Thursday, September 28, 2006

Managing Risk

Information Management (IM) is in the first place risk management. If there was no risk related to the information, then there is no reason to manage it. Making clear that IM is related to risks already will make it more likely that people change their behaviours with respect to information.

So one of the first measures to take in IM is to understand 'where do we feel the heat'. Only where there is heat, we should take measures, because putting a 50,000 dollar fence around a 5,000 dollar horse does not make sense.

So step 1. is: Understand what is valuable information

Step 2. is to understand where there are risks - think risks related confidentiality, integrity (quality) of the information, accessibility or legal issues

These risks can relate to all steps in the whole lifecycle of the information (during the steps when information is Created or acquired, QC-ed and stored, retrieved and used, reviewed and
disposed.

Then step 3. is to think about the impacts of these risks (financially, HSE, reputation, ... ) and the likelihood of occurence.

And finally you can check what controls are already in place to deal with these risks and see if they are sufficient.

This whole process looks like a pretty elaborate piece of work and the truth is - it is! Please note that when you get a consultant in, then you will a lot more elaborate version of this based on the internation standard from COBIT. I would say - don't even try to implement this, since your business will be broke before you have read all the recommendations.

But if you focus on the top valuable information and the top risks (highest impact), then you can create a pretty good story on what needs to be done to manage this information - with a clear link of running your business.

Labels: ,

Wednesday, September 06, 2006

IM is all about behaviours ...

OK, so what is it that I do? Well, I talk to people (a lot) and basically half of the work is about issueing motherhood statements like - 'if you have not loaded the final records related your work, then your work is not finished!'. There is a lot about awareness (posters and training) and only a little about developing things.

Therefore I see Information Management mainly as a social, behaviour related science and it has not a lot to do with technology (OK, we must get all these systems to work, but that should be only 20% of the story). We have to try out if all these new things work with people, and we can only do that via improvising, and doing change management as we go along. Brilliant in this field was the late Claudio Ciborra - who laid a good foundation for how we could think about the way we deal with the world of IT. Probably IM is closer to HR than anything else.

Labels: ,

Tuesday, September 05, 2006

IM not IT

Millions of people in the world of computers (or should I say IT?) love tinkering with technology. That's great, since it delivers a lot of progress to us all, but a lot of them forget why we are doing this in the first place ... We have IT mainly to manage information. We have computers, networks, software, the whole lot, to create communications, documents, data, share knowledge, etc. etc. (even to create blogs like this!). OK, I know IT is doing more than this, but I would guess 95% of computer usage should be about IM (Information Management).

So when people ask me - what is your job? I still say that I'm doing 'something with computers', but I actually want to say - I manage information. Why I am not saying this, mainly because nobody understands IM (not even me). Therefore this is a good reason to write this blog. It is a blog about this job, about what it is (not something with computers), what misconceptions people have, what hurdles we have to take. It is also an attempt to put it on the map as a profession, share thoughts with peers and maybe learn ...

So happy reading ...

Evert

Labels: