Governance Documents - the essential building blocks of Information Governance
What is Information Governance?
Effective Information Governance is a key factor in delivering strong Corporate Governance. An organisation’s information governance defines the rules and the roles for protecting information, ensuring its proper use and providing maximum value to the business. Information governance is also concerned with protecting sensitive information, preserving and sharing knowledge, keeping records and mitigating information risks.
Why is it important to corporate governance?
Good information governance supports an organisation’s strategic objectives and corporate governance approach in a very pragmatic way by providing the tangible mechanisms (intellectual, architectural and procedural) for getting the right information to the right people at the right time to support business operations.
What are governance documents?
Governance documents are the tools through which direction and guidance is formally given to business operations. They are the policies, standards, procedures and data capture tools that define the minimum operating requirements for running the business. They are used to communicate and set behavioural expectations for staff and they are key risk controls enabling an organisation to meet its legal and regulatory obligations.
As such, governance documents are among the most valuable information assets in the enterprise, so it is important to understand what they are, what purpose they fulfil, what they should contain – what does a good governance document look like? And perhaps most importantly, how each of the governance document types relates to other governance documents to provide a coherent approach to specific business problems.
What is the Information Governance Document Hierarchy?
We frequently hear business users complain they can’t find the information they need to do their jobs – there is too much information available to them, its poorly constructed or they aren’t sure if they have the right version. Often, they can’t find the right guidance when they need it.
It is fundamentally important to the safe and efficient operations of most businesses that the people performing business activities have the right guidance available to them for them to make good business decisions. The reality in most organisations is that they have too many documents which profess to be ‘the right stuff’. Too many policies, too many standards, too many procedures – so many that no-one knows which the right document is to use in any given situation.
What is required is a simple and effective heuristic model or cognitive map which guides document authors and users. Developing and sharing an understanding of the information governance document hierarchy for their business will enable business users to know what documents to create, what guidance those documents should provide and how they relate to other supporting documents.
The model needs to identify the Why, What, How and With what tools the organisation's corporate governance obligations will be met.
Every organisation has governance documents. Unfortunately, often these documents are a mismatched collection of artefacts that has grown up over time. Frequently they don’t relate to one another and even more frequently they don’t present a coherent message to the users. The purpose of a document hierarchy or model is to ensure that what an organisation determines as policy can be followed through to its business activities as operating procedures, instructions and guidance.
The fundamental reason for having an information governance document hierarchy is to provide a shared understanding for business users (and regulators) of how the overarching policies and standards of the enterprise are executed through its business processes.
Having a Safety Policy or a set of technical standards is useless unless it is supported by easy-to-understand direction and guidance for business users on how to effectively implement the requirements set out in these documents.
The 'how-to' documents like Strategies, Plans, Specifications and Procedures must be supported by the right instructions, guidelines and data-capture tools to ensure that business processes can be executed and that the right data is being retained as business records and as evidence to meet the relevant risk management and compliance obligations of the organisation.
In my next article I will describe a governance document hierarchy that makes it easy to deliver robust corporate governance through a simple, consistent and industry-independent information governance approach.
Carol Feuerriegel, IGP, Intelligence Leader – Information & Knowledge, Group Manager, Information and Knowledge at Inland Revenue NZ; Advisory Board Member Information Governance ANZ