Better Business Assurance 101:
Information Governance

Better Business Assurance 101: Information Governance

In Season Two of the Netflix production 'A Series of Unfortunate Events', we see the Bauldelaire children befriend Hal, the overseer of a hospital records library. In Hal’s library, records arrive down a chute and filing can begin. In keeping with the quirky nature of the series, it’s clear that while Hal runs an imbecilely tidy and efficient library, filing things immediately and with minimal fuss, the system has been created to get things filed without much thought to why anyone might want to file, keep or access the items being filed.

In short, while it looked and felt like an effective filing system, no one was ever going to find anything or be able to utilise the immense wealth of knowledge held within the records library.

It’s a humorous and silly twist in the ongoing saga of Klaus, Violet and Sunny’s search to understand the mystery of their parent’s lives.

But for those of us who’ve worked in or with large organisations, that create large amounts of (particularly digital) information, it cuts amusingly close to the bone.

Keep everything but use nothing

In our work as consultants in business language and information management, we see organisations approaching their information management with a nervousness that says “we had better keep everything, just in case” (leaving IT with the impossible task of figuring out how to do that), most often resulting in implementation of systems like TRIM or Objective.

These software options themselves are not the problem, but they often create the problem of staff being able to find NOTHING, precisely because they’ve been given access to EVERYTHING – a classic paradox!

It’s a frustratingly pointless (and often expensive) exercise in fear-based information management.

We can all sense that there must be a better way, a path that allows everyone to find what they need, without the overwhelm of having to search through everything.

In our lexicon, that better way lies in Information Governance.

A quick word on Information versus Data

To understand what we mean by Information Governance, we must first make sure we all understand the difference between data and information, and therefore the difference between data governance and information governance.

We use a very simple definition as a basic starting point to define the difference between these two terms:

Data is the raw detail that exists, most commonly, in the cells of databases and which, in and of itself, has very little meaning or value. However, when collected in larger quantities or over time, these data can be combined with other data to form data sets or collections, which themselves can be analysed to create meaning and value for an organisation.

Information, then, is the meaningful and valuable result of analysis of data. Information can exist in the form of the analyses themselves, or the reports, figures, documents, presentations, materials, websites, etc. that display or communicate the results of the analyses. It’s possible also that information in the form of analyses can create, in effect, “new data”, to be further analysed or utilised.

With this differentiation in mind, it stands that governance of these two different entities is going to involve different things and require different skills, resources and processes. As a quick and simplistic guide, data governance is concerned with the processes and tools involved in the collection and storage of data, the management of those processes and tools and in particular, the security and reliability of that data.

What is Information Governance?

Information governance, then, is concerned with ensuring the information created from data is managed well, stored effectively, understood, secure, reliable, life cycle managed and operates in a structure of ownership and accountability. Information governance ensures these things are happening with the organisation’s information resources.

Needless to say, as most organisations we work with haven’t yet understood the important differentiation between their data and their information, solid governance of information is not even on the horizon. The central repository software lists, under some rudimentary hierarchy, document names, and perhaps the name of the individual who created that document, but this is as comprehensive as it gets.

So let me spell out the elements that we’ve come to believe are essential to truly manage information successfully, and then why the governance layer must nest efficiently with the management processes.

Managing Information – An all-staff activity

In the records management room run by Hal, in A Series of Unfortunate Events, there was a blanket rule that no one was allowed to look at the contents of the records, much less read or use that content for anything. While this seems like a funny twist for a records library, it reflects the common reality that most of the content in records management systems never gets used, largely because it’s not stored or recorded in ways that make that possible.

And just in case you’re thinking a new, whiz-bang search system sitting on top of your records management system is the answer, ask yourself how often you look beyond the first page of a Google search? And therefore, how much information exists that you never find.

In modern, large organisations, the impossibility of finding what you need from central repositories means people double-store important information (once in the official system and once in their own departmental or unit system), data collection or analyses are repeated in various parts of the organisation because knowing that a similar collection or analyses exists elsewhere in the organisation is almost impossible, or gaining access to collections and analyses you know exist “somewhere” becomes a task so time consuming and frustrating it’s easier to create it again.

This represents a huge cost burden (financially and in efficiency) for organisations.

Developing an effective information management system that works for your staff is the fundamental goal of that system. The coolest and most comprehensive-seeming software is redundant if it doesn’t deliver effective usability.

This applies not only to the finding of information, but also to the depositing of information, and to the raising of questions or issues about that information (we talk more about the importance of effective information resource issue management here).

Managing Information – It’s in the details

A good information management system must list not only the very basic information about the artefact (name, creator, date entered into the system), but a whole suite of details that make that artefact’s record, within the management system, so useful that staff will easily find it and know those details before they attempt to access the actual artefact.

These details include:

  • who currently owns the artefact,
  • what the valid uses of this artefact are,
  • how the artefact’s content is restricted by privacy or regulatory requirements (most commonly inherited from its source data),
  • what the source data/information used to create it were
  • whether or not the artefact is still considered relevant and up-to-date (i.e. its life cycle stage),
  • the scope of the content, using consistent and meaningful business terminology, and
  • what, if any, issues or problems have been raised in regard to this artefact.

Imagine if you could access that level of detail through your records management system! You’d know immediately whether the artefact in question suited your needs, was reliable, was appropriate and where its weaknesses lie.

A truly effective records management system would also need to have safeguards in place to ensure that different use of language across an organisation was not going to cause a set of figures representing A to be thought to represent B by a different department. This kind of clarity requires the development of a robust enterprise-wide business term glossary that then allows information artefacts using those business terms to indicate that the term is understood to refer to a specific definition of that term, within the artefact. Then, if the business choose to change their language around a given part of their business function, because the artefact is linked to the business term previously used, the records management system should have the ability to note that, within that artefact, the term X refers to what is now known as Y in the organisation. This creates a reliability we talk about more below.

Finally, imagine that such a system, while delivering this depth of information detail, was not cumbersome to manage (and yes, such systems do exist)! This final piece of the pie is vital to the success of any information management system – simple and sustainable “burden of management” for your staff.

Managing Information – Knowing that your knowing is reliable

When your information records management is comprehensive enough to deliver the high quality management we’re talking about, it breeds the ability to really trust the information you’re accessing, using, quoting and disseminating to the public and on which your business decisions are being based. When there is scope for ensuring clarity of term usage, misunderstandings based in language are much less likely.

Further to that example, a good quality information management system would include easy and accessible processes for staff to raise these and any other issue, question or problem they identify with a given artefact (as we have already mentioned). A good issues management system for your business information artefacts (again, you can read more about what that kind of system would entail here) means you can have much greater confidence that the information you’re using is solid and reliable.

That’s not only peace of mind for your particular task or division bottom line; it delivers overall business assurance for the entire organisation.

Information Governance – The bigger picture

Now that we’ve covered some key elements to solid business information management, what role does governance play?

In our experience, management systems without governance will almost certainly fail. Good governance is your insurance that those good management systems are being followed, implemented fully and can be relied upon to deliver the business assurance you’re looking for.

To be effective, a governance team must be able to see the bigger picture, to have some recourse to know whether the systems are being used and followed. This bigger picture can only be delivered if the records management system, the glossary, and the issues management system we’ve referenced above are all linked and the whole system can give the governance team a birds-eye view of what the state of adherence to management systems is, at any given time. This bigger picture is vital to really good information governance.

The Bottom Line

Needless to say, we’ve not often seen this level of governance, especially in large organisations. There has to be a top-down commitment to the processes, which is usually born from understanding the connection between information governance and business assurance.

That’s our specialty as consultants, and our passion as people who have invested our working lives in the data and information space.

If you’re wondering whether your organisation’s business assurance could benefit from making improvements in your information governance, why not meet us for an informal chat over a coffee. We love helping people see what’s possible and how to get there.

We’ll send you a monthly email outlining the topics we’re talking about and links to where you can read more and join the conversation.

* indicates required

By submitting you aknowledge that you have read and agree with our privacy and cookies policy.

We collect, store and use your personal information in accordance with our privacy and cookies policy. We use MailChimp as our marketing automation platform. By clicking below to submit this form, you acknowledge that the information your provide will be transferred to MailcChimp for processing in accordance with their Privacy Policy and Terms.

In the meantime, why not connect on LinkedIn here?

Leave some info about you and we'll be in touch.

* indicates required
I'd also like to receive your periodic and relevant information

By submitting you acknowledge that you have read and agree with our privacy and cookies policy and you agree to be contacted by us.

I'm sorry, something is wrong; your email could not be sent.
Your email has been sent.
JavaScript must be enabled to use this form! Send

In the meantime, why not connect on LinkedIn here?