Conducting an information audit.

• Author: Carlisle, Diane K.
• Position: Information Auditing: A Guide for Information Managers - Book Review

Managers and executives are asking more records management questions than ever before:

* Do we know that our information management procedures are in compliance with Sarbanes-Oxley?

* With what other legislation or regulations do we need to comply?

* Are we managing our information as cost-effectively as possible?

* Are there any information management implications of this merger worth considering?

According to author Steve Wood, author and senior lecturer at the Liverpool John Moores University School of Business Information, an information audit can be a useful tool for answering these questions and many others.

What is an information audit? Though definitions vary, Wood's white paper uses the definition presented in the book Business Information Management: Improving Performance Using Information Systems by Wood and Dave Chaffey: "An evaluation of the usage and flows of information within an organization." Another definition used comes from Elizabeth Orna's 2004 book, Information Strategy in Practice: "A systematic examination of information use, resources and flows, with a verification by reference to both people and existing documents, in order to establish the extent to which they are contributing to an organisation's objectives."

Although this may sound a lot like conducting a records inventory, there are some significant differences. One is that an information audit starts by asking, "What records should be created and kept," which is followed with an assessment of what already exists and a gap analysis.

The results of the gap analysis become the basis of recommendations for corrective action, which may include development of new policies and procedures, new strategies, or new systems. An information audit also specifically includes a component of performance measurement focused on improving organizational performance through the use of information. And lastly, the information audit is most successful when it is used as part of continuing improvement rather than a one-time assessment.

The author introduces a new term that should resonate with corporate officers today--information governance. Information governance is the way an organization formally manages information in accordance with business strategy and regulatory legislation. While some may say "that's what records managers have always done," sometimes using a new term reframes old stereotypes and encourages people to think of functions in a new way. For the records and...