Presentation on theme: "LN-4 Information Management Strategy"— Presentation transcript:
1LN-4 Information Management Strategy ITECH 1005/5005: Business Information SystemsLN-4 Information Management StrategyDr Zhaohao SunGSITMS, University of BallaratI updated it to 39 slides onI updated it and add two slides to 41 slides based on Chaffey 2011 on
2Objectives and Outcomes After reading this chapter or LN-4, you will be able toJustify the need for a defined information management (IM) strategy;Relate IM strategy to other organizational strategies;Describe the management issues that need to be addressed in an IM strategy.
3Management IssuesTypical questions facing managers related to this topic:Do we need an IM strategy?How does the IM strategy relate to IT/IS and knowledge management (KM) strategies?How should we structure and resource information management?Which management controls should be built into an information strategy?
4Organisational Strategy Organisational strategy defines the future direction and actions of an organization or part of an organization. For example, Johnson and Scholes (2003) define organizational or corporate strategy as: ‘the direction and scope of an organisation over the long-term: which achieves advantage for the organisation through its configuration of resources within a changing environment to meet the needs of markets and to fulfil stakeholder expectations.’Chaffey 2011:163
5Strategy ElementsThis definition highlights the following elements of strategy:1. Strategies define the future direction of an organization.2. Strategies are devised to achieve advantage for the organization (strategic objectives).3. Strategies define the allocation of resources to achieve this advantage.4. Strategies are primarily driven by the needs of the organization, but also by the needs of stakeholders such as shareholders, customers, suppliers or employees.5. Strategies should be responsive to the dynamic environment in which an organization operates.Chaffey 2011:163
6IM StrategyIM Strategy define management approaches to the organisation, control and application of organisational information resources through coordination of people and technology resources in order to support organisational strategy and processes.Information assets of an organisation is a resourcePeople resourcesTechnology resourcesThey must been structured and controlled.Chaffey 2011:163
7Why is an IM strategy needed? Information is an assetKnowledge is powerData and informationData are the raw numbers or facts. Information is produced when those data are analysed. Knowledge is having an understanding of the significance of that informationData and information needs-concerns about data qualityData and information needs-concerns over time, quality and cost.Chaffey 2011:164Data are the raw numbers or facts. Information is produced when those data are analysed. Knowledge is having an understanding of the significance of that information
8The Information lifecycle The sequence of activities involved in IM from creation through to permanent deletion of information.Information lifecycle consists of the following activities (steps): capture, organise, process, maintain, and destroy.See Fig The Information lifecycleChaffey 2011:166
9Organisational problems of poor data quality Poor customer service (can’t answer queries)Poor decision making (relevant info unavailable)Difficult to win new business (B2B)Poor understanding of market dynamics and customer needs (B2C and B2B)Difficult to control through management metricsInformation cannot be used to deliver value
10Example problems with information management Mini case 1 – the utility companyUtility companies are fighting tooth and claw to gain and retain customers. One utility company estimated that it lost an average of 30 customers per day or more than 10,000 customers per year, because staff did not have access to the right information to handle customer queries. This was equivalent to $5.5 million in lost revenue.Mini case 2 – the bankInconsistent information and structures between different systems often means that the same data have to be entered into more than one system. A study at a UK bank estimated that duplication of effort totalled more than $3.2 million per year.Mini case 3 – the insurance companyAn insurance company spent $67 million developing a replacement information system. After acquisition of another company, they found it would cost nearly the same amount to adapt the system to their new requirements. If the previous system had an adaptive information architecture this effort and cost would have been avoided.Note that Figure 4.2 Responsibility for data management strategy has been removed from Chaffey 2011, Z SunSource: Evernden and Evernden (2003)
11Problems with organisational data quality Figure 4.2 Problems with organizational data quality (Chaffey 2011:168)
12Benefits of an IM strategy It becomes possible to integrate all information activities, and to use all information quickly and effectively to make efficient business decisions.Promotes openness of communications throughout the company, both between and within levels.Will foster a culture of innovation and knowledge sharing.Forms a sound strategy for investment in information systems and technology.Ensures that awareness of opportunities and threats is communicated throughout the company, and allows timely responses to these.information managementSource: Orna (1999)
13Principal options for ownership of IM strategy Figure 4.4 Principal options for ownership of IM strategyChaffey 2011:174
14Schools of Studying Business IM Different academic fields of study related to business IM also have different emphases.These naturally mirror the information-led and technology-led approaches of businessThe main fields of study are (named as school of)IM, IT/IS, Knowledge management (KM)Behaviour controlManagement control.Chaffey 2011:175In what follows, we review each of these schools.
15Information Technology School Focus:Selecting appropriate technology to support decision makingTypical job titles:IT or IS ManagerStrengths (+) and weaknesses (-):- IT applied to support operational and tactical decision making- IT less effective in supporting strategic decisions involving unstructured dynamic information- Focus on Return on Investment (RoI) of new systems- Limited focus on how information is used by peopleChaffey 2011:176
16Information Management (IM) School Focus:Managing the information lifecycle for different types of information. Knowledge management.Typical job titles:Chief Information Officer (CIO),Information or library services managerStrengths (+) and weaknesses (-):+ Information viewed as a strategic resource to be managed- IM not commonly viewed as of strategic importance, so often relegated to low-level departmental roles- Difficult to establish value of information and ROI for knowledge management (KM) initiativesChaffey 2011:176ROI:= return of investment
17Behaviour and Control School Focus:Improving people’s information usage behaviours and values (Informal, but related to KM activities sometimes instigated through human resources)Typical job title:HR ManagersStrengths (+) and weaknesses (-)+ Recognises the importance of motivating, rewarding and managing staff to promote change to best practices- Improving Information usage and behaviours not seen as a significant part of the role for HR- Limited research and dissemination of best practice on this topicChaffey 2011:176HR: human resources
18Management Control School Focus:Using information to manage people and link their performance to business performanceTypical job titles:Chief Executive Officer (CEO), senior managers and directorsStrengths (+) and weaknesses (-):+ Helps to link individual and business unit performance to company performance- Control viewed negatively by staff as a way of making them ‘work harder’ rather than ‘work smarter’Chaffey 2011:176This school
19Strategy needed for effective BIM IM Strategy (Ch 4)KM Strategy (Ch 5)IS Strategy (Ch 6)business information managementDifferent forms of strategy needed for effective business information managementThis is corrected from a wrong picture provided by the author.- ZsunFigure 4.5 Different forms of strategy needed for effective business information management (Chaffey 2011:177)
20Developing an IM strategy Stages in the Strategy Process (SOSAC)1. ‘Where are we now?’ – the situation analysis (S).2. ‘Where do we want to be?’ –the vision and objectives (O).3. ‘How are we going to get there?’ – the strategy (S).4. ‘How do we introduce the changes?’ – the implementation of the strategy (Action: A).5. ‘How are we doing?’ – the monitoring and control of strategy (Control: C).Chaffey 2011:177the Strategy Process consists of five typical stages which constitute a lifecycle of the Strategy Process(SOSAC) is based on the Chaffey 2009, E-Commerce management.
21IM Strategy IssuesTen strategic issues (The Hawley Committee IM Guidelines)1 Information relevance2 organizational significance of information management3 Legal and ethical compliance4 Assessing information value5 Information quality6 Legal and ethical compliance with specific reference to information lifecycle management7 Information management skills of employees8 Information security including risk management9 Maximising value from information10 Information systems strategyChaffey 2011:179Ten strategic issues were introduced by The Hawley Committe strategic issues (1995)
22IM is concerned with How information is acquired, recorded and stored Where information resources are located in the organization and who has responsibility for themHow information flows within the organization and between the organization and the outside worldHow the organization uses it [information quality]How people who handle it apply their skills and co-operate with one anotherHow information technology supports the users of informationWhat information costs and the value it contributesHow effectively all these information-related activities contribute towards achievement of the organization’s objectivesChaffey 2011:177; Ornas IM issues (1999)Practical Information policies by Elizabeth Ornas (1999). She believed that IM is concerned with ….
23Information policy, audit and strategy Elements of Information Resource Management:1. Identification.2. Ownership.3. Cost and Value.4. Development.5. Exploitation.Frameworks for IM 3 – The Willard model1. Identification. The discovery of information resources and the recording of their features in an inventory2. Ownership. The establishment of responsibility for the upkeep of an information resource3. Cost and Value. Assessment of the cost of an information resource and its value to the organization4. Development. The further development of an existing information resource to enhance its value to the organization5. Exploitation. The processes which may allow a resource to generate further value through conversion into an asset or a saleable commodityFigure 4.5 The relationship between Orna’s tools for IM (Chaffey 2011:182)Source: BIM
24IM Themes and approaches There are many themes and approaches in IM Strategies.themes and approaches:= topics.Themes (5)Information value, Information quality, Information security, legal and ethical compliance, KM, Technology supportApproaches (6):Structuring the IM function, Responsibilities, Information resource analysis, Information policy, risk managementChaffey 2011:6 themes, 5 approaches for IM strategies. I will look at each of them in a little more detail in what follows. –ZsunAll these are special topic for research in IM, IT and IS and computing and chapters in the textbook.
25IM Theme 1: Information Value An IM strategy forces an organisation to question the value of its information.Information can be classified into 4 categories according to its value to current strategy and future strategy:Strategic information.Information is critical to business and of greatest value.High potential information.The potential value to the business may be high, but it is not confirmed.Key operational information.Information is essential for core processes and its value is enhanced by horizontal integrationSupport information.Needed for supporting the operation of the businessChaffey 2011:183-41. Strategic information. Information is critical to business and of greatest value. This includes the information used for corporate performance management such as objectives, performance metrics and business drivers. It also refers to external information such as competitive intelligence and market information.2. High potential information. The potential value to the business may be high, but it is not confirmed. Knowledge management could fit into this category in some organizations as they assess whether it is likely to become strategic information in future.3. Key operational information. Information is essential for core processes and its value is enhanced by horizontal integration. This is the largest volume of information about sales transactions and customers. It is of limited value for future strategy, but relevant to implementing the current strategy.4. Support information. Needed for supporting the operation of the business, but of little strategic value. This would include information about staff such as time sheets and holiday bookings. Management of this information is a low priority, although it still needs to be accurate and cost effective.
26IM Theme 2: Information Quality (Chaffey 2011:185) Content dimensionAccuracyInformation correctRelevanceInformation can support decision makingCompletenessNo data items missingConcisenessInformation is not too detailedScopeMay be broad or narrow, internal or external to the organizationTime dimensionTimelinessAvailable when needed. Immediate or real-time information is a common requirement. Alerts are also a requirementCurrencyInformation is up-to-date.FrequencyInformation supplied at appropriate regular intervalsTime periodA time-series covers the right period of timeForm dimensionClarityInformation readily interpretedDetailBoth summary ‘dashboard’ views and detailed ‘drill-down’ views may be requiredOrderData sorted in a logical order and can be modifiedPresentationTabulations and graphsMediaHard copy (print-outs) and soft copy (electronically stored and displayed)See Chapter 10 or LN-10 for detail
27IM Theme 3: Information Security BS7799 standard defines the following process for information security:Plan - business risk analysisDo - internal controls to manage the applicable risksCheck - a management review to verify effectivenessAct - action as necessaryTen guiding principles (see LN-11):1. Security Policy2. Security Organization3. Asset Classification & Control4. Personnel Security5. Physical & Environmental Security6. Communication & Operations Management7. Access Control8. Systems Development & Maintenance9. Business Continuity Planning10. Compliance(Chaffey 2011:186-7)BS7799 standard is a security standard:See Chapter 9 and 12. or LN-9 or LN-12 for more detail
28IM Theme 4: Legal and Ethical Issues Examples of information privacy issuesSharing customer data with a third party without the customer’s consent.Sending out unsolicited to a consumer.An from an employee which denigrates another organization or defames an individual.Monitoring employee access to data and online services.Not providing online access suitable for those with visual impairment.Records access – The modification, the person who modified it and time it was made should be recorded.Records Disposal – The information policy may need to specify how long records are kept before they are deleted for legal compliance.(Chaffey 2011:187-8)See Chapter 12, or LN-12
29IM Theme 5: Knowledge Management Typical questions facing managers related to KM (Week 5, LN-5):How do we use knowledge to increase organizational efficiency and competitiveness?How can ICT support a knowledge management strategy?What are typical barriers to effective knowledge management?How should knowledge management strategy be aligned with corporate strategy?(Chaffey 2011:188)
30IM Theme 6: Technology/System Support Typical questions facing managers related to this topic (Chapter, 2, 3, 6):How should we align IS strategy with business strategy?How should Information and Knowledge management strategies be integrated with IS strategy?Who should be responsible for IS strategy within an organization?How can organizations evaluate and control the effectiveness of IS strategy?(Chaffey 2011:188)
31IM Management Approach 1: Structuring the IM function An information management unitis responsible for IM strategy within an organisation.provides a focus for improving IM that everyone in the organization is aware of.The creation of this unit demonstrates a commitment by senior management to IM since they have empowered the group with the resource and responsibility to improve IM.Chaffey 2011:189IM management approach 1. Structuring the information management function
32IM Management Approach 2: Responsibilities Evernden and Evernden (2003) suggest that when developing an information architecture for an organization, there should be four types of responsibility or ownership:1. Governance responsibility.2. Stewardship responsibilities.3. Infrastructure responsibilities.4. Usage responsibilities.Chaffey 2011:192IM management approach 2. ResponsibilitiesEvernden and Evernden (2003) suggest that when developing an information architecture for an organization, there should be four types of responsibility or ownership:1. Governance responsibility. Managers responsible for the overall directional and control of information management. Their work involves obtaining funding for projects and systems to improve information and quality and ownership for their implementation.2. Stewardship responsibilities. Information stewards are responsible for quality of information and this involves activities such as information capture or creation, dissemination and deletion.3. Infrastructure responsibilities. This is creating the right environment for using information. This is a more technical role involving setting up and integrating information systems, creating database structures or information architectures for web site pages and protecting the information resource.4. Usage responsibilities. Usage is the responsibility of the end-user of information. Beyond actually using the information, activities include assessing information for quality and highlighting problems with quality.
33JISC Responsibilities The joint IS committee (JISC) of the UK suggests that it is important to identify clear responsibilities for information. They envisage five main roles:Information strategy committee.Information (strategy) manager/director.Information custodians.Information users.Information service.Chaffey 2011:1931. Information strategy committee. Involved in initial development of strategy and to monitor implementation and operation. It is recommended that the chair is very senior – Pro-Vice Chancellor or equivalent.2. Information (strategy) manager/director. This person is custodian of the information strategy and is expected to be capable in project and change management.3. Information custodians. Responsible for maintaining standards for a defined set of information items.4. Information users. These include academic and administrative staff, students, prospective students, alumni, industry, the funding councils, research councils.5. Information service. This is a combination of the library or information service within the university. JISC notes that some institutions have found it desirable to merge the two main information services (library and computing) under a single managerial head (and reporting to one committee) since the difference between types of information (and forms of access to them) continues to diminish.
34The CIO Chief information officer (CIO) Managers with responsibility for information assets and/or IS strategy.CIO is a senior post with a wide remit and that it has a 'dotted line' chain of command linking the CIO into decisions made on IT and information services within each of ICI's four business units.in several cases, companies were confused by the question of whether they had someone that fitted the description of a chief information officer (CIO). They tended to say:‘Yes, we have a CIO, but he (and it is usually a he) handles IT without ever getting involved with information services.’Chaffey 2011:194Information World Review (2003) reported that in several cases, companies were confused by the question of whether they had someone that fitted the description of a chief information officer (CIO). They tended to say:‘Yes, we have a CIO, but he (and it is usually a he) handles IT without ever getting involved with information services.’ICI, the chemicals group, was one of only a few to have a traditional CIO. In ICI, it is Anthony Foster who works just below board level and reports to the chief executive since the departure of the chief operating officer. The company explained that this is a senior post with a wide remit and that it has a 'dotted line' chain of command linking the CIO into decisions made on IT and information services within each of ICI's four business units.
35IM Management Approach 3: Information Resource Analysis Information audit and information mapping are two techniques for Information resource analysisa systematic examination of information use, resources and flows, with a verification by reference to both people and existing documents, in order to establish the extent to which they are contributing to an organization's objectives.Information audit: an evaluation of the usage and flows of information within an organisation.Chaffey 2011:192IM management approach 3. Information resource analysisAn information audit has been defined by the Aslib Information Resources Management Network, referenced in Orna (1999), as:‘a systematic examination of information use, resources and flows, with a verification by reference to both people and existing documents, in order to establish the extent to which they are contributing to an organization's objectives.’
36Information MappingAn approach for identifying the value of and relationships between organisational information resources.Using this approach ‘information resource entities (IREs)’ are identified. These include information sources, systems and services. IREs are then plotted on a organizational information matrix with these axes:Information holdings (goods that produce revenues and reports)Information handling function (responsibilities for managing information such as library or information resource)Information content (specific content)Information media (form in which information is captured, stored or accessed such as internal mail, application, intranet, )Chaffey 2011:197
37IM Management Approach 4: Information Policy Information Policy is a statement of an organisation’s approach to IM.Information policy should be :At the level of principlesFairly short statements (providing principles by which future action may be conditioned)Each developed at one go (as a result of preparatory work)Meant to be robust enough to last (not detailed action plans)This differs from the information strategy which is used to support action through a plan for a specific period (yearly, three yearly).Chaffey 2011:197IM management approach 4. Information PolicyOrna (1999) characterises information policy as follows:At the level of principlesFairly short statements (providing principles by which future action may be conditioned)Each developed at one go (as a result of preparatory work)Meant to be robust enough to last (not detailed action plans)This differs from the information strategy which is used to support action through a plan for a specific period (yearly, three yearly).
38IM Management Approach 5: Risk management Risk management is used to identify potential risks in a range of situations and then take actions to minimize the risks.Risk management typically has these four steps:1. Identify risks including their probabilities and impacts.2. Identify possible solutions to these risks.3. Implement the solutions targeting the highest impact, most likely risks.4. Monitor the risks to learn for future risk assessment.Chaffey 2011:199
39Risk management assessment for IM (Chaffey 2011:199) Area of riskSolution for reducing risk1Accidental damage or loss (including disk corruption)Back up and restore procedures (See Chapter 11 for further details)User education2Deliberate acts of theft, abuse, vandalism etc.Security procedures such as anti-virus software, firewalls (See Chapter 11)Employee contracts and disciplinary procedures3Loss of peopleEmployee contractsSuccession planning4Inaccurate or untimely informationValidation and verification procedures (see Chapter 11)Staff development and training5ExternalrelationsSecurity proceduresContractual measures6Intellectual Property Rights (IPR)Registration of IPR7Destruction of facilitiesDisaster recovery planning (See Chapter 11)8LegalaccountabilityProtection and securityEmployee training
40SummaryJustify the need for a defined information management (IM) strategy;Relate IM strategy to other organizational strategies;Describe the management issues that need to be addressed in an IM strategy.Read the summary in Chaffey ( )