Information Management

Lecture 5Information Management Strategy

2

Bibliography [1] Dave Chaffey, Steve Wood - Business Information

Management : Improving Performance Using Infomation Systems, 2005, Prentice Hall/Financial Times, (734 pages)

[2] Benson V., Tribe K. – Business Information Management, 2008, Ventus Publishing (83 pages)

[3] G. Somasundaram, Alok Shrivastava, Eds. - Information Storage and Management: Storing, Managing and Protecting Digital Information, 2009, Wiley Publishing, Inc (478 pages)

[4] Wikipedia

3

Overview The need for information management strategy Different strategies for managing information-

related resources Developing a information management

strategy Information management themes and

approaches

4

Organizational strategy - Definition of the future direction and actions of an organization specified as approaches and allocation of resources to achieve specific objectives [1, pg. 180]

5

Elements of strategy [1, pg. 180]: Strategies define the future direction of an

organization. Strategies are devised to achieve advantage for the

organization (strategic objectives). Strategies define the allocation of resources to

achieve this advantage. Strategies are primarily driven by the needs of the

organization, but also by the needs of stakeholders such as shareholders, customers, suppliers or employees.

Strategies should be responsive to the dynamic environment in which an organization operates.

6

Information management strategy - Definition of management approaches to the organization, control and application of organizational information resources through coordination of people and technology resources in order to support organizational strategy and processes [1, pg. 180]

Information management strategy treats the information assets of an organization as a resource which must be structured and controlled through managing people resources and technology resources. [idem]

7

Problems with organizational data quality (Study by PricewaterhouseCoopers 2001) [1, 181]

8

The main benefits from having a defined IM strategy are [1, pg. 182]: It becomes possible to integrate all information activities,

and to use all information quickly and effectively to make efficient business decisions.

Promotes openness of communications throughout the company, both between and within levels.

Will foster a culture of innovation and knowledge sharing. Forms a sound strategy for investment in information

systems and technology. Ensures awareness of opportunities and threats is

communicated throughout the company, and allows timely responses to these.

9

Poor IM strategy is leading to losses in revenue, in the end.

For example, an insurance company spent $67 million developing a replacement information system. After acquisition of another company, they found it would cost nearly the same amount to adapt the system to their new requirements. If the previous system had had an adaptive information architecture this effort and cost would have been avoided [1, pg.82].

10

Responsibility for data management strategy (Study by PricewaterhouseCoopers 2001) [1, 186]

11

Who is responsible for information management (IM) and what their relationship is to the managers responsible for related information systems/information technology (IS/IT) strategy and knowledge management (KM) strategy?

The answer is: for small to medium organizations, generally one person or a steering group which are responsib;le for one of the IS/IT, or IM, or KM domains. (situations a, b, and c from the following figure)

12

For large organizations (situation [d] from the following figure), different strategies for the 3 domains might even conflict.

The interpretation of the figure, for example in situation [a], IS/IT is a subset of IM, then the responsible with the IM (the CIO (chief information

officer) or ISM (information services manager)) will be the one also responsible with the general strategy.

13

Principal options for ownership of information management strategy [1, 187]

14

Developing IM strategy The 5 stages in developing any type of strategy

[1, pg. 191]:1. ‘Where are we now?’ – the situation analysis.2. ‘Where do we want to be?’ – the vision and

objectives.3. ‘How are we going to get there?’ – the strategy.4. ‘How do we introduce the changes?’ – the

implementation of the strategy.5. ‘How are we doing?’ – the monitoring and control of

strategy’.

15

The Hawley Committee IM guidelines about strategic issues [1, 192]

1. Information relevancy2. Organizational significance of information management3. Legal and ethical compliance4. Assessing information value5. Information quality6. Legal and ethical compliance with specific reference to

information lifecycle management7. Information management skills of employees8. Information security including risk management9. Maximizing value from information10. Information systems strategy

16

In addition to those mentioned above, modern issues are:11. Business performance management. Management of organizational

performance through business performance metrics systems such as the balanced scorecard.

12. Knowledge management. Identification of responsibility for knowledge management strategy and its implementation.

13. Market and competitive intelligence. There is now more prominence given to systems and responsibilities for scanning the external environment to alert managers to changes in the marketplace.

14. Information sharing and dissemination. Internet-based tools such as corporate information portals, content management systems and e-mail alerts are now commonly used for sharing and distributing information such as that in 11, 12 and 13.

15. Legal requirements. New practical governance laws (Sarbanes-Oxley), privacy and freedom of information acts have increased legal constraints.

17

Orna’s information policy and information audit [1, 195] Information management is concerned with:

How information is acquired, recorded and stored. Where information resources are located in the organization and

who has responsibility for them. How information flows within the organization and between the

organization and the outside world. How the organization uses it [information quality]. How people who handle it apply their skills and co-operate with one

another. How information technology supports the users of information. What information costs and the value it contributes. How effectively all these information-related activities contribute

towards achievement of the organization’s objectives.

18

The relationship between Orna’s tools for information management [1, 196]

19

The Willard model of Information Resource Management (IRM) It describes five elements of IRM [1, pg. 197]:

1. Identification. The discovery of information resources and the recording of their features in an inventory.

2. Ownership. The establishment of responsibility for the upkeep of an information resource.

3. Cost and value. Assessment of the cost of an information resource and its value to the organization.

4. Development. The further development of an existing information resource to enhance its value to the organization.

5. Exploitation. The processes which may allow a resource to generate further value through conversion into an asset or a saleable commodity.

20

Main themes in IM strategy

An information management strategy will include the following themes:

IMS1) Information valueIMS2) Information qualityIMS3) Information securityIMS4) Legal and ethical complianceIMS5) Knowledge managementIMS6) Technology support

21

IMS1) Information value

An IM strategy will force an organization to question the value of its information and thus to prioritize it by importance in order for the best information to be delivered.

According to its value to the current strategy and the future strategy, information can be classified in [1, pg. 198]:

22

1. Strategic information – the information used for corporate performance management. It also refers to external information such as competitive intelligence and market information

2. High potential information – information with the potential to become strategic in the future

3. Key operational information – the largest volume information, about sales transactions and customers. It is of limited value for the future strategy, but relevant for implementing the current strategy

4. Support information – information about staff such as time sheets and holiday bookings. It is of little strategic value. Management of this information is a low priority, although it still needs to be accurate and cost-effective.

23

IMS2) Information quality

Information quality is determined by the suitability of information to support a decision or task.

It depends on its relevance, accuracy, timeliness and form.

For a more detailed classification of those categories see table 4.4 from [1, pg. 199]

24

IMS3) Information security Information must be secure, so many

organizations implement a formal information security management system or information security policy to protect their information assets.

The BS7799 security standard proposed by BSI (British Standard Institute) in 1995, 1999 and 2005, later adopted by ISO as ISO/IEC 27001 in November 2005 and ISO/IEC 27002 in July 2007 defines the guiding principles for implementing an ISMS (information security management system). The principles are:

25

1. Security policy2. Security organization3. Asset classification and control4. Personnel security5. Physical and environmental security6. Communication and operations management7. Access control8. Systems development and maintenance9. Business continuity planning10. Compliance.

26

IMS4) Legal and ethical compliance Different actions need to be taken for legal

compliance at each stage of the lifecycle [1, pg. 202]: Records creation and capture. The time and place of

creation of new customer records must be logged for transparency in case of a complaint.

Records access. The modification, the person who modified it and time it was made should be recorded.

Records Disposal. The information policy may need to specify how long records are kept before they are deleted for legal compliance.

27

Depending to the legislation of the country of the company, several breaches of the laws can appear. These include [1, pg. 202]: Sharing customer data with a third party without the

customer’s consent. Sending out unsolicited e-mail to a consumer. An e-mail from an employee which denigrates

another organization or defames an individual. Monitoring employee access to data and online

services. Not providing online access suitable for those with

visual impairment.

28

IMS5) Knowledge management

A KM strategy is generally incorporated in the IM strategy in the case of small to medium companies.

For large companies a separate KM strategy is likely to be developed. It will be referred in the following lecture.

29

IMS6) Technology support An information systems strategy brings

together [1, pg. 274] the business aims of the company, an understanding of the information needed to

support those aims, and the implementation of computer systems to

provide that information.

It is a plan for the development of systems towards some future vision of the role of information systems in the organization.

30

Main approaches in IM

IMSA1) Structuring the information management function

IMSA2) ResponsibilitiesIMSA3) Information resource analysisIMSA4) Information policyIMSA5) Risk management

31

IMSA1) Structuring the information management function

An IM unit is an organizational unit responsible for information management strategy within an organization.

This can be a small department or team of people in large organizations.

In small organizations the IM function can be assured by a single person who works full time or part time on IM.

In both situations, in the end, a single senior manager is responsible for IM.

32

The main role of the group will typically be to [1, pg. 203]: develop and manage implementation

information management strategy; set information-related policies such as

data protection policy, employee monitoring policy;

educate and train staff and disseminate best practice.

33

IMSA2) Responsibilities Evernden and Evernden (2003) suggest that

when developing an information architecture for an organization, there should be four types of responsibility or ownership [1, pg. 206]:1. Governance responsibility. Managers responsible for

the overall directional and control of information management. Their work involves obtaining funding for projects and systems to improve information and quality and ownership for their implementation.

2. Stewardship responsibilities. Information stewards are responsible for quality of information and this involves activities such as information capture or creation, dissemination and deletion.

34

3. Infrastructure responsibilities. This is creating the right environment for using information. This is a more technical role involving setting up and integrating information systems, creating database structures or information architectures for Website pages and protecting the information resource.

4. Usage responsibilities. Usage is the responsibility of the end-user of information. Beyond actually using the information, activities include assessing information for quality and highlighting problems with quality.

35

The Joint Information Systems Committee of UK for future and higher education in its Guidelines for Developing an Information Strategy (JISC, 1995) suggests that it is important to identify clear responsibilities for information. They envisage five main roles [1, pg. 207]:1. Information strategy committee. A steering committee

for the development of the information strategy. Involved in initial development of strategy and to monitor implementation and operation. It is recommended that the chair be very senior – Pro-Vice-Chancellor or equivalent.

2. Information (strategy) manager/director. This person is custodian of the information strategy and is expected to be capable in project and change management.

36

The main tasks expected by JISC (1995) are: ■ managing the implementation of the

strategy; ■ maintaining and monitoring its

effectiveness; ■ proposing changes to it on the basis of

wide consultation.

37

3. Information custodians. Responsible for maintaining standards for a defined set of information items. Responsibilities include: auditing the use of the information to ensure

compliance with information standards; suggesting changes to the definition or

parameters of the information items; delegating the responsibility for information

quality.

38

4. Information users. These include academic and administrative staff, students, prospective students, alumni, industry, the funding councils, research councils.

Information users within the institution must be aware of the information strategy and how it affects them (an information policy or acceptable use policies for computing networks are used to communicate this).

39

5. Information service. This is a combination of the library and information service within the university. JISC notes that some institutions have found it desirable to merge the two main information services (library and computing) under a single managerial head (and reporting to one committee) since the difference between types of information (and forms of access to them) continues to diminish.

40

The CIO role

The Chief Information Officer (CIO) is the manager with the responsibility for information assets and IS strategy.

The role can be performed by the IT or IS manager for smaller companies.

41

IMSA3) Information resource analysis An information audit is a systematic

examination of information use, resources and flows,

with a verification by reference to both people and existing documents, in order to establish the extent to which they are contributing to an organization’s objectives [1, pg. 210].

42

The purpose of the information audit is to identify for the organizational information resource [1, pg. 210]: Actual and potential users of information; The information quality requirements for these users; The types of information available; Where information is held (including multiple sources); How the information is used and how this relates to

organizational objectives; Systems or applications used to capture, store and

disseminate information; Problems with information management that result in poor

communications or wastage; The cost of information usage.

43

Information mapping - An approach for identifying the value of and relationships between organizational information resources [1, pg. 210].

44

A summary of components of information mapping as suggested by Evernden and Evernden (2003) [1, pg. 210]

45

IMSA4) Information policy

Information Policy is typically a brief statement of intent of how information should be managed and used within an organization.

For some the Information Policy is synonymous with Information Strategy.

Information policy exerts a strong influence on information quality.

46

IMSA5) Risk management Risk management is used to identify potential

risks in a range of situations and then take actions to minimize the risks [1, pg. 213].

It typically has these four steps [idem]:1. Identify risks including their probabilities and

impacts.2. Identify possible solutions to these risks.3. Implement the solutions targeting the highest-

impact, most likely risks.4. Monitor the risks to learn for future risk assessment.

47

Risk management assessment for information management [1, 214] assessed by the Hawley Committee

48

Prerequisites for a IM strategy refered by Evernden and Evernden (2003) [1, 216]

1. There is a clear and distinct vision of information as a corporate resource

2. There is an organization unit responsible for information and knowledge that is distinct from the information technology function.

3. There is a well-defined strategy and action plan for improving the effectiveness of information use across the organization.

4. Information that is vital and necessary to make key decisions is always readily and easily available.

49

5. All information is available in a consistent and integrated format.

6. Management believes that there is considerable value to be gained from the organization’s use of information.

7. Information management is seen as the responsibility of business people as well as the information technology function.

50

8. Information has a key role in all business processes.

9. Financial approval is readily available for investment in the information infrastructure of the organization (as opposed to technology investments).

10.Information is used to support innovation and creativity in product and service development, business processes and customer support.