Push for Strategic Governance in Information Management

6 minute read
Jed Cawthorne avatar
Information governance is an important topic, but a broad and often difficult one to tackle.

In the middle of last year I moved roles from the corporate intranet team to my current role as Director of Technology Strategy and KM for Legal, Corporate and Compliance Group.

Though the roles are quite different, there's one word that links the two together -- governance. 

Information governance is an important topic, but a broad and often difficult one to tackle. Outside of work, I have been working with a group of industry practitioners to help The University of Toronto School of Continuing Studies develop an enterprise information management and governance course. ARMA is pushing an agenda of Information Governance and ISAACA has its Certificate in Governance of Enterprise IT. Back in the intranet world I was part of the SharePoint Governance committee, and SharePoint conferences have had governance tracks for years.

All of this would seem to point to the fact that data/information governance is a really big deal, right? So why isn’t it?

Put Strategy First

Joe Shepley’s article “Technology Can’t Ever Solve the Information Management Problem” may have a depressing title for some, but many of us have known this for a long, long time. Throwing the latest buzzword laden technology solution on top of your existing information management problems just creates bigger, messier problems.

This isn't to say there are no useful, innovative new technology solutions, but that there are two very important words to use when considering the implementation of any new Knowledge Management/Information Management/Data Management technology: strategy and governance.

Shepley writes, “Poor information management stems from poor business processes, exacerbated by poor technology to be sure, but not caused (or solved) by it.” I would suggest that poor business processes are often implemented due to a lack of desire to deal first with the often difficult up front strategy work.

The diagram below is not meant to be a prescriptive model, but is an example of how business strategies should/could link to technology strategies:


Fig 1. A cascade of aligned and interlinked strategies

Having a set of aligned, cascading strategies should make the information governance task much easier. In line with Shepley's point about organizations wanting to get the basics right,having a strategy with well defined aims, goals and objectives should be considered a foundational element that needs to be addressed. How many organizations have “failed” SharePoint deployments because the strategy could be boiled down to “build it, and they will come”? Either they didn't come at all, or they did in such great numbers, with such huge amounts of information/content that a new set of problems were caused. Which leads us back to governance.

Governance of IT and of Information in Particular

Use of the word governance can have very broad connotations -- take a look at this wikipedia page to get a feel for that breadth. The page does state however:

IT governance primarily deals with connections between business focus and IT management. The goal of clear governance is to assure the investment in IT generate business value and mitigate the risks that are associated with IT project.”

That seems pretty reasonable and straightforward: Ensuring IT spend is not frittered away but focused on generating business value. Unfortunately “easier said than done” applies here.

Governance of information (and data) as a subset of IT, can be highly complex in and of itself. ARMA’s Information Governance Professional certification states an IGP certified person:

has the strategic perspective and the requisite knowledge to help an organization leverage information for maximum value while reducing the costs and mitigating the risks associated with using and governing this important asset.”

Maximize value, reduce costs and mitigate risks -- not so simple in the real world. Information and raw data volumes continue to increase exponentially, and storage is often not that cheap when you're racing to keep up with the increasing volume and at the same time reduce costs. Perhaps you keep stuff you don’t need, and keep what you do need for longer than necessary?

Learning Opportunities


Fig 2. Amount of information stored for various purposes

How much information do you need quick access to for immediate operations business processes to function? It’s probably a surprisingly low percentage of your overall organizational total. Obviously this is highly contextual, based on your business/industry and whether you're in a highly regulated industry sector or not. However, even if you're not, you might still have items like contract documents for example, that need to be retained for seven years from the end of contract. Do you know where they are? Are they under automated records management? Is retention and ultimately disposal (whether electronic or paper) an automated process? How much might a legal discovery request cost you if you don't have good answers to the previous questions?

Information Technology - Solution or Problem?

Returning one final time to Shepley's post, perhaps information technology is often not just the easy answer, but actually a big part of the problem? From an information governance perspective, does running headlong into the consumerization of IT, a relentless drive to the cloud, or push to provide mobile access to data from everywhere without fully thought out implementation strategies cause you more problems that it might solve?

For example -- although it seems like a simple enough question -- do your employees know what information can be stored and shared in which systems?

Thumbnail image for 2015-07-Jan-Cawthorne-Image3.jpg

Fig. 3 Different repositories provided by different systems as part of your Digital Workplace eco-system

Doyou have clear policy and procedures on how an Enterprise File Sync and Share (EFSS) system should be used? Is it linked to other systems, including perhaps a large enterprise CMS as its back end? Are employees actively blocked from using other EFSS systems by firewall rules? Have you got to the point where adding “yet another bloody IT system” (YABITS?) is just going to confuse people more than help them? Or as Shepley suggested, have you managed to tie provision of systems, features and functionality to the business processes which require them?

As ever, there are more questions than answers. However as long as posts like Shepley's continue to be written, we can indulge in a giant group therapy session, knowing that we are never alone in the challenges that we face, and we may indeed even find a few answers, or the inspiration to come up with our own!

Happy New Year everyone -- wishing you all the best for an interesting and prosperous 2015. May you succeed in taking a strategic approach to information governance!

About the author

Jed Cawthorne

Jed Cawthorne is principal product manager at NetDocuments. He is involved in product innovation and product management and working with customers to make NetDocuments phenomenally successful products even more so.