What does ‘information governance’ mean to you? Ask most people and they’ll probably talk about compliance: mandatory training, restrictions to access, checks and controls. In response to some high profile breaches, we’ve battened down the hatches.
Of course, it’s absolutely right that we protect the information we hold. But ritualistic compliance doesn’t work. Many people I’ve spoken to are just looking for ways to subvert the controls so they can get the job done. Or they’re using the controls as an excuse to cover other problems.
That’s sad. Handled properly, clear information governance adds a lot of value. It’s one of the best tools we have to improve the way we manage information. Handled poorly, however, it just creates bureaucratic overhead.
How can governance improve the way we manage information?
The Institute on Governance (www.iog.ca) has defined governance as ‘the process whereby societies or organisations make important decisions, determine whom they involve and how they render account’. So information governance creates clarity in four areas:
Which decisions are important? People make hundreds of decisions about information every day – who to share records with, when to update documents, how to communicate status, etc. Some of these decisions have far greater consequences than others. Good governance identifies which decisions have the greatest consequences, and hence ensures that we invest proportionate effort on them.
Who should be involved in making these decisions? To make good decisions, we need to apply the right expertise. We need to ensure that relevant stakeholder viewpoints are considered. We need to align decisions with available resources and with organisational priorities. Good governance ensures that decision makers bring the right mix of expertise and perspective to bear.
What process should they use to make these decisions? When a process isn’t defined upfront, people spend time defining a bespoke process for each decision. This reduces the time available to analyse options, make trade-offs, etc. Following an agreed process also pre-empts arguments: people are more likely to accept a decision if they can see that ‘due process’ was followed when making it. Good governance focuses our energy on making decisions, rather than on arguing about how to make decisions.
How we account for the outcome of decisions? Many people talk about “accountability” when they mean “blame”. Effective organisations address accountability more from the perspective of feedback: how do we track the outcomes of decisions and adjust things in order to achieve the best results? No-one can make perfect decisions all the time. Good governance ensures we identify poor decisions and correct them as rapidly as possible.
The consequences of weak governance
By separating the decision-making process from the decision itself, clear governance allows people to focus their attention on understanding their options and identifying good solutions. This helps them make good decisions about how to gather, use and dispose of information.
Conversely, when governance is weak or poorly defined, one of two things tends to happen:
Adhocracy. People waste time defining bespoke decision making processes and arguing about who needs to be consulted for each decision. They apply different priorities and policies to the same information in different parts of the organisation. This leads to inconsistent decisions and hence to increased costs (e.g. due to duplication and rework), delays and reduced quality of outputs.
Bureaucracy. People apply the same process and standards to every decision, regardless of its impact. This generally means that the processes and standards necessary for important and complex decisions are applied even to simple or inconsequential ones. Again, this increases costs and creates delay.
Either way, the result is the same – simple decisions consume too many resources while important decisions are robbed of the attention they deserve.
How can we create effective information governance?
If the benefits are so clear, why has information governance become such a pressing issue? Because establishing clear governance is hard. It requires us to answer some difficult questions and address some difficult aspects of organisational politics. Here are some of the things we need to do:
Be clear about the value of information. If we don’t understand the value of different information items, we can’t establish a proportionate framework of processes and controls around them. Without a sense of proportion, things degenerate into ritualistic compliance. This is why information governance tends to be fuzzier than financial governance – the value of information is much harder to measure than the value of money.
To assess this value, we must consider questions such as: Do we hold this information on behalf of an external stakeholder (citizen, partner, etc)? If so, what are our obligations to them? Does this information support strategic decision-making? If so, what are the consequences of using incorrect or out-of-date information to drive key decisions? Does this information support execution of internal processes? Again, what are the consequences of using invalid information? How might good information help improve these processes?
Address the politics of information. Decision rights are about power. People gain and hold power through the information they have. They use the power of their expertise and rank to control access to information. To address governance effectively, we need to think about how power is built and exercised within the organisation. Ultimately, we need to ensure that the right mix of power is brought to bear on key decisions.
Create clear separation between governance and management. Governance sets the boundaries and principles within which people operate. Management is then about making specific decisions – gathering data, analysing options, etc. If we try to replace people’s skills and judgement with an over-prescriptive governance framework, we will fail – we lack the situational awareness needed for individual decisions.
Define clear roles and responsibilities. Governance adds real value when it uses tools such as RACI models to ensure that everyone understands who needs to be involved at what stage of each decision, and how they will contribute to making that decision. A RACI model spells out who is:
• Responsible for a decision (managing the decision-making process, recommending options, etc);
• Accountable for the decision (approving it, allocating budget, etc);
• Consulted about the decision in the course of making it;
• Informed about the decision once it has been made.
Establish oversight bodies. Many decisions can be made by reference to organisational policy and standards. To ensure that these policies remain relevant and are interpreted correctly, we need to establish bodies to create, approve, oversee and maintain them. This is the bread-and-butter of information governance.
Focus on what’s important. When governance focuses too heavily on the minutiae of everyday decisions, it loses sight of the big picture. This is the route to bureaucracy. Governance is most effective when it helps people focus on the small set of decisions that contributes most to organisational performance.
Attend to details. The devil really is in the details – people can spend an inordinate amount of time arguing about what appear to be minor demarcation issues and suchlike. Once we’ve identified the important decisions, we must ensure that decision rights and processes are spelled out clearly.
Enable action. Oversight bodies often become talking shops. This tends to happen when they are too far removed from the “front line”, or when they lack sufficient authority to enforce the policies they oversee. So we must ensure that such bodies have authority and inclination to act.
Open communication paths. People need information to make good decisions. They need to understand both overall strategy and current status. They need to be aware of what people around them are doing. They need to understand how this decision contributes to wider objectives. Good governance ensures that such information is available as people need it.
Address conflict. Conflict is natural. Resources are constrained; different professional perspectives lead to different opinions; goals need to be traded off against each other. If we attempt to hide this conflict, it will surface in unhelpful ways. A key task for governance is to identify areas of likely conflict and ensure that roles and authorities in these areas are clear.
Build in feedback. Effective feedback operates at two levels – monitoring and adjusting individual decisions, and refining the overall governance framework. Mechanisms such as reviews, retrospectives and audits all play a role, as do well-thought-through metrics and performance indicators. Finally, feedback is only effective if we act on it.
And if we avoid discussing governance?
Organisations which avoid discussing governance end up spending a lot of time on it. They address it over and over again as they argue about accountabilities and due process for each decision. They’re left with little energy for the decision itself. So they make bad decisions.
Well-defined governance allows people to focus their energy on the decision. They know which decisions are important, who should be involved with those decisions, and how they will work together to make and monitor the decision. With all this clear, the likelihood of making good decisions increases dramatically.
ABOUT THE AUTHOR
Graham Oakes helps people untangle complex technology, relationships, processes and governance. He can be contacted through www.grahamoakes.co.uk or at This e-mail address is being protected from spambots. You need JavaScript enabled to view it . His book Project Reviews, Assurance and Governance is published by Gower. This article is based on a chapter he wrote for Information Management Best Practices – Volume 1, published by The Information Management Foundation, TIMAF.
