Gain leadership support for information governance and records management
If there are people in your organization who think about or recognize the term “records management,” they’re typically thinking about boxes of paper files, file cabinets bursting with paper records that haven’t seen the light of day in years, or even a previously failed records management project. The term “information governance” is a newer term that most have not yet heard of and few others would be able to describe in significant detail. With that context, how do you gather the support that you need at the top of the organization?
Generally, when we speak of the “leadership” of an organization, we’re referring to the C-Level folks such as the Chief Executive Officer (CEO), Chief Operating Officer (COO), Chief Compliance Officer (CCO), Chief Information Officer (CIO), Chief Financial Officer (CFO), Chief Information Security Officer (CISO), and the General Counsel (GC). Each of these folks have a lot on their plates at all times and a particular focus within the organization. They each have specific concerns and goals, and it’s these concerns that you want to speak to. You have to sell this group on a concept that they usually do not think a lot about, which is not an easy feat.
What are the leadership concerns, or business drivers, as it relates to information governance and records management? There are four key business drivers that you want to discuss when building your business case for the information governance and records management program:
Compliance
Operational Efficiency
Risk Management
Competitive Advantage
Compliance is something that the CEO, CCO, CIO and GC are all interested in. The COO and CFO are most certainly interested in improving operational efficiency, and the CISO and GC are concerned about the organization’s risks. They would all likely agree that having a competitive advantage would be of great importance to the organization. Let’s take a deeper look at each of the business drivers.
Compliance
Let’s start with what we mean by compliance. It’s:
The need to protect and secure structured and unstructured data in order to meet regulatory or legal requirements
The need to discover structured and unstructured data including audit trail (legal, FOI, ATIP)
The need to archive or destroy structured and unstructured data
We want to ensure that our organization is compliant with federal, provincial/state and local laws around how information is created, used, protected, managed and retained. We also want to ensure that the organization is compliant with all of the evolving regulatory requirements pertaining to the lifecycle of information being created and or used by the organization.
Another area where compliance is very important is compliance with customer/client requirements. There is a rapidly growing trend where customers and clients are asking their business partners to comply with the customer/client requirements. More and more, they will even ask to audit your policies and procedures to ensure you are complying with their requirements.
Compliance with laws and regulations is obviously important to every organization. No one wants to be sued or fined for large sums of money due to non-compliance with these laws and regulations. Nor does an organization want to find themselves responsible for damaging a customer/client by not complying with agreed upon requirements from them. This could potentially damage or even destroy the relationship with the customer/client which could be devastating for the organization financially and damaging to its reputation in the industry.
When presented with the full scope of the compliance drivers discussed above, it has been our experience that an organization’s leadership will pay attention when customer relationships and legal consequences are on the line.
Operational efficiency
This seems obvious to most everyone – it makes good business sense to operate as efficiently as possible. So, what are some of the examples we can use to promote our case for information governance and records management?
Improving how, what and when we capture information can help improve operational efficiency. Ideally, we want to know what information we are creating, what it is, and what it means. Some questions to address when reviewing information for operational efficiency include:
Should it have markings or tags for security or access control?
How long do we need to keep it for?
Does this belong to the organization or the customer/client?
What case/project/matter/engagement does it belong to?
If we know these things about the content we can manage it better, protect it better, use it more effectively, and find it easily when we need it. This will help improve how utilized the organization’s people can be. We want everyone spending as much of their time and efforts on the core work – not wasting time looking for information, trying to figure out what is the most relevant or recent information, and deciding how or what they need to protect or should have access to.
Operational efficiencies can also be achieved by moving towards a less-paper environment to free-up expensive real estate for better use than keeping inactive paper files which are also often copies that already exist electronically but are just being managed efficiently.
It’s important to gather data on the costs of all of these operational activities and then estimate the costs post information governance and records management program. Many of these are annual costs for the organization so reducing those costs via efficiencies is usually viewed as annual savings. Often the cost savings are significant and can even reach into the millions of dollars annually for an organization, which also tends to interest the leadership team.
Risk management
Risk management is the next key driver to explore. Organizations who execute on information governance and records management programs can significantly avoid and mitigate their risks such as: fines for noncompliance with legal and regulatory requirements, e-discovery costs, data breaches, contractual compliance and a variety of other legal issues.
A comprehensive information governance and records management program facilitates legal and regulatory compliance as previously discussed. It also helps lower costs associated with e-discovery by both keeping only what needs to be retained for as long as is required and by enabling the accurate search and retrieval of responsive information. Having proper workflows to identify sensitive content and policies to tag and/or mark that content to protect it, helps prevent damaging data breaches. Similarly, identifying specific contractual requirements on what information should be protected, defining how information can be used and shared are all ways that an information governance and records management program can help organizations manage their risks.
It is always important to obtain data on an organization’s spend and contrast with the potential return on investment (ROI) from the information governance and records management program. For example, how much has the organization spent on e-discovery costs in the past 5 years? Industry benchmarking data can also be effective in making the ROI argument to executive leadership. For example, look for data on e-discovery costs per GB or TB and extrapolate to fit your organization’s current state and potential risk. Be conservative with your estimates and explain that you are using conservative numbers.
Competitive advantage
Finally, our last key business driver is competitive advantage. Every organization wants and needs to have advantages over their competitors to be successful.
Some ways that an information governance and records management program can help with competitive advantage include:
Improve the utilization of staff so they can focus more time on key business initiatives and delivering customer service
Help organizations respond faster to questions, proposals, and problem solving because content is identified at creation and receipt, and is managed throughout its lifecycle
Protect the information from being released improperly outside of the organization or being exposed to those within the organization without a need to know
Allow for the proper re-use of information that protects existing customers/clients and benefits the organization by leveraging its know-how and intellectual property
Bring consistency and automated processes that enable policies and reduce costs and risks.
All of these elements can also help the organization calibrate their costs to better fit their customers/clients needs and the organizations strategic financial goals. Organizations who practice good information governance and records management hygiene can absolutely help demonstrate and realize a competitive advantage.
In summary, when you’re preparing to make your business case to executive leadership, target these four key drivers, gather data on spend, estimate ROI, and weave a compelling story of transformation that the organization can achieve in alignment with its goals. Focus on reducing costs/spend, risk, and enhancing efficiencies and competitive advantages. Good luck!
