How CFOs should tackle information management: while businesses rely on the IT department and CIO and CTO for things technological, the CFO should be involved in key decisions associated with creating an IM strategy.

• Author: Green, Robert P.
• Position: STRATEGIC PLANNING - Chief financial officer - Chief information officer - Chief technical officer - Information management

Consider the strategic value of your business information. Where is it in the hierarchy among your key assets? Is it first or second? Between information and employees, you should have numbers 1 and 2 sewn up!

Businesses win coveted, well-publicized awards for best practices in how they manage their work environment and take care of their employees. Know of a company that's been rewarded for being exemplary at strategically managing and making the most of its information? Likely not. Yet, the practices that manage information, like people management, can have a dramatic impact on the success--or failure--of any business, big or small.

Strategic information management practices and methods, although often considered the responsibility of the chief information officer (CIO), have evolved to a point where they should be evaluated and implemented with the blessing and guidance of the CFO. This is not withstanding the fact that publicly traded companies must involve the CFO in this activity due to the Sarbanes-Oxley Act of 2002.

If your business is like most, it relies on its information technology (IT) department, CIO and/or chief technology officer (CTO) for most anything technological. That's well and good, but, in addition, from a fiduciary perspective, the CFO should be involved in key decisions, and he or she needs to play a driving role in creating an information management (IM) strategy.

'Information Management' and the CFO Role

IM involves mature, executive-sponsored practices to address how information serves a business and how a business serves its information. This is a top-down strategy, seeking to glean the value from IT and not support IT for the sake of IT. It starts with a focus on determining specifically what information is key to the success of a business.

The result is an executable strategic IT plan that addresses how, when and where to capture, store, process, secure and use digital information. Such a plan is a roadmap, with the directions being provided by IM considerations and actions.

Many growing, dynamic businesses don't take time to prepare strategic IT plans, much less consider the valuable "what, how, when and where" considerations. Such planning and related projects are often deemed of minor importance and delegated to the IT staff, and often without input from management.

The lack of priority towards IT planning can be most evident when considering the pervasive lack of disaster recovery and business continuity planning and management surrounding key business information. In the opening question regarding information and employees, surely, Human Resources (HR) departments go to great lengths to provide for the safety of employees in the event of a disaster. But often, similar plans for information protection and business systems resumption following a disaster are far less comprehensive, and not often put to a legitimate test.

The CFO can...