Information Governance: How Exactly do you Govern Everything?

The challenges facing businesses

Information and its use concern almost every area of business: regulatory compliance, security, privacy, IT infrastructure, finance, accounting, human resources, marketing, sales, legal and legal operations, contract management, supply chain management, product and service development, records management, workforce management, business planning, and strategy. 

Information is intellectual capital and a vital source of competitive differentiation. And today, we create and collect ever-increasing amounts of information. It is parsed, aggregated, analyzed, and monetized. It is not a stretch to say that, in the information age, data is everything - including a source of risk.

Certainly then, given the value and risks associated with information, it is the first order of business to govern this asset well. But how exactly – in some single programmatic way – do you govern everything?

Who’s on Top?

Who should be in charge of this vast enterprise? Most, if not all, advice suggests that it takes a "top-down" approach to establish an information governance program effectively.

For example, The Sedona Conference Commentary on Information Governance states: “Information Governance should involve a top-down, overarching framework guided by the requirements and goals of all stakeholders that enable an organization to make decisions about information for the good of the overall organization and consistent with senior management’s strategic directions” (The Sedona Conference Journal Volume 20, 2019).

Given this excellent characterization of information governance, who exactly should be at the “top” of an information governance program? Who is that executive sponsor?

Ricoh proffers that the answer to this is a function of a specific company’s culture, industry, available resources, and structure. Certainly, given the diversity of stakeholders, information governance requires a cross-functional team comprising, for example, representatives from the OGC, CIO, CTO, and the business unit. The exact makeup of this "information governance committee" and who should lead this team – the executive sponsor – may best be determined by the particular challenge(s) a business needs to address.

Information Governance as Workstreams

It can be difficult to comprehend executing a strategic cloud migration, a records location and classification project, a consumer communications project, and a digitization program all under a single remit with the same committee of stakeholders and the same executive sponsor.

• Each has its own required policies and procedures, compliance requirements, risks, values, and governing principles. 

• Each requires very specific areas of experience and know-how. 

• The technologies deployed and infrastructure requirements are often specific to the challenge as well.

Yet, underlying information used, intersecting processes, and business requirements and constraints may suggest an interconnectedness between all of these projects. Even so, we should remember that this interconnectedness does not de facto demand approaching these disparate processes and all the things they touch as one program.

In our experience, it demands the opposite.

The most effective strategy approaches information governance as multiple workstreams – prioritized by an organization's most pressing need or opportune circumstance.

With this approach, you can govern “everything.”

In fact, for many of our clients, we execute against multiple concurrent workstreams. Each positively contributes to the others and to the organization's overall information governance posture. The results are improved performance, lower costs, enhanced sustained value, and risk mitigation. These results are not confined to the individual workstream(s) but accrue to the organization as a whole.This is not to say that an individual workstream is simple. A workstream can range from a "quick win" project essential to gaining executive buy-in to large – and complex in their own right – programs that extend over multiple years. So, while not necessarily simple, taken individually rather than as a whole, information governance improvements are no longer overwhelming.

Each workstream is an upward step on the stairs leading to a robust information governance maturity.

We stress here that information governance projects and programs often not only pay for themselves but achieve very attractive ROI in real terms - read improved productivity and lower infrastructure costs, to name only two. Others prevent potential losses, such as the harms of regulatory non-compliance or poor customer responsiveness.

Information Governance is Root Cause

Business has an interest in information proportional to its value. Once that value expires, the business quickly loses interest in managing it, cleaning it up, or paying for it to be stored. —The Information Governance Reference Model

While the workstreams are focused, the assessment necessary to finding the optimum solution is programmatically information governance. The difference is a crucial one.

The focus may be improving a specific process (e.g., legal holds) or executing a specific transformational program (e.g., cloud migrations or RIM program). But individual workstreams share upstream dependencies, and of course, downstream and cross-stream effects.

It is difficult to imagine any process or endeavor that does not ultimately rely on an organization's information assets in all their manifestations: records, documents, policies & procedures, intellectual property, employee knowledge, and more. Ultimately, every process' and every endeavor's value or risk is a function of information governance.

This recognition is why the EDRM (electronic discovery reference model) evolved from the original eDiscovery model to include the now robust IGRM (information governance reference model). Everything flows back to information governance.

This Approach Creates Sustainable Value

When you address individual challenges with an information governance purview, the result is sustained value. Conversely, if the approach is as narrow as the scope, you may not achieve sustainable value; you may create new problems.

Consider what might be viewed as a "simple" project: scanning to digitize hardcopy.

Despite promises of a paperless office stretching back 30 years, offices still have an abundance of hardcopy documents for:

• Client work

• Product, employee, and customer records

• Records necessary for regulatory compliance

• Documents containing intellectual capital

• And more.

Managing paper documents is unwieldy. It requires significant storage space. And search and retrieval can be difficult. (This is to say nothing of the mountains of paper at offsite storage locations.)

To tackle this problem, many enterprises scan those documents to a file location (often a SharePoint site), successfully turning a hardcopy mess into…well…a digital mess. In practice, these resultant PDFs may be even more difficult to search and retrieve than their hardcopy predecessors.

The wider purview of information governance corrects for this and ensures that a proper assessment is made. When executed, the project delivers its intended value, often preventing new (sometimes hidden) problems that surface later on.

Consider:

• For whom are the documents useful?

• How are the documents you are scanning going to be classified?

• How will different groups search these documents?

• What taxonomies or metadata and tagging needs to be considered for efficient search and retrieval?

• Is there ROT? Are there unneeded copies or documents that no longer have relevance?

A proper assessment premised on information governance principles makes all the difference between a limited or temporary benefit (or worse, even more risk) and outcomes optimized for enhanced value and reduced risk. After all, you want to fix a problem once and not have to fix it again and again.

Information Governance: Assessment and Readiness

Unsurprisingly, when our consultants perform assessments focused on a single challenge, clients recognize that many of its root causes exist in other areas throughout the organization. And often, the path to improvement made in a particular workstream is appropriate to those other areas. After all, the proper governance or mismanagement of information assets is a common denominator and systemic root cause.

As a result, we often do a broader base-line assessment. This approach helps an organization understand their current state and better position themselves to continue information governance improvements.

The Information Assessment

The adage "if you can't measure it, you can't manage it" remains a popular truism. But if you can't account for the whereabouts or even the very existence of some of your information assets, you can't begin to measure it in terms of value or risk, let alone manage it.

Organizations are increasingly implementing data mapping strategies to:

• Enable cost-effective and efficient data discovery and classification,

• Understand what data assets are owned (especially PII and sensitive information)

• Know where that data resides, and 

• See how data flows between systems. 

For businesses that lack data mapping solutions, our consultants deploy methodologies and tools that both map and analyze information at the individual record level.

Data discovery and classification assessments are foundational to any information governance workstream and increasing overall information governance maturity. But perhaps more important is establishing an information governance management framework to support individual workstreams and larger initiatives.

The path to successful information governance

The challenge with all enterprise-wide initiatives has always been the specter of "boiling the ocean" futility. They are too complex, drain resources, and expensive. For example, when enterprise content management (ECM) appeared on the scene, the failure rate of ECM initiatives was estimated at 60%.

Companies are dynamic entities. As such company-wide initiatives have a complex web of dependencies, reinforcing loops, counter-balancing loops, interactions, and constraints (many unknown) that also change over time.

The approach to information governance presented here recognizes these dynamics and is designed to neutralize them:

• Self-prioritizing "Bottom-up" approach vs. "Top-down" edict

• Relevant leadership defined by the challenge instead of a "standing committee" and executive sponsor

• Simplification via a focused workstream

• Assessments to drive sustained value (not big bills for big studies and reports that quickly become obsolete)

• An IG Framework to rationalize resources, ensure business alignment, extract and deliver insights, and position for success

This approach is the way information governance change happens.

It unites critical processes where you're operating, and business functions are occurring. It's where everyone is invested in the outcome.

It is information governance that doesn't get lost in the vastness of everything.

Get started building your information governance plan with our guide “3 Steps to Advancing Your Information Governance Plan."