This post is part of a sequence I've introduced here, looking at some of the inevitable consequences of our rapid shift to an information-centric economy and society.
In this post, I'd like to present my case that the CIO -- and everyone who works in the IT organization -- will likely have a new role in the near future.
They're going to be the CFOs of information.
My Favorite Analogy -- Information As Money
Money is a pretty important thing to many corporations. But if you think back to the 1970s, the idea of a CFO -- chief financial officer -- was pretty new. Sure, we had finance people and such, but there was rarely individual chartered with managing the organization's financial portfolio.
Since then, "financial governance" has been an ever-increasing topic in the board room. The CFO is held accountable to know where are all the money is coming from, where it's going, and how it's being managed. And the idea of external audits and public accountability as to how the money is being managed is commonplace.
But what about information?
Can we honestly say that the CIO (and the IT group) knows where all the information comes form? Where it all goes, and how it's being used? That the information portfolio (and associated policies and investments) is being actively balanced between costs, risks and value generation?
It may be rare today, but I'd offer that I'm seeing more and more movement to an "information governance" mindset.
A few years back when I brought up the topic, I'd get some strange looks, usually reserved for harmless nutcases. But no longer -- I'm routinely finding more and more organizations that have set up cross-functional groups of senior leadership to wrestle with very thorny policy issues around how they gather, use and manage information.
Risk Mitigation Leads The Charge
Not surprisingly, risks associated with information management are usually what bring people together. I suppose that's good, but it's not ideal.
Industries that routinely deal with sensitive information (e.g. financial services) understand the consequences associated with poor information management, but other industries tend to get caught by surprise (e.g. retail).
But it shouldn't be all about risk, should it? The basic premise behind information governance is to understand how information is gathered, used and managed. Sure, looking at the topic through a risk lens makes a certain sense, but cost savings is a related outcome, as are new sources of value generation from the information portfolio.
Organizations that limit themselves to risk mitigation as the rationale for good information governance are leaving much on the table. And organization that don't consider them owners of sensitive information are missing all three: risk avoidance, cost optimization and value generation.
Information Governance Is Hard
First, as far as I know, there's no textbook you can buy, or course you can take (e.g. Information Governance 101) to understand what's going on here. The problems -- and solutions -- are relatively new.
Second, the default mindset is that it's an IT thing. Yes, IT brings a lot to the table -- and can lead the charge -- but it's like saying that financial governance is just a finance thing, or HR governance is just an HR thing.
The truth is that information is entwined with the fabric of the entire business, and -- like other important, strategic topics -- can't be the sole province of the IT group.
Third, IT has to take a bit of the heat here. How many IT people are hired for their technology skills, vs. their business skills? If all IT hires is good technologists and good project managers, they'll always find it hard to become part of the business in a meaningful way.
Going a bit farther, how many MBA courses teach good information management practices? They teach other disciplines (e.g. finance, marketing, HR, sales, etc.), but my impression is that this topic is sorely lacking.
And, even if MBAs were equipped to understand information governance and management, how many of them would want to work in a typical IT group?
And, Today, It's Rare
Probing on this topic is one of the things I routinely do when I'm with customers. Not surprisingly, many say that they've got nothing like this, other than some static and impractical guidelines from their legal department. But they all admit they've got a problem, and see the value in a corporate-level information governance function of some sort.
Two problems with static policies created by the legal group: one, it's a dynamic process (things do change), and second, risk mitigation is only one voice at the table. A risk-oriented information governance policy that costs too much, or inhibits business value isn't the answer here.
But I'm meeting more and more organizations that have bitten the bullet, and have started the journey of bringing business leaders to the table -- on a regular basis -- to discuss things like "how long should we keep information?" or "what information being gathered in one part of the business might be useful elsewhere?" or related topics.
Yes, the risk factors are getting everyone's attention, but -- along the way -- they tell me they're finding opportunities to save money, and occasionally create new value from the information they already have.
And although a precious few have been doing this for a while, they are finding that IT is far easier and more productive, simply because the business is engaged.
Information Governance Is Unavoidable
At least, as far as I can see. The forces at work here are irresistable. More information, more costs, more risks, more potential for new business value.
Many of the business leaders of today are extremely conversant with moeny and finances. They know that money is the lifeblood of any successful enterprise.
How many future business leaders will be as conversant -- if not more so -- about information?
Comments