Information Governance is not limited to Compliance.
In order to avoid misunderstanding, the title of this post requires some clarity. Governance is critical, and we believe this wholeheartedly. The issue under consideration is how a governance initiative is adopted and implemented. Governance, and by its very nature, Information Governance, stands the risk that it is seen as another overhead, an expensive exercise with little value. If the executive team, and possibly more importantly, the staff, do not understand and buy-in to the benefits, it is likely to be approached half-heartedly, and the bare minimum, regulatory requirements will be implemented.
Risks of this approach:
Governance is expensive – accept this as a fact. So the question becomes one of “how do we get some value from this expense?” If no attempt is made to seek real value, then the cost becomes one of insurance, “just in case”. The only time there is a return on the investment is when the information is required in the event of litigation, audit queries or investigations. If this never happens, then the investment is wasted. To my mind, wasted investment sounds like poor corporate governance.
A potentially greater risk is that “compliance for compliance –sake” leads to reluctance on the part of staff to comply. They don’t perceive any benefit, so will do the least possible to meet the compliance requirements. When the time comes to retrieve the information, the half-hearted attempts become apparent, and the information isn’t complete, it’s out of date, or worse still, can’t be found. In this instance, not only have all the expenses become wasted, but the organization still stands the chance of losing the court case as the necessary information isn’t available. Some information can be found, but no-one is sure whether there is more, and the e-discovery costs escalate wildly.
An alternative approach:
One method of obtaining the necessary buy-in is by making sure that the Information Governance initiative is very closely aligned to the corporate goals or objectives. These could be a combination of any of the following (or a host of others not mentioned here):
- higher levels of customer service,
- reduced costs,
- meeting compliance or mandated requirements,
- reduced organizational risk,
- attracting and retaining high quality staff members,
- meeting environmental or social responsibility criteria, and
- Improving operational efficiency.
These are easily determined by analysing the annual financial reports, 5 year strategic plans, and even the organization’s mission and values boldly displayed in the corridors. The next step is to determine how Information Governance can assist in meeting each one of these objectives. Assisting with compliance is easy, but one needs to explore the other “non-compliance” drivers for these are where the value may well lie.
For example, truly managed information is more easily found, fewer duplicates are kept, and it can be trusted. This must lead to a reduction in cost, which assists the organization in that goal. If Information is easily found and staff don’t waste time searching unnecessarily, then their working days may be more fulfilling, and they can be better utilised, adding value to their daily tasks. Better information leads to faster processes, and ultimately a more efficiently run organisation.
By focusing less on the “governance” part of information governance, and instead looking to see how having properly managed information can assist the organization in meeting its objectives, there is a strong chance that buy-in can be achieved. Not only does it assist with obtaining the necessary commitment, but also helps to garner support from non-governance quarters.