On the governance of information: Introducing a new concept of governance to support the management of information

https://doi.org/10.1016/j.ijinfomgt.2010.05.009Get rights and content

Abstract

Information governance as an approach to better govern the use of information within and outside an organization is rapidly gaining popularity. A common and scientific ground for this approach has not yet been formulated. In this article the authors describe a definition for information governance, extending the common, one-dimensional approach into a more generic statement. Starting from the well-known principles of IT governance the authors further explore the aspects of both information and governance. Four hypotheses are proposed to give ground to the use of information governance. These hypotheses will be the basis for further research.

Introduction

‘Governance’ is by now a well-known term in business. It has focused on the role of boards of directors in representing and protecting the interests of shareholders. A critical role for governance is to monitor and control the behavior of management, who are hired to preside over the day-to-day activities of running the organization (Fama & Jensen, 1983).

Maybe its best known use is at the corporate level: ‘corporate governance’, as the set of processes, customs, policies, laws and institutions affecting the way a corporation is directed, administered or controlled. Corporate governance also includes the relationships among the many stakeholders involved and the goals for which the corporation is governed. The principal stakeholders are the shareholders, the management and the board of directors. Other stakeholders include employees, suppliers, customers, banks and other lenders, regulators, the environment and the community at large. Governance provides a structure for determining organizational objectives and monitoring performance to ensure that objectives are attained (OECD, 1999).

In the ICT world, the term ‘IT governance’ (or ‘ICT governance’) is well established (Van Grembergen, 2004, Weill and Ross, 2004). It is a subset discipline of corporate governance focused on information technology systems and their performance and risk management. The rising interest in IT governance is partly due to compliance initiatives (e.g. Sarbanes-Oxley (USA) and Basel II (Europe)), as well as the acknowledgement that IT is an increasingly important element of organizational products and services and the foundation of enterprise wide processes (Weill & Ross, 2004). It consists of “the leadership and organizational structures and processes that ensure that the organization's IT sustains and extends the organization's strategies and objectives” (IT Governance Institute, 2003). IT governance, hence, is an instrument of strategic business-IT alignment (Henderson and Venkatraman, 1993, Hirschheim and Sabherwal, 2001).

With the enormous growth of digitized data inside and outside the organizational boundary, and with the growth of possibilities to access this data, organizations have become aware of the need for governance of their data assets. Similar to the framework of Weill and Ross on IT governance Khatri and Brown (2010) recently published a paper, introducing the design of a data governance model.

This article takes a deviant, information based approach, built on the observation that (1) information is the missing linking pin between business and IT (Maes, 1999), (2) information is a business resource, independent of the supporting IT, and (3) information, being interpreted data, is, unlike IT and data an intangible asset. Furthermore, relevant information is more and more originating from external sources and surpassing the classical IT (basically: database) formats. As a consequence, the proper use and application of information (and not only its creation) is of vital importance and hence appropriately a candidate subject for governance. Our fundamental belief (and our premise) is that organizations with an instituted information governance process are more effective at seeking, collecting, processing and applying information and are getting more value from their and others’ information sources.

Information governance involves establishing an environment and opportunities, rules and decision-making rights for the valuation, creation, collection, analysis, distribution, storage, use and control of information; it answers the question “what information do we need, how do we make use of it and who is responsible for it?”. Investigating current practice reveals that many organizations, if not all, lack an all encompassing information governance policy (Economist Intelligence Unit, 2008), especially for external and free format information, and often the policies and processes they do have arenot effective.

First steps have been taken to define such policies and processes from a compliance perspective (Donaldson and Walker, 2004, Kahn and Blair, 2004), but the aim of this article is to define and discuss information governance in a more explorative way. To this end, we first ponder the inadequacy of IT governance to deal with the decisive role of information in present-day organizations. In section 5, we explore the value of information and discuss the governance aspects to optimize the effective use and application of information. We continue with a discussion on the aspects of governance and the various mechanisms that have been explored so far. We conclude with a research agenda in information governance. This agenda is by definition a full and wholehearted attempt to combine rigor (academically speaking) and relevance (from the point of view of practice). Information governance is “rigorously relevant” both in theory and in practice (Keen, 1991).

Section snippets

The inadequacy of IT governance

Although IT governance is now widely accepted and is considered by many authors to be a powerful and necessary instrument to improve the added value of IT investments and manage IT risks at the same time, we argue that both the foundations and the current application of IT governance also suffer from serious limitations. Some of these limitations are inherent, meaning that they logically follow from the very concept of IT governance. Other limitations are self-imposed, meaning that they are

Definition of information governance

Taking these limitations into account we introduce information governance as a ‘logical’ alternative, focusing on the seeking and finding, creation and use, and the exchange of information, and not solely on its production. Information governance is not a new term, but the proposed definition in this article is different from the approach in existing literature. Information governance was introduced scientifically by Donaldson and Walker (2004) as a framework to support the work at the National

Value creation and information governance

Information governance may be viewed as a framework to optimize the value of information in some sense to the actors involved. Our definition leads to the question to whom the value is optimized, and what the dependencies are to enable optimization of the information value. Obtaining a better understanding on the optimization of the information value and its dependencies will give a basis for the choice of a matching governance concept.

To answer the first question (‘to whom is the value

Governance concepts in sense making interactions

Governance is generally interpreted as a hierarchical framework for guidelines, policies, responsibilities, and procedures to ensure a certain level of control within an organization. But the definition of information governance does not necessarily restrict its use to one specific framework. Information governance may vary from a set of policies, a way of working, or the creation of a space within a predefined settlement (such as an online community), or it may as well apply to a framework of

Concluding section

The broad definition of information governance that was given in this paper offers opportunities for a different approach to governing the sense making interactions within and outside an organization. We explicitly put effort in the thought that governance should not be viewed as a hierarchical framework; this approach may even be contra productive in relation to managing information within a certain environment.

With the hypotheses proposed we give direction to further research that may be

Michiel Kooper is Research Fellow in Information and Communication Management at the Faculty of Economics and Business of the University of Amsterdam.

Michiel is also management consultant at KPMG Advisory and co-founder of the Research group on Information Governance at the Amsterdam University (RIGA). His research interests include foundations and governance of information and IT management, collaboration management and the role of information and sense making in organizations and society.

References (48)

  • A. Donaldson et al.

    Information governance—A view from the NHS

    International Journal of Medical Informatics

    (2004)
  • J. Peppard et al.

    Mind the gap: Diagnosing the relationship between the IT organisation and the rest of the business

    The Journal of Strategic Information Systems

    (1999)
  • Cap Gemini

    Harnessing information value: Could you be a digital winner?

    (2009)
  • N. Carr

    IT doesn’t matter anymore

    Harvard Business Review

    (2003)
  • M. Castells
    (1996)
  • Y.E. Chan

    Why haven’t we mastered alignment? The importance of the informal organization structure

    MIS Quarterly Executive

    (2002)
  • C.W. Choo

    The knowing organization, how organizations use information to construct meaning, create knowledge and make decisions

    (1998)
  • C.W. Choo

    Social use of information in organizational groups

  • C. Ciborra

    De Profundis? Deconstructing the concept of strategic alignment

    Scandinavian Journal of Information Systems

    (1997)
  • T.H. Davenport et al.

    Information ecology: Mastering the information and knowledge environment

    (1997)
  • Economist Intelligence Unit

    The future of enterprise information governance

    (2008)
  • E.F. Fama et al.

    Separation of ownership and control

    Journal of Law and Economics

    (1983)
  • A. Forte et al.

    Decentralization in Wikipedia governance

    Journal of Management Information Systems

    (2009)
  • IT Governance Institute

    Board briefing on IT governance

    (2003)
  • T.L. Griffith et al.

    Virtualness and knowledge in teams: Managing the lover triangle of organizations, individuals, and information technology

    MIS Quarterly

    (2003)
  • J.C. Henderson et al.

    Strategic alignment: Leveraging information technology for transforming organizations

    IBM Systems Journal

    (1993)
  • R. Hirschheim et al.

    Detours in the path toward strategic information systems alignment

    California Management Review

    (2001)
  • L. Hoebeke

    Measuring in organizations

    Journal of Applied Systems Analysis

    (1990)
  • L. Hoebeke

    Identity: The paradoxical nature of organizational closure

    Kybernetes

    (2006)
  • A. Huizing

    The value of a rose: Rising above objectivism and subjectivism

  • A. Huizing et al.

    Knowledge and learning, markets and organizations: Managing the information transaction space

  • H.C.A. Julien et al.

    Section III—Information use—Chapter 7—Information behavior

    Annual Review of Information Science and Technology

    (2009)
  • R.A. Kahn et al.

    Information nation—Seven keys to information management compliance

    (2004)
  • P.G.W. Keen

    Relevance and rigor in information systems research: Improving quality, confidence, cohesion and impact

  • Cited by (138)

    • Digital architectures

      2022, The Digital Supply Chain
    • We're engaged! Following the path to a successful information management capability

      2021, Journal of Strategic Information Systems
      Citation Excerpt :

      Previous studies suggested that effective business-driven IT governance encourages higher IT value (Huang et al., 2010; Wagner et al., 2014; Weill and Ross, 2005) and helps design structures and processes that enhance IT's strategic use (Weill and Ross, 2005). From the information management perspective, business-driven IT governance plays a role in achieving information management value (Kooper et al., 2011; Tallon et al., 2013). When companies have robust business-driven IT governance as an information management standard (McKeen and Smith, 2007) IT teams and business managers can create a shared understanding and solid foundation to achieve company-wide objectives and improve information usage (Sharma et al., 2009).

    View all citing articles on Scopus

    Michiel Kooper is Research Fellow in Information and Communication Management at the Faculty of Economics and Business of the University of Amsterdam.

    Michiel is also management consultant at KPMG Advisory and co-founder of the Research group on Information Governance at the Amsterdam University (RIGA). His research interests include foundations and governance of information and IT management, collaboration management and the role of information and sense making in organizations and society.

    Prof. Rik Maes is Professor in Information and Communication Management at the Faculty of Economics and Business of the University of Amsterdam.

    He is currently dean of the Executive Master in Information Management program and leader of the PrimaVera research program in information management. His research interests include the foundations of (information) management, innovative learning strategies and the role of information and sense making in organizations and society. He is particularly interested in combining information management with other disciplines, such as design, architecture and art.

    Prof. Edo Roos Lindgreen is Professor in IT Auditing at the Faculty of Economics and Business of the University of Amsterdam.

    Edo is program director of the Executive Master of IT-Auditing and is also partner at KPMG IT Advisory. At KPMG, Edo is responsible for delivering IT-audit and IT-advisory services to KPMG clients. His clients include large organizations in government, banking, communications, software & services and publishing. His research interests are on information security, information systems governance and project risk management.

    View full text