At the July 28th Peer Incite research meeting Prevent Unstructured Data from Fueling Business Risk we heard four practitioners across three global industries (energy, finance and healthcare), talk about the importance of organizational priorities and actions in information management, specifically priorities directed toward the tremendous growth in unstructured data. We heard the call for CIO's to develop an information and records management (IRM) strategy and roadmap to lead and inform technology decision making, and to look for opportunities and options to leverage information management toward revenue growth and margin improvements as they modernize business processes and integrate emerging technologies.
Looking Back
Over the last 5 years however, information management has been in reactive mode, responding to gaps in the environment exposed by legal or regulatory imperatives. These reactions have fueled both the retrofit of existing processes for classifying information for example (e.g., folder based classifications) and the acquisition of new point solutions to ease the pain of electronic discovery. In essence, organizations responded to the email smoking gun, and as a result have short-cut a true opportunity - an end-to-end assessment and strategy around the risks, costs, and requirements for effective information management across the complete cycle, from creation to final disposition.
Looking Ahead
What has been missing is proactive, strategic thinking about the unstructured data challenge, for the enterprise, the LOB, and SME. Information management is no longer only about messaging and storage (see Information Management Defined). Management needs to realize the degree to which unstructured data is permeating the organization, and assess the value and risks to improved customer service and competitive position, business productivity, and bottom line margins. The business challenge is to bring this chaos under control and ensure that all data is known, declared, and classified at source and managed to maximize value and minimize risk. Sustainable information management has to become part of the DNA of the organization and like quality imbedded in every business process.
Get the Answers
To start with, the assessment should be multi-phased and include:
- A definition of an all-in TCO for unstructured data.
- The identification of risks to the enterprise, including unrecognized value and lack of transparency, potential for fraud, and unsustainable integration costs.
- The generation of a current and baseline end-state information management automation, including standard terms and definitions from which to establish a management dialogue.
- Development of functionality sets and features for each business process component necessary for the creation, use, distribution, storage, access, security, privacy, maintenance, retention, and disposal of information (see Functionality Set for Managing Unstructured Data Across the Enterprise).
- A critical review of information management policy and governance capabilities. (Developing policies is the easy part; implementing policies that can be effectively managed and monitored is more difficult.)
- Identification of gaps in existing internal business and control processes, organizational resources, and technical platforms (see Information Management Wikitips).
Action Item: Executive management need to ask and records and IT management need to be able to answer the following four questions about unstructured data and records:
- How many "undeclared or unclassified" records are being created and how much is it costing to maintain them over the next decade?
- What is the business exposure to the organization now and over the next decade?
- What opportunity costs do we incure due to the amount of undeclared or unclassified data?
- How do I create a company where documents and records are properly tied to a business purpose, classified and managed?
With these answers, business and IT leaders will more clearly understand the costs and risks to maintaining the current state of unmanaged data, justify the need to build compliance and governance capabilities into information or records management program, and establish a clear picture of end-user requirements for process, automation, and infrastructure improvement opportunities.
Footnotes: