Read without ads and support Scribd by becoming a Scribd Premium Reader.
See Premium Plans
 
International Journal of Information Management
31 (2011) 195–200
Contents lists available atScienceDirect
InternationalJournalofInformationManagement
 journal homepage:www.elsevier.com/locate/ijinfomgt
On the governance of information: Introducing a new concept of governance tosupport the management of information
M.N. Kooper
, R. Maes, E.E.O. Roos Lindgreen
Universiteit van Amsterdam, Roetersstraat 11, 1018 WB Amsterdam, The Netherlands
a r t i c l e i n f o
 Article history:
Available online 12 June 2010
Keywords:
Information managementGovernanceIT governanceKnowledge managementInformation transaction space
a b s t r a c t
Information governance as an approach to better govern the use of information within and outside anorganizationisrapidlygainingpopularity.Acommonandscientificgroundforthisapproachhasnotyetbeen formulated. In this article the authors describe a definition for information governance, extendingthe common, one-dimensional approach into a more generic statement. Starting from the well-knownprinciples of IT governance the authors further explore the aspects of both information and governance.Four hypotheses are proposed to give ground to the use of information governance. These hypotheseswill be the basis for further research.
© 2010 Elsevier Ltd. All rights reserved.
1. Introduction
‘Governance’ is by now a well-known term in business. It hasfocused on the role of boards of directors in representing and pro-tectingtheinterestsofshareholders.Acriticalroleforgovernanceistomonitorandcontrolthebehaviorofmanagement,whoarehiredtopresideovertheday-to-dayactivitiesofrunningtheorganization(Fama & Jensen, 1983).Maybe its best known use is at the corporate level: ‘corporategovernance’, as the set of processes, customs, policies, laws andinstitutions affecting the way a corporation is directed, admin-istered or controlled. Corporate governance also includes therelationshipsamongthemanystakeholdersinvolvedandthegoalsfor which the corporation is governed. The principal stakeholdersare the shareholders, the management and the board of directors.Otherstakeholdersincludeemployees,suppliers,customers,banksandotherlenders,regulators,theenvironmentandthecommunityat large. Governance provides a structure for determining orga-nizational objectives and monitoring performance to ensure thatobjectives are attained (OECD, 1999).IntheICTworld,theterm‘ITgovernance’(or‘ICTgovernance’)iswell established (Van Grembergen, 2004; Weill & Ross, 2004).It is asubsetdisciplineofcorporategovernancefocusedoninformationtechnology systems and their performance and risk management.TherisinginterestinITgovernanceispartlyduetocomplianceini-
Corresponding author at: Business Studies, Information Management, Univer-siteit van Amsterdam, Roetersstraat 11, 1018 WB Amsterdam, The Netherlands.Tel.: +31 020 5254266.
E-mail addresses:
m.n.kooper@uva.nl(M.N. Kooper),maestro@uva.nl(R. Maes), E.E.O.RoosLindgreen@uva.nl(E.E.O.R. Lindgreen).
tiatives (e.g. Sarbanes-Oxley (USA) and Basel II (Europe)), as wellas the acknowledgement that IT is an increasingly important ele-mentoforganizationalproductsandservicesandthefoundationof enterprise wide processes (Weill & Ross, 2004).It consists of “the leadershipandorganizationalstructuresandprocessesthatensurethat the organization’s IT sustains and extends the organization’sstrategies and objectives” (IT Governance Institute, 2003).IT gov- ernance,hence,isaninstrumentofstrategicbusiness-ITalignment(Henderson&Venkatraman,1993;Hirschheim&Sabherwal,2001).With the enormous growth of digitized data inside and outsidethe organizational boundary, and with the growth of possibilitiesto access this data, organizations have become aware of the needfor governance of their data assets. Similar to the framework of WeillandRossonITgovernanceKhatriandBrown(2010)recently published a paper, introducing the design of a
data
governancemodel.This article takes a deviant, information based approach, builton the observation that (1) information is the missing linking pinbetweenbusinessandIT(Maes,1999),(2)informationisabusiness resource, independent of the supporting IT, and (3) information,being interpreted data, is, unlike IT and data an intangible asset.Furthermore, relevant information is more and more originatingfrom external sources and surpassing the classical IT (basically:database) formats. As a consequence, the proper
use
and
applica-tion
ofinformation(andnotonlyits
creation
)isofvitalimportanceand hence appropriately a candidate subject for governance. Ourfundamental belief (and our premise) is that organizations withaninstitutedinformationgovernanceprocessaremoreeffectiveatseeking, collecting, processing and applying information and aregetting more value from their and others’ information sources.
Information governance
involves establishing an environmentand opportunities, rules and decision-making rights for the val-
0268-4012/$ – see front matter
© 2010 Elsevier Ltd. All rights reserved.
doi:10.1016/j.ijinfomgt.2010.05.009
 
196
M.N. Kooper et al. / International Journal of Information Management 
 31 (2011) 195–200
uation, creation, collection, analysis, distribution, storage, use andcontrol of information; it answers the question “what informationdo we need, how do we make use of it and who is responsible forit?”.Investigatingcurrentpracticerevealsthatmanyorganizations,if not all, lack an all encompassing information governance policy(EconomistIntelligenceUnit,2008),especiallyforexternalandfree format information, and often the policies and processes they dohave arenot effective.Firststepshavebeentakentodefinesuchpoliciesandprocessesfrom a compliance perspective (Donaldson & Walker, 2004; Kahn& Blair, 2004),but the aim of this article is to define and discussinformationgovernanceinamoreexplorativeway.Tothisend,wefirstpondertheinadequacyofITgovernancetodealwiththedeci-sive role of information in present-day organizations. In section 5,we explore the value of information and discuss the governanceaspects to optimize the effective use and application of informa-tion. We continue with a discussion on the aspects of governanceand the various mechanisms that have been explored so far. Weconclude with a research agenda in information governance. Thisagendaisbydefinitionafullandwholeheartedattempttocombinerigor(academicallyspeaking)andrelevance(fromthepointofviewof practice). Information governance is “rigorously relevant” bothin theory and in practice (Keen, 1991).
2. The inadequacy of IT governance
Although IT governance is now widely accepted and is consid-eredbymanyauthorstobeapowerfulandnecessaryinstrumenttoimprove the added value of IT investments and manage IT risks atthesametime,wearguethatboththefoundationsandthecurrentapplication of IT governance also suffer from serious limitations.Some of these limitations are
inherent 
, meaning that they logicallyfollow from the very concept of IT governance. Other limitationsare
self-imposed
,meaningthattheyarecausedbythewayorganiza-tionsapplytheconceptofITgovernanceinpractice.Bothcategoriesand their effects will be discussed in this section.IT governance includes decision making structures, alignmentprocesses and communications tools (Weill & Ross, 2004).A def- inition in line with this is given byVan Grembergen (2004):“IT governance is the organizational capacity exercised by the board,executive management, and IT management to control the formu-lationandimplementationofITstrategyandinthiswayensurethefusion of business and IT”.IT governance is said to be deprived of a clear and commonlyagreed upon definition and to be based on too operational frame-works, such as COBIT and ITIL (Simonsson & Johnson, 2006).Notwithstanding its operational nature (Van Grembergen & DeHaes, 2007),IT governance is still considered the foremost mech-anism linking investments in IT and business value; however, theconcept of aligning business and IT, in itself, has been called diffi-cult to master (Chan, 2002)and even harmful (Ciborra, 1997)and misleading(Maes,2007).Theconceptofgovernancehasbeencrit- icized from the side of systems studies (Hoebeke, 1990)as being a mechanism developed to manage the unmanageable, in this caseincoherent aggregates. All activities transgressing boundaries e.g.innovation, are then discouraged or even discarded by falling backto governance. Governance, if established in this manner, is pri-marily a tool of repression (Hoebeke, 2006).Besides,Carr (2003) has argued that IT is no longer of strategic importance and henceno longer a concern of top management. Despite all this, strategicbusiness-IT alignment and IT governance still score points in anyCIOsurveyofimperativequestions(e.g.CapGemini,2009;Societyfor Information Management, 2009)The inherent limitations of IT governance logically follow fromits two constituent words “IT” and “governance”.The first major inherent limitation of 
IT 
governance is that it isnot concerned with the way information can be created, sought,consumed, processed and exchanged in order to add value to abusiness, but that it solely focuses on managing the resources thateventually must be deployed to achieve such a goal, and the asso-ciated risks.ThesecondmajorlimitationofIT
 governance
isthatitexclusivelyinhabits the “control” half of the business universe, includ-ing administration, policymaking, responsibility, authorization,reporting, monitoring and audit. IT governance relies on theparadigm that IT investments and the resulting IT systems canand must be controlled in order to be successful. At the sametime, IT governance carefully avoids the other half of the busi-nessuniverse,whichhostssuchvitalelementsasentrepreneurship,innovation,businessdevelopment,creativity,improvisation,valuecreation and experiment. According toKooiman (2003)creativity, intuition and experience are just as important as goal-directness,criteria of efficiency and working ‘according to rules’. Conscien-tiouslyimplementingITgovernancemaywidenthewell-describedgap between business and IT (Peppard & Ward, 1999)instead of  bridging it.Third,practiceshowsthatITgovernance,evenifitisrestrictedtothe IT organization, often suffers from incomplete or half-heartedimplementations. Examples include impressive policy documentsof dubious operating effectiveness, information security projectsthat are delayed or aborted altogether, service levels that remainunmonitored, and failing internal controls that remain undetecteduntil an incident occurs. There may be several reasons for this; ithasbeennotedthattheaddedvalueofITgovernanceisnotalwayscleartotheITorganization,andITgovernanceoftenleadstoamoreformalandsometimesbureaucraticenvironmentthatisnotalwayslikedbyITprofessionals(Overbeek,RoosLindgreen,&Spruit,2005).
3. Definition of information governance
Taking these limitations into account we introduce informa-tion governance as a ‘logical’ alternative, focusing on the seekingand finding, creation and use, and the exchange of information,and not solely on its production. Information governance is not anew term, but the proposed definition in this article is differentfrom the approach in existing literature. Information governancewas introduced scientifically byDonaldson and Walker (2004)as a framework to support the work at the National Health Societyon security and confidentiality arrangements to apply at multiplelevels in electronic information services. More recently a reportwas published by theEconomist Intelligence Unit (2008)on the use of information governance in enterprises. Information gover-nanceintheseapproachestypicallyincludesrecordsmanagement,privacyregulation,informationsecurity,dataflowsandownership,and data lifecycle management.The explorations so far all show the potential pitfall to relyon ‘old principles’, by introducing a hierarchical control frame-work without exploring the possibilities of alternative governanceapproaches.Wewillexploreabroad,conceptualapproachtoinfor-mation governance as a basis for further research. This approachwill give room for multiple approaches to governance. Similar totheprevioussectionswesplitourapproachinan‘informationpartand a ‘governance’ part.Information has several unique characteristics, which ren-der it difficult to valuate and to govern. But independent of itscontent (financial information, client information, etc.), genericprinciples on understanding the value and governance of informa-tion can be recognized. Information is an unusual good in manyaspects—creation,distribution,cost,andconsumption.Informationis both an end-product and an instrument or input into the cre-
 
M.N. Kooper et al. / International Journal of Information Management 
 31 (2011) 195–200
197
ation of other goods, decisions, and information (Rafaeli, 2003).It is expensive to produce and cheap to reproduce (Shapiro & Varian,1999).The value of information is subjective, since it may be moreuseful in satisfying the wants of one person than another, or of nouse to one person and of use to another (Huizing, 2007).Informa- tionhasmanydefinitions(Pijpers,2006)andbyitselfismoreorless withoutvalue.Bygivingmeaningtotheinformationithasvaluetoa person.Huizing (2007)describes in his paper, that the difference between IT and information is the human aspect. Giving meaningto information is a human element and by definition subjective,since objectivism cannot deal with the human sense making.Secondlythebasisforgovernance,asstatedbyKooiman(2003),is the interaction concept. Actors within a certain environmentinterfere, collaborate and are involved in many interrelations.Actors by themselves do not have the knowledge required to solvecomplex, dynamic and diversified societal challenges that comealong.Theywillneedagovernance
approach
tostreamlinethepat-terns of interactions. More specifically, for information exchangetheywillneedagovernanceapproachtostreamlinethepatternsof 
sense making 
interactions. By sense making we mean a motivated,continuousefforttounderstandconnections(whichcanbeamongpeople, places, and events) in order to anticipate their trajectoriesand act effectively (Klein, Moon, & Hoffman, 2006).Information exchangecanbeconsideredasaformofsensemakinginteractions.Following Klein we state that whether an information exchangemakessensedependsonthepersonwho’sdoingthesensemaking.Thepropertyof“exchanginginformation”isn’tapropertyofstate-mentsbutaninteractionofpeople,situations,andknowledge.Thegovernanceofinformationshouldthereforebeconsideredwiththeinclusion of the sense making interactions aspects to understandand utilize the information’s value.So, who interact when we consider sense making interac-tions? In general, any actor, receiving or consuming information,will give meaning to the data that he or she encounters. At thesame time, data that the ‘consumer’ or ‘receiver’ of informationencounters is always created by some actor (the ‘creator’) insomeformatandthroughsomecommunicationchannelorsystem,which implies that creation of information cannot be without anysubjectivism.Informationgovernanceshouldthereforeincludethehuman interaction of actors with people, data and the underlyingsystems.Finally information should always be viewed within its con-text. Therefore we follow Pijpers, noticing that information canonly be evaluated with an awareness of the context in whichit is being interpreted. Context is an element of the
informationenvironment 
, which incorporates all the factors affecting how anorganization deals with information (Davenport & Prusak, 1997).Similarly to the information environment,Huizing and Bouman(2002)describe the
information transaction space,
which ‘repre-sentsthesetofallpossibleinformationexchanges—economistssaytransactions—availabletoanyactoratanytime’.Toinfluencetheseexchanges, if possible at all, some form of governance should beintroduced, and accordingly, a governing actor to guard these gov-erningprinciples.Thereforeweintroducethe‘governingactor’,thethird actor involved, a determinant of the information transactionspace, being able to influence the interaction between the creatorand the receiver of information.Summarizing the above, information governance may beviewed as a concept to govern sense making interactions (insteadof assets) between the actors involved in an information transac-tionspace.Basedontheseconsiderationsweproposethefollowingdefinition:Information Governance is the set of activities aimed at estab-lishinganormativefoundationtofacilitateandstimulatesensemaking interactions.
4. Value creation and information governance
Informationgovernancemaybeviewedasaframeworktoopti-mizethevalueofinformationinsomesensetotheactorsinvolved.Ourdefinitionleadstothequestiontowhomthevalueisoptimized,andwhatthedependenciesaretoenableoptimizationoftheinfor-mationvalue.Obtainingabetterunderstandingontheoptimizationof the information value and its dependencies will give a basis forthe choice of a matching governance concept.To answer the first question (‘to whom is the value optimized’)we consider the actors involved, as discussed in the previous sec-tion: the creator, the receiver, and the ‘governing actor’. All threemay reflect one or more persons (single person, group, group of individuals).Thegoverningactormaybeviewedastheactorwhoisgoverningthe‘interaction’betweencreatorandreceiverwithintheinformation transaction space. The governing actor may be withinan organization, but may as well be external (e.g. a legist or anexternal auditor). All three (groups) will give value to the consid-ered information and to this respect the optimization of the valuewill depend on the value that is given bythe three actors involved.This leads to our first hypothesis on the value of information. Inthe continuation of this section we will describe four hypotheses.Theywillbestatedhereandprovideabasisforfurtherresearch,asdescribed in the concluding section.
Hypothesis1.
Implementationofinformationgovernancemaybeconsidered successful when it has led to an acceptable balance of the information value for the three (groups of) actors involvedWe use the term ‘acceptable’ instead of e.g. ‘maximal’ becauseof two reasons:(1) Maximization would imply that the value of information canbe measured. However, this is questionable since no objectivemeasurements can be applied (by definition).(2) Since three actors are involved information governance mayestablish an ‘optimumthat is acceptable for all the actorsinvolved. Since they all may have different perspectives it isbetter to consider an optimum instead of a ‘maximum’.Withinformationgovernancewethereforeaimforaframeworkthat pursues a precious equilibrium for all parties. For example, agoverning actor may require that certain privacy statements arefollowed. The information governance framework within an orga-nization will then need a setup that complies with the externalrules, but that leaves sufficient space for actors to perform theiractivities.To answer the second question in the beginning of this section(‘whatarethedependenciestoenableoptimizationoftheinforma-tion value’) we propose three hypotheses, each with an emphasison the role of one of the three actors:
Hypothesis 2.
Obtaining an acceptable level of the value of information to the actors involved will depend on the reliability,relevance and usability of the information to the receiver and theway the information enables the receiver to take actionFor example, a financial report may give value to a CFO, who isable to interpret, for example, the ‘financial health’ of a businessunit,basedonthegivennumbers.Inthiscasethereportmaycomefromacontroller,whoishighlytrustedbytheCFO,andwhoalwaysdeliversareportwithanextensiveoralclarificationandanalysisonthestatusofthespecificbusinessunitandwhoendswithanadviceontheactionstobetakenbytheCFO.WiththisapproachthereportisrelevanttotheCFO,duetotheapproachofthecontroller.TheCFOis able to take action based on the received information. He trustshis controller and the systems that were used by the controller,based on confidence, but probably also on the controls that were
Search
Search History:
Searching...
Result 00 of 00
00 results for result for
  • p.
    • Notes
    Load more