Upload
dotram
View
218
Download
4
Embed Size (px)
Citation preview
SCHOOL OF COMPUTER AND INFORMATION SCIENCE
INFORMATION GOVERNANCE AND STEWARDSHIP FOR RECORDS AND
INFORMATION MANAGEMENT
Miranda Welch
01 June 2009
Thesis AbstractRecords and information management (RIM) professionals are faced with huge challenges
dealing with the ever expanding volume of electronic information. They struggle to
implement effective and efficient RIM programmes that ensure business information is
controlled, managed, findable and of high quality. Poor recordkeeping practices result in
poor quality information and the inability to share information across the organisation. In
turn, this inability negatively impacts compliance, management reporting, risk
management, governance, and accountability.
Data management professionals are similarly facing challenges relating to poor quality
data. This also negatively impacts the shareability of information, compliance and
management reporting, risk management and accountability.
To address this, the data management profession has started to implement formally
structured data governance programmes to improve the quality of structured data across the
organisation. An important component of data governance is stewardship, which is a
formal process whereby data stewards, from the business rather than IT staff, are held
accountable for the data quality.
However governance and stewardship are not, currently, significant components in RIM
programmes. This thesis investigates the hypothesis that records and documents would be
more effectively managed if they were under the stewardship of business stewards who are
responsible for ensuring the quality of that information on behalf of the organisation.
The primary conclusion drawn from the research is that there are no obvious reasons why
governance and stewardship cannot be equally applied to RIM. Moreover RIM
professionals could leverage the governance and stewardship methodologies from the data
management discipline for this purpose. A secondary conclusion is that information
(incorporating both data and RIM) could be readily managed holistically across an
organisation by a partnership between RIM, IT and the business to the potential advantage
of all.
2
AcknowledgementsThis research project has been a wonderful learning experience. The initial idea for this
project started during my employment with BearingPoint, when I was working with some
of the staff from the Australian data management team, looking at what they were doing
and the strategies they were preparing for clients, and realizing that governance and
stewardship could surely be equally valid for RIM and provide value to both RIM
professionals and their organisations, and improve the quality of the information resources.
I would like to thank Ginny White and John Campbell who worked with me at
BearingPoint a few years ago, and who started me down this track initially, and the
Australian BearingPoint team who originally wrote MIKE 2.0. I would also like to thank
my supervisor, Dr Simon Shurville for his support and advice during the last twelve
months of study.
Many thanks also to the data stewards who so willingly answered my questions and
enlightened me about some of the practical aspects of stewardship, and the one hundred
and eleven RIM practitioners who responded to my survey – thank you so much for your
time.
Finally, thank you to my husband Robin for his love, support and encouragement while I
have been trying to combine work, study and family life.
Miranda Welch
3
TABLE OF CONTENTSThesis Abstract...........................................................................................................................................2Acknowledgements.....................................................................................................................................3
CHAPTER ONE................................................................................................................................................3
INTRODUCTION................................................................................................................................................3Records and Information Management.....................................................................................................3The Issue....................................................................................................................................................6Definitions..................................................................................................................................................9The Importance of Records and Information Management.....................................................................10Data Governance and Stewardship.........................................................................................................11Research Questions..................................................................................................................................12
CHAPTER TWO.............................................................................................................................................13
LITERATURE SURVEY....................................................................................................................................13Data Management, Data Governance and Stewardship.........................................................................13Records Management, Governance and Stewardship.............................................................................15Holistic View............................................................................................................................................18
CHAPTER THREE.........................................................................................................................................21
RESEARCH METHODOLOGY..........................................................................................................................21
CHAPTER FOUR...........................................................................................................................................23
RESEARCH RESULTS......................................................................................................................................23RIM Practitioners Survey........................................................................................................................23Qualitative Research................................................................................................................................26
Company A...........................................................................................................................................................27Company B...........................................................................................................................................................29Company C...........................................................................................................................................................31
CHAPTER FIVE.............................................................................................................................................32
DATA OR INFORMATION? WHAT’S THE DIFFERENCE?.................................................................................32Exploring the Similarities........................................................................................................................32Quality.....................................................................................................................................................36
Data Quality..........................................................................................................................................................36Information Quality..............................................................................................................................................38
Governance..............................................................................................................................................41Data Governance...................................................................................................................................................41Information Governance.......................................................................................................................................43
Stewardship..............................................................................................................................................45Data Stewardship..................................................................................................................................................45Information Stewardship.......................................................................................................................................48Stewardship not Ownership..................................................................................................................................51
CHAPTER SIX................................................................................................................................................53
INFORMATION STEWARDSHIP FOR RIM........................................................................................................53Information Governance Sponsorship..................................................................................................................54Information Governance Council.........................................................................................................................55Domain Specific Stewardship Groups..................................................................................................................55Information Stewards............................................................................................................................................57IT and RIM...........................................................................................................................................................57
CHAPTER SEVEN.........................................................................................................................................60
RESPONDING TO THE CHALLENGES AND RESEARCH QUESTIONS.................................................................60Challenges...............................................................................................................................................60
Challenge 1 – Executive Level Support................................................................................................................60Challenge 2 –Findability of Information..............................................................................................................62Challenge 3 – User Compliance With Recordkeeping Policies and Procedures..................................................63Challenge 4 – Relationship with IT......................................................................................................................64Challenge 5 – Quality and Integrity of Information.............................................................................................65
Answering the Research Questions..........................................................................................................66
CHAPTER EIGHT.........................................................................................................................................69
CONCLUSION.................................................................................................................................................69Further Work...........................................................................................................................................71
CHAPTER NINE.............................................................................................................................................72
References....................................................................................................................................................72
2
CHAPTER ONE
Introduction
Records and Information ManagementAt the heart of this thesis are challenges faced by Records and Information Management
(RIM) professionals to implement an effective and efficient records and information
management programme. This introductory chapter examines what RIM entails, some of
the issues commonly faced by RIM professionals. It lays the groundwork for the research
questions that are the basis of this document; namely, that data governance and data
stewardship methodologies from the data management discipline are equally applicable to
records and information management.
There are a myriad of definitions for records management available in the literature. One
of the more widely quoted is the definition drawn from the International Standard for
Records Management:
− “The field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and disposition of records, including processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records” (ISO15489-1 2001 p.3).
Another definition for records management, that is more business and legally oriented,
comes from an EMC1 white paper:
− “Records management is the application of policies, practices, technologies and other management controls to the information content required to: 1. Support business operations, and 2. Protect legal interests and respond to regulators” (Kahn and Blair 2004 p.5).
For the purposes of this thesis, these definitions provide a basis for discussing RIM,
providing we also establish a very clear premise that “records” cover not only physical
documents and records, but also documents and records stored in various formats in a
1 EMC, based in the USA, is one of the dominant technology companies, providing technology, products and services to consumers in over 100 countries internationally.
3
multitude of electronic repositories such as Electronic Document and Records
Management Systems (EDRMS) and Enterprise Content Management (ECM) systems,
individual and shared drives, personal storage devices, PDAs, emails stored within email
systems or email archiving solutions and Sharepoint sites. In essence, when we refer to
records we refer to both physical and electronic records.
In the 21st century, most records and documents are born digital and stored digitally.
Indeed, the Sedona Guidelines, which were published with the aim of providing guidelines
for electronic document production in the context of litigation, emphasizes this point in the
first sentence of the preface.
− “Today most information created and received in organizations of all sizes is generated electronically in the form of e-mail messages and their attachments, word processing or spreadsheet documents, web pages, databases and the like” (The Sedona Conference 2007 p.vii).
Most organisations, in my experience, wish to store and manage their records and
documents digitally, although, even with the ready availability of electronic information,
the quantity of paper records is hardly subsiding. Organisations generally agree that they
are struggling with a deluge of information and terabytes of digital storage. A recent article
in Computerworld (Brandel 2008 p.22) cited research from market research firm IDC, that
by 2011 the digital universe will be ten times the size it was in 2006. In the same article,
Brandel quotes a New York based research firm which believes information overload is the
“problem of the year” (Brandel 2008 p.22).
Newman refers to the information overload issue as “infoglut” (Newman 2005 p.3), and
believes that the unstructured content is of greater concern than structured data.
− “Organizations are looking for methods to manage an expanding volume and velocity of information sources. While structured data sources (such as databases and file systems) continue to grow, the greater concern is the uncontrolled volume of unstructured content found in email systems, document management applications, records management systems and so forth” (Newman 2005 p.3).
Logan and Chin, reported on the lack of control over business information exhibited by
many organisations in the United States in their Gartner Research Report:
− “Many federal government agencies are failing to manage their business information properly. Our research shows the U.S. federal government has this in common with other national governments around the world. As the amount of electronic information has exploded, governments and businesses have lost control of it” (Logan and Chin 2009 p.2).
4
Another Gartner research report, from Bell, Logan and Friedman describe the issue
succinctly. “The volume of information is growing faster that our ability to manage it”
(Bell, Logan et al. 2008 p.3).
In addition to the information overload issues, headlines around the world should regularly
remind executives that inadequate corporate recordkeeping systems will incur either
financial or reputational penalties. Poor recordkeeping practices can result in issues such as
breaches of privacy, inappropriate disposal of information, non-compliance, operational
failure, and loss of reputation. Some international examples include:
In Australia, 2005, the Palmer report of an investigation into the immigration
detention of Cornelia Rau criticised the adequacy of Department of Immigration,
Multicultural and Indigenous Affairs’ information systems, describing their
database infrastructure as siloed, and explicitly making recommendations regarding
the need to significantly improve DIMIA’s recordkeeping (Palmer 2005). The
Victoria Police have been condemned for a systemic failure to provide proper
information governance, following instances where surveillance squad files were
leaked to an alleged drug trafficker and an alleged gangland murder suspect. The
author of the inquiry criticised the lack of accountability, gaps in information
governance and poorly monitored policies. (McKenzie 2009)
In New Zealand, a vindictive student deliberately deleted business critical
information, including documentation on international patents, crucial project data
and five years worth of engineering drawings from Hamilton business Progressive
Hydraulics. These actions cost the business hundreds of thousands of dollars in
attempts to recover the data and lost business (Van der Stoep 2009).
In the USA, the FBI disclosed that nearly a quarter of its investigative files relating
to recent leaks of classified information were missing and could not be located
(Gerstein 2006). Federal housing officials in the USA criticised the Newark
Housing Authority for poor recordkeeping, including failure to produce a signed
agreement to justify the payment of $6.9 million to the City of Newark. The money
was intended to add police and health services at its apartment buildings, and they
failed to document where the money was spent and whether the residents ever
received the extra aid (Cave 2006).
5
The need for corporate accountability and transparency in the post-Enron era has
intensified requirements to manage and control information more efficiently and with more
transparency. Sarbanes-Oxley Act (2002) and the Basel II accord are two such examples,
while in New Zealand and Australia, government agencies are increasingly subject to
legislation and standards to ensure that they are managing information effectively. New
Zealand has a new Public Records Act (2005), which requires compliance audits of
government agencies commencing in 2010.
In summary, while RIM is a discipline that has been in existence for decades, it is
becoming increasingly important for supporting compliance, accountability and good
governance at a corporate level. Records management programmes struggle to effectively
manage and control corporate information. In the Executive Summary to the 2007
Electronic Records Management Survey report, Cohasset Associates sum up the current
state of records and information management:
− “While many organizations are moving in the right direction, Cohasset’s research clearly indicates that, for an alarming number, the job of records management is still not getting done” (Williams and Ashley 2007 p.10).
The IssueIn my professional experience as an RIM consultant, records and information management
professionals consistently struggle for their programmes to be recognised, valued and
trusted by senior management, IT and the business at large. According to research
conducted by Forrester Consulting on behalf of Association of Records Managers and
Administrators (ARMA) International in 2004:
− “Records and information (RIM) professionals are losing their influence in records management as ERM [electronic records management] emerges” (Swartz 2004 p.31).
− “Business and IT do not fully understand what ERM is; nor do they understand ERM’s role in compliance regulations and legislation” (Swartz 2004 p.31).
One of the latest research papers from the Association of Information and Image
Management (AIIM) reinforces this perspective, among their key findings for their State of
the ECM Industry 2009 research report.
− “Records managers are often being left out of the equation. In 36% of large organizations, IT is managing the Sharepoint rollout with no input from the Records Management Department. A further 14% admit that no-one is in charge and it’s completely out-of-control” (Miles 2009 p.4).
6
Organisations are increasingly dependent on the quality of their information, yet some still
only pay lip service to the concept of valuing, organising and managing their information
assets, as indicated by Cohasset Associates (Williams and Ashley 2007 p.47). Cohasset’s
report on the 2007 Electronic Records Management Survey included a series of action
items for success, and the first action item was:
− “Recognize and address the many significant existing problems in how records are currently managed” (Williams and Ashley 2007 p.47)
These are not new concerns. In 1995, John McDonald, working at the National Archives of
Canada, wrote an article describing the modern office environment as “the wild frontier”.
(McDonald 1995 p.70)
− “Instead of horses and wagons, our organizations have provided us with computers and software, telling us to charge off into the great unexplored plains of cyberspace where supposedly we can work more effectively. With a few mouse-clicks, we can easily send e-mail messages to people at all levels of the organization. We make no distinction between the substantive message and the informal “let’s do lunch” type – they all go through the same electronic channel. We use our own sometimes unorthodox approaches to describe and classify our documents. When our directories are too full, we simply get rid of the old stuff that we do not need any more” (McDonald 1995 p.71).
Ten years later, as a contributing author for a book titled Managing Electronic Records,
McDonald suggests that “the wild frontier remains as elusive for most organizations as it
was ten years ago” (McLeod and Hare 2005 p.2). McDonald discusses the changes that
have occurred in the realms of legislation, policies, standards, systems and people, as well
as, of course, technology. “The lack of understanding managers have of electronic records
and records management” (McLeod and Hare 2005 p.8) is cited as a key inhibitor to
progress. McDonald recommends “establishing a vision, enhancing awareness, assigning
accountability, designing an architecture and building capacity” as actions that would help
to accelerate the rate of change (McLeod and Hare 2005 p.8).
In the current environment of electronically generated and stored information, it is not
unusual for a large percentage of an organisation’s records and documents to be stored
outside of any formal, managed system as organisations struggle to manage and control
their electronic records.
In a recent survey of electronic recordkeeping, Archives NZ reported that 20% of
government organisations described their recordkeeping systems as “informal”, and a
further 27% described their systems as “other” (Kazakov and Johnson 2007 p.6). This
7
leaves just 53% of New Zealand government sector organisations with a formal
recordkeeping system. We have no way of knowing from that survey just how much of
their total information (in the form of records and documents) is actually captured within
those recordkeeping systems.
I have been unable to locate any research that asks organisations to estimate what
percentage of the records they generate, receive and store are actually captured within a
formal recordkeeping system. We may need to accept that responses to this question, while
altogether illuminating, will always be totally subjective and unproved. My own
experience, as a RIM consultant, suggests that in many organisations with a formal
recordkeeping system, an average of between 25% - 35% of the entire volume of records,
documents and emails generated, received and stored by an organisation would be stored
within the formal recordkeeping system, either paper-based, electronic or a mixture of
both. The remainder of the organisation’s information is likely to be stored in individual,
ad hoc systems such as email folders, pst files, shared or local drives, hard drives, multiple
ungoverned Sharepoint sites or personal paper files.
Among the pre-conference workshops for the Managing Electronic Records (MER)
Conference 2008 in Chicago was a full day workshop titled “Successful ‘Enterprise’
Content and Records Management Programs” (Alsup, Cisco et al. 2008). It was run by
presenters from the Gimmal Group, a leading ECRM systems integrator. When looking at
the status of electronic document and records management systems, presenter Mike Alsup
estimated that EDRMS solutions contain “less than 20% of electronic documents in most
organisations” (Alsup, Cisco et al. 2008 p.5).
The RIM Practitioners survey conducted as part of the research for this thesis included a
question intended to gather RIM professionals estimation of the percentage of the total
volume of physical and electronic records and documents (including email) that are
captured into their approved corporate repository. Just under thirty percent (28.8%) of
respondents estimated that less than 25% of the total volume of their organisation’s
information was stored in the corporate repository or repositories. A further 21.6% of
respondents indicated that less than 50% of their organisational information was stored in
approved corporate respositories. This means that just over 50% of respondents
acknowledge that their corporate systems are less than effective in terms of managing and
controlling their organisation’s information assets.
8
In support of this finding, among the conclusions of the North American 2007 Electronic
Records Survey White Paper from Cohasset Associates (Williams and Ashley 2007) were
the following overall comments:
− “For most organizations, a great deal still remains to be done to achieve credibility in the management of their electronic records and, in time, a sustainable “best practice” performance” (Williams and Ashley 2007 p.5).
− “Significant gaps in accountability for day-to-day management of all types of electronic records were reported” (Williams and Ashley 2007 p.5).
The focus of this thesis and accompanying research is to specifically examine the issues of
accountability and effectiveness, as mentioned both in McDonald’s article in McLeod and
Hare’s book ‘Managing Electronic Records’, (McLeod and Hare 2005) and the Cohasset
Electronic Records Survey (Williams and Ashley 2007). This thesis will investigate
whether stewardship models from the data governance discipline are equally feasible for
RIM. It will also examine whether adopting a stewardship model could improve
accountability for the quality and integrity of organisational information in the form of
records and documents. Such accountability could feasibly improve the effectiveness of
recordkeeping systems and mitigate some of the challenges faced by RIM practitioners in
their day-to-day work.
DefinitionsAs referred to earlier, definitions for terms in the RIM arena abound, and are often the
subject of vigorous discussions in the records management listservs and literature. In this
thesis, I am adopting the following definitions:
Information Management: “The process of managing the information needs of an
organisation” (Middleton 2002 p.13).
Information Governance: “Information governance is the collection of decision rights,
processes, standards, policies and technologies required to manage, maintain and exploit
information as an enterprise resource” (Newman and Logan 2006 p.3).
Record: “information created and received, and maintained as evidence and information
by an organisation or person, in pursuance of legal obligations or in the transaction of
business” (ISO15489-1 2001 p.3). In some RIM circles, there is considerable discussion
around the distinction between the terms ‘document’ and ‘record’, for this thesis I am
grouping documents and records together as records. Therefore the term ‘record’ 9
encompasses physical records and documents as well as electronic records and documents
in all formats including emails.
Stewardship: “Stewardship is the act of taking care of a resource that is entrusted to an
individual or a group. People don’t “own” assets, such as information, but they can be held
formally accountable for them” (Newman and Logan 2006 p.3).
Structured data: “Information from structured sources such as databases, transaction
systems and applications” (Logan and Bell 2008 p.4).
Unstructured data: “Emails, documents, rich media and other formats” (Logan and Bell
2008 p.4). Note that emails and documents are also regarded as records in the RIM field as
noted in Archives New Zealand’s fact sheet Make a Record. They state that records “come
in a variety of media/formats such as paper, electronic (analogue or digital), and can be
documents, letters, emails, digital images, sound recordings, or web pages.” (Archives
New Zealand 2006). In some of the literature, unstructured data is also referred to as
content.
− “Enterprises keep a vast amount of information locked up in images, documents, spreadsheets and other forms of unstructured information (‘content’)” (Bell 2008).
Therefore, within the context of this thesis, taking into account the text and the references,
records, documents, content and unstructured data are used interchangeably.
The Importance of Records and Information ManagementInformation is commonly recognised as one of the primary business assets (others include
human and financial capital) (Smith and McKeen 2007 p.36), yet “most organisations have
serious operational shortfalls regarding the process by which they manage electronic
records” (Williams and Ashley 2007 p.45). This issue is also reflected in data management
literature.
− “Most enterprises carefully manage other assets (financial, physical and human) but overlook the immense value inherent in their data” (Marco 2006 p.28).
Reinforcing this view, a recent Gartner research paper stated that “historically, much focus
has been placed on data quality issues in IT while content quality was often overlooked”
(Bell, Logan et al. 2008 p.2).
10
Most organisations allow their employees to store company information within individual
structures where it is unable to be accessed, shared, managed and retained according to
company policies, as described by MacDonald (1995 p.70). Yet, in my experience, as a
RIM consultant, these organisations would be unlikely, for example, to let individual staff
members create their own chart of accounts, or deviate from standard operating procedures
when maintaining critical areas of plant.
Organisations cannot credibly claim corporate accountability, effective governance and
compliance programmes or a quality management programme without a supporting records
and information management programme that encompasses all relevant unstructured
information that can be categorised as belonging to the company.
Based on the evidence of the growing volume of literature, governance and stewardship are
gaining a groundswell of approval for improving the management of structured data. There
seems to be no parallel support for governance and stewardship for unstructured data and
information (records, documents and emails).
Data Governance and StewardshipData governance includes a formal process known as stewardship that is key to ensuring
information quality. One of the core objectives of a governance programme is to ensure
that information is of high quality (i.e. accurate, complete, accessible and secure), across
the lifecycle of the information. Data stewards manage organisational data on behalf of the
organisation and its staff.
− “Data stewardship is an approach to data governance that formalizes accountability for managing information resources on behalf of others and in the best interests of the organization” (McGilvray 2006 p.25).
One Gartner researcher links stewardship strongly to data quality as the following quotes
show.
− “Poor data quality severely inhibits many strategic business initiatives. Data quality problems make it difficult, if not impossible, to generate business value from customer relationship management (CRM), business intelligence (BI) or any effort requiring significant integration of data” (Friedman 2007 p.2).
− “To alleviate this problem, many companies have implemented data stewardship programs, in which individuals are assigned responsibility for the quality of the subsets of the corporate data architecture” (Friedman 2007 p.2).
11
Stewardship involves managing information assets in order to improve their reusability,
accessibility, integrity and quality. Information stewards act as a bridge between IT and the
business, for example for defining metadata requirements, and defining and maintaining
quality standards or approving changes (Marco 2006 ; Friedman 2007).
Reusability, accessibility, integrity and quality are all words that records and information
managers should be able to relate to, in terms of unstructured information. ISO15489
states:
− “… organizations should create and maintain authentic, reliable and usable records, and protect the integrity of those records for as long as required” (ISO15489-1 2001 p.6).
There seems to be, potentially, an enormous opportunity for treating information as an
organisational resource, and not making artificial distinctions between structured and
unstructured data.
Research QuestionsMy hypothesis is that records and documents (unstructured information) would be more
effectively managed if they are under the custodianship of business stewards who are
responsible for ensuring the quality of that information on behalf of the organisation rather
than under the control of RIM professionals.
This thesis aims to address the following research questions:
1 Should records and information management professionals leverage a data governance
framework, and more specifically a data stewardship model for structured data and
apply it to managing unstructured information?
2 Would this benefit RIM practitioners, especially in terms of improving the business
recognition of records and information management programmes?
3 Could both structured and unstructured data be linked into the same stewardship
framework and operate holistically across an organisation?
12
CHAPTER TWO
Literature Survey
This literature survey encompassed articles, books and web-based material on both data
management and records management, with a focus on governance, stewardship and
information quality in both areas. This chapter has been structured to cover literature
relating to data governance and data stewardship, followed by records and information
management, with a subsequent section covering how some authors have linked these two
aspects of information management.
The overwhelming impression is that there is a significant volume of information relating
to data governance and stewardship while the volume of information relating to
governance and stewardship for RIM is lacking.
Data Management, Data Governance and StewardshipThere is a growing collection of literature around data governance and data stewardship,
along with specific organisations and websites devoted to data governance and data
quality. Two examples of websites are the International Association for Information and
Data Quality (http://www.iaidq.org/) and the Data Governance Institute
(http://www.datagovernance.com/). Organisations are realising that having data on
different applications with different naming conventions, different security and access
rights, different timing factors, and managed by different departments can lead to major
issues relating to redundant data, incomplete or inconsistent management reporting, and
different data standards. This negatively impacts on compliance and the good governance
and accountability required of organisations by stakeholders, including citizens,
shareholders and customers.
Swartz describes some of the problems relating to poor data management and says that as
increasing volumes of data are flowing “within and between” organisations, the problems
are becoming more common and more serious (Swartz 2007 p.29). She cites a study from 13
the Virginia Commonwealth University, where the study’s authors provide a checklist for
good data management practices. Among them is the following suggestion:
− “Good data management must be viewed as a means to an end, not the end itself. Organizations must stop treating and practicing data management as an abstract discipline and start seeing it as a process that supports specific organizational objectives – specifically one that provides a shared resource basis on which to build additional services” (Swartz 2007 p.29).
Gartner has published several reports outlining best practices, roles and responsibilities and
outcomes for data stewardship programmes, and have linked data governance and
stewardship strongly with enterprise information management, (Newman and Logan 2006 ;
Newman and Logan 2006). Gartner researcher Friedman (2007 p.5) regards stewards as a
“key component of an information governance program”. He also says “data quality is a
business issue and it requires the business to take responsibility and drive improvements”
(2007 p.1).
Many articles assert that business drivers such as compliance, governance requirements
and the drive to increase revenue and lower costs are forcing companies to examine their
approach to information (Laurent 2005 ; Dittmar 2006 ; Informatica 2006 ; Newman and
Logan 2006). Larry English, in his interview for TechWeb (Henschen 2008), believes that
organisations would be better off if they paid the same attention to managing information
as they do to managing other resources such as financial and people resources.
The IBM Systems Journal describes IBM’s transformation process to establish a
programme for the management of its critical data, beginning with an enterprise data
strategy that is aligned to the IBM business strategy. The case study describes how IBM is
attempting to replace the information silo approach to data management with a more
integrated system with an architecture for data, process and policy (Vayghan, Garfinkle et
al. 2007).
This article discusses IBM’s approach to data governance and defines it as:
− “an integrative discipline for structuring, describing, and governing information as an enterprise asset without regard for organizational and technological boundaries” (2007 p.679).
The authors also define data stewardship as a “key element in enabling the DG [data
governance] process” (Vayghan, Garfinkle et al. 2007 p.681).
14
Most authors are in accord that stewards must be drawn from the business, while IT’s role
is seen more as a subject matter expert, advisor and facilitator (Laurent 2005 ; Marco
2006 ; Friedman 2007).
− “As with any effort, if IT alone drives this program, it’s unlikely to succeed. However IT does have a role to play, by providing data quality analysts, integration specialists and other resources that are responsible for working with data stewards on profiling or cleansing projects” (Friedman 2007 p.2).
In summary, the consensus from the literature is that stewardship is a vital element in a
data governance programme. Stewards must be drawn from the business, and should also
be drawn from across the organisation. Most authors advocated a layered approach to a
stewardship programme, with some senior sponsorship or stewardship roles, in conjunction
with other stewards who are placed “close to the point of capture and maintenance of the
data” (Friedman 2007 p.5).
− “IBM implemented an Enterprise Data Council (EDC) for the data stewardship teams and an Executive Data Review Board (EDRB) for transformation executives to manage IM initiatives, priorities, governance and issues. The role of the governance bodies is to approve IBM information policies, set the enterprise-level information priorities, monitor the overall effectiveness of the business information, generate business value through IM programs, resolve enterprise-level data issues and ensure IM accountabilities throughout the business. The EDC represents the data stewardship teams and working groups, while the EDRB is the body responsible for decision-making and final-issue resolution” (Vayghan, Garfinkle et al. 2007 p.681).
Mallory points out that there are already stewards in every organisation, and they are
usually not recognised. Recognising these people and formalizing their role can impact
positively on the organisation’s data quality issues (Mallory n.d.). Mallory also defines a
stewardship programme as being collaborative. She says:
− “A mature data quality organisation has a collaborative approach around data management and one of the key factors is leveraging the talents of your data stewards” (Mallory n.d. p.13).
Records Management, Governance and StewardshipBy contrast, there is little in the traditional records management literature associating
unstructured information with governance or stewardship. One article in the Records
Management Journal, examined what was meant by governance, and focused on the
alignment between information, information management and organisational management
or governance. (Tombs 2002) This article did not examine the concept of information
management governance or stewardship.
15
Cohasset Associates published a white paper on information governance in 2007. They
define information governance as:
− “Implementing and managing common policies and controls across the enterprise regarding the organization’s information assets” (Cohasset Associates 2007 p.1).
Cohasset have focused quite specifically on policies and procedures constituting a
governance framework for managing corporate governance, risk and compliance. They do
not mention stewardship as a component of their governance framework.
The health information sector provided two examples of taking information governance
seriously. The UK National Health Service have developed an information governance
policy, an associated toolkit and training programmes to address data protection, records
management and data quality according to the NHS Information Governance Assurance
Framework briefing note (NHS Connecting for Health 2009 p.1). An article titled
“Information governance: practical implications for record-keeping”, looks specifically at
the nurses’ responsibilities towards ensuring patient records are complete, accurate and
maintained appropriately in accordance with the NHS Information Governance Framework
(Hutchinson and Sharples 2006).
New Zealand’s Ministry of Health established a Health Information Strategy Steering
Committee which published a Health Information Strategy (HIS-NZ) in 2005. The Strategy
clearly covers both unstructured information such as electronic health records, and
structured data in health care systems. There is a section on the governance of the HIS-NZ,
which clearly defines governance, strategy and custodianship. The following definitions
can be found in the HIS-NZ.
− “Governance is the set of processes that ensure that an asset or strategy is sustained for the benefit for a group of people who value it. Governance often comprises two major processes: that of stewardship, and that of custodianship.
− Stewardship, which is: representation of stakeholder interests; and oversight of the delivery of the strategy to meet these requirements.
− Custodianship, which is: day to day management; operational decision making on allocation of resources or funds; management of IS or business projects” (Health Information Strategy Steering Committee 2005 p.49).
The HIS-NZ acknowledges that resourcing models of stewardship may vary due to the
approach taken on stewardship objectives (Health Information Strategy Steering
Committee 2005 p.50).
16
The New Zealand Ministry of Justice published an information strategy for the Justice
Sector in 2006. This is their third information strategy, and the justice sector agencies are
committed to improving the quality and integrity of information resources and the
management of information and service quality. The Strategy contains the following
statement:
− “Agencies that own or are guardians of information will be responsible for the quality, protection and dissemination of information and will notify the sector of relevant changes” (Ministry of Justice 2006).
The Justice Sector Information Strategy contains several statements relating to the
importance of having information that is of high quality and integrity available for the
sector, to support strategic decision-making and planning. Responsibilities for achieving
the strategy are clearly outlined, with a Justice Sector Information Strategy Management
Committee having broad representation from across the Justice sector. There is no specific
mention of stewardship, there is a clear statement as to who will direct the strategy, and
how, which incorporates important elements of stewardship and governance (Ministry of
Justice 2006).
Many information management or records management strategies that I have seen as part
of my working career, which must remain confidential for commercial reasons, have listed
stewardship as an important aspect of information management of their information
management strategy. Yet it seems that few of these companies have seriously considered
what stewardship actually means for records and information management, because none
of them had, at the time, formal stewardship programmes.
In addition, the concept of ‘quality’ information does not appear in conjunction with
unstructured information, or at least not specifically with that terminology. Quality
information, however, is not a totally alien concept. From a records management and
archival perspective, information should be “authentic, reliable and usable” (ISO15489-1
2001 p.6). The standard also suggests, in its section on responsibility, that “all employees
are responsible and accountable for keeping accurate and complete records of their
activities” (ISO15489-1 2001 p.6).
While authentic, reliable and usable records may equate to high quality records – who is
responsible for determining the requisite quality of the information captured, managed and
retained within organisations? In practice, certainly in my experience, the term ‘high
17
quality information’ is rarely associated with records management and unstructured
information. Formal stewardship programmes for RIM are, to my knowledge, unreported
in the literature that is generally available to RIM practitioners.
There are two theses that focused specifically on information stewardship. One, dated
1996, is titled ‘Whose information is it anyway? An argument for information
stewardship.’ The author, Trevor Plant describes the problem as follows: “despite the
advances in information technology, sharing corporate information effectively remains an
elusive goal” (Plant 1996 p.5). Plant, in his thesis, explores the view that the concept of
ownership is responsible for this failure to facilitate information sharing, and proposes the
concept of stewardship as an alternative model. Gluck, a Swedish student, wrote his thesis
titled ‘Information stewardship; roles and responsibilities in Vattenfall’s2 maintenance
process’ in 2008. He also determined that the concept of information ownership was a
flawed one, and that a stewardship model would be more effective in defining roles and
responsibilities for information. He developed a governance structure, based on a
stewardship model, to improve Vattenfall’s maintenance process.
Holistic ViewGartner are one of the key organisations that are starting to examine a more holistic
approach to the management of information as comprising of both structured and
unstructured information. There are a few articles that formally link governance and
stewardship of structured data and unstructured data. Recent Gartner research espouses
Enterprise Information Management, an approach that involves treating information as an
enterprise asset. Newman and Logan state:
− “Historically, information has not been governed with the same rigor given to other vital assets, as evidenced by a lack of quality, timeliness, transparency and reuse” (2006 p.3).
They also believe that enterprise information management will provide “a strategy for
overcoming information silos satisfying compliance issues and solving operational
efficiencies” (2006 p.1).
More significantly, Gartner researchers Bell, Logan and Friedman, in their research into
Enterprise Information Management, made the following statement:
2 Vattenfall is Europe’s fourth largest generator of electricity and the largest generator of heat, with approximately 32,000 employees in Sweden, Finland, Denmark, Germany and Poland.
18
− “One of the key findings of our EIM research has been that processes which have long been in use in data warehousing applications, business intelligence and other structured information management sources can be translated to the unstructured world” (Bell, Logan et al. 2008 p.2).
Smith and McKeen, from Queen’s University in Canada, in a paper devoted to the rise in
importance of information management describe it as follows:
− “[Information management] IM is the means to get above the fray and clarify how the enterprise will manage information as an integrated resource. In theory, it covers all forms of information needed and produced by the business, both structured and unstructured” (Smith and McKeen 2007 p.36).
Marco includes structured and unstructured information in his definition of data
governance:
− “The practice of organizing and implementing policies, procedures and standards for the effective use of an organization’s structured and unstructured information assets” (Marco 2006 p.28).
McManus discusses information governance, and focuses on legislative compliance as a
key aspect of a governance strategy. He has this to say about governance.
− “Governance is about control, accountability, responsibility and authority and governance is a key issue for all public and private sector organisations” (McManus 2004 p.8).
Myler (2005) also discusses the concept of a corporate governance programme for
information management, and specifically singles out email as an example of information
that needs to be managed. Myler goes into some detail about establishing a governance
programme, but does not mention stewardship as a component of the governance
programme.
A directive on the USA Federal Aviation Administration (FAA) website
(http://www.faa.gov) is concerns Information / Data Management and the establishment of
an FAA Data Governance Board. It is a revised directive, and among the explanation for
the revisions was the following statement:
− “This revision: a) Enlarges the scope of the order to include information as well as data. Information is the lifeline of any business decision, operation, function or system. Data are the fundamental components of information. The quality and reliability of data directly influence the decisions, operations and functions of the FAA. …..d) Introduces the need for an information stewardship policy to be defined by the Board” (Federal Aviation Administration 2006 p.1)
19
Among the appendices for the FAA directive is the Charter for the FAA Data Governance
Board, which is described as “the body responsible for creating and administering the
processes needed to promote and sustain successful data management practices in the
FAA’s emerging net-centric environment, developing and coordinating data exchange
standards, and maintaining the FAA Enterprise Data Architecture” (Federal Aviation
Administration 2006 p.1)
While some researchers, authors and organisations can see the value in aligning the two
disciplines of data management and RIM, as illustrated in the references above, there still
remains the issue of how governance and stewardship can be effectively implemented and
utilised to solve some of the current RIM woes. There is no evidence that it is actually
being done. Most of the articles cited above are not from the journals generally available to
RIM professionals. It seems that records and information managers are slower at coming to
the realisation that the disciplines of structured and unstructured information overlap in
many areas.
For RIM, governance and stewardship represent an entry point to increased interaction
with IT and the business, and it is possible that where a data governance programme on its
own may struggle with executive sponsorship and budget, broadening it to incorporate
unstructured information could be a way of gaining greater leverage, sponsorship and
funding. Conversely, where data governance is already underway, RIM professionals could
have an opportunity to piggy-back on an established programme.
20
CHAPTER THREE
Research Methodology
Data collection for this thesis included research from primary sources as well as secondary
sources such as available literature. Primary data sources involved both qualitative and
quantitative survey methods during the research phase for this thesis.
A quantitative survey was carried out across RIM practitioners across Australia and New
Zealand. The reason for undertaking this survey was that I was unable to locate any
existing research to identify what RIM practitioners perceived as their key challenges. The
survey was sent out as a link in both the New Zealand records management listserv and the
RMAA (Records Management Association of Australasia) listserv. The survey attracted
one hundred and eleven responses. This survey is titled a practitioners’ survey because the
questions were designed for records and information practitioners, working within
organisations, in some form of formal information management or recordkeeping position.
The survey was not designed for consultants or vendors.
For the qualitative survey I interviewed representatives from three organisations; one
Australian financial sector organisation and two New Zealand organisations in the energy
sector. All interviewees were working within a data governance and data stewardship
programme within their organisations; although one described a previous failed attempt to
institute a data stewardship programme, and said they were about to restart their data
governance and stewardship initiative later this year.
The other two organisations had an established stewardship programme in operation. From
the financial sector organisation, I interviewed two representatives. One was in a
management role of data stewardship, and the other was more in a day-to-day stewardship
role. All three organisations wish to remain anonymous within the context of this research.
Three out of the four interviews were recorded and transcriptions made of the interviews.
One interview was not recorded, involving one of the electricity sector representatives, 21
who talked about some of the difficulties they encountered when trying to implement a
data governance and stewardship initiative. The interview transcripts have not been
included in the appendices, because, as they stand, they would identify the organisations
and the interviewees.
22
CHAPTER FOUR
Research Results
This chapter presents the highlights of the research findings from both the quantitative and
qualitative research conducted as part of this thesis.
RIM Practitioners SurveyOne hundred and eleven responses were received to the survey directed to RIM
practitioners. Sixty five responses were from Australia and the remaining forty six from
New Zealand.
Overall, the findings confirm the findings from the 2007 Cohasset/ARMA/AIIM Records
Management Survey:
− “For most organizations, a great deal still remains to be done to achieve credibility in the management of their electronic records and, in time, a sustainable “best practice” level performance” (Williams and Ashley 2007).
The largest industry sector represented amongst the respondents was the government or
local government sector. 70.2% of the one hundred and eleven respondents worked in
either the New Zealand or Australian government or local government organisations. This
reflects the increasing expectations on government sector organisations to deliver corporate
accountability, transparency and good governance.
The majority of respondents indicated that their organisation had a formal recordkeeping
programme (54.1%). Most respondents (70.3%) indicated that their programmes
encompassed electronic records, documents and email as well as paper-based records. This
aligns well with the Cohasset survey, which found, in 2007 that 70% of organisations
managed electronic records as part of their records management programme.
I asked RIM practitioners whether their recordkeeping programmes encouraged or
enforced the use of an approved corporate repository for electronic records (such as an
23
EDRMS). Only16.2% of the respondents’ organisations enforced the use of an approved
corporate repository with 47.7% stating that their organisation encouraged the use of an
approved corporate repository. By allowing individuals within an organisation to use the
EDRMS or corporate repository only when they choose to, organisations are opening the
door to continuing the trend of fragmented repositories, excessive duplication and
redundant information, and lack of information sharing. Information sharing is particularly
problematic when individuals have access to and utilise personal repositories where they
can store their information – such as personal network drives.
Downing discusses this issue in her article examining EDRMS implementations.
− “Giving each department exactly what they want can lead to islands of information that create fragmented systems or multiple applications that don’t talk to each other. There needs to be a coordinated effort to reduce redundancy yet maintain the necessary level of information sharing and process efficiency” (Downing 2006 p.46).
Rockart, from MIT Sloan School of Management also describes islands of information in
his research article titled ‘Information: let’s get it right’. Rockart advocates an integrated
information capability driven by an increased need for information sharing, cost
containment and growth.
− “However, information, today, in almost all companies exists as ‘islands’. The pieces are not linked to effectively serve the organization’s needs. There is little top-down activity aimed at seizing the opportunities provided by effective design and use of information” (Rockart 2004 p.1).
By not enforcing the use of a corporate repository, organisations are responsible for
inhibiting the ‘findability’ of information.
The finding that nearly 48% of organisations encourage rather than enforce the use of a
corporate repository explains why 43.2% of respondents also described their information
repositories for electronic records and documents as extremely fragmented, with a further
42.3 % describing their repository or repositories as ‘somewhat fragmented’. Fragmented
repositories mean that electronic records, documents and email are stored in multiple
shared or individual drives (repositories), in addition to, or instead of, the approved
corporate repository.
An encouraging 70.3% of organisations include a formal records retention programme as
part of their recordkeeping programme. Less than half (29.7%), consistently comply with
their records retention programme, while 60.4% and 9.9% respectively either generally
24
comply or do not comply at all. This result compares favourably with the results of the
Cohasset survey from the USA, which found that only 14% of organisations always follow
their retention schedules. Cohasset had the following comment to make about not
enforcing organizational retention schedules.
− “No organization can credibly represent that they are making a good faith effort to manage their records if they do not regularly follow their established records retention policies” (Williams and Ashley 2007 p.23).
I asked three questions relating to the level of support RIM practitioners received from
their executive, IT and the rest of the business. These questions were matched to range of
answers from ‘definitely committed’ down to ‘does not understand’. Twenty seven percent
(27%) described executive level support as being ‘definitely committed’. The majority,
45% rated executive level support at ‘reasonably committed’, with 17.1% rating executive
level support at the lowest level of ‘does not understand’. As far as IT support is
concerned, 23% were described as ‘definitely committed’. Support from the business level
which was ‘definitely committed’ was a very low 4.5%.
These results indicate that throughout the organisation, RIM practitioners are struggling to
convince executive, IT and the business at large that good information management
practices provide a valuable payback in terms of better decision-making, improved
compliance, more transparency and better governance. Improving these results is critical
for gaining commitment across the organisation to records and information management.
I also asked respondents to rate, on a five point semantic scale, how well their RIM budget
kept pace with the need to manage the increasing complexity and volume of electronic
records, documents and email. A single respondent (0.9%) rated their budget as Excellent.
Forty one percent (41%) rated their budget as either Fair or Marginal – the lowest two
ratings in the scale. This reinforces the perspective that RIM practitioners are struggling to
implement their programmes with inadequate monetary resourcing.
Nearly 50% of respondents rated the overall effectiveness of their records management
programmes as either marginal or fair, the two lowest categories on a five point scale. Only
two (1.8%) respondents rated their records management programmes as excellent. This
result serves as a clear indication that there is still a long way to go to improve the
effectiveness of records management programmes in Australia and New Zealand.
25
I provided the respondents with a list of some common challenges faced by RIM staff and
asked them to rank their significance on a four point scale from extremely significant to
not relevant. Unsurprisingly, three of the top five challenges ranked ‘extremely significant’
are directly associated with the relationship with, and level of engagement between RIM
professionals and the executive team, the information technology department (IT) and the
business as a whole. Joining the support issue in the top five are ‘findability’ of
information and the quality and integrity of information. The top five challenges, in order,
are listed as follows:
1. Executive level support
2. Findability of information
3. User compliance with recordkeeping policies and procedures
4. Relationship with IT
5. Quality and integrity of information
In summary, the survey showed that RIM in its current incarnation is not working well in
many organisations, and that there is a substantial amount of improvement required in
many areas to ensure efficient and effective records and information management
programmes.
Qualitative ResearchThree organisations were identified that have data governance programmes at different
levels, from one in the very initial stages of development to one that has been in operation
for a number of years. The organisations have requested anonymity. For the purposes of
this thesis they will be referred to as follows:
Company A Steward A1 – Australian financial institution
Company A Steward A2 – Australian financial institution
Company B / Steward B – New Zealand electricity network company
Company C / Steward C – New Zealand electricity generator
Interviews were conducted with three employees responsible at a senior level for their
organisations’ data governance programme. Additionally, another data steward more
26
responsible for day to day stewardship functions was interviewed. Steward A2 was from
the Australian financial institution.
Company A
Company A’s business drivers for instituting an improved data governance programme
were “purely and simply Basel II”. Basel II, according to the Bank for International
Settlements, on its web page http://www.bis.org/publ/bcbsca.htm is as follows:
− “The Basel II Framework describes a more comprehensive measure and minimum standard for capital adequacy that national supervisory authorities are now working to implement through domestic rule-making and adoption procedures. It seeks to improve on the existing rules by aligning regulatory capital requirements more closely to the underlying risks that banks face” (Bank for International Settlements n.d.)
For Company A, compliance with the Basel II accord was financially advantageous
because it reduced the amount of capital they had to hold in reserve. While accreditation
was the primary driver, the main focus was capital reduction.
Company A put together a project team to work towards compliance and accreditation with
Basel II, and part way through the process, they realised that while the Basel II project
team was experienced in risk management, they were inexperienced in the field of data
management. They then decided to create a separate project team to focus on data
management as a core part of their project.
Later, as the data management programme progressed towards business-as-usual, the
organisation realised that continuing to improve data management, data quality and
business metadata would also contribute to increased consistency, risk reduction and
potentially more revenue streams.
Company A defined data stewardship when they wrote their data quality policy. They
divided up their organisation into three categories:
Producers of data
Stewards and custodians
Consumers
Their data quality policy defined the steward’s role, and each major group (or region)
within the organisation were obliged to ensure they had data stewardship in place. The
27
guiding notes to the Company A’s data quality policy (provided to me, but not publicly
available) contained the following definition of stewards:
− “Information Stewards : provide a service to Information Consumers in ensuring the data within the repositories or data warehouses is complete, accurate and fit for purpose, and supporting the build of data extracts.”
Company A is divided into six discrete business groups, and each business group has a
Data Governance Forum, with the expectation that it is accountable for data governance
within the group. Beneath this layer of data governance leadership, the Stewardship
Council has a role as the arbiter of projects and activities and serves as an escalation point
for data-related concerns and issues.
The stewards themselves are comprised of a group of subject matter experts that have
accountability for the day-to-day components of the business. Each group may be set up
slightly differently, because the data quality policy and the data management framework
are not prescriptive.
The way stewards are chosen across the groups may differ also, and there are no prescribed
requirements or training for the stewards. Steward A1 commented that stewards are
definitely chosen from the business (as opposed to the IT department), and generally have
finance or risk experience.
One of the groups is more active in the field of online training for stewards, and there is an
increased level of rigour in relation to data management, not just for the stewards but for
everyone. Steward A1 also made the point that in effect, all staff are data stewards – they
all carry some level of responsibility for the data they handle and are responsible for.
The structure of the stewardship component is an hierarchical one. Each region has a
‘Governance Forum’, and each of the regions complete and sign off on a six-monthly
questionnaire in relation to data governance measured against the data quality policy. This
forms part of their compliance programme.
As all the regions are autonomous, there are different structures in place. One region has a
Data Stewards Council which reports to the governance forum, and the actual stewards are
subject matter experts who are involved in the day-to-day work. The Data Stewards
Council is run by business representatives rather than IT, and each member represents
different components of the business
28
Steward A1 also believes that, as the organisation becomes more mature in terms of data
quality and data governance, there may well be a need for a higher level governance forum
that covers all the regions in the organisation. This high-level forum would probably serve
at a strategic, organisation-wide level, as well as being a point of escalation for issues that
are unable to be resolved at regional level and to drive more consistency between regions.
Steward A2 works for a different group within Company A, and within a different
geographical region. Steward A2 reinforced much of what Steward A1 said, and also
described a slightly different hierarchical stewardship structure. Steward A2’s role
involved full time stewardship responsibilities during the initial stages of the Basel II data
governance initiative, and has only recently switched to a part time role as the stewardship
methodology has switched to a business-as-usual phase. Steward A2 said there were
several stewardship working groups, and the two main ones were working on credit risk
and the other on interest rate risk.
Company B
Company B is an electricity lines company, based in New Zealand. Steward B described
the organisation’s drive towards data management and data quality as being a key part of
their performance management framework, and the scope is company-wide.
The history to the development of their data governance initiative goes back several years
when, while the company had a performance management framework, each business unit
within the company set Key Performance Initiatives (KPIs) that were aligned with the
business unit’s own immediate business drivers rather than with key performance
initiatives that were corporately focused.
In some instances, this meant that the KPIs of one business unit were opposed to the KPIs
of another, or were not in the best interests of the company as a whole. For example, the
project managers set KPIs around completing projects within budget and on time. This had
the effect of reinforcing negative behaviours such as not submitting as-builts3 of completed
infrastructural assets, because it was too time-consuming and detrimental to completing a
project on time. The lack of as-builts, however, was extremely detrimental to the ongoing
maintenance of lines assets, because the design plans available did not necessarily
accurately represent what was built.
3 The final plans amended to include all locations, dimensions, elevations, capacities, features and capabilities, as actually constructed.
29
Following the arrival of a new Chief Executive Officer, and a major organisational review,
a new performance management framework ensured that the corporate KPIs and strategic
goals set the standard for the entire company, and all business unit KPIs had to align with
the corporate KPIs and strategic goals.
One of the key corporate KPIs was network reliability that is able to be measured by the
SAIDI metrics.4 It was recognised that the organisation did not have good quality data on
which to base decisions. Data was either inaccurate or non-existent. This was the primary
business driver for their data governance and data quality initiative.
Among the benefits Company B has realised from its data governance initiative is better
decision making and being better able to drive the company towards achieving their
corporate goals. They have achieved good cost / SAIDI ratio through having better quality
data and using it intelligently.
The data governance initiative for Company B was initially focused on network assets, and
one of the key aspects of the data governance initiative was to remove key technology
solutions from the ‘ownership’ of the information technology department and place it with
the business. They formally identified ‘System Owners’ for each of the core technology
solutions, and these system owners were accountable for the system and the quality of the
data. For example, the system owner for the GIS5 and the asset management solutions are
from the engineering section, and a staff member from Finance is the system owner for the
financial system.
Once the system owners were appointed, they underwent a half day of training developed
and presented by consultants. Training covered their responsibilities as system owners,
how the whole process was intended to work, and how to look at their role with a user-
centric perspective.
Initially there was a very flat structure of stewards. A degree of hierarchy was introduced
later, whereby an asset information manager role was created, with the purpose of co-
ordinating the system owners and having an overview of issues that relate to more than one
system. For example, a recent project is looking at ensuring there is some level of
4 System Average Interruption Duration Index (SAIDI) is an industry-standard measurement of lines company performance and reliability which measures the number of customers interrupted and the duration of interruption across the network. It is an overall indicator of how reliable the electricity supply is.5 A GIS (geographic information system) enables you to envision the geographic aspects of a body of data.
30
commonality or integration between the GIS and the new SCADA6 system so that
SCADDA data can be compared with the GIS data. System owners are working to ensure
that appropriate data structures are established to enable the required level of comparison.
Steward B said “The real power of what we have done is to shift focus from functionality
to data quality”. Before the restructure, the systems were owned by IT, and they were
mostly interested in functionality. When ownership moved to the business, the focus
changed to the output, and the business owners were specifically interested in the quality
of the data in order to ensure the quality of the output.
Company B admit they have had difficulty moving data quality concerns to the wider
community beyond the system owners. Some people who are responsible for supplying the
data have inherent drivers at odds with the data quality objectives. This is something they
are currently working to resolve.
Company C
Company C tried to institute a data governance programme approximately three years ago,
in 2005, including a stewardship initiative as part of the governance programme. This
move failed at the time, because there was an extremely high level of organisational
change happening, with many people leaving or moving jobs. It was difficult to motivate
staff for data stewardship roles. In 2009 they are planning to launch a new data stewardship
initiative, although this early in their programme, they have not yet defined their
programme in terms of policies and scope.
6 SCADA (supervisory control and data acquisition) is a category of software application program for process control, the gathering of data in real time from remote locations in order to control equipment and conditions.
31
CHAPTER FIVE
Data or Information? What’s the Difference?
This chapter explores, in the first instance, the similarities between the management of
structured data and unstructured data (records and documents). It then examines data
governance, data stewardship and data quality, explains them, and discusses whether the
similarities between data management and RIM are such that both could justifiably sit
within an all-encompassing category of information management.
Exploring the SimilaritiesThere are very definite similarities between records management and data management,
starting with the definitions of both these disciplines. While there are a large number of
definitions in the literature, I am comparing here two definitions drawn from two ISO
(International Organization for Standardization) standards.
The International Standard for Records Management defines records management as:
− “The field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and disposition of records, including processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records” (ISO15489-1 2001 p.3).
It also states that the objective of a records management programme is:
− “to manage organisational information, in the form of records and documents, so that the information can “support subsequent activities and business decisions, as well as ensuring accountability to present and future stakeholders” (ISO15489-1 2001 p.4).
The International Standard for Information Technology – Reference Model of Data
Management was developed to standardise data management functions and terminology. In
the introduction to the standard, data management is described as including “the
description, creation, modification, use and control of data in information systems”
(ISO/IEC TR 10032 2003 p.viii).
32
The Standard’s formal definition for data management is:
− “The activities of defining, creating, storing, maintaining and providing access to data and associated processes in one or more information systems” (ISO/IEC TR 10032 2003 p.3).
− “There are three major objectives which are applied in this Technical Report to data management standardization. These are as follows: a) shareability of resources; b) minimize cost of supporting an information system over its lifecycle; c) optimum use of standardization effort” (ISO/IEC TR 10032 2003 p.vii).
There are some obvious parallels between the definitions of records management and data
management. Both mention the words ‘creation’ and ‘maintenance’ specifically. The term
‘use’ in the records management definition parallels ‘use’ in the informal description, as
well as the ‘shareability of resources’ and ‘optimum use’ objectives of standardising data
management. ‘Disposition’ refers to managing records and documents throughout their
useful life, which parallels the reference to ‘lifecycle’ in the data management standard.
The only term in the records management definition that does not specifically have a
parallel term in data management is ‘receipt’. This is because records management
includes the management of records and documents that have been received from external
organisations and individuals and may be used as evidence, whereas data management is
primarily an internal process, even if the data has been provided by external sources.
The objectives show up some differences, which I believe reflect some basic philosophical
differences between the two disciplines. Records management traditionally has placed
considerable emphasis on corporate accountability and the evidential nature of records, as
suggested in the definition above, whereas the objectives for data management emphasise
the shareability of data. The intent behind the both sets of definitions and objectives does
nevertheless still reflect basic common themes such as supporting the business, minimizing
costs and optimizing accessibility.
The definition for data management refers to defining, storing and providing access –
words that, while not specifically used in the definition for records management, are
nevertheless completely part of the discipline of RIM as will be seen in the following table.
The table below compares some key components of both records management and data
management, and examines relevant activities from each. The focus of the table is not to
provide a definitive list of all the components of RIM and data management. The objective
is to expose the similarities between the two disciplines.
33
34
Records and Information Management
Data Management
Cre
atio
n an
d R
ecei
pt
Classification: “systematic
identification and arrangement of
records into categories according to
logically structured conventions,
methods and procedural rules
represented in a classification
system” (ISO15489-1 2001 p.2).
A classification scheme is frequently
used as a base for access rights and
retention schedules, and, depending
on the scheme, may also show the
relationship between headings.
Data Dictionary: “Database about a
database. A data dictionary defines the
structure of the database itself (not that
of the data held in the database) and is
used in control and maintenance of
large databases. Among other items of
information, it records (1) what data is
stored, (2) name, description, and
characteristics of each data element, (3)
types of relationships between data
elements, (4) access rights and
frequency of access”
(BusinessDictionary.com).
Metadata management:
“Management of data describing
context, content and structure of
records and their management”
(ISO15489-1 2001 p.3).
Metadata management: “Metadata is
a description of data”
(www.whatis.com); metadata
management is the management of
metadata.
35
Mai
nten
ance
Access: “Right, opportunity, means
of finding, using or retrieving
information” (ISO15489-1 2001
p.2).
Access control: “a collection of data
associated with the definition or
modification of access control
privileges” (ISO/IEC TR 10032 2003
p.2).
Use
Tracking: “Creating, capturing and
maintaining information about the
movement and use of records”
(ISO15489-1 2001 p.3).
Audit Trail: “a record of the activity
taking place in an information system
over a period of time” (ISO/IEC TR
10032 2003 p.2).
Records Storage: “Appropriate
storage conditions ensure that
records are protected, accessible and
managed in a cost-effective manner”
(ISO/TR 15489-2 2001 p.18)
Storage resource management
(SRM): “is the process of optimizing
the efficiency and speed with which the
available drive space is utilized in a
storage area network (SAN)”
(www.whatis.com).
Dis
posi
tion
Disposition: “range of processes
associated with implementing
records retention, destruction or
transfer decisions which are
documented in disposition
authorities or other instruments”
(ISO15489-1 2001 p.3).
Information life cycle management
“(ILM): is a comprehensive approach
to managing the flow of an information
system's data and associated metadata
from creation and initial storage to the
time when it becomes obsolete and is
deleted” (www.whatis.com).
Both disciplines have an interest in maintaining privacy standards, managing the size of
their respective repositories and maintaining the integrity of their information. Both
disciplines have a requirement to ensure recovery of information through backup systems.
Adelman suggests that companies without a data governance programme may be
experiencing the following problems (Adelman 2008 p.32):
36
Redundant data
Unclear understanding of who owns the data
Results are based on different definitions and different calculations
Data quality issues
Compliance may be compromised
You don’t have a means to properly categorize your data
All these problems should also resonate with many RIM professionals. In my experience as
an RIM consultant, some of the more common frustrations for RIM is the prevalence of
duplicate information in multiple siloed repositories, as highlighted in the chapter on
Research Results. This duplicate information is often under-categorised, and is retained
past its useful life. Lack of evidence, in the form of records, can also negatively impact
compliance and management reporting.
While there are some very obvious parallels between data management and records
management, the question remains why governance, stewardship and quality become such
a hot topic for data management yet apparently bypassed RIM?
There is, I believe, more that records and information management practitioners can do to
engage with the business and recognise that, first and foremost, “records are created,
received and used in the conduct of business activities” (ISO15489-1 2001 p.6).
Quality
Data Quality
Data quality is an integral component of data governance and data stewardship initiatives,
and has been identified as a major factor in risk management, management reporting,
compliance, cost optimization and growth.
− “Aside from the compliance and governance agendas, having first-class data (and the ability to unlock it) significantly helps all aspects of your organization’s business – helping to effectively gauge and manage risk, avoid redundant work loads, increase customer satisfaction (on the front and back ends) and provide for better business intelligence and decision making support” (Laurent 2005 p.26).
37
Steward A identified data quality as a major contributor towards increased revenue
streams. The following quote is from the transcription of the interview with Steward A.
− “As time went by we began to realize, well hey, this isn’t just about getting a tick in the box for Basel, we can really use this, if we do it right, for our business as well, to generate significant additional value and that’s the theme we’ve been running with for a few years now.”
For Company B, the drive to implement a revitalised performance management system
meant that managers were being held accountable, and they wanted to know how they
were doing. For that knowledge, they needed accurate data.
Gartner researcher, Friedman comments:
− “As part of the business case for data quality improvement and to increase business success in general, organizations must understand how poor-quality data creates risk and/or destroys the value of many key business initiatives” (Friedman 2008 p.2).
Data quality is critical for organisations if they are planning to implement a data warehouse
solution to improve access to data. The need to integrate information from disparate
business systems across the organisation can reveal many data quality problems, including
inconsistent metadata and different timing factors. Data managers talk about requiring a
‘single version of the truth’7 and to achieve this they need a data governance and quality
initiative.
− “Data architectures have become fragmented and have excessive redundancy – this leads to an inability to discover the single version of the truth. Information governance helps organizations to begin removing the redundancy and fragmentation, and, more importantly, keep it from happening going forward” (Bell, Logan et al. 2008 p.5).
Bell, Logan and Friedman state that “good governance practices can help organizations
recognize where to invest in data quality and content management programs, to maximize
the value that they can create” (Bell, Logan et al. 2008 p.5).
Cheong and Chang describe a management framework for internal controls known as
COSO (Committee of Sponsoring Organisations of the Treadway Commission). Within
their outline of the components of internal control under the COSO framework, they point
out:7 “In computerized business management, svot, or Single Version of the Truth, is a technical concept describing the data warehousing ideal of having either a single centralised database, or at least a distributed synchronised database, which stores all of an organisation's data in a consistent and non-redundant form” www.whatis.com. "What is.com; the leading IT encyclopedia and learning centre." 2009, from www.whatis.techtarget.com.
38
− “Data quality must be an explicit priority as it acts as a foundational platform for internal control where data management is a process and the outcome is information quality” (Cheong and Chang 2007 p.1001).
Friedman believes that data quality improvement needs to be approached in a structured
and integrated way rather than piecemeal, because it is so multifaceted. The methodology
he recommends involves four key components: strategy and vision, people and skills,
processes and technology (Friedman 2007 p.3).
− “The real value from data quality improvement comes when data quality is viewed as a critical business issue and a component of a broader information governance program” (Friedman 2007 p.2)
Information Quality
Having high quality information in the unstructured information domain is just as critical
to business health as having high quality data. Poor information quality resulting from
inadequate recordkeeping has also been identified as a major factor in risk mitigation,
management reporting, compliance, cost optimisation and growth.
The Sedona Guidelines outlined the potential consequences of inadequately managing
information and records in the information age in the following list:
“Inability to retrieve and productively use business critical information on a daily
or historic basis;
Loss of strategic opportunities due to the inability to recognize or leverage valuable
information;
Increased costs of doing business from inefficiencies related to disparate or
inaccessible data;
Failure to comply with statutory or regulatory retention and destruction
requirements;
Failure to comply with security breach notification requirements;
Reduced ability to comply with court orders and other litigation-related imperatives
requiring access to existing information;
Inability to respond promptly to government inquiries” (The Sedona Conference
2007 p.6).
39
Larry English commented during his presentation at the DQ Asia Pacific conference in
Sydney 2009 “If we don’t have information quality, we will not have an intelligently
operating company” (English 2009). English also pointed out the importance of matching
‘quality’ to conformance with customer needs, whether they are internal or external
customers – as opposed to believing that ‘quality equals goodness’ (English 2009 p.6). For
RIM, this means that meeting the user requirements for high quality information needs to
take priority in an information quality initiative. Users are responsible for defining what
information they need, in what format, in which repository, and how it should be stored.
According to my notes from the DQ Asia Pacific 2009 conference, at least two of the
speakers, in their presentations, also acknowledged the importance of understanding
records and document management and identified an emerging issue relating to the need to
potentially involve them in data quality initiatives (Ford 2009 ; Macaulay 2009)
Gartner researcher Ted Friedman also believes that data quality concepts will be applied
equally to unstructured information in the next couple of years.
− “Data quality concepts and approaches will emerge for less-structured data – as with data integration tools, data quality technology will expand to address quality assurance of data types beyond the traditional structured variety. The concepts and approaches for applying data quality techniques to those non-traditional data types will evolve during the next couple of years” (Friedman 2008 p.4-5)
Structured data accounts for an estimated 15% of an organisation’s information, and
unstructured information the remaining 85% according to Merrill Lynch estimations in
2003 (Cochrane 2008 p.10). Moreover, data provides the information whereas unstructured
information provides the context. It is difficult to see why there is such a divide between
the two disciplines.
Having a single version of the truth is valid also for RIM, especially as, in my experience,
one of the more common pain points in organisations is not knowing which version of a
document is the latest or final version, and/or being unable to readily locate the final
version. Putting out incorrect versions of documents into the public domain can be a source
of severe reputational embarrassment.
Klishewski and Scholl wrote an article arguing that e-Government research needs an
“explicit dedication to the phenomenon of information quality” (Klischewski and Scholl
2006 p.1). They believe that having high quality information is integral to inter-agency
information sharing efforts.40
− “Successful information sharing needs an (implicit) agreement on the quality of information to be shared” (Klishewski and Scholl 2006 p.2).
One of the key questions will be how to define information quality, and they point out that
most often, government agencies view information as ‘good’ or ‘useful’ according to their
wants and needs, their roles and agendas (Klischewski and Scholl 2006 p.2).
A discussion relating to information quality, for example, would be relevant to government
agencies seeking to manage and share information across sector agencies, as is outlined in
the Justice Sector Information Strategy (Ministry of Justice 2006) and would be relevant to
both structured and unstructured data.
The following list of criteria for information quality is an abbreviated version, from
Klishewski and Scholl’s conference paper (Klishewski and Scholl 2006 p.7):
Accuracy: which holds that a user of a piece of information has received a ‘true’
copy
Objectivity or comprehensiveness: sub-dimensions of comprehensiveness are
consistency, presentation and completeness.
Currency of information: currency is a relative concept, and therefore may differ
between users of the same information.
Cognitive authority: credibility of information and information sources represents
an important part of cognitive authority.
Assurance / reliability: the information will be perceived as reliable and worthy of
trust
Relevance, precision and recall: how many documents in an information retrieval
system are relevant relative to an information seeker’s need, precision refers to the
number of relevant documents retrieved over the total number of documents
retrieved and recall refers to the total number of relevant documents retrieved over
the total number of relevant documents in an information repository
Timeliness: in contrast to currency, timeliness refers to how fast an information
seeker can access and receive the information he/she is seeking
41
Perceived value: refers to how the users perceive the value of the information
retrieved.
RIM professionals seem to prefer to use other words to imply information quality, and it is
possible that information quality may mean different things to RIM professionals,
compared to information users, which could be a topic for future research.
The ISO Standard for Records Management (ISO15489-1 2001) states that a record should
have content, context and structure, and it defines the characteristics of a record as having:
− “Authenticity: it is what it purports to be, has been created or sent by the person purported to have created or sent it and created or sent at the time purported
− Reliability: where the content can be trusted as a full and accurate representation of the transactions, activities or facts
− Integrity: the record is complete and unaltered
− Useability: it can be located, retrieved, presented and interpreted” (ISO15489-1 2001 p.7)
The first three characteristics outlined above relate well to components of Klischewski and
Scholl’s list: accuracy (authenticity), reliability (assurance), integrity (completeness) and
trustworthiness is also mentioned in both lists. Useability is, I believe, better associated
with the management system rather than the information in terms of quality.
While business users within organisations may decide on slightly different terminology to
define information quality, these key words are, I believe, likely to be present in most
definitions of information quality. It is difficult to imagine a scenario where users do not
agree that having access to high quality information (in the form of records, documents and
emails) is critical to their effectiveness, productivity and decision-making.
Governance
Data Governance
There are multiple definitions of data governance, and below are two representative
definitions to illustrate the core concepts of data governance and supplement the definition
contained in Chapter 1.
− “Data Governance is a process and structure for formally managing information as a resource. … Data governance supplies the structure, roles and processes that provide venues for interaction and communication paths for gathering appropriate input,
42
making decisions, identifying and resolving issues, escalating when necessary, implementing changes and communicating actions” (McGilvray, 2006, p. 25).
− “Data governance is the collection of decision rights, processes, standards, policies and technologies required to manage, maintain and exploit information as an enterprise resource” (Newman and Logan 2006 p.3).
The goals of data governance are to enable high quality, accessible and secure information
across the entire organisation.
− “The goals of governance are to ensure that information supports business goals effectively and efficiently” (Bell, Logan et al. 2008 p.4).
− “Data governance helps you control valuable data and information assets and assists you in making more effective use of the assets” (Marco 2006 p.28).
− Data governance is the exercise of decision-making and authority for data related matters (Thomas n.d. p.3)
Informatica’s white paper on data governance outlines six key attributes they believe
enterprise data must possess:
− “Accessibility. Ensuring that all enterprise data can be accessed, regardless of its source or structure;
− Availability. Ensuring that data is available to users and applications, when, where and how needed;
− Quality. Ensuring the completeness and accuracy of data;
− Consistency. Ensuring the meaning of data is consistent and reconciled across systems, processes and organizations.
− Auditability. Ensuring there is an audit trail on the data;
− Security. Ensuring secure access to the data” (Informatica 2006 p.8).
Taking into account the various definitions of data governance, the core elements that
stand out are policies, processes and standards that facilitate the effective and efficient
management, use and control of data.
The building blocks of a data governance programme are, according to Informatica:
− “Standards: a key function of data governance is to establish the standards for data in an enterprise.
− Policies and processes: establishing and enforcing policies and processes around the creation, development and management of data is the foundation of an effective data governance practice.
43
− Organization: arguably the most important issue that companies must address when launching a data governance initiative is how to design the organizational structure.
− Technology: hypothetically, companies should embark on a data governance initiative without an underlying technology infrastructure, although in practice technology can help automate and scale the development and enforcement of data governance standards, policies and processes” (Informatica 2006 p.9).
Information Governance
If the word ‘information’ was substituted for ‘data’ in the previous section, then on the
basis of my research and experience, I believe that very few RIM professionals would
dispute the validity of those goals, concepts and components of data governance to
unstructured information. Availability and accessibility is a core reason for a retention
programme which is developed to ensure information remains accessible and available
throughout its lifecycle. Availability and accessibility also relates to the ‘useability’
characteristic of a record, as outlined by ISO15489 (ISO15489-1 2001 p.7).
Consistency is an attribute RIM strives for, using metadata and classification schemes to
improve the usefulness of the information within corporate repositories. Within EDRMS
systems and within paper-based records systems, having an audit trail of movements and
changes to the record, and ensuring that access is appropriate has always been part of RIM.
Auditability and security (access) are both terms that are included in the glossary of terms
in the ISO 15489 standard (ISO15489-1 2001 p.2). The importance of information quality
has already been discussed in the previous section.
Records management also relies on standards, policies and processes, and the ISO 15489
records management standard has an entire part devoted to this aspect of records
management (ISO/TR 15489-2 2001).
Information stored in multiple individual and shared repositories, under different naming
conventions, with business critical information mingled with redundant information does
not readily enable organisations to realise value from the information assets they already
hold and own.
− “We practice information management in our organizations, but we do not do it in a connected way. Like almost everything else in business, information management is siloed” (Bell, Logan et al. 2008 p.4).
Kennedy and Schauder, discussing why records management is important, state:
44
− “Organisations rely on efficient access to the right information. … Records management ensures the right information can be accessed when required” (Kennedy and Schauder 1998 p.8).
Data governance sets the rules for managing and controlling data, optimise the value
organisations receive from data, support compliance efforts and helps organisations to
realise and create value from their data. Given the similarities between data and
information management, governance is equally important for RIM.
The evidence suggests that an integrated information environment and information
governance is the way of the future for businesses wishing to realise value from their
information assets. Bell, Logan and Friedman maintain that information governance (as
opposed to data governance) is part of an Enterprise Information Management Program.
− “The context of information governance lies within the framework of EIM. This is an integrative discipline for structuring, describing and governing information assets, regardless of organizational and technological boundaries, to improve operational efficiency, promote transparency and enable business insight” (Bell, Logan et al. 2008 p.3-4).
− “Information governance requires a cross-disciplinary business and IT strategy as well as dedicated projects that better relate people, policies, processes and technology to the information needs of business leadership. If not stored, protected, harnessed and metered effectively, information is wasted, weakens in value, or can pose many risks. Information governance has become a business imperative, and company leaders’ ability to apply equal rigor to managing all components of information across the business information supply chain will affect business performance, partners and prospects” (Bell, Logan et al. 2008 p.2)
In this new integrated information environment, it will be important that information
management vision, goals and principles are worded in such a way that:
They reflect and support the organisation’s vision, values and strategy;
The goals, visions and information management principles can be applied equally
to RIM and data management;
Policies, procedures and standards reflect the consistencies between the two
disciplines rather than highlight the differences.
From this high-level base, policies, procedures and processes for specific elements of data
management and records management can flow down and reflect the individual disciplines
of data management and RIM.
45
Bell, Logan and Friedman suggest four areas of focus for information governance
planning. I have changed the word ‘data’ to ‘information’, and the list reflects, in my
opinion, useful areas of focus for both RIM and data management.
− “Security and privacy of information; quality of information; life cycle management, standards” (Bell, Logan et al. 2008 p.6).
Newman and Logan state, in their key findings about governance and enterprise
information management that:
− “The scope of governance spans the life cycle of information assets from creation and capture through deletion, as well as quality, security, accessibility and disclosure” (Newman and Logan 2006 p.1).
While the scope of this thesis is limited to studying the information quality and
stewardship components of data governance, the security, life cycle management and
policies and standards aspects of data governance are also just as relevant to RIM as they
are to data management. On the basis of the evidence presented, it is also suggested that
when organisations develop information management strategies, visions and frameworks,
they also consider whether other information disciplines such as web content management
and librarianship can also fit into the same high-level, inclusive framework.
Stewardship
Data Stewardship
Stewardship is closely linked with data governance as an important aspect of any
governance programme.
− “Effective DG [data governance] starts with effective data ownership, oversight and stewardship” (Griffin 2006 p.35).
− “Data governance is accomplished through the actions of data stewards who exercise the careful, responsible management of data entrusted to them on behalf of others” (Marco 2006 p.28).
Probably the single most important fact to stand out from the literature and from the
interviews is that stewards must be drawn from the business. Any single, business-critical
information set, may have multiple data stewards representing multiple functions. Given
that information crosses organisational boundaries, stewards must represent all the
functions that use or have an interest in the quality and integrity of that information set. It
46
is also possible that one individual may represent more than one area of knowledge
(McGilvray 2007).
− “While IT is involved with almost every aspect of IM, information is the heart and soul of business and its management cannot be delegated or abdicated to IT” (Smith and McKeen 2007 p.35).
The literature holds several possible structures for data stewardship programmes. Thomas,
from the Data Governance Institute describes three quite different models:
− “A data steward is a highly-placed decision maker who serves on a council and contributes to policies.
− Council/committee members with decision-making and policy-making responsibilities have names like Data Governors and Data Champions and Governance Authorities. In contrast, data Stewards are tactical, hands-on keyboard roles that work according to policy set by others.
− Hierarchies of Data Stewards exist, with different levels of power and responsibilities” (Thomas 2009 p.15).
Friedman, in his key findings in the Gartner research report on data stewardship case
studies says:
− “Data steward roles are commonly scoped along business process/function boundaries or mapped to a subset of a data subject area. Even a simple structure of one stewardship role per department or unit can be effective if the scope is narrow and well-defined” (Friedman 2009 p.1)
Gluck, in his thesis on information stewardship, proposed the simplified model depicted in
figure 1.
47
Figure 1 – Simplified Stewardship Model from Gluck. (Gluck 2008 p.25)
This model shows an hierarchical structure, with levels representing strategic, tactical and
operational levels, and it also shows the responsibilities attached to each level of the
structure. This stewardship model is also very similar to the one described by Cheong and
Chang (Cheong and Chang 2007 p.1005)
Ericson described Nationwide’s governance structure as being:
− “loosely modeled on our own federal governance, with Judicial, Executive and Legislative branches to prescribe roles, enact laws and limit the boundaries of authority” (Ericson 2009 p.18).
The Judicial branch is a high level strategic group which defines processes and policies.
The Executive branch is responsible for executing these policies and processes, while the
Legislative branch is the data stewards or the business unit subject matter experts who are
responsible day-to-day stewardship processes (Ericson 2009 p.19-20).
These structures, as described, present as similar hierarchical models, and reflect Company
A’s structure as well. Company B’s stewardship structure started off as a rather flat model,
although they are starting to work towards a more hierarchical structure, with a new
overview role being recently developed to provide cohesiveness and an overarching view
of data management and quality.48
Cheong and Chang studied and reported on a large utility organisation that had data
integration issues, and particular problems with asset related data. The company put
together an ad-hoc data governance strategy to improve data quality, and had the data
management team working as data stewards – which is, according to the literature, not best
practice.
− “However this form of stewardship is not working for the Data Management team due to the following reasons; (1) a lack of mandate from the senior executive means that it has no power to act, (2) the lack of mandate means that sometimes its projects are not given priority as senior executives do not understand the importance of projects; and (3) a lack of clear roles and responsibilities, i.e., there [was] no clear definition of data stewards and data owners” (Cheong and Chang 2007 p.1004).
To address these issues, the company decided on an alternative approach. They adapted the
data governance frameworks from Informatica (Informatica 2006) and the Data
Governance Institute (Thomas n.d.), and instituted a data governance framework very
similar to that proposed by Gluck for Vattenfall (Figure 1) involving increased levels of
participation from the business. Business engagement with IT was instituted at all levels of
this structure – the strategic, operational and tactical levels to ensure that “IT and business
are kept informed and IT initiatives align with business data governance objectives”
(Cheong and Chang 2007 p.1005).
Cheong and Chang concluded that effective enterprise-wide data management required a
formal data governance structure aligned with a series of policies and procedures and
extensive collaboration with all levels of the business.
Information Stewardship
In the same way that data stewardship is valid for structured forms of data, it follows that
stewardship is an equally valid methodology for encouraging the business to take
accountability for the quality of the records and documents (unstructured information) they
deal with in the course of their day-to-day work.
Larry English, in an interview for intelligententerprise.com said:
− “The term data stewardship has been very strongly advocated by people in the systems area, but it’s not the data that we need to be stewarding, it’s the entirety of the information resource. That includes the data, which is the raw material that sits in the databases, but it is information that is presented to knowledge workers. The data is just the representation of a fact. Information is that fact in context” (Henschen 2008).
49
Smith and McKeen convened a focus group of senior IT managers from a variety of
organisations to discuss IM [Information Management] and its implications for IT. One
focus group member, admitted, during the discussion centering on information
stewardship; “we are struggling with this concept. This is not a simple task and no one in
our business wants to take accountability as yet” (Smith and McKeen 2007 p.38).
The literature subscribes to a view that data governance / stewardship programme is far
from an established programme in organisations. This is supported by Laurent, who says:
− “now more than ever, corporate compliance, audit and governance issues must be efficiently resolved. Yet it is widely believed that less than half of large companies have a formal data stewardship or data quality program that protects and leverages their unique, strategic asset of data” (Laurent 2005 p.26).
It seems probable that stewardship works best if it functions as a network of interested
parties across an organisation. It is also critical that the organisation supports an
organisational view on information assets. This is advocated by MIKE 2.0 (Method for an
Integrated Knowledge Environment) (MIKE2.0 n.d.).8
White and Schlier reinforce this perspective as follows:
− “You cannot mandate high quality data. Yet, you will need to establish a network of interested stakeholders across the business who are responsible for data quality in their respective domains” (White and Schlier 2005).
Smith and McKeen report that “one focus group organisation has established a working
group for each of its major subjects, with representatives from all affected stakeholder
groups, as well as IT”. (Smith and McKeen 2007 p.38)
Smith and McKeen also report that in general, IT is largely driving the information
management related work in organisations and that “most members of the focus group
would like to see the situation reversed, with the business driving the effort to establish
appropriate IM policies, procedures, stewardship and standards, and IT supporting IM with
software, data custodianship, security and access controls, information applications,
8 MIKE 2.0 provides an open source methodology for Enterprise Information Management. MIKE 2.0 was
initially developed by a team from BearingPoint in early 2005, and was made available to the Open Source
Community in 2006. It is currently being handed over to the Data Governance and Management Consortium
by BearingPoint. MIKE2.0. (n.d.). "MIKE2.0 method for an integrated knowledge environment." 2009, from
http://mike2.openmethodology.org/wiki/MIKE2.0_Methodology.
50
administration and integrated systems” (Smith and McKeen 2007 p.42). RIM professionals
need to become established in this support role alongside IT before RIM gets further
sidelined.
There are many challenges involved in establishing stewardship programmes. It is
suggested that organisations wishing to implement an information quality programme
initially engage with one or two information domains as an initial pilot. They can then
incrementally build the information stewardship programme from that point, leveraging on
what has been developed and lessons learned. Each organisation will need to work through
what information governance and stewardship means for them as an organisation.
There will be some common questions to be addressed when engaging and motivating
information stewards:
How do you motivate staff to participate in a stewardship programme?
What will they get from participating and will their work with stewardship be
recognised and rewarded?
What level of support and training will be offered to them?
Smith and McKeen comment, based on their focus groups:
− “Get the incentives right. Even with IM “socialization” (i.e. education and communication) politics is likely to become a major hurdle to the success of any IM efforts….therefore it is important to ensure there are incentives in place that will motivate collaboration. Metrics are an important way to make progress (or the lack of it) highly visible in the organization” (Smith and McKeen 2007 p.43).
Newman and Logan concur, saying:
− “By 2008, the need for governance mechanisms on information assets will span multiple groups, forcing business units to develop coordinated processes to solve information quality, security and accessibility issues; however less than 10 percent will succeed in their first attempts because of cultural barriers and lack of senior level sponsorship (0.7 probability)” (Newman and Logan 2006 p.1).
Organisations will need to be prepared for some focused commitment of effort and time in
the early days of establishing information governance and stewardship. Steward A2’s
stewardship duties were full time for 12 – 18 months. Bell, Logan and Friedman suggest
that the “initial tactical phase of policies and practices definitions and roles typically takes
six months end-to-end and involves shared temporary involvement by business and IT
leadership” (Bell, Logan et al. 2008 p.2)51
It will also be important to establish a common understanding of what information quality
means to each organisation, across the organisation. A deep understanding of the risks and
issues associated with poor information quality will be critical, linked with how
governance and stewardship can help to mitigate those risks. An information
governance/stewardship initiative will require funding, resourcing and support.
Information stewardship will also represent a big change for all areas of the business:
executive, IT, RIM and the business as a whole. Change management, good
communication and active and committed support from executive level will be critical to
the success of the initiative.
− Governance represents a profound change for the IT organization, and even more so for business users. (Bell and Logan 2009 p.4)
Gwen Thomas from the Data Governance Institute reports:
− “At the industry’s first Data Governance Conference in Orlando, Florida USA in December of 2006, leaders of successful data Governance programs declared that, in their experience, Data Governance is between 80% and 95% communications! They uniformly expressed surprise at the amount of written and verbal communication required to successfully bring together stakeholders to achieve their goals (Thomas n.d. p.19)
Stewardship not Ownership
It is important also not to confuse stewardship with ownership. This came through very
clearly from the research and subsequent conclusions presented by Plant and Gluck in their
respective theses (Plant 1996 ; Gluck 2008).
According to Gartner researchers Newman, Friedman and Logan “Stewardship is the act of
taking care of a resource that is entrusted to an individual or group” (2008 p.3).
Ownership can imply the wrong mind set (for example complete control), which can also
lead to other undesirable actions such as restricting access to information or an
independent approach rather than an enterprise approach to managing information assets.
Organisational information belongs to the organisation, and in the case of government and
local government sector, information also belongs to the citizens of the nation, state or
local area (McGilvray 2006 ; Friedman 2007).
− “People don’t ‘own’ assets such as information, but they can be held formally accountable for them” (Newman and Logan 2006 p.4).
52
It is also clear that all staff within an organisation are responsible, at some level, for the
quality of the data they deal with. Responsibility and accountability does not rest solely
with the information steward or information technology staff.
53
CHAPTER SIX
Information Stewardship for RIM
Taking into account the various models and descriptions available in the literature, on
various websites and on the qualititative research, the model below is the one I have
developed to present a simple representation of how a stewardship programme could be
structured in most organisations.
This model, I believe, provides a number of advantages for RIM. It facilitates a wide range
of collaboration and consultation across all levels of the organisation. It will enable
information professionals to present themselves as knowledgeable professionals in the
information management world, and sit alongside IT as facilitators and advisors at the
strategic, tactical and operational levels of the business. It also provides a range of
compliance and enforcement options from the business itself. One of the issues I see in
many of the organisations I have worked with is that rules and procedures can be
developed, but are difficult to enforce. RIM professionals have a limited range of options
available to them to ensure compliance with recordkeeping policies. With this model, the
stewardship groups from the business will act as enforcers, and there are several escalation
points within the structure.
54
Figure 2 – Generic Stewardship Model
This model reflects Gluck’s hierarchical model with the different layers showing the
strategic, tactical and operational levels, and adds in an overarching layer of sponsorship as
recommended by MIKE 2.0 and Informatica (Informatica 2006 ; MIKE2.0 n.d.). This
model was developed during my consultancy career at BearingPoint, and was refined
during the research and writing of this thesis. The different levels are explained in more
detail below.
Information Governance Sponsorship
Information management governance is a strategic business initiative. As such, it is critical
that executive level sponsorship is assigned to provide leadership and commitment at the
executive level.
The Executive Sponsor should be engaged and committed, and involved in defining the
scope of the initiative, and helping to assign resources, approving high level policies and
55
procedures, and ensuring executive awareness of the importance of information
governance.
The Executive Sponsor will also help define the programme scope at a high level.
Information Governance Council
This model shows a high level Information Governance Council, which directs and
monitors domain specific stewardship groups, who in turn monitor and direct individual
stewards operating directly with the information they use, create and manipulate.
At the high level, below the Executive Sponsor is an Information Governance Council.
This group should be made up of senior level people from the business, with a good overall
knowledge of the business, and representing various aspects of the business. If the
organisation is compliance driven, it would be advisable to ensure there is representation
from the compliance and/or legal areas of the business on the Council.
I propose that tasks for the Information Governance Council will include:
Develop and monitor the overall plan for improving information quality;
Ensure that information governance policies and standards are developed, approved
and implemented;
Act as sponsors for various information quality sub-projects;
Track and monitor progress;
Act as the escalation point for information quality issues;
Take on responsibility for ensuring an enterprise-wide approach to stewardship and
information quality issues and ensure that the next level of domain specific
stewardship groups collaborate on issues or developments that impact more than
one information domain.
Domain Specific Stewardship Groups
The next level down from the Information Governance Council will comprise of domain
level stewardship groups. These groups will act as a bridge between IT and the business,
and must accept accountability for information quality levels for specific information
domains. Stewards should be prepared to deal with issues associated with both structured 56
data and unstructured information, including what information is required, what format it
should be in, where and how it should be stored, from the RIM perspective.
The Domain Specific Stewardship Groups are drawn from the business, as recommended
by at least two of the Gartner research reports.
− “Stewards should reside in the business, not in the IT organization”. (Friedman 2007).
− “Business units – not just the IT organization – must participate in information governance” (Bell and Logan 2009 p.4).
It is also critical that stewards at this level represent all areas of the business that have an
interest on the quality and integrity of the information within that domain. Therefore, using
human resources as an example of an information domain, stewards would not be drawn
solely from the human resources business unit. Instead they should represent wider groups
such as management, human resources, training and payroll for example.
For a manufacturing organisation, the domain specific stewardship group for customer
information could be drawn from manufacturing operations, quality or compliance,
customer contact centre, research and development, sales and/or the legal departments.
I propose that tasks for the domain level stewardship groups will include:
Identify, at the subject domain level, information quality issues such as currency,
security, timeliness and trustworthiness of the records or data;
Develop specific plans for resolving information quality issues;
Monitor progress;
Involve stewardship groups from other domain levels where there are cross-
functional issues, for example when a new application is being implemented that
will impact cross functional processes;
Engage in training, monitoring and supporting operational information stewards;
Establish how information quality issues affect the performance management
framework. Will staff, for example, be measured on the execution of the
transaction, or the efficiency of the transaction or the quality of the information?
57
Information Stewards
At the lowest level of the stewardship model is, in theory, everyone within the
organisation. All staff must accept some level of responsibility for the accuracy and quality
of the information and data they deal with on a day-to-day basis. Gartner researchers
Newman and Logan described the issue as follows:
− “Everyone from the Boardroom to the mailroom has a role in the governance of information assets. All are accountable for ensuring that information remains protected, accurate, transparent and accessible” (Newman and Logan 2006 p.1).
This lowest level of stewardship is described by McGilvray as the Execution Level
(McGilvray 2007 p.26). These are the people who execute the information management
policies and procedures on a daily basis, as part of their job.
I suggest the following tasks for the lowest level Information Stewards include:
Usually have a specific subject or activity focus;
Responsibility for improving and maintaining the quality of information that comes
under their sphere of responsibility;
Administer the information management policies, procedures and standards;
Monitor and report on progress.
IT and RIM
Where does RIM fit in? In the same way that IT should not be involved directly in
stewardship roles, neither should RIM professionals. IT and RIM professionals should be
cast in a supporting role in any stewardship programme. They are there as subject matter
experts, and can help guide the stewardship groups in their decision-making.
From an RIM perspective, while the focus of information quality is to provide the business
with high quality information to support their day-to-day work and decision-making, for
some organisations, specifically in the government and local government arena, there are
requirements to be addressed around the long term preservation of archival material.
Standards around metadata and storage, for example, may also need to be addressed. The
domain level stewardship groups in particular, will need guidance from the RIM on these
issues.
58
Representatives from IT and records and information management would be involved in all
levels of the stewardship structure as subject matter experts, advisors and facilitators.
I propose that tasks for IT and RIM include:
Raising issues or concerns for consideration at the appropriate stewardship level;
Identifying new projects and funding requirements;
Assessing and monitoring compliance with information management requirements;
Escalating concerns to the appropriate level of the stewardship structure;
Ensuring that all new projects, including IT application projects are cognizant of
and comply with information management policies, principles and processes;
For RIM in particular, ensuring that the relevant stewardship groups are aware of
and understand the implications of RIM best practices, standards and legislation;
Often IT and RIM will be responsible for co-ordinating or implementing solutions
to information governance issues.
Unfortunately, the reality is that “most employees perceive information management to be
ITs problem rather than an individual responsibility” (Myler 2005 p.16). This reality means
that if the organisation is serious about implementing an information governance
programme, complete with a formal stewardship programme, then they will also have to
seriously consider all the change management implications associated with this initiative.
Training and communication will be an important part of the programme.
For organisations wishing to implement changes in the way they manage, control and store
information, it will also be critical that business processes are consistent and enforced. It is
anticipated that in most instances, the appropriate stewardship groups will be enforcement
agents. It would also be particularly useful to include compliance with information
management policies, procedures and standards as part of the organisational performance
management framework.
I developed the model below to depict a layered approach to information governance,
driven from the high level organisational strategic goals and vision. Organisational
strategic imperatives and operational and regulatory requirements should drive the
59
Information Governance Council and Domain Specific Stewardship Groups, in particular
driving the strategy, policies, procedures, metrics, guidelines and standards established by
these groups. These policies, procedures, standards and guidelines are implemented by the
information stewards when they are working with organisational information – to ensure
high quality information is available to those who need it. The model also allows for a
series of continuous improvement and feedback loops to ensure the system does not stall
and fall into disuse.
Figure 3 – Governance and stewardship structure
60
CHAPTER SEVEN
Responding to the Challenges and Research Questions
This chapter examines each of the top five challenges for RIM resulting from the RIM
Practitioners Survey. It examines whether and how governance and stewardship could be
used to mitigate these challenges. It then re-examines the three research questions to assess
whether these questions have been answered.
ChallengesWith the vast quantity of information that organisations are dealing with in the current
business environment, with no sign of respite, the evidence suggests that it is appropriate
for the business to accept an increased level of responsibility and accountability for
managing their information assets.
Bell and Logan, Gartner Researchers, believe that:
− “Huge amounts of uncontrolled and unmanaged information detract from an enterprise’s ability to use information to grow the business. The fast growth of Microsoft Sharepoint has added to the burden of uncontrolled content.
− Information overload won’t correct itself. Technology alone won’t solve the problem. The solution lies in a systematic approach to the management of information, including governance processes and organizational changes” (Bell and Logan 2009 p.2).
Challenge 1 – Executive Level Support
Executive level support is by no means a new issue, nor is it a problem that exists solely in
Australia and New Zealand. In the report on the 2007 Cohasset Electronic Records
Management Survey, Cohasset Associates made several comments regarding executive
level support, among them, this one:
− “Based on its more than 35 years of records management consulting experience, Cohasset believes the records management function continues to be the subject of benign neglect by senior management and accordingly under funded at a great many organisations” (Williams and Ashley 2007 p.18).
61
Cohasset provides a list of specific action items, intended for those responsible for the
management of electronic records. The following points are excerpted from that list.
− “Recognize and address the many significant existing problems in how records are currently managed.”
− Assess the effectiveness of the organization’s records management practices as part of a comprehensive, long term risk management strategy ….
− Institute a cross-functional team (business functions, legal-compliance, IS/IT, records management) and collaborative approach to ensure an integrated and sustainable records management program.
− Adopt high standards of performance and accountability for managing the organization’s valued information assets, particularly electronic records” (Williams and Ashley 2007 p.47).
An information governance initiative, involving extensive consultation, collaboration and
support from the business, and IT would be a step towards meeting these
recommendations, in particular those requiring involvement from a cross-functional team,
and adopting high standards of performance and accountability.
Such an initiative would have the potential for far-reaching consequences in terms of
improving the management of organisational information assets and, if combined with a
data governance initiative, may more readily attract executive-level sponsorship. Bringing
an integrated focus to the initiative (to encompass both structured and unstructured
information) can only be seen as beneficial to the organisation.
Having an Information Governance sponsor at the executive level will provide visibility of
progress at the executive level, provide executive level leadership, and ensure high level
strategies, policies and procedures are signed off and supported at the executive level.
With executive level support, and by encompassing both data management and records and
information management under the umbrella of Information Management, combined with
proactive and committed activities throughout the organisation, these steps should help
RIM programmes receive more support and visibility at the senior level that they are
currently used to receiving.
62
Challenge 2 –Findability of Information
All the information in the world is unlikely to be useful unless it is able to be discovered
and accessed. Information organisation and representation are key components of being
able to locate and access information.
Findability is described in the glossary for the AIIM Guide to ECM Purchasing as
“enhancing access to the right information” (AIIM 2009 p.20).
− “The quality of findability is the ability of the user to find the information regardless of whether he or she has touched it before, knows exactly where it is, or in which repository it may reside” (Kohler-Kruner 2008 p.27).
Cisco, who has authored many books and articles on the value of indexing, cites Peter
Morville from his book called Ambient Findability:
− “In matters of findability, the siren song of technology has lured many to destruction. Though our attention is drawn to the fast layers of hi-tech, the map to this maze is buried in the slow layers of human behavior and psychology” (Cisco 2008 p.31).
Both Kohler-Kruner and Cisco reiterate the importance of taxonomies (classification
schemes) and metadata. Cisco refers to a taxonomy as a “standardized information
infrastructure” (Cisco 2008 p.30). Picking up on Morville’s quotation, the other elements
to be considered are the functionality of the search engine and the search proficiency of the
users.
How is governance and stewardship going to impact on the challenge of findability?
Organisations need to investigate the possible root causes for findability challenges. I
propose the following list as a starting point for investigating root causes based on my two
decades of consultancy experience.
Siloed information repositories, including business critical information held in
personal systems such as hard drives, individual network drives and email folders;
Inadequate information representation methods including categorisation and
metadata;
Adequate categorisation and metadata available, but inconsistently applied;
Inadequate training for users on how to locate information that may be located in
any number of corporate information repositories;
63
Excessive redundant or obsolete information, so that searching for the single
specific document is like searching for a needle in a haystack;
Lack of functionality enabling staff to search across repositories.
The evidence suggests that if RIM professionals engage with stewardship groups at all
levels to define requirements for high quality information, where it should be stored, how it
should be described, and in what format it should be kept, this will go a long way towards
resolving some of the problems listed above. Problems associated with siloed information
repositories, adequate metadata, and existence of redundant or obsolete information, are all
issues that domain level stewardship groups should be prepared and able to discuss, and
actively contribute to possible solutions.
In addition, it is anticipated that stewards at all levels should be prepared to monitor the
quality and volume of information added to the repositories associated with their specific
domains, and where necessary assist with training and education, take appropriate
corrective actions, or escalate issues up the stewardship hierarchy for appropriate
resolution or enforcement.
Challenge 3 – User Compliance with Recordkeeping Policies and Procedures
One of the difficulties with obtaining compliance with recordkeeping policies and
procedures currently is that RIM professionals generally do not have the status or authority
to enforce them. Unless compliance is also reinforced within the performance management
framework, there are usually, in my professional experience, limited avenues to explore
regarding enforcing compliance.
Swartz, in her article for the Records Management Society Bulletin says:
− “They [all employees] have a stake in making sure that records are efficiently and effectively managed so that their organization’s administrative, legal, audit, regulatory, customer and competitive interests are served” (Swartz 2006 p.35).
The proposition of engaging employees at various levels of the stewardship programme, to
define the quality level for the information they need to use in their daily work would, I
suggest, be a more compelling argument for ensuring all employees have a stake in
efficiently and effectively managing the information they deal with on a regular basis. The
standards will be set by a peer group of business users, the stewards themselves will be
64
drawn from the business, and the stewardship groups can effectively become the enforcing
agent rather than the RIM professional.
As the stewardship groups should comprehensively represent administrative, legal, audit,
regulatory, customer and competitive interests, all aspects of information quality are
examined and taken into account when developing the information quality programme.
By devolving responsibility for information quality to the business, and involving staff
outside of the technology and records management arena in decisions that directly affect
the quality of information they deal with on a daily basis, we can increase the level of
interest and involvement in information quality, and subsequently improve the level of
compliance with recordkeeping policies and procedures.
Challenge 4 – Relationship with IT
RIM’s relationship with IT has been frequently rated as ‘must do better’ by RIM industry
watchers and analysts. In 2000, the editors of the Information Management Journal
devoted their editorial to ‘Partnering for Success’.
− “It seems so straightforward: information and information technology are inseparable. …Yet as simple as this concept appears, there continues to be an uneasy relationship between information technology (IT) and other information disciplines (e.g. records and information management, archives management)” (Pemberton, Gable et al. 2000 p.2).
In 2004, Launchbaugh discussed electronic records management and the results of the
AIIM/ARMA/Cohasset 2003 electronic records survey. Launchbaugh cites the 2003
survey findings that IT is primarily responsible for the day-to-day management of
electronic records in 71% of the respondents’ organisations. The report noted:
− “It may well indicate a major disconnect between those responsible for overseeing the application of an organization’s retention schedules (records managers) and those responsible for the day-to-day management of electronic records (IT)” (Launchbaugh 2004 p.21).
The survey report goes on to identify three specific ways in which the records managers’
professional responsibilities are changing significantly. Among them Launchbaugh suggest
that records managers need to recognise the technical and fiscal necessity of forming a
closer link with IT.
− “From having all the resident knowledge about managing media-centric records to recognizing the technical and fiscal necessity of an operational partnership with IT” (Launchbaugh 2004 p.22).
65
The results of the RIM Practitioners Survey reveal that this relationship is still an issue for
20.7% of RIM practitioners who believe that IT does not understand RIM, and a further
51.35% who rated the challenges associated with their relationship with IT as extremely
significant.
A stewardship programme places a large measure of responsibility for creating, managing
and storing high quality information back into the hands of the business. IT and RIM
would effectively operate in a facilitative, advisory and support capacity. By integrating
the two disciplines under the umbrella of ‘information management’ it is hoped that IT’s
data management branch and the RIM staff will be able to collaborate and see points of
overlap rather than points of difference – and work together with the business to
understand and resolve issues relating to information management and information quality,
security, access and lifecycle management.
Challenge 5 – Quality and Integrity of Information
The focus of data governance and stewardship programmes is to improve the quality of
information available to the organisation:
− “Data quality emerges as a critical component of information governance – organizations will increasingly view information governance as a critical competency. Data quality will become a pillar of information governance projects as the governance focus extends beyond security, access control and usage of data. Data-quality-specific governance processes, such as data quality audits and data stewardship activities, will be key to success” (Friedman 2008 p.3).
For RIM, multiple, siloed and personal information repositories means organisational
information is difficult to locate and leverage for compliance, litigation discovery,
transparency and efficient decision-making, and frequently leads organisations to reinvent
the wheel when they start new initiatives.
Vast quantities of emails, drafts and working papers make it increasingly difficult to locate
the ‘needle in the haystack’ – that right piece of information.
− “Information governance helps organizations begin to remove the redundancy and fragmentation, and, more importantly, keep it from happening going forward” (Bell, Logan et al. 2008 p.5).
Information governance and stewardship will also help organisations to evaluate which
information needs to be carefully managed, and which information is less important. Not
66
all information is business critical and therefore not all information needs intensive
stewardship.
Silos, information overload and redundant information are all contributing factors to poor
information quality in the RIM world, and implementing a governance and stewardship
programme will help to mitigate the challenges associated with information quality and
integrity. This programme will also help to put accountability for information integrity and
quality back to the business.
Answering the Research QuestionsResearch Question #1 - Should records and information management professionals leverage a data governance framework, and more specifically a data stewardship model for structured data and apply it to managing unstructured information?
The evidence from my research and the consensus in the relevant literature suggests that
governance and stewardship are equally applicable to RIM. The recent literature from
Gartner, and other researchers and industry watchers (Smith and McKeen 2007 ; Friedman
2008) suggests that all the benefits recognised from the data management side of
governance would also be valid for RIM.
The similarity between the definitions, objectives and components of data management
compared to RIM suggests that each discipline may have best practices and knowledge to
offer to the other, thereby improving understanding and providing increased value.
Organisations that are looking to control costs, comply with internal and external
compliance requirements, have a single view of the customer and add value to their
services and products can benefit from better quality unstructured information as much as
structured data.
The data governance and stewardship models could offer specific benefits to RIM
professionals in terms of improving key relationships and the quality and findability of
information resources.
Research Question #2 - Would this benefit records and information management practitioners, especially in terms of improving the business recognition of records and information programmes?
RIM professionals should benefit from the increased visibility, increased awareness, and
being more involved rather than sidelined. As illustrated in the first part of this chapter, 67
governance and stewardship has something to offer for each of the top five challenges
faced by RIM practitioners.
Increased involvement with the business and IT should bring with it improved recognition
of the value of information from the business perspective, and provide RIM and IT
increased avenues to work together to improve the quality of information available to
business users:
− “Enterprises embarking on the development of a strategy and plan to define and deliver information governance seek to optimise relationships between people, information and processes” (Bell, Logan et al. 2008 p.2).
Becoming involved in a governance and stewardship programme could also assist with
better take-up of EDRMS solutions, because it will involve increased engagement on the
part of the end-users.
Research Question #3 - Could both structured and unstructured data be linked into the same stewardship framework and operate holistically across an organisation?
As mentioned above, Gartner and other authors have recently been advocating the
convergence between structured and unstructured information. This could be an exciting
new avenue of opportunity for RIM, a way of extending skills, understanding another
aspect of information management, and a methodology for collaborating that is still largely
unexplored from the RIM perspective.
Patrick Cormier discussed the concept of information management as a unified discipline
in his blog on information management back in 2005. The title of Cormier’s blog is
“Information Management Now”. The subtitle captures Cormier’s vision of an integrated
information management discipline including “content management, information
technology, data management, records management and library management”. He believes
that information management as a discipline should have an Information Management
Body of Knowledge (IMBOK) similar to the Project Management Body of Knowledge
(PMBOK) (Cormier 2005).
− “The commoditization of IT, the increasing pressure to achieve better cost efficiency and high management expectations are forcing IM to reorganize itself into a coherent field of practice. IM is becoming more ‘unified’ or ‘integrated’” (Cormier 2005).
In Cormier’s article in the Canadian Military Journal, he explores in more detail his vision
for information management and compares it to the management of naval ships.68
− “Sound ‘Navy management’ seeks to deliver the ability to deploy and maintain a military force at sea. Navy management encompasses all necessary efforts to define ship specifications, acquire, accept, commission, exploit, maintain, upgrade and ultimately decommission ships, stripping them of their military equipment. It is concerned with the acquisition of ships according to sets of design specifications and naval architectural plans, the configuration management of all systems throughout their life cycle, the exploitation of their operational capability, the conduct of preventive and corrective maintenance, and, at some point, their decommission, and, in some cases, their disposition.
− Information management should be approached similarly. It seeks to deliver an optimized information environment in which knowledge workers are both effective (i.e., they do the right thing) and efficient (i.e., they do it right). Information management would encompass all information activities conducted in an organization, including how information is found, created, received, acquired, monitored, classified for records management, indexed for content management, safeguarded for security, verified for accuracy, organized, used, distributed, published, transferred, disposed of and archived. This list is not exhaustive. All information-related verbs have the potential to represent information activities within the scope of information management” (Cormier 2006 p.44-45).
Taking an holistic approach to information management is definitely not a totally new
concept. By joining forces, data managers and RIM professionals could offer organisations
more value, increased effectiveness and more importantly, better quality information
available to be leveraged and to create or add value to the organisation.
− “Enterprises keep a vast amount of information locked up in images, documents, spreadsheets and other forms of unstructured information (‘content’). To maximize the value of this information, enterprises need to integrate the various types and stores of content, integrate content with structured data, and integrate internal content with content and structured data outside the enterprise. …. Over time, as the methods mature and enterprises coordinate these efforts, content integration will deliver strategic results” (Bell 2008 p.2).
69
CHAPTER EIGHT
Conclusion
“We can't solve problems by using the same kind of thinking we used when we created them” (Albert Einstein).
Within an organisation with an ‘information quality’ culture, staff would be able to do their
job without first having to hunt down the correct information, spend precious time
verifying it or even having to fix it, or reinventing it if they fail to find the correct
information. This non-valuable work would be erased, as staff become more confident that
the information they need to do their job efficiently is available, complete, accessible and
trustworthy – also known as high quality information.
In McDonald’s article, where he discusses the modern office and its resemblance to the
wild frontier he states:
− “I believe that the office system technologies of the future will enable us, finally, to situate the issue of record-keeping within its proper context. It will not be a separate application or function, but something that is interwoven with the normal conduct of business functions and activities of an organization” (McDonald 1995 p.75).
Stewardship is a way of interweaving recordkeeping with normal business functions, in
conjunction with the users and creators of that information. Stewardship also offers RIM
practitioners an opportunity to interact with IT. This interaction and recognition of the
similarities rather than differences between the RIM and data management disciplines may
help to truly facilitate a more efficient information management programme that users
from the executive level down to the business level will engage in and participate in.
McDonald suggests in his earlier article about the wild frontier of the modern office
environment:
− “If record-keeping utilities are to move behind the screen and the office worker is to become a record-keeper, then institutions will need to “renaissance” records managers. These individuals must understand what a record is, know what it means to
70
keep records, and be able to set the rules for record-keeping (on behalf of and with the approval of the organisation). They must also act as facilitators who help users carry out their responsibilities for recordkeeping” (McDonald 1995 p.77).
This theme is echoed in Pemberton’s editorial of the Information Management Journal in
2000:
− “Shifting from a curatorial or custodial model of information acquisition and oversight to one where considerable emphasis is on how information is created, acquired, distributed, and used need not be an unattainable leap for successful records and information managers” (Pemberton, Gable et al. 2000 p.2).
Records managers have not yet moved into this ‘facilitator’ role as completely as they need
to, which is reflected in the challenges identified from the survey. Dearstyne says “the best
RIM programs are not quiet and shy. They are assertive and visible” (Dearstyne 2008
p.45). Involvement in information governance and stewardship programmes would
definitely require RIM professionals to be visible and assertive, combining good people
skills with excellent RIM knowledge and experience. Governance and stewardship could
provide a great opportunity to get out into the business and facilitate better information
management practices.
In my opinion, we might see, in future, an integrated information environment, with RIM
working together with IT and the business to take an holistic view of information
management. Developing governance processes that apply to both structured and
unstructured information would, I believe, go a long way towards developing a synergy
between RIM and data management, where both disciplines can merge their knowledge
and understanding of information and arrive at an improved solution for the organisation.
It can start with both IT and RIM professionals working with stewardship groups to
identify the level of quality information they require in order to do their jobs efficiently. IT
and records management technologies, policies and procedures will support the production
and management of high quality information. This must surely be a sizable step towards
gaining the respect of the business as well as improving the quality, integrity and
findability of information.
In conclusion, I believe that governance and stewardship could provide the start of a
promising new era in RIM - a collaborative, consultative and integrated environment
where RIM and IT provide the systems, processes and facilities to ensure the high quality
71
information required by the business. The business, in turn, would be accountable for the
quality of the content and resolving compliance-related issues.
Further WorkThe concept of information governance and information stewardship for RIM, or for
RIM/data management together, as presented in this thesis is very much a theoretical
model. All the evidence suggests that it could be an advantageous model to adopt for RIM.
The next step would be to actually implement and monitor an information governance and
stewardship programme in one or more organisations and evaluate the results for RIM over
a period of time, particularly against the top five challenges faced by RIM professionals,
and also measuring the value to the organisation.
This could be an ideal research opportunity for a PhD in the Information Systems Research
Laboratory or the Strategic Information Management Laboratory at UniSA.
72
CHAPTER NINE
References
73