Information Governance: What It Is And Seven Reasons Why You May Need It

If you’re already familiar with Corporate Governance and Transparency, Information Governance, or IG for short, is exactly what you might think it is.
TEXT VANESSA VROLIJK

According to the Business Dictionary online, governance is: “the establishment of policies, and continuous monitoring of their proper implementation, by the members of the governing body of an organization. It includes the mechanisms required to balance the powers of the members (with the associated accountability), and their primary duty of enhancing the prosperity and viability of the organization.”

One of the more popular definitions of information governance is, courtesy of Wikipedia: “Information Governance, or IG, is the set of multi-disciplinary structures, policies, procedures, processes and controls implemented to manage information at an enterprise level, supporting an organization’s immediate and future regulatory, legal, risk, environmental and operational requirements.” If you are a medium to large sized organization, all of the above are applicable; it might be not as complex as is the case for international corporations, but enough to give you grief while trying to figure it all out.

So the question is: Do I need IG in my organization and if yes, how do I go about it? The short answer is: probably, yes. As for how to go about it, there is no short or simple answer. What you can do however, is use the following points as a guideline for assessing whether or not you should start considering an IG strategy or revamping your existing IG strategy.

Know your Relevant Information
Not all information acquired within your organization is relevant or is equally valuable, so why treat all of the information in your organization the same way? Make an inventory of all the types of documents and data your enterprise receives and creates and assign a value. Only those that have value for your operation need to be managed. Those you have identified as having little to no value, you can dispose of immediately.

Risk Management:
Identify Your Weak Links
Every organization has weak links when assessing internal organization. Sometimes, it has to do with quantity: some types of information (data & documents) are received or sent in overwhelmingly large quantities.
There might also be a process, primary or secondary, which consumes every available resource as it goes along. The weak link might also pertain to establishing or securing the authenticity of records & information (physical or digital), which can lead to faulty decision-making processes or even legal issues. Whatever the case might be, once you have established what your weakest link is, you have identified your starting point for setting up IG.

Storage and Retrieval Issues
If your organization is experiencing any kind of issue with either storing or retrieving information, be it not enough digital or physical space, difficulties retrieving correct information (in a timely manner), or losing information, then you should do something about managing your information. If this happens to be your weakest link, this means your IG plan needs to start with setting up proper information management. Where to start depends on your specific issue: if it’s storage, then it probably starts with identifying relevant information and setting up procedures and policies to remove irrelevant information and develop retention schedules for information that is relevant. If your issues are linked to retrieval, it points towards the way you might be storing your information which makes it difficult to access it. This might mean you need a new way to manage your information, whether it is technological or procedural.

Legislation and Compliance Check
This point is linked to the previous three: is your company in compliance with due diligence and legal policies? Will your organization be able to procure evidence that you have fulfilled your duties concerning corporate governance and transparency? Will your organization be able to prove that the documents and/or data, which you claim to be authentic, are in fact authentic? Is the information valid and up to date? Is it accurate? If your answer is no to any of the above, then you should start setting up proper proceduresto handle records and information, as well as looking at your applications and systems to ensure that you are not only compliant and accurate, but also that your information is secure at all times.

Security and Breach Issues
One of the most important questions to ask is not whether your security will be breached, but when. In other words, hope for the best, but be prepared for the worst. Aside from setting up appropriate security and authorization policies within your organization pertaining to your physical as well as digital information environments, you need to have a plan. The plan must guide you through a security breach: when it happens, what do you do? How do you do it and with whom? Every organization faces different kinds of threats; you must asses your own organization’s specific vulnerabilities and set up a plan accordingly. Do you have sensitive documents lying around on printers in the hallways or on desks? Can anybody gain entry to your physical archives spaces? How accessible is your network and its applications? What is the first thing you will do when a breach has been detected? Are you insured? Those are some of the important questions that you can ask yourself.

Digital yet?
If you are a paper centric organization, you might want to rethink why that is and ask yourself what you might be losing because of this; be it efficiency, money, service, control, or an opportunity.
At the very least you might be losing your edge! Rethink and evaluate!.

ROI vs. WIWCY
When trying to decide whether or not to implement a new system or strategy that requires a substantial initial or long-term investment, you need to calculate your return on investment, ROI. This means you measure and assign a monetary value to the new system, which you can compare to the initial investment. A very sound method all around, because who wants to lose money? However, depending on where you are at within your organization, you might not be able to afford to not invest in IG or at least some aspects of it, to strengthen your weakest link for example. In other words, you need to calculate your, “what it will cost you” (WIWCY) would be, if you don’t invest! It could be legal proceedings, clients, new business or accounts, regulatory fines or maybe even your reputation.

The first step is admitting you need help! It is very common to feel either overwhelmed or even in denial about your issues concerning Information Governance. The best place to start is to admit that you need help and get professional help! A knowledgeable and experienced professional will be able to get you started and guide you along in the right direction. Either by identifying your main issues, setting up a plan for addressing your main concerns, or implementing your ideas and converting these to long term viable strategies, a professional might be the right person to get in touch with. The most important thing is finding the right fit: an Information Governance strategy custom made for your organization!

Last but certainly not least, the human factor: your colleagues or employees. Even if you have a top of the line, accredited technology and systems in place, if qualified and dedicated personnel do not cooperate with your IG plan, it won’t succeed. You will still experience the same issues or you will have a whole new set of issues, not to mention capital that it will cost you over and over again.

It can be really simple to get your people on board. Firstly, you need to communicate what the plan is and how it will be reshaping the organization. Use the company Happy Hour or outing and take half an hour to explain. Secondly, keep communicating your message no matter how often you have to do it. Once is never enough! Thirdly, leverage their experience and knowledge, your colleagues will have invaluable insight and input for implementing your chosen strategy, after all they are the ones responsible for the daily output of your organization. Welcome anybody who wants to take an active part in your setting up your IG strategy and implementation.

Common Business Sense
It might seem, even after establishing that you have one, two, or even more of the issues mentioned in this article, that implementing an IG strategy, even if only partially, is quite the endeavor. Just remember: IG is just like everything else in business: use your common business sense to bring order to chaos. In other words, you should only do that which either benefits your overall business health or eliminate factors that (could) have a damaging effect on your business overall. That said, IG can be the solution to many of your business’s challenges, especially if implemented correctly!

IG is managing information where required, to take the way your organization works into account. This could include:
1. Legislation and directives that are applicable in your line of business (OECD regulations, local fiscal laws, IFRS);
2. Security and authorization;
3. Documents and records;
4. Lifecycle management (How long does your company keep its records? How and where? Who can access them? Who can create and manage files?); and
5. Compliance and risk management (ensuring due diligence as well as managing risk for your organization).

Getting People on Board:
1. Talk to them about the plan
2. Communicate your message
3. Leverage their knowledge and experience