Get Started with Information Governance
Information governance is an important part of every document management program. Ready to get started with information governance? First let’s define and the term information governance:
Information governance (IG) is a framework for managing and monitoring information and the information life cycle, using principles, policies, procedures, standards, and metrics.Ovitas, Inc.
Unclear? First, consider the internal audit function. Information governance is to information assets what internal audit is to financial assets: The goal of both is to be independent and objective. It also applies to ownership of [their respective] assets, managing risk associated with them, and developing policies and procedures to govern, control, measure, and monitor throughout their life cycle.
Information Governance Framework
An information governance framework is a collection of processes and decisions that help organizations achieve business goals and objectives (“ends”). Also, it facilitates compliance with internal rules and external regulations, and addresses risks associated with information management. Let’s define some terms:
- Principles guide an information governance program
- Policies describe what must, or must not, be done; policies codify principles
- Procedures describe the official way of doing something; procedures implement policies
- Standards provide boundaries for procedures and business processes; standards enforce procedures and support policies
- Metrics provide measures of success against various aspects of an information governance program; metrics measure effectiveness
Simple, right? If information governance is the abstract bit of the model, then the other terms are the concrete pieces. Therefore, your policies, procedures, metrics, etc., are—together—your information governance model or program.
Information Governance is not Information Management
One key to understanding information governance is to realize it’s different from information management. Information management (IM) manages information to achieve business goals and objectives.
The relationship between information governance and information management is essentially “IG is a means to an end (IM)”…information governance supports the achievement of information management. For example:
- You create an IG policy that requires third party data to be mapped to a business-wide content model (e.g., taxonomy).
- Your policy affects several functions that manage data, including data analytics.
- This IG policy provides the means for data analytics to rely on third-party data having consistent meaning within the organization, which helps the data analytics business function achieve its goals—its end state.
Benefits of IG
Information governance can benefit any organization that chooses to implement it. To be successful, information governance needs to align with your organization’s overall business and IT strategies and goals. There are three primary areas that IG impacts: Risk, process, and quality:
These three areas are not mutually exclusive. They overlap (as pictured in the Venn diagram). Consider compliance reporting, which defines controlled operational processes that gather and consolidate quality information in order to meet the reporting requirements of a regulator.
|Risk||Risk reduction (mitigation) focuses on reducing the likelihood an adverse event will occur while determining the impact the event would have if it did occur.|
|Process||Process efficiency aims to improve processes in the information life cycle, from capture/creation through disposition.|
|Quality||Quality improvement is about making information more accessible (findable), trustworthy (reliable), and valuable.|
An Information Governance Program
Often an IG implementation is reactive. Maybe it is a reaction to an undesirable business event like a data breach or lawsuit. In other cases, IG is driven by rules and regulations and the need to get accurate information in the right form to requesting authorities quickly. Finally, there may be a need within an organization—more likely a business unit or function within an organization—to consider IG as a means to improve information quality and information-related processes.
Regardless of your reasons for considering an information governance initiative, developing a business case to support it is the critical first step.
Information Governance Business Case
In general, a business case is used to substantiate a business endeavor and persuade executive stakeholders that it is worth doing. For that reason, stick to facts and substantiate them with evidence. In the long run, the payback should be greater than the investment (Finance 101 from college). The IG business case should align its goals with general business goals and strategy.
An effective information governance business case can be difficult to make because many of its business benefits are intangible and therefore hard to quantify—e.g., how ‘much’ is better data quality worth?
What to Include in a Business Case
A compelling IG business case includes all the necessary information that executives need to make an informed decision about whether to proceed or not. It should include, at a minimum:
- Available options,
- Analysis of each option, and
- A recommendation, which includes:
- Summary of the benefits
- Cost analysis
- Risk assessment
- Impact on the organization.
When you create a typical information governance business case, it should address one or more of the three impact areas of risk, process, and/or quality. Make sure your IG business case outlines the business need (why do this?) and describes (quantify and/or qualify) the required investment.
Ready to start your information governance program? If the answer is yes then the next section provides a few more things you should probably consider before you begin your information governance journey.
Information Governance Considerations
Implementing a comprehensive information governance program can take a while. An IG program will consist of a group of related projects and activities that need to be coordinated and managed together in order to become part of ‘business-as-usual’ and, ultimately, be effective. It should include measurable benefits (KPIs) and be monitored.
To get started in information governance, you need to understand the components of an IG program and consider what activities are required for it to be not only successful but also sustainable. Finally, consider the following information governance activities you may undertake, which are in no particular order:
IG Activities You Can Perform
- Perform an information management maturity assessment using an IG maturity model to document the current state of your information.
- Use process discovery to document tacit information governance processes.
- Perform a gap analysis to identify the gap between the current state and the desired state.
- Determine how your business strategies and goals align with information governance strategies and goals.
- Develop an overall IG strategy—Charter, RACI matrix, roadmap, etc.
- Assess external influencers (regulators, competitors, etc.) using a SWOT analysis.
- Determine scope: What content is going to be managed, in which business units?
- Evaluate the capacity to change—People, IT, processes.
- Develop or update your business glossary and business rulebook.
- Coordinate with information architecture to evaluate IG and IM tools and applications.
- Develop IG principles, policies, procedures, and standards.
- Identify IG sponsors and stakeholders.
- Develop CSFs and KPIs to measure IG effectiveness.
- Identify the required skills and related roles needed to be effective and successful.
- Estimate implementation costs and payback period
Ready to get started with information governance but not sure how to start? Are the contents of these activities unclear? Unsure of which activities are simple and which are complex? Need help putting your information governance business case together? We’ll get your organization “governing” its way to information success!CONTACT OVITAS