Managing information-related risks offers new, high-profile opportunities. Lesley Robinson has 10 tips.
Managing risk in organisations has moved from half way down the to-do list to pole position. In light of recent high-profile legal cases within the private sector, an increasing emphasis is being placed on all organisations being able to demonstrate high standards of corporate governance through the quality of the information and records they keep. According to a recent survey from Ernst & Young, 72 per cent of independent directors believe that risks have risen over the last two years and say that compliance with standards and regulations has become a priority for corporate boards. Underpinning this is the clear need for the efficient management of information.
Information people understand risk. Our roles have changed immeasurably over the last five years, with rapid technological advances, the ‘Google-isation’ of our users, the trend towards outsourcing and off-shoring and general business reorganisations and rationalisations. Through all of these changes, we have had to adapt and develop our services and ourselves. Each of these challenges has posed a risk to our survival but each time we metamorphose into something else, adapting our skills and knowledge. We have moved from being service providers to knowledge managers, from information guardians to information facilitators and from being behind the scenes to being integrated into the business.
But we are not the only ones who have to adapt – business leaders have to manage constant business change and flex their resources to cope with new ways of working. They also have to keep an eye on business priorities and make sure they are in the right order. Risk management is one of these priorities, and information professionals, with their range of new skills, can add real value to organisations by helping to mitigate some of the key risks. We can do this by combining our skills in information, knowledge and records management.
Many organisations do not have the benefit of separate teams of information specialists, knowledge managers and records managers. If that is the case in your organisation, you can play a valuable combined role, focusing on managing information-related risks. Involvement in risk management could raise your profile at the highest level in the organisation and give you the opportunity to demonstrate the impact that good information management can have.
I have set out 10 ways in which you can help your organisation alleviate information-related risks. These fall into two areas: the first five points suggest ways in which the information professional can have an immediate impact on business processes by using their traditional skills; the other five suggest opportunities for the information professional to take on a broader strategic and advisory role.
1 Make information as accessible as possible
Many organisations suffer from the ‘filing cabinet’ syndrome. People file their own information, in their own way, in their own filing cabinets, making it inaccessible to others. They repeat this electronically, storing the information on their individual computer hard drives. This approach hides an enormous amount of information which could have a wider use. Content or records management systems that are properly implemented can help to combat the problem, but they need to be properly structured, with a robust underlying classification scheme, to make them effective.
In times of crisis or potential litigation, you need to find information quickly and accessibility is crucial. Information professionals should be at the forefront in this area in their organisations and, along with others, be involved in the process of specifying content, records and document management systems. If dedicated technology is not being used, the information professional has an even greater role to play, helping people to organise, file and retrieve information effectively.
2 Facilitate the sharing of information
Following on from the first point, if information is badly organised it is difficult to share. I frequently come across the organisational mindset of ‘I am the expert’ and ‘sharing diminishes my power’. Knowledge management ideas have been around for a while now with varying degrees of success, but finding ways to help people share information is essential to managing risk. Better access to information improves decision-making. Are there knowledge management activities going on in your organisation? If so, make sure you are involved and playing your part. The codifying, collection and accessibility of knowledge will be vastly improved with the input of an information professional.
3 Promote the de-duplication of data
Another syndrome that many organisations suffer from is ‘I’ll send everyone a copy’. So, everyone keeps a copy of a document or email, and files it as a paper or electronic document. This behaviour usually comes about because people have little confidence in finding the original again. Having so many duplicates culminates in information overload, fills up filing cabinets and servers, and distracts people from focusing on the information for which they are responsible. Records management practices provide an approach to maintaining the original record and guiding or linking people to it easily. If duplicate documents are flying around the building and a risk issue arises, it can be difficult to establish which is the original or most up-to-date version. Good records management processes will identify the latest version and the document ‘owner’. The information professional can lead this process and make a valuable contribution to reducing information overload.
4 Set up retention rules for information
‘We’ll keep it just in case.’ In case of what? Different types of records need different retention periods, and there shouldn’t be a blanket rule of ‘keep everything forever’. It’s vital to identify how long records should be retained before they can be destroyed – to ensure that the period is within legal guidelines but also to keep costs to a minimum. Keeping years’ worth of information with an offsite storage supplier, or filling up server after server, is not prudent. Equally, keeping certain information for too short a period can put the organisation at risk and perhaps lead to it being unable to defend itself in a legal case. If your organisation does not have a records manager, then agreeing sensible retention policies with senior management is a high-profile role that information professionals should seek out.
5 Ensure legislative compliance
Data protection, freedom of information and copyright are three important areas of legislation that affect organisations, and ensuring that the relevant Acts of Parliament are adhered to is an important role for information professionals. These three areas pose great risks for organisations, especially in some of the greyer areas of managing electronic information. It is very easy to contravene the legislation unwittingly, but robust information compliance should help to control the risks. This approach should be driven by the information professional and set out in policies and procedures for other staff to follow.
6 Contribute to competitive intelligence
The competitive landscape is constantly shifting and it can be easy to miss a developing trend or the direction a competitor is taking, both of which could be vital to your organisation’s financial health. Offering a service benchmarking competitors or constructing a current awareness service about competitors could help senior management to spot these trends and take action more quickly. Many executives will say that they are well aware of what their competitors are doing but that they are preoccupied with other pressing matters.
This is another opportunity for the information professional to add value. Sometimes the marketing department will take on the role of providing competitor intelligence but it is worth working with them to ensure that they are using appropriate information resources and databases and relevant data feeds. The information professional can supplement the marketing work with deeper analysis of the resulting information to provide true business insights. Delivering timely, well-researched and formatted competitor and market information is a very effective way of raising your profile, helping the organisation to mitigate the risk of losing market position.
7 Guide people to credible information
Everyone is a Google-ite now. We can all do our own research, so the role of the information professional is dying out. Wrong. It has never been more vital. As well as managing information overload, helping people to use credible information sources will mitigate against risk in the future. Decisions must be made using reliable and accredited information, rather than making assumptions using resources on the internet which disappear after a few months. Information professionals are adept at procuring the right resources for organisations and recommending which websites are the best to use in specialist areas. To avoid risk, information must be authenticated, complete and from good sources, and the user should be guided by the skilled information professional.
8 Provide information training
A key role for information professionals is that of trainer and facilitator – helping people use desktop resources effectively, ensuring that they know the easiest ways to search. Too often, people give up with subscription databases and revert to using Google. Good training can prevent this and maximise the use of paid-forresources. It also ensures that the best credible resources are being used. Training can take up large amounts of time but it is a very good investment – for the information team in terms of visibility, but also for the organisation in terms of managing risk. Training can be extended to helping people with organising all types of information, e.g. setting up bespoke databases, filing documents electronically, giving advice on gathering external research, etc. The information specialist should be the ‘hub’ for all information-related queries. In developing this role, the contribution to making high-quality information accessible and usable is increased.
9 Involve yourself in business continuity planning
Alongside risk, business continuity and disaster recovery plans are at the top of organisational agendas. Many organisations will not do business with another organisation unless it has a robust business continuity plan in place. What happens if the supplier cannot deliver its service? What happens if key information systems are destroyed? More and more guarantees are demanded in the competitive marketplace. So, what can the information professional do? Good management of information and records supports the business continuity plan. When the records retention programme is being drawn up, that is the time to identify which records are vital to the running of the business. There will be someone in charge of the business continuity plan in your organisation. Make sure you know who they are and that they have considered how vital records should be stored or retained.
10 Be at the forefront of technology
Another big area of risk for an organisation is obsolescence of hardware, software or storage media. No doubt your organisation will have an IT department that will look after some of these issues, but information professionals can certainly contribute to this debate, especially in the area of storage media. I have come across IT departments advocating that all emails for the past year be loaded on to CDs and sent off site for permanent storage. This gives little recognition to the appropriate retention period for these records, nor the longevity of the storage medium. Information professionals should also be on top of the technological advances in information provision to ensure that their organisations make the most of these developments, not only in terms of sharing and storing information, but also in terms of maximising the value gained from its deployment.
Not all business risks can be fully eliminated, but efficient and effective information, records and knowledge management processes can help organisations to realise their business goals.
Within the scope of information management, information professionals should take the opportunity to try and recognise where risk might arise and use their skills to put forward solutions and ideas to mitigate that risk. This approach helps to highlight the skills of information professionals in their broadest context and is a tangible way of adding value to the organisation.
So, who says information professionals are risk averse? Bring it on! For us it’s a business opportunity.
Lesley Robinson is Director, Lesley Robinson Consultancy Services Ltd (lesley@lesleyrobinson.co.uk; www.lesleyrobinson.co.uk).
Updated: 13 September 2006