Insights
Bringing our best ideas and thinking to you.
Blog Post
November 25, 2016
Share this page:
Mitigating Risk with Information Governance
By John Desborough
Information Governance vs. Information Management
There is a significant difference between the two.
Most organizations have records or other information management functions as part of their overall IT function - note that they say IT, not business function. The reality is that few organizations understand and implement meaningful information governance programs.
Let's focus on "definitions" for a moment:
- Managing is reactive, by it's nature. Managers are reacting to something in front of them. They’re solving a problem or dealing with a situation that exists based on the circumstances of the moment.
- Governing is/should be proactive. It involves anticipating situations before they arise and establishing protocols for handling information to avoid problems in the first place. Identifying what you have and what you need to do with it in advance of when you have it in front of you is the heart of Information Governance (IG). Bonus: if you have a solid IG program, managing your information is much easier.
What do you need to do to truly govern your information in a proactive manner? Building an IG program involves getting back to basic principles and process.
It's a pain BUT you need to ensure all the appropriate research is done, every stage of the document life cycle is addressed and that your organization actually invokes sanctions for noncompliance. That last piece is critical, because only when there are meaningful consequences for lapses will your organization move towards or achieve full compliance.
The most challenging thing about IG is that there are no formal road maps, set rules or guidelines to establishing a program. Every organization must figure out on its own how to distinguish between governing and then managing information.
Just as no two companies are the same, governing and managing your information will be unique to you and your organization. You need to determine how you will address these issues, using your unique environment, using the definition of reactive vs. proactive and considering requirements for compliance.
--
John Desborough is a Director, Consulting and Technology Solutions at MNP. He is an accomplished business solutions program manager and business transformation architect with 30+ years in the information and technology consulting domain. John has extensive background in information management and governance with both public and private sector clients on a global scale. Drop John a line to discuss this topic in more detail: [email protected]