Transcript Information Management - West University of Timișoara

Information Management
Lecture 5
Information Management Strategy
Bibliography
 [1] Dave Chaffey, Steve Wood - Business Information
Management : Improving Performance Using
Infomation Systems, 2005, Prentice Hall/Financial
Times, (734 pages)
 [2] Benson V., Tribe K. – Business Information
Management, 2008, Ventus Publishing (83 pages)
 [3] G. Somasundaram, Alok Shrivastava, Eds. Information Storage and Management: Storing,
Managing and Protecting Digital Information, 2009,
Wiley Publishing, Inc (478 pages)
 [4] Wikipedia
2
Overview
 The need for information management strategy
 Different strategies for managing informationrelated resources
 Developing a information management
strategy
 Information management themes and
approaches
3
 Organizational strategy - Definition of the
future direction and actions of an organization
specified as approaches and allocation of
resources to achieve specific objectives [1, pg.
180]
4
 Elements of strategy [1, pg. 180]:
 Strategies define the future direction of an
organization.
 Strategies are devised to achieve advantage for the
organization (strategic objectives).
 Strategies define the allocation of resources to
achieve this advantage.
 Strategies are primarily driven by the needs of the
organization, but also by the needs of stakeholders
such as shareholders, customers, suppliers or
employees.
 Strategies should be responsive to the dynamic
environment in which an organization operates.
5
 Information management strategy Definition of management approaches to the
organization, control and application of
organizational information resources through
coordination of people and technology
resources in order to support organizational
strategy and processes [1, pg. 180]
 Information management strategy treats the
information assets of an organization as a
resource which must be structured and
controlled through managing people resources
and technology resources. [idem]
6
Problems with organizational data quality
(Study by PricewaterhouseCoopers 2001)
[1, 181]
7
 The main benefits from having a defined IM
strategy are [1, pg. 182]:





It becomes possible to integrate all information activities,
and to use all information quickly and effectively to make
efficient business decisions.
Promotes openness of communications throughout the
company, both between and within levels.
Will foster a culture of innovation and knowledge sharing.
Forms a sound strategy for investment in information
systems and technology.
Ensures awareness of opportunities and threats is
communicated throughout the company, and allows timely
responses to these.
8
 Poor IM strategy is leading to losses in
revenue, in the end.
 For example, an insurance company spent $67
million developing a replacement information
system. After acquisition of another company,
they found it would cost nearly the same
amount to adapt the system to their new
requirements. If the previous system had had
an adaptive information architecture this effort
and cost would have been avoided [1, pg.82].
9
Responsibility for data management
strategy (Study by
PricewaterhouseCoopers 2001) [1, 186]
10
 Who is responsible for information
management (IM) and what their relationship
is to the managers responsible for related
information systems/information technology
(IS/IT) strategy and knowledge management
(KM) strategy?
 The answer is: for small to medium
organizations, generally one person or a
steering group which are responsib;le for one
of the IS/IT, or IM, or KM domains. (situations
a, b, and c from the following figure)
11
 For large organizations (situation [d] from the
following figure), different strategies for the 3
domains might even conflict.
 The interpretation of the figure, for example in
situation [a], IS/IT is a subset of IM, then the
responsible with the IM (the CIO (chief information
officer) or ISM (information services manager)) will be
the one also responsible with the general
strategy.
12
Principal options for ownership of
information management strategy [1, 187]
13
Developing IM strategy
 The 5 stages in developing any type of strategy
[1, pg. 191]:
1.
2.
3.
4.
5.
‘Where are we now?’ – the situation analysis.
‘Where do we want to be?’ – the vision and
objectives.
‘How are we going to get there?’ – the strategy.
‘How do we introduce the changes?’ – the
implementation of the strategy.
‘How are we doing?’ – the monitoring and control of
strategy’.
14
The Hawley Committee IM guidelines
about strategic issues [1, 192]
1.
2.
3.
4.
5.
6.
Information relevancy
Organizational significance of information management
Legal and ethical compliance
Assessing information value
Information quality
Legal and ethical compliance with specific reference to
information lifecycle management
7. Information management skills of employees
8. Information security including risk management
9. Maximizing value from information
10. Information systems strategy
15
 In addition to those mentioned above, modern issues
are:
11. Business performance management. Management of organizational
performance through business performance metrics systems such as the
balanced scorecard.
12. Knowledge management. Identification of responsibility for knowledge
management strategy and its implementation.
13. Market and competitive intelligence. There is now more prominence given to
systems and responsibilities for scanning the external environment to alert
managers to changes in the marketplace.
14. Information sharing and dissemination. Internet-based tools such as
corporate information portals, content management systems and e-mail
alerts are now commonly used for sharing and distributing information such
as that in 11, 12 and 13.
15. Legal requirements. New practical governance laws (Sarbanes-Oxley),
privacy and freedom of information acts have increased legal constraints.
16
Orna’s information policy and
information audit [1, 195]

Information management is concerned with:








How information is acquired, recorded and stored.
Where information resources are located in the organization and
who has responsibility for them.
How information flows within the organization and between the
organization and the outside world.
How the organization uses it [information quality].
How people who handle it apply their skills and co-operate with
one another.
How information technology supports the users of information.
What information costs and the value it contributes.
How effectively all these information-related activities contribute
towards achievement of the organization’s objectives.
17
The relationship between Orna’s tools for
information management [1, 196]
18
The Willard model of Information
Resource Management (IRM)
 It describes five elements of IRM [1, pg. 197]:
1. Identification. The discovery of information resources and
the recording of their features in an inventory.
2. Ownership. The establishment of responsibility for the
upkeep of an information resource.
3. Cost and value. Assessment of the cost of an information
resource and its value to the organization.
4. Development. The further development of an existing
information resource to enhance its value to the
organization.
5. Exploitation. The processes which may allow a resource to
generate further value through conversion into an asset or
a saleable commodity.
19
Main themes in IM strategy
An information management strategy
will include the following themes:
IMS1) Information value
IMS2) Information quality
IMS3) Information security
IMS4) Legal and ethical compliance
IMS5) Knowledge management
IMS6) Technology support
20
IMS1) Information value
 An IM strategy will force an
organization to question the value of
its information and thus to prioritize it
by importance in order for the best
information to be delivered.
 According to its value to the current
strategy and the future strategy,
information can be classified in [1,
pg. 198]:
21
1.
2.
3.
4.
Strategic information – the information used for corporate
performance management. It also refers to external
information such as competitive intelligence and market
information
High potential information – information with the potential
to become strategic in the future
Key operational information – the largest volume
information, about sales transactions and customers. It is
of limited value for the future strategy, but relevant for
implementing the current strategy
Support information – information about staff such as time
sheets and holiday bookings. It is of little strategic value.
Management of this information is a low priority, although
it still needs to be accurate and cost-effective.
22
IMS2) Information quality
 Information quality is determined by
the suitability of information to
support a decision or task.
 It depends on its relevance, accuracy,
timeliness and form.
 For a more detailed classification of
those categories see table 4.4 from
[1, pg. 199]
23
IMS3) Information security
 Information must be secure, so many
organizations implement a formal information
security management system or information
security policy to protect their information
assets.
 The BS7799 security standard proposed by BSI
(British Standard Institute) in 1995, 1999 and
2005, later adopted by ISO as ISO/IEC 27001
in November 2005 and ISO/IEC 27002 in July
2007 defines the guiding principles for
implementing an ISMS (information security
management system). The principles are:
24
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
Security policy
Security organization
Asset classification and control
Personnel security
Physical and environmental security
Communication and operations management
Access control
Systems development and maintenance
Business continuity planning
Compliance.
25
IMS4) Legal and ethical
compliance
 Different actions need to be taken for legal
compliance at each stage of the lifecycle [1,
pg. 202]:
 Records creation and capture. The time and place of
creation of new customer records must be logged for
transparency in case of a complaint.
 Records access. The modification, the person who
modified it and time it was made should be recorded.
 Records Disposal. The information policy may need to
specify how long records are kept before they are
deleted for legal compliance.
26
 Depending to the legislation of the country of
the company, several breaches of the laws can
appear. These include [1, pg. 202]:
 Sharing customer data with a third party without the
customer’s consent.
 Sending out unsolicited e-mail to a consumer.
 An e-mail from an employee which denigrates
another organization or defames an individual.
 Monitoring employee access to data and online
services.
 Not providing online access suitable for those with
visual impairment.
27
IMS5) Knowledge management
 A KM strategy is generally
incorporated in the IM strategy in the
case of small to medium companies.
 For large companies a separate KM
strategy is likely to be developed. It
will be referred in the following
lecture.
28
IMS6) Technology support
 An information systems strategy brings
together [1, pg. 274]
 the business aims of the company,
 an understanding of the information needed to
support those aims,
 and the implementation of computer systems to
provide that information.
 It is a plan for the development of systems
towards some future vision of the role of
information systems in the organization.
29
Main approaches in IM
IMSA1) Structuring the information
management function
IMSA2) Responsibilities
IMSA3) Information resource analysis
IMSA4) Information policy
IMSA5) Risk management
30
IMSA1) Structuring the information
management function
 An IM unit is an organizational unit responsible
for information management strategy within an
organization.
 This can be a small department or team of
people in large organizations.
 In small organizations the IM function can be
assured by a single person who works full time
or part time on IM.
 In both situations, in the end, a single senior
manager is responsible for IM.
31
 The main role of the group will
typically be to [1, pg. 203]:
 develop and manage implementation
information management strategy;
 set information-related policies such as
data protection policy, employee
monitoring policy;
 educate and train staff and disseminate
best practice.
32
IMSA2) Responsibilities
 Evernden and Evernden (2003) suggest that
when developing an information architecture
for an organization, there should be four types
of responsibility or ownership [1, pg. 206]:
1. Governance responsibility. Managers responsible for
the overall directional and control of information
management. Their work involves obtaining funding
for projects and systems to improve information and
quality and ownership for their implementation.
2. Stewardship responsibilities. Information stewards
are responsible for quality of information and this
involves activities such as information capture or
creation, dissemination and deletion.
33
3. Infrastructure responsibilities. This is creating the
right environment for using information. This is a
more technical role involving setting up and
integrating information systems, creating database
structures or information architectures for Website
pages and protecting the information resource.
4. Usage responsibilities. Usage is the responsibility of
the end-user of information. Beyond actually using
the information, activities include assessing
information for quality and highlighting problems with
quality.
34
 The Joint Information Systems Committee of UK for
future and higher education in its Guidelines for
Developing an Information Strategy (JISC, 1995)
suggests that it is important to identify clear
responsibilities for information. They envisage five main
roles [1, pg. 207]:
1. Information strategy committee. A steering committee
for the development of the information strategy. Involved
in initial development of strategy and to monitor
implementation and operation. It is recommended that the
chair be very senior – Pro-Vice-Chancellor or equivalent.
2. Information (strategy) manager/director. This person
is custodian of the information strategy and is expected to
be capable in project and change management.
35
 The main tasks expected by JISC
(1995) are:
 ■ managing the implementation of the
strategy;
 ■ maintaining and monitoring its
effectiveness;
 ■ proposing changes to it on the basis of
wide consultation.
36
3. Information custodians. Responsible
for maintaining standards for a defined
set of information items. Responsibilities
include:



auditing the use of the information to ensure
compliance with information standards;
suggesting changes to the definition or
parameters of the information items;
delegating the responsibility for information
quality.
37
4. Information users. These include academic
and administrative staff, students, prospective
students, alumni, industry, the funding
councils, research councils.
 Information users within the institution must
be aware of the information strategy and how
it affects them (an information policy or
acceptable use policies for computing networks
are used to communicate this).
38
5. Information service. This is a combination of
the library and information service within the
university.
JISC notes that some institutions have found it
desirable to merge the two main information
services (library and computing) under a single
managerial head (and reporting to one
committee) since the difference between types
of information (and forms of access to them)
continues to diminish.
39
The CIO role
 The Chief Information Officer (CIO) is
the manager with the responsibility
for information assets and IS
strategy.
 The role can be performed by the IT
or IS manager for smaller companies.
40
IMSA3) Information resource
analysis
 An information audit is a systematic
examination of
 information use,
 resources and
 flows,
 with a verification by reference to both people
and existing documents, in order to establish
the extent to which they are contributing to an
organization’s objectives [1, pg. 210].
41
 The purpose of the information audit is to identify for the
organizational information resource [1, pg. 210]:








Actual and potential users of information;
The information quality requirements for these users;
The types of information available;
Where information is held (including multiple sources);
How the information is used and how this relates to
organizational objectives;
Systems or applications used to capture, store and
disseminate information;
Problems with information management that result in poor
communications or wastage;
The cost of information usage.
42
 Information mapping - An approach
for identifying the value of and
relationships between organizational
information resources [1, pg. 210].
43
A summary of components of information mapping as
suggested by Evernden and Evernden (2003) [1, pg. 210]
44
IMSA4) Information policy
 Information Policy is typically a brief
statement of intent of how
information should be managed and
used within an organization.
 For some the Information Policy is
synonymous with Information
Strategy.
 Information policy exerts a strong
influence on information quality.
45
IMSA5) Risk management
 Risk management is used to identify potential
risks in a range of situations and then take
actions to minimize the risks [1, pg. 213].
 It typically has these four steps [idem]:
1.
2.
3.
4.
Identify risks including their probabilities and
impacts.
Identify possible solutions to these risks.
Implement the solutions targeting the highestimpact, most likely risks.
Monitor the risks to learn for future risk assessment.
46
Risk management assessment for
information management [1, 214]
assessed by the Hawley Committee
47
Prerequisites for a IM strategy refered by
Evernden and Evernden (2003) [1, 216]
1. There is a clear and distinct vision of
information as a corporate resource
2. There is an organization unit responsible for
information and knowledge that is distinct
from the information technology function.
3. There is a well-defined strategy and action
plan for improving the effectiveness of
information use across the organization.
4. Information that is vital and necessary to make
key decisions is always readily and easily
available.
48
5. All information is available in a
consistent and integrated format.
6. Management believes that there is
considerable value to be gained from
the organization’s use of information.
7. Information management is seen as the
responsibility of business people as well
as the information technology function.
49
8. Information has a key role in all business
processes.
9. Financial approval is readily available for
investment in the information infrastructure of
the organization (as opposed to technology
investments).
10.Information is used to support innovation and
creativity in product and service development,
business processes and customer support.
50