|
By Sue Henczel
 In recent years, much progress has been made in the way organisations
gain value from information audits. Now there is a range of
experienced practitioners and consultants to draw upon. By using this
article, you can learn what goes into an information audit, and
prepare for data collection, analysis and reporting. You can read our
step-by-step guide for staging an information audit in the FreePint
FUMSI report Information Auditing Report and Tool Kit.
An information audit is a research process that has planning, data
collection, analysis, evaluation and reporting stages. The planning
stage is often the longest and most tedious, as it needs to examine
all aspects of the audit process and then customise them to align with
the characteristics of the organisation to be audited. The planning
stage allows you to find a project sponsor, understand how the
organisation works and the value it places on information and to
anticipate the barriers that can impact on the success of the audit
(communication, cultural, political, resource-based).
Below is an outline of the components of an information audit and some
of the preparatory processes that need to be completed prior to
commencing an audit.
Components of an information audit
Generally all information audits should have the following common
features:
- What is: An assessment of the information resources created,
acquired and used in the organisation, including an understanding of
how information flows through the organisation. Including the role
of people and information systems
- What should be: An information needs analysis derived from examining
organisational objectives and business processes. This will identify
critical information requirements
- Gap analysis: An analysis of what should be against what is
- Recommendations for action: Recommendations and actions focused
upon eradicating the gaps in terms of organisational priorities.
These are broken down into short and long term actions, and also
prioritised
- Actions: Actions that form new organisational policies, procedures,
strategies, and systems
- Performance measurement: The setting of indicators and targets to
measure the effectiveness of action related to business objectives
- Plans for subsequent audits: The cycle of subsequent audits will
depend on business need and the rate of change being experienced by
an organisation.
Prior to commencing an information audit, it is critical that those
driving the project understand their organisation including its
internal and external environments.
- The organisation's mission, goals and values determine the focus of
the project objectives
- The size and geographical diversity of the organisation determines
the ideal or necessary scope of the audit
- The internal culture of the organisation determines the type of data
gathering methodology that will work best and the timing of the
project
- The internal political situation and management structure impacts on
the levels of support, resourcing and stakeholder buy-in
- The external environment (legislative, political, economic) can
impact on how and when the audit is conducted, the level of support
it receives and the level of acceptance of the findings.
Develop clear objectives
Sometimes an audit is clearly triggered by an event that makes the
purpose clear but it is often the case that once an information audit
is put forward as a process, many different stakeholders across the
organisation will have differing purposes in mind. It is critical that
the purpose for conducting an information audit is established and
that clear objectives are defined. The objectives must be articulated
in the language of the organisation and agreed to by all members of
the audit team and key stakeholders. Ideally they should conform to
SMART criteria (Specific, Measurable, Achievable/Action-oriented,
Realistic and Timely).
Once established in the planning process, the objectives will be
refined and further defined once the project is resourced, the audit
team is formed and support for the project has been generated. You can
find an exercise to help you develop clear objectives from the
Information Auditing Report and Toolkit.
Identify key stakeholders
Stakeholders may be internal or external to an organisation, and their
support is critical to the success of an information audit. Key
stakeholders include:
- The project sponsor or champion from a strategic level of the
organisation
- Managerial stakeholders
- Operational stakeholders - those who deal with information at an
operational level (eg, staff in a call centre)
- Staff who will be directly influenced by the outcome of the audit.
Depending on the purpose and scope of the audit, stakeholders may also
include regulatory bodies, customers or the general public.
An excellent resource for understanding the role of stakeholders can
be found at <http://digbig.com/4ttnb>. Written for anthropologists,
this website is useful in that it provides definitions of
stakeholders, types of stakeholders and details of how to do a
stakeholder analysis.
Defining the scope of the audit
The issue of scope is a common problem for information auditors. If an
organisation is medium sized or large the problem is often daunting -
where do I start and who/what should the audit cover? Ultimately the
scope will be defined by the purpose of audit, strategic priorities
and resources and budget issues.
The physical scope of an information audit could be:
- Organisation-wide (preferred)
- Based around core business processes, for example processes related
to sales or marketing
- Business unit or department based
- Geographic, for example a specific site, campus, office, region,
country.
The information scope of an information audit could be:
- Information type or format, for example electronic records, inhouse
or external databases, print subscriptions, etc.
- Information related to a specific area of legal or regulatory
compliance, for example risk management, Freedom of Information
(FOI), workplace safety, etc.
Ideally, an information audit is conducted across an entire
organisation, as this provides a comprehensive view of the current
information environment - needs, usage, behaviours, flows, etc. If an
audit is scoped more narrowly, or geographically or by information
format/type, it must be realised that a full picture is not possible
as many interactions with other units and the external environment are
excluded.
Note: Sampling is only an option if there are homogenous groups that
use the same information in the same way. Therefore, the size of the
organisation and the availability of resources to conduct the audit
are inextricably linked.
Create an audit team
Consider whether in-house or external expertise and resources will be
used for the various stages of the information audit. Use cost
comparisons to support the case for additional resources from within
the organisation or authorisation to employ external resources.
When putting together an audit, the following skill groups should be
considered:
- Project Management: Skills in task and resource management
- Research: Primary research method skills in terms of questionnaire
and interview design, data analysis and evaluation
- Information Management: Understanding and managing the lifecycle of
information
- Human Resources: Skills in understanding staff development and
training needs
- Negotiation and Facilitation: Skills in drawing out key ideas and
discussion from groups of people.
The team roles required for an audit, depending on the scope would be:
- Project Manager: Coordinating and ensuring the project comes in on
time and budget, plus ensuring consistent processes for
documentation and write the final report
- Auditors: Actually carrying out the audit
- Data/information Managers: Managing data and information inputs and
outputs and conducting statistical manipulation.
It is important that staff working in the information management
function of the organisation are made aware that an information audit
is not evaluation of their own personal performance, but an assessment
of information in order to improve organisational performance. Equally
important is to communicate to them that they are the best-placed
people in the organisation to play a key role in the audit process.
Obviously heavily dependent on the scope, it can often be hard to
generally quantify costs of an information audit. The main component
of costs will be staff time - of those managing the audit and those
interviewed and surveyed. There could also be costs in terms of
technology investment if specialist software for analysis or mapping
is required.
Outsourcing
Outsourcing the work of an undertaking the audit can be attractive
proposition to an organisation if the funds are available. However
outsourcing does not mean that an organisation should lose ownership
of the audit project: there still must be drive, commitment and
leadership in order to make sure the audit achieves the desired
outcomes. It is important that subsequent information audits are
conducted in a similar manner to previous ones so that trends can be
identified and measured. If a consultant or external team is selected,
ensure that the team works closely with staff to ensure that an
understanding of the process is transferred to them.
The advantage of outsourcing can be that the company contracted can
take a detached outside view of information in the organisation
without any pre-conceived ideas. This can be very important in an
organisation where 'information politics' have been taking place with
regard to disputes over information ownership and information sharing.
However the disadvantage may be that the company contracted does not
understand your organisational culture and structure and that the
findings lack real insight.
When evaluating companies the following issues should be considered:
- Has the company worked in your sector before - do they have some
background knowledge of the issues faced by your organisation?
- What scale of audit has the company worked on before -do they have
the resources to meet your deadlines?
- What do they agree to supply in terms of survey results and reports?
What format will they be supplied in?
- Can you contact any of the other organisations audited by the
company?
- Is the company linked to software suppliers - is there an interest
related to software solutions that may be sold? Will this prejudice
the audit findings?
- What skills do the auditors that will be working on your audit have?
IT/IS? Project Management? Information Management? Negotiation?
Facilitation?
Ready to begin
Now that you know what goes into an information audit and have begun
assembling your team, you can plan data collection, analysis and
reporting. Learn all about how to run your own audit in the FreePint
FUMSI report Information Auditing Report and Tool Kit.
Sue Henczel is well known for her consulting and training in
information auditing, and in particular for her writing. Her book 'The
Information Audit: A Practical Guide', was published in 2001 by K.G.
Saur (Munich). She is the author of many chapters, articles and
conference papers and presentations on information auditing, knowledge
management, performance measurement and benchmarking.
Sue works with UNESCO and the Japanese Funds in Trust to evaluate
instructional modules for librarians in developing countries and has
recently been invited to join the United Nations consultant roster.
Related FreePint links:
![[Get Copyright Permissions]](http://license.icopyright.net/images/icopy-w.gif "[Get Copyright Permissions]")
Click here for copyright permissions!
Copyright 2008 Free Pint Ltd.
You may also be interested in:
|
