is about driving value -- not just mitigating risk.
Continuous Improvement and Transparent Records Management
Interestingly, it’s at the “continuous improvement” stage that many organizations adopt the practice of transparent records management. These organizations have already embedded ECM as a central part of document control in the governance effort and have started seeing the benefit of integrating ECM with line-of-business applications.
When business unit needs are appropriately represented on the governance committee responsible for reviewing the organization’s information governance strategy, it often becomes apparent that managing a compliant records management program while also meeting the information needs of individual departments can be difficult. Records managers structure documents within complicated record series that mitigate risk, while general users desire easy access to content types that vary between departments. Without a flexible solution that satisfies the distinct needs of every business unit, maintaining an effective and compliant records environment creates more work for everyone.
Transparent records management is “transparent” because it enables general users to see through the cumbersome records management layout of the repository to the layout of their choice. Multiple views of the repository can be configured to allow records managers to monitor and act on records through one folder structure, while other users access a folder structure organized more logically for their needs.
One of the greatest strengths of transparent records management functionality lies in the way it enables records managers to create a file plan and manage retention schedules without interfering with any department’s line of business.
Organizations that implement transparent records management as a component of their information governance strategy know that simply collecting and controlling the information isn’t the endgame; the real payoff is to use it to improve the organization.
Lean Governance, Useful Information
Control and security are always going to be important components of information governance. The challenge is to implement the controls of compliance while allowing the flexibility to create value from information. After all, it’s one thing to collect information and quite another to make it useful.
Applying the five Lean principles described above can help your organization move from a reactionary approach to information governance in which mitigating risk is the highest priority to a holistic approach that emphasizes value creation just as much as controlling risk.
Title image by jokerpro (Shutterstock)
Editor's Note: If you'd like to read another take on information governance strategies, see How to Get from 1998 Style Records Management to Information Governance for 2018