If you've been at an organization where compliance, IT and the business seem to speak different languages when they talk about information management, you know how difficult it is to get them all on the same page. The task is so difficult at most organizations that each typically does their own work -- blinders on -- in isolation from one or both of the other two in an effort to simply get something done. The results for the organization range from less than optimal (wasted time and money) to disastrous (smoking crater fines/penalties and massive operational disruptions).
When working with clients, I liken this state of affairs to whatever the political debate du jour is on the news -- where both sides are seemingly speaking different languages and there’s no agreement on the common ground.
For me, the most productive way forward in these situations is not so different from the solution in the political arena: reaching across the aisle to find a common ground that all sides can agree on.
With this in mind, let’s walk through how each of the key stakeholders view information governance (IG) and then discuss some ways to find common ground and make progress.
A Slap on the Wrist
The compliance functions at most organizations typically approach their job as if they were police officers, gatekeepers, babysitters, etc. They make the rules that the organization has to play by and they are responsible for punishing non-compliance. They typically don’t view their work as strategic or value add and are unused to articulating the reason why folks should comply other than “thou shalt.” And they are often out of touch with how the business actually works and what needs to happen to keep the lights on.
In terms of managing information, therefore, compliance usually means some or all of the following:
- Defining policies based on best practices rather than what the organization can actually comply with
- Planning and executing work with a cost center mindset rather than a P&L mindset, e.g., no business case for compliance, poor modeling, visibility and tracking of costs and benefits, little to no sense of “competing” for organizational dollars against business initiatives
- De-coupled (or only loosely coupled) to operational strategy and direction
- Shallow understanding of the organization’s value chain, i.e., how we make money
Tell Me What You Want and I’ll Build It
IT folks are also typically isolated from what’s happening in the business. They tend to focus on the tools and techniques needed to deliver technology solutions in response to business requests. In this, they’re like short-order cooks waiting for customers to order food: the grill is hot, ingredients at the ready and menu defined -- tell them what you want and they’ll serve it up. And despite the fact that we all know this approach doesn’t really work -- that’s material for its own post -- very few organizations have developed a strategic IT organization that does more than simply take orders.
In terms of managing information, therefore, IT usually means some or all of the following:
- Delivering generic platforms based on information management features and functionality
- Taking ownership for the containers that hold information, but not the information itself
- Understanding the technical requirements for managing information but not its strategic, business transformative value
- Expecting users to understand their own requirements and communicate them to IT so IT can deliver features and functionality to meet them
Show Me the Money
Compared to compliance and IT folks, the business is simple: if it doesn’t somehow lower costs, increase revenue or increase margins, we don’t do it. Which explains their lack of interest in managing information better. Sure, everyone pays lip service to doing it, but very few fund it sufficiently because IG practitioners have had trouble articulating its value in terms of the bottom line.
In terms of managing information, therefore, the business usually means some or all of the following:
- Addressing information management as part of discreet efforts to remediate specific business problems
- Avoiding cost and risk avoidance in favor of direct cost savings or revenue generation
- End-running around IT or compliance (or both) to get information management capabilities for the business (e.g., Box, Salesforce, Basecamp)
If compliance, IT and the business are the polarized stakeholders speaking completely different languages in the information management debate, then IG is the common ground that holds out the promise to, if not reconcile all parties, at least make it possible for them to work together to move the organization forward.
In terms of managing information, therefore, an IG orientation usually means some or all of the following:
- Cross-functional, engaged stakeholder participation in IG
- Clear articulation on the role of managing information at the organization, i.e., how does it fit into overall organizational goals and strategic direction?
- Transparent decisions about what IG needs to look like to fulfill its role at the organization
- Straightforward debate about the challenges IG faces in fulfilling its role while meeting the needs of all individual stakeholders
- Consensus on what IG will and won’t do, along with the rationale for what’s in and out of IG scope
- Definition of IG’s value across all stakeholders, i.e., direct bottom line impact as well as cost/risk avoidance and IT sustainability
The Final Word
Like some of our most contentious political debates, there’s no easy answer to the information management problem at most organizations. But as IG practitioners, we can learn a lesson from politics and try to find common ground between compliance, IT and the business.
Will doing so suddenly make records managers as ROI oriented as a VP of Sales? Or give IT the same concern for regulatory compliance as Legal? Or get operations staff lathered up about recordkeeping? Of course not. But it will get everyone focused on the needs of the organization as a whole and give them concrete steps to take to begin managing information more effectively to meet organizational goals, which in itself is a major achievement.