If you've been at an organization where compliance, IT and the business seem to speak different languages when they talk about information management, you know how difficult it is to get them all on the same page. The task is so difficult at most organizations that each typically does their own work -- blinders on -- in isolation from one or both of the other two in an effort to simply get something done. The results for the organization range from less than optimal (wasted time and money) to disastrous (smoking crater fines/penalties and massive operational disruptions).
When working with clients, I liken this state of affairs to whatever the political debate du jour is on the news -- where both sides are seemingly speaking different languages and there’s no agreement on the common ground.
For me, the most productive way forward in these situations is not so different from the solution in the political arena: reaching across the aisle to find a common ground that all sides can agree on.
With this in mind, let’s walk through how each of the key stakeholders view information governance (IG) and then discuss some ways to find common ground and make progress.
A Slap on the Wrist
The compliance functions at most organizations typically approach their job as if they were police officers, gatekeepers, babysitters, etc. They make the rules that the organization has to play by and they are responsible for punishing non-compliance. They typically don’t view their work as strategic or value add and are unused to articulating the reason why folks should comply other than “thou shalt.” And they are often out of touch with how the business actually works and what needs to happen to keep the lights on.
In terms of managing information, therefore, compliance usually means some or all of the following:
- Defining policies based on best practices rather than what the organization can actually comply with
- Planning and executing work with a cost center mindset rather than a P&L mindset, e.g., no business case for compliance, poor modeling, visibility and tracking of costs and benefits, little to no sense of “competing” for organizational dollars against business initiatives
- De-coupled (or only loosely coupled) to operational strategy and direction
- Shallow understanding of the organization’s value chain, i.e., how we make money
Tell Me What You Want and I’ll Build It
IT folks are also typically isolated from what’s happening in the business. They tend to focus on the tools and techniques needed to deliver technology solutions in response to business requests. In this, they’re like short-order cooks waiting for customers to order food: the grill is hot, ingredients at the ready and menu defined -- tell them what you want and they’ll serve it up. And despite the fact that we all know this approach doesn’t really work -- that’s material for its own post -- very few organizations have developed a strategic IT organization that does more than simply take orders.