The SharePoint Information Governance ProblemIf you have any experience with SharePoint as a document management platform today, you know that most organizations struggle to use it effectively. You’re also likely familiar with the negative impacts that typically result from using SharePoint ineffectively: a proliferation of sites, often on a proliferation of SharePoint versions, with no clear standards on what documents should (and shouldn’t) be stored there or how, no clear guidelines for users on how to classify their documents, little to no capabilities for promoting effective information lifecycle management, little to no end user governance or oversight for things like site and document library structures, security and access settings, or document hygiene, and dozens, hundreds or even thousands of orphaned sites that, taken together, represent a digital landfill of staggering proportions.

In part, the reason why so many organizations suffer from most (if not all) of these SharePoint issues has to do with SharePoint’s ease of use. It’s easy to stand up and deploy, easy to provision sites, easy to enable self-service and push administrative oversight to end users, easy to configure by end users, easy to get documents into.

But all this ease of use and freedom requires a tremendous organizational discipline in order to be leveraged for good rather than for evil -- and unfortunately most organizations have historically lacked the discipline needed to benefit from SharePoint’s potential.

Bigger Fish to Fry

But when you start to dig deeper and ask why organizations have lacked the discipline to use SharePoint effectively, you quickly realize that the problems with SharePoint I’ve sketched here are only the tip of the iceberg. They’re merely symptomatic of a larger, far more troubling problem at these organizations: weak or nonexistent information governance at the enterprise level.

And this problem, if left unsolved, makes it extremely difficult to get value from any document management technology, whether SharePoint, one of the “big three” enterprise content management (ECM) systems (IBM, EMC, OpenText), or a niche solution meant to address vertical business processes (e.g., contract management, engineering drawing management, product lifecycle management, etc.).

Cosmo Quiz

I’ll do something that’s uncharacteristic for a consultant and not answer the question of what weak information governance looks like with a wishy-washy "it depends." Instead, I’ll declare unequivocally what weak information governance looks like -- imagine that!

Here goes …

If any of the following statements apply to your organization, you have information governance problems. Full stop. The more of these statements that apply, the worse your information governance problems are:

  • No persistent organizational body owns information governance -- only addressed in a piecemeal, one-off, siloed way (if at all)
  • Ownership of information governance is limited to a single group (e.g., only IT or only Legal)
  • The ultimate responsibility for information governance stops short of the C-level (i.e., highest level owner of information governance is not a CXO)
  • IT, Legal and Compliance, and the lines of business would say that information governance is not theirs to own, but rather better owned by one (or both) of the other two groups
  • IT, Legal and Compliance, or the lines of business (perhaps all of them) would say that information governance is exclusively theirs to own and should not be owned by either of the other two groups
  • No formalized process in place to ensure that information governance requirements are considered during the design phase of IT system development (whether the platform is built in house or acquired from a vendor)

I would be willing to bet a crisp twenty that if your organization suffers from the SharePoint problems I discussed earlier, that it also suffers from some (if not all) of these information governance problems as well. And the hard truth is that unless you address these more fundamental information governance problems, you will never adequately solve the more immediate and more obviously painful SharePoint ones.

So let’s talk a bit about what good information governance looks like and how you can take steps to develop it at your organization.

Stating the Obvious

One way to think about what strong, effectual information governance looks like is to take the problems I identified above and turn them around:

  • A persistent organizational body owns information governance
  • Ownership of information governance is cross-functional and includes meaningful participation from IT, Legal and Compliance, and the lines of business
  • C-level executives take the ultimate responsibility for information governance
  • IT, Legal and Compliance, and the lines of business feel a shared ownership and responsibility for information governance at the organization
  • IT, Legal and Compliance, and the lines of business feel that effective information governance at the organization requires participation from the other two groups
  • There is a formalized process in place (and followed) to ensure that information governance requirements are considered during the design phase of IT system development (whether the platform is built in house or acquired from a vendor)

In my 15 years in the information management space, the organizations that effectively managed their information assets are those that exhibit these characteristics -- the more of these they have, the more successful they are at managing their information; the fewer, the less successful.

Diet and Exercise

At a high level, the path to stronger, more effective information governance is the same for every organization, sort of like the path to a healthy, active, long life for everyone is diet and exercise -- but the devil’s in the details: how a stay-at-home parent in their twenties with three kids living in a large metropolitan area makes “diet and exercise” part of their life will be very different from how an unmarried executive in their forties who travels four days a week does.

And so it is with corporations in information governance: size, footprint, industry, culture, organizational history, as well as the strengths and weaknesses of IT, Legal and Compliance, and the lines of business all combine to make the exact steps to improved information governance different for every organization. However, all of these distinctive paths can be rolled up to a few general “diet and exercise” recommendations that all organizations need to adopt to make progress:

  • Gain organizational alignment – until the powers that be understand and accept the fact that information governance should be a strategic priority, nothing much can happen to improve information governance. You need to do whatever it takes at your organization to raise awareness and get this light bulb to go off among executive leaders all the way up to the C-suite.
  • Get a provisional body in place to design the enterprise vision for information governance -- a common mistake is to find a single champion/owner of information governance and have them design the program before recruiting participants for the program. And while the idea is tempting (it avoids death by committee, avoids the slow process of gaining consensus and gives you one throat to choke), it runs the very real risk that the enterprise perspective (across IT, Legal and Compliance, and the lines of business) will be missed. Better to appoint a cross-functional team to tackle the problem from the very start, which may take longer, but will get you a better result in the end.
  • Identify near-term, burning platform, stop the bleeding issues and address them at once -- while you don’t want short term thinking to drive the development of information governance, you also don’t want to allow issues to grow worse while you’re spending the next six to 12 months building out the information governance program. For example, if you’re migrating 6 million legacy documents to a new document management system next month, you need to make sure information governance requirements are a part of that migration -- waiting until after the migration will increase the time, effort, cost and risk of the migration and the application of information governance to the content migrated.

Once you've taken care of these three, you’ll have an information governance body that is ready to begin making progress, first by defining its own charter and operating model, then moving to define its work plan and begin executing against it. What these look like exactly will differ quite a bit from organization to organization, but typically include things like policy development and implementation, project portfolio management, education, awareness building and training activities, as well as strategic thinking about how information governance can contribute to corporate objectives and enterprise goals.

The Final Word

There’s no shortage of information out there on SharePoint challenges, and better SharePoint governance is often proposed as a remedy. And while I don’t disagree that implementing SharePoint governance can help, hopefully I’ve convinced you that document management problems in SharePoint have deeper, more fundamental roots that require more than just managing SharePoint better. And while getting information governance right at your organization won’t make your SharePoint challenges magically disappear, it will be a struggle to solve them until you do.

Title image by Istvan Csak /