An enterprise information governance (IG) program is supposed to help organizations reduce costs and risk while improving access to valuable information, but most mature enterprises find the idea of implementing such a program to be daunting. It doesn’t have to be. By understanding the true value to the enterprise of information assets, and by taking a simple, step-by-step approach to making the necessary changes, effective IG can become a reality.
“Governance” is a framework or set of controls by which groups and phenomena operate. And it’s everywhere. Just about anything you can think of — your family unit, your circle of friends, automotive travel, the food industry, your homeowners’ association, trash collection, shopping at the mall and even snowflakes — has governance. Snowflakes? Yes, an established framework governs the different types of snowflakes that are created and what they look like based on the temperature range and water saturation level in the air. It’s the governance of nature that dictates what type of snowflake you get.
My working definition of enterprise IG is a framework (policies, procedures, processes, controls and metrics) that enables the enterprise to manage its information assets in a way that is consistent with the purpose of creating value and that also results in risk reduction and compliance. Understanding how an IG program can do this is the key to successful adoption.
IG and value creation
Although most new companies understand and embrace effective IG, mature organizations often struggle with the idea that IG is about more than just regulatory compliance, that information is an enterprise asset that needs to be proactively managed for increased business value and cost and risk reduction. They typically haven’t defined the value of information assets to the enterprise or focused on the rules for managing them. They rely on what has worked in the past, leaving information management to individuals and individual business units. Also, believing (mistakenly) that more information is always better for decision-making, these organizations haven’t considered the impact of collecting ever more information or the challenges that duplication and multiple sources of truth present. This makes the governance challenge even harder to overcome because you can’t manage what you can’t measure, and you can’t protect what you don’t know you have. Finally, you’re less likely to accept change that’s forced upon you by regulatory bodies than when you’re self-motivated by the desire to create value.
Mature organizations must realize that governing information is about turning information into valuable assets: “If I knew, I could.” Newer organizations, such as search engine and social media companies, epitomize this, but every company can benefit, and it’s never too late.
Focusing on value creation enables organizations to achieve a greater return on the investment in the IG program, including more efficient business processes, leading to real-time business insight and more effective policy enforcement
In addition, a focus on value creation enables companies to take a more value-based, adoptable approach to developing IG policies and processes and deploying the technologies necessary to support the effort.
Making the changes
Every organization already has some form of governance in place, by design or default, but it can be very difficult to recognize the existing processes and agree on the need to change them. And even if such agreement is reached, it can be difficult to change what is already there and accepted as normal.
Consider the analogy of two divorced adults, each with children, who then marry each other. Each had his or her own baseline “governance” rules in place before getting married, so whose rules will the children follow now? What if one family had strict rules and the other lax ones? Whatever rules get set, someone will object and want to keep them the way they were before.
Companies have the same problem. Unless someone from the top provides a new set of enterprise directives outlining the value of information assets, each group will continue to do what it’s accustomed to doing.
But don’t think that you will solve the problem with a single purchase or initiative. Instead, take simple, pragmatic steps based on a standard enterprise approach. Define the assets and one standard set of policies, procedures, processes, controls, and metrics for managing the assets (and liabilities). Almost every company does this in silos for their products, setting standards for development, pricing, quality control, etc., but most don’t do this effectively for all information assets. Here are four keys to making the creation of an IG program as simple as possible:
- Take ownership and act. Establish responsibility at a high level. A person or group must define the rules, and the rules should align the information assets with business objectives.
- Once responsibility is established, define the enterprise goal and the value statement for the enterprise. Next, outline the challenges to reaching the goal and how “value” and “success” will be measured. Then complete an information asset inventory for the enterprise. Define what you have, where it is, who should own it, how big it is, how many copies there are and need to be, etc.
- Incorporate the rules into the day-to-day business. Link the program to current strategy and goals to increase the sense of urgency and improve acceptance. Use the 80/20 rule to allocate 80% of your investment to deal with current and future problems and only 20% to clean up the past. (Time will eventually fix past problems.) Put policy before process and accept the fact that not everyone will agree, ever, so monitoring the program and enforcing rules is essential.
- Be realistic and keep it simple. There are no easy or “right” answers for all organizations. Take sensible action, learning from your wins and losses and from those who have done something already. Accept that it will take time and refinement—and the older and bigger your company, the harder it will be and the longer it will take.
Information governance is an imperative for long-term success. The longer you wait to act, the harder it will be to achieve, and competitors will pass you by, lowering your chance for long-term survival. And although there are now many technology solutions and service providers to help organizations get started and implement enterprise IG programs, you must take the first step on your own. Like any recovery program, the first step is recognition or acceptance of your problem and opportunity. Rarely do people (or companies) readily accept problems or opportunities pointed out by others. You must recognize for yourself that your business bottom line will improve dramatically with more effective information asset management — and that enterprise information management and governance is the way to make that happen.
For more information on how to develop and advocate for an information governance program for your organization, visit the CGOC (Compliance Governance and Oversight Council) website.
Jason Federoff is director of Information Lifecycle Management at Comerica Inc. and a faculty member of the CGOC.