Every organization I’ve ever dealt with has always grappled with the issue of what to do with the Records Management group. The trend hasn’t gotten any easier with the evolution into Information Governance, if anything it has become more difficult. After all where should you put a group that manages information security as well as the collection, categorization, storage and dissemination of the organization’s information assets? What is the best spot on the organizational chart for this function? In this article I will share the trends I’ve seen and offer some insights and opinions on what has worked best.
As with anything it is best to start at the top of the organizational chart because, like water, it all flows downhill. From my previous blogs you already know that without Executive backing nothing is going to happen. The same goes with the power this group has to accomplish its function. For many years Records Management/Information Governance has generally fallen under one of three departments in this order:
- Information Technology
- Legal
- Operations
Consequently Records Management/Information Governance is the responsibility of the Chief Information Officer, the Chief Legal Counsel or Chief Operations Officer. Now I will grant you that for most organizations these people have very little direct contact with the Records Management/Information Governance group, but they do lend their executive authority to group’s mission to ensure they can get the job done. There are some organizations that have the role of the “CIGO” or Chief Information Governance Officer, but I don’t see these becoming widespread mainly because most organizations have long established lines of authority and tend to shy away from creating more.
Each of the departments listed above come with their own idiosyncrasies when dealing with information. Information Technology tends to look at it as an object to be stored and managed. Legal views information from a risk perspective and operations counts on information to meet business objectives. When you look at a strategic fit for an information governance program within an organizational structure it’s important to keep these perspectives in mind.
In many organizations, information governance gets shuffled under Information Technology because more and more an organization’s information assets are electronic. Consequently many in Upper Management equate information assets as nothing more than a system, so Information governance is relegated to a maintenance function with little authority to be effective. Some of the more effective information governance programs I have seen are in highly regulated industries where they are under the legal department. In these organizations risk mitigation is the driver for the program and there is strict adherence to compliance with these regulations. As for information governance programs in Operations, they are there on an organizational chart for lack of a strong business case to put them anywhere else.
I have seen a couple of trends to create an “Office of Information Management” and “Office of Information Governance and Records Management” or similar names. These efforts move information governance outside of Information Technology and shifts the focus from a passive stance or “how much money can we save using technology, and how can we cut those costs?” to an active strategy or “how can we get the most benefit from our information and protect it at the same time?” This has been done by very forward thinking clients in order to elevate information to the level of strategic asset, but again it is rare.
My personal favorite is to separate information governance from all of the traditional departments and establish it under the IG Steering Committee for the organization. Information Governance is a multi-faceted discipline that requires input from all of these departments. The program still needs one Boss to manage it, but this format gives everyone skin in the game to ensure it works. In addition, for information governance to be truly effective, it needs to be part of everyone’s daily business process. Establishing a committee composed of members throughout the organization is necessary to elevate visibility of the program to its proper place. Information needs to be viewed as a strategic asset that is everyone’s responsibility to manage and protect. The first step in establishing this mindset is to put information governance in the right spot on the organizational chart.
