Information Management Lecture 5 Information Management Strategy
Bibliography •  Dave Chaffey, Steve Wood - Business Information Management : Improving Performance Using Infomation Systems, 2005, Prentice Hall/Financial Times, (734 pages) •  Benson V., Tribe K. – Business Information Management, 2008, Ventus Publishing (83 pages) •  G. Somasundaram, AlokShrivastava, Eds. - Information Storage and Management: Storing, Managing and Protecting Digital Information, 2009, Wiley Publishing, Inc (478 pages) •  Wikipedia
Overview • The need for information management strategy • Different strategies for managing information-related resources • Developing a information management strategy • Information management themes and approaches
Organizational strategy - Definition of the future direction and actions of an organization specified as approaches and allocation of resources to achieve specific objectives [1, pg. 180]
Elements of strategy [1, pg. 180]: • Strategies define the future direction of an organization. • Strategies are devised to achieve advantage for the organization (strategic objectives). • Strategies define the allocation of resources to achieve this advantage. • Strategies are primarily driven by the needs of the organization, but also by the needs of stakeholders such as shareholders, customers, suppliers or employees. • Strategies should be responsive to the dynamic environment in which an organization operates.
Information management strategy - Definition of management approaches to the organization, control and application of organizational information resources through coordination of people and technology resources in order to support organizational strategy and processes [1, pg. 180] • Information management strategy treats the information assets of an organization as a resource which must be structured and controlled through managing people resources and technology resources. [idem]
Problems with organizational data quality (Study by PricewaterhouseCoopers 2001) [1, 181]
The main benefits from having a defined IM strategy are [1, pg. 182]: • It becomes possible to integrate all information activities, and to use all information quickly and effectively to make efficient business decisions. • Promotes openness of communications throughout the company, both between and within levels. • Will foster a culture of innovation and knowledge sharing. • Forms a sound strategy for investment in information systems and technology. • Ensures awareness of opportunities and threats is communicated throughout the company, and allows timely responses to these.
Poor IM strategy is leading to losses in revenue, in the end. • For example, an insurance company spent $67 million developing a replacement information system. After acquisition of another company, they found it would cost nearly the same amount to adapt the system to their new requirements. If the previous system had had an adaptive information architecture this effort and cost would have been avoided [1, pg.82].
Responsibility for data management strategy (Study by PricewaterhouseCoopers 2001) [1, 186]
Who is responsible for information management (IM) and what their relationship is to the managers responsible for related information systems/information technology (IS/IT) strategy and knowledge management (KM) strategy? • The answer is: for small to medium organizations, generally one person or a steering group which are responsib;le for one of the IS/IT, or IM, or KM domains. (situations a, b, and c from the following figure)
For large organizations (situation [d] from the following figure), different strategies for the 3 domains might even conflict. • The interpretation of the figure, for example in situation [a], IS/IT is a subset of IM, then the responsible with the IM (the CIO (chief information officer) or ISM (information services manager)) will be the one also responsible with the general strategy.
Principal options for ownership of information management strategy [1, 187]
Developing IM strategy • The 5 stages in developing any type of strategy [1, pg. 191]: • ‘Where are we now?’ – the situation analysis. • ‘Where do we want to be?’ – the vision and objectives. • ‘How are we going to get there?’ – the strategy. • ‘How do we introduce the changes?’ – the implementation of the strategy. • ‘How are we doing?’ – the monitoring and control of strategy’.
The Hawley Committee IM guidelines about strategic issues [1, 192] • Information relevancy • Organizational significance of information management • Legal and ethical compliance • Assessing information value • Information quality • Legal and ethical compliance with specific reference to information lifecycle management • Information management skills of employees • Information security including risk management • Maximizing value from information • Information systems strategy
In addition to those mentioned above, modern issues are: • Business performance management. Management of organizational performance through business performance metrics systems such as the balanced scorecard. • Knowledge management. Identification of responsibility for knowledge management strategy and its implementation. • Market and competitive intelligence. There is now more prominence given to systems and responsibilities for scanning the external environment to alert managers to changes in the marketplace. • Information sharing and dissemination. Internet-based tools such as corporate information portals, content management systemsand e-mail alerts are now commonly used for sharing and distributing information such as that in 11, 12 and 13. • Legal requirements. New practical governance laws (Sarbanes-Oxley), privacy and freedom of information acts have increased legal constraints.
Orna’s information policy and information audit [1, 195] • Information management is concerned with: • How information is acquired, recorded and stored. • Where information resources are located in the organization and who has responsibility for them. • How information flows within the organization and between the organization and the outside world. • How the organization uses it [information quality]. • How people who handle it apply their skills and co-operate with one another. • How information technology supports the users of information. • What information costs and the value it contributes. • How effectively all these information-related activities contribute towards achievement of the organization’s objectives.
The relationship between Orna’s tools for information management [1, 196]
The Willard model of Information Resource Management (IRM) • It describes five elements of IRM [1, pg. 197]: • Identification. The discovery of information resources and the recording of their features in an inventory. • Ownership. The establishment of responsibility for the upkeep of an information resource. • Cost and value. Assessment of the cost of an information resource and its value to the organization. • Development. The further development of an existing information resource to enhance its value to the organization. • Exploitation. The processes which may allow a resource to generate further value through conversion into an asset or a saleable commodity.
Main themes in IM strategy An information management strategy will include the following themes: IMS1) Information value IMS2) Information quality IMS3) Information security IMS4) Legal and ethical compliance IMS5) Knowledge management IMS6) Technology support
IMS1) Information value • An IM strategy will force an organization to question the value of its information and thus to prioritize it by importance in order for the best information to be delivered. • According to its value to the current strategy and the future strategy, information can be classified in [1, pg. 198]:
Strategic information – the information used for corporate performance management. It also refers to external information such as competitive intelligence and market information • High potential information – information with the potential to become strategic in the future • Key operational information – the largest volume information, about sales transactions and customers. It is of limited value for the future strategy, but relevant for implementing the current strategy • Support information – information about staff such as time sheets and holiday bookings. It is of little strategic value. Management of this information is a low priority, although it still needs to be accurate and cost-effective.
IMS2) Information quality • Information quality is determined by the suitability of information to support a decision or task. • It depends on its relevance, accuracy, timeliness and form. • For a more detailed classification of those categories see table 4.4 from [1, pg. 199]
IMS3) Information security • Information must be secure, so many organizations implement a formal information security management system or information security policy to protect their information assets. • The BS7799 security standard proposed by BSI (British Standard Institute) in 1995, 1999 and 2005, later adopted by ISO as ISO/IEC 27001 in November 2005 and ISO/IEC 27002 in July 2007 defines the guiding principles for implementing an ISMS (information security management system). The principles are:
Security policy • Security organization • Asset classification and control • Personnel security • Physical and environmental security • Communication and operations management • Access control • Systems development and maintenance • Business continuity planning • Compliance.
IMS4) Legal and ethical compliance • Different actions need to be taken for legal compliance at each stage of the lifecycle [1, pg. 202]: • Records creation and capture. The time and place of creation of new customer records must be logged for transparency in case of a complaint. • Records access. The modification, the person who modified it and time it was made should be recorded. • Records Disposal. The information policy may need to specify how long records are kept before they are deleted for legal compliance.
Depending to the legislation of the country of the company, several breaches of the laws can appear. These include [1, pg. 202]: • Sharing customer data with a third party without the customer’s consent. • Sending out unsolicited e-mail to a consumer. • An e-mail from an employee which denigrates another organization or defames an individual. • Monitoring employee access to data and online services. • Not providing online access suitable for those with visual impairment.
IMS5) Knowledge management • A KM strategy is generally incorporated in the IM strategy in the case of small to medium companies. • For large companies a separate KM strategy is likely to be developed. It will be referred in the following lecture.
IMS6) Technology support • An information systems strategy brings together [1, pg. 274] • the business aims of the company, • an understanding of the information needed to support those aims, • and the implementation of computer systems to provide that information. • It is a plan for the development of systems towards some future vision of the role of information systems in the organization.
Main approaches in IM IMSA1) Structuring the information management function IMSA2) Responsibilities IMSA3) Information resource analysis IMSA4) Information policy IMSA5) Risk management
IMSA1) Structuring the information management function • An IM unit is an organizational unit responsible for information management strategy within an organization. • This can be a small department or team of people in large organizations. • In small organizations the IM function can be assured by a single person who works full time or part time on IM. • In both situations, in the end, a single senior manager is responsible for IM.
The main role of the group will typically be to [1, pg. 203]: • develop and manage implementation information management strategy; • set information-related policies such as data protection policy, employee monitoring policy; • educate and train staff and disseminate best practice.
IMSA2) Responsibilities • Evernden and Evernden (2003) suggest that when developing an information architecture for an organization, there should be four types of responsibility or ownership [1, pg. 206]: • Governance responsibility. Managers responsible for the overall directional and control of information management. Their work involves obtaining funding for projects and systems to improve information and quality and ownership for their implementation. • Stewardship responsibilities. Information stewards are responsible for quality of information and this involves activities such as information capture or creation, dissemination and deletion.
Infrastructure responsibilities. This is creating the right environment for using information. This is a more technical role involving setting up and integrating information systems, creating database structures or information architectures for Website pages and protecting the information resource. • Usage responsibilities. Usage is the responsibility of the end-user of information. Beyond actually using the information, activities include assessing information for quality and highlighting problems with quality.
The Joint Information Systems Committee of UK for future and higher education in its Guidelines for Developing an Information Strategy (JISC, 1995) suggests that it is important to identify clear responsibilities for information. They envisage five main roles [1, pg. 207]: • Information strategy committee. A steering committee for the development ofthe information strategy. Involved in initial development of strategy and to monitor implementation and operation. It is recommended that the chair be very senior – Pro-Vice-Chancellor or equivalent. • Information (strategy) manager/director. This person is custodian of the information strategy and is expected to be capable in project and change management.
The main tasks expected by JISC (1995) are: • ■ managing the implementation of the strategy; • ■ maintaining and monitoring its effectiveness; • ■ proposing changes to it on the basis of wide consultation.
3. Information custodians. Responsible for maintaining standards for a defined setof information items. Responsibilities include: • auditing the use of the information to ensure compliance with information standards; • suggesting changes to the definition or parameters of the information items; • delegating the responsibility for information quality.
4. Information users. These include academic and administrative staff, students, prospective students, alumni, industry, the funding councils, research councils. • Information users within the institution must be aware of the information strategy and how it affects them (an information policy or acceptable use policies for computing networks are used to communicate this).
5. Information service.This is a combination of the library and information servicewithin the university. JISC notes that some institutions have found it desirable to merge the two main information services (library and computing) under a single managerial head (and reporting to one committee) since the difference between types of information (and forms of access to them) continues to diminish.
The CIO role • The Chief Information Officer (CIO) is the manager with the responsibility for information assets and IS strategy. • The role can be performed by the IT or IS manager for smaller companies.
IMSA3) Information resource analysis • An information audit is a systematic examination of • information use, • resources and • flows, • with a verification by reference to both people and existing documents, in order to establish the extent to which they are contributing to an organization’s objectives [1, pg. 210].
The purpose of the information audit is to identify for the organizational information resource [1, pg. 210]: • Actual and potential users of information; • The information quality requirements for these users; • The types of information available; • Where information is held (including multiple sources); • How the information is used and how this relates to organizational objectives; • Systems or applications used to capture, store and disseminate information; • Problems with information management that result in poor communications or wastage; • The cost of information usage.
Information mapping - An approach for identifying the value of and relationships between organizational information resources [1, pg. 210].
A summary of components of information mapping as suggested by Evernden and Evernden (2003) [1, pg. 210]
IMSA4) Information policy • Information Policy is typically a brief statement of intent of how information should be managed and used within an organization. • For some the Information Policy is synonymous with Information Strategy. • Information policy exerts a strong influence on information quality.
IMSA5) Risk management • Risk management is used to identify potential risks in a range of situations and then take actions to minimize the risks [1, pg. 213]. • It typically has these four steps [idem]: • Identify risks including their probabilities and impacts. • Identify possible solutions to these risks. • Implement the solutions targeting the highest-impact, most likely risks. • Monitor the risks to learn for future risk assessment.
Risk management assessment for information management [1, 214] assessed by the Hawley Committee
Prerequisites for a IM strategy refered by Evernden and Evernden (2003) [1, 216] • There is a clear and distinct vision of information as a corporate resource • There is an organization unit responsible for information and knowledge that is distinct from the information technology function. • There is a well-defined strategy and action plan for improving the effectiveness of information use across the organization. • Information that is vital and necessary to make key decisions is always readily and easily available.
All information is available in a consistent and integrated format. • Management believes that there is considerable value to be gained from the organization’s use of information. • Information management is seen as the responsibility of business people as well as the information technology function.
Information has a key role in all business processes. • Financial approval is readily available for investment in the information infrastructure of the organization (as opposed to technology investments). • Information is used to support innovation and creativity in product and service development, business processes and customer support.