Resource Review: Conducting an Information Audit
Carlisle, Diane K
Resource Review: Conducting an Information Audit TITLE: Information Auditing: A Guide for Information Managers AUTHOR: Steve Wood ISBN: 1-904769-08-X PUBLISHER: FreePint PUBLICATION DATE: 2004 LENGTH: 86 pages (plus1 CD-ROM) PRICE: $45 U.S./£25 (electronic download)
SOURCE: www.freepint.com/shop/ report/infoaudit
Managers and executives are asking more records management questions than ever before:
* Do we know that our information management procedures are in compliance with Sarbanes-Oxley?
* With what other legislation or regulations do we need to comply?
* Are we managing our information as cost-effectively as possible?
* Are there any information management implications of this merger worth considering?
According to author Steve Wood, author and senior lecturer at the Liverpool John Moores University School of Business Information, an information audit can be a useful tool for answering these questions and many others.
What is an information audit? Though definitions vary, Wood’s white paper uses the definition presented in the book Business Information Management: Improving Performance Using Information Systems by Wood and Dave Chaffey: “An evaluation of the usage and flows of information within an organization.” Another definition used comes from Elizabeth Ornas 2004 book, Information Strategy in Practice: “A systematic examination of information use, resources and flows, with a verification by reference to both people and existing documents, in order to establish the extent to which they are contributing to an organisation’s objectives.”
Although this may sound a lot like conducting a records inventory, there are some significant differences. One is that an information audit starts by asking, “What records should be created and kept,” which is followed with an assessment of what already exists and a gap analysis.
The results of the gap analysis become the basis of recommendations for corrective action, which may include development of new policies and procedures, new strategies, or new systems. An information audit also specifically includes a component of performance measurement focused on improving organizational performance through the use of information. And lastly, the information audit is most successful when it is used as part of continuing improvement rather than a one-time assessment.
The author introduces a new term that should resonate with corporate officers today – information governance. Information governance is the way an organization formally manages information in accordance with business strategy and regulatory legislation. While some may say “that’s what records managers have always done,” sometimes using a new term reframes old stereotypes and encourages people to think of functions in a new way. For the records and information management profession, “governance” carries with it a sense that information is important enough to be “governed” (not just “managed”) and that it is deserving of executive-level sponsorship.
Wood effectively links understanding the way that information flows through an organization to important business strategy objectives and initiatives. This link can be useful in attaining executive-level sponsorship of RIM programs. The author also successfully points out a variety of situations in which conducting an information audit can add value to key decision-making situations. He acknowledges that information auditing is still a developing field and that a variety of approaches can produce successful results. He also provides a short synopsis of four different methods of conducting an information audit and points to a number of scenarios in which information auditing has improved information management initiatives.
At this point, the paper seems to lose focus. If an organization is persuaded that an information audit shouldbe conducted, the obvious next question is – how does it do this? Wood provides a series of questions that could be used in the various situations he has identified (including auditing for legal compliance, auditing for data protection compliance, and auditing for content management systems), and there is a high-level overview of steps to be followed (decide the scope of the audit and get buy-in from management, for example). However, there is not enough detail in this paper alone to allow a person or organization to conduct an information audit.
Anyone who decides to use this paper as a starting point should be forewarned; it is badly edited – some sentences are garbled enough that it is difficult to determine their meaning – and filled with typographical and grammatical errors.
The author has included a substantive bibliography that identifies many references that may not be familiar to a North American audience, including works published in Australia or the United Kingdom. In addition, the bibliography contains a section of Web sites and software products that can be useful additional resources when taking on an information audit.
Diane K. Carlisle, CRM
Diane K. Carlisle, CRM, is Director of ARMA International’s Professional Resources Department. She may be contacted at email@example.com.
Copyright Association of Records Managers and Administrators Mar/Apr 2005
Provided by ProQuest Information and Learning Company. All rights Reserved