Conclusions and Outlook - Conclusion - Total Information Risk Management (2014)

Total Information Risk Management (2014)

PART 4 Conclusion

CHAPTER 14 Conclusions and Outlook

This book provides the tools for organizations to investigate and understand how poor data and information quality adversely impacts the achievement of business goals, and shows how to improve the quality of data and information assets to maximize their business value.

We started our work on TIRM in 2009, before Big Data became the huge thing it is now. Many industrial practitioners who we collaborated with approached us at that time with a similar problem: “We know that our business success depends so much on data quality, but we have such a depth of data that we don’t know where to start! How can we find out where to focus our data quality improvement efforts to create the biggest value for our business?”

We realized quickly that, to address the problem, the key would be to find a way for measuring the effect that poor data and information quality has on the business objectives of an organization. Understanding which data and information quality problems have the highest impact would give managers a tool to gear their information quality improvement programs toward real business value. It also would help managers to build a more convincing business case for information quality improvement, and to better utilize the sleeping data and information treasures that they sit on.

But why should we reinvent the wheel? The impact of an adverse event on business objectives can be best measured and managed by using risk management. Risk management is an old discipline that can offer many established concepts and, literally, hundreds of best practices, tools, and techniques. We just needed to find a way to “tap” into this wisdom by finding the right ways to integrate data and information management with the risk management discipline. Some approaches from information security served as role models.

We developed a holistic solution: the concepts, process, model, and various techniques and tools presented in this book that we summarize under the umbrella of Total Information Risk Management. TIRM has been of value in many different organizations from many industrial sectors in which it was applied as part of our research. The book has essentially been designed to progress gradually from the theory to the practice of TIRM—that is, it starts with an explanation of key concepts about data and information assets, enterprise information management, and risk management, and moves through a description of the TIRM process to examples of where the approach has been used to address real-life problems, and continues with a demonstration of how existing risk techniques can be integrated with TIRM, how to best employ software tools to automate some of the TIRM processes, and finally how to establish organizational support and employee engagement for a new initiative.

Within organizations, a good starting point for a TIRM initiative would be to get a few people to familiarize themselves with the concepts of TIRM by reading this book. In the first few chapters, we presented some background knowledge that is a prerequisite for understanding the process. As with any change management initiative, involving key stakeholders from the beginning will help to increase engagement within the organization.

Implementing the TIRM process is done on a stage-by-stage basis. Initially, the context needs to be established; this is followed by an assessment of the information risks after which the causes of information risks are identified with appropriate (risk) treatments being selected. The treatments are chosen with due regard being given to the costs and benefits of implementation.

After implementation, the TIRM process needs to be monitored and reviewed on a regular basis. The learnings from the first cycle of any TIRM initiative should be applied to realize even greater benefits during the second cycle and so on. Throughout the process there are opportunities to integrate well-known risk management tools and techniques with TIRM as well as using software applications to automate some of the processes. Finally, as with any new initiative, you will face resistance from those who prefer the “status quo” and we encourage you to consider ways in which to overcome resistance and gain employee engagement by using the methods described in Chapter 13.

While the target audience for this book is managers with organizational responsibility for data and information quality, we also believe that those studying for professional qualifications and Master’s degrees in information studies as well as MBA students will find this book a suitable text. There has been a clear movement in postgraduate studies to provide students with material that is theoretical yet pragmatic so that theories can be easily applied in organizational contexts. We believe that this text fulfills this criterion.

Without any doubts, the era of the information worker is here and that calls for all organizations to understand what drives success in the Information Age. Having good data and information quality will help an organization to thrive in today’s fast-paced global economy. Managing information and, perhaps even more importantly, managing risks associated with information use are clearly rising to the top of many organizational agendas.

During the past few decades, information management has established itself as a key discipline in its own right and the processes we now propose in this book consider a dimension that, to the best of our knowledge, has not been widely discussed in the literature. We are seeking to help organizations not only face the risks inherent in trying to work with poor-quality data and information, but also to consider how best to manage and mitigate those risks.

A good information management strategy should be at the heart of organizational activity, not as a standalone initiative, but as an activity that underpins the overall business strategy and assists with the achievement of organizational goals. TIRM opens up new territory for both information management and risk management. It is therefore seen as a key component of both information strategy and risk strategy. We believe that the practices discussed in this book are applications that are worthy of pursuit for most of today’s organizations. Bringing together people from disparate parts of an organization to collaborate with each other, share their expertise and knowledge, form strong alliances, and work with similar goals in mind will surely reap success. The TIRM process provides the necessary structure to facilitate this type of effective collaboration.

In broad terms, the TIRM process represents a new way of thinking about the impact of data and information quality. We trust that it will appeal to all organizations, whatever size, in whatever sector, whether private, public, or nonprofit, and help them maximize the value of their data and information holdings. TIRM will empower organizations to find their way through the jungle of data and information and utilize them to create tangible business value and lasting competitive advantage.