In this series, my intent is to speak to each of the Principles by way of the IGMM (Information Governance Maturity Model) http://www.arma.org/r2/generally-accepted-br-recordkeeping-principles/metrics . I will discuss all of the five levels but in most cases a 3 is a great place to be for most organizations.
What is a maturity model?
Most of the IT folks will readily understand the concept of a maturity model since it is often used in relation to a software project. The model has also evolved and is used in project management, risk management, business processes and services by government, commerce and industry.
The GAR Principles maturity model is really all about giving us metrics so we can determine where we’re at today and where we need to go in the future. Most executives today are conversant with the corporate balanced score card or some other results based management to determine whether their corporate goals for the year are met or exceeded. This may form a basis for some of their overall remuneration in the form of bonuses if these goals are achieved successfully. The maturity model in conjunction with the information management professionals in the corporation can assist in adding achievable goals and move the corporate information management program forward successfully over time. The trick here is to make sure that the goals added are in fact achievable. For instance adding a goal that says “We will select, acquire and roll out a corporate content management system this year” may not be an achievable goal whereas “Create an RFP and select a content management solution this year” may be.
There are five levels to the maturity model today ranging from 1 being substandard to 5 being transformational for each of the 8 principals. As my good friends would say “you don’t want to be at one and five may prove too costly to achieve corporately so somewhere between three and four would be an optimal place for a Corporation to reach”. In fact, ARMA says that 3 is Essential and I totally agree. Much depends on the risk tolerance of the Corporation and what type of industry sector the corporation is in. Being at three for a particular principle may be great for some industry segments and others may require a four for that same principle in order to be aligned with their peers.
Now to the Accountability Principle.
The Accountability principle really talks about having a senior executive assigned to oversee the program. It states that the Corporation must have a records management program, that appropriate policies and procedures need to exist and that the program itself must be auditable. If there’s one thing that I’ve seen over the last 20 years in the information management business it’s been that the lack of a responsible senior executive/champion has dramatically slowed down, stalled or actually killed most endeavours related to records and information management.
At a level 1 Accountability really sounds like many clients that I visit. That is, an organization with no specific point person for records management, no real senior management support for the initiative and no policies dedicated to information management. This also usually means the organization does information management things willy-nilly in a more free-for-all kind of way. The thing that the principles don’t say about this kind of an organization is that the users are often confused about what to do, where to put things and generally have no ability to find information, paper or electronic, in the organization. This is a really bad situation and generally what causes corporations to start looking at the overall information management process as something they really need to do. The other thing that usually drives initiatives like this is some really bad thing like litigation or bad press has happened facilitating the change.
Let us assume for a moment that the corporation has hit the bottom of the information management barrel and someone has told you that they would like you to deal with all of this stuff and more or less clean things up because you are a likely candidate in some way, like you have filed something into a filing cabinet in the past. By the way some of my best friends who are in charge of huge records and information management programs for worldwide organizations today started that very way so take heart.
Now how do we get to level 2?
Level 2 still has no executive or person of senior authority involved in this process. I would suggest that the first thing that you would want to do though is to get someone of some senior authority involved in order to even attempt to get past level I. Without that the chances of success are slim to none. The bright spot at level 2 is that someone, possibly you, has been assigned the task of moving your organization forward with the information management initiative. Level 2 further talks about a records management program being for paper records only. This assumes that you actually have a records management program at this point even if only for paper. If you don’t have a records management program you’re going to have to create one and there lies the rub.
So what does the records management program look like?
First you should probably have some policies stating that information management is somewhat important to your organization and this will only happen if you actually have some senior management champion that will carry that message of the importance of the program and policies to the other people in the organization.
The most common way of creating a records management program after an information management policy has been decided upon is to see what you already have in paper form. This is commonly called a box inventory and that information collected can be used to create a structure and after that some form of retention schedule which defines how long do we keep it and what do we do with it when its time is up based on legislation and regulation. The best example of this is accounting records whose life expectancy is usually dictated by the CRA (Canada Revenue Agency) as 6+ current year then destroy. So far we haven’t talked about electronic records because that is a far more complex matter than paper.
Well I guess we kind of hit it for level 2 which is create some policies, create a records management program at least for paper and get someone from senior management to care what we are doing.
This is a big deal and you should be turning cartwheels and flying to Vegas for a long weekend holiday if you have it done.
Just as a tip, you might want to hire someone that does this for a living to do an assessment on the front end of all this and lend you their experience while creating a strategic plan for moving forward. This will save you much pain as you go forward on all of the Principles.
Level 3 assumes that you have taken some kind of command in your position and everyone in your organization, whatever size that is, recognizes that you are there to help in any information management area and that they need to do something about it for the good of the corporation. Electronic records are now part of the program which means that you have bonded with your IT group and have them on board so that retention and disposition can be attached to information or as I would call it E-stuff. This also means that there is some kind of structure consistently available to those people in the Corporation that have to put things away electronically. Just so you know, it will be very difficult to do electronic records management without an appropriate software solution.
Level 3 also assumes that your program sponsor in senior management is sharing all the wonderfulness of the program with all of the other senior management people in your organization and that we have also assigned accountability to all of the information management tasks in your organization. This is really all about saying who does what and when in a consistent and appropriate kind of way based on legislation, regulation and the corporate information management policies that have been created. Oh, by the way, you can’t just create policies without training all of the users and management people what those policies actually mean and how they affect them. Also don’t forget about audit of the program to make sure that folks are actually doing what you think they are across the corporation.
Level 4 assumes there is someone of a higher level such as an information governance professional in place. You may have raised yourself to this position by now since this is a multiyear project that we are talking about and you are constantly learning from other ARMA members along the way. You may have taken your ARMA IGP (Information Governance Professional) Certification, http://www.arma.org/r2/igp-certification are ready for this and now have a records manager reporting to you as well as having a corporate wide stakeholder group that act as an oversight committee for information management of the Corporation. Wow that is a bunch of hard things.
Level 5 assumes that all senior management attach great importance to the information management program of your Corporation and that you and your records manager are highly respected participants in the senior management of the Corporation. All of your goals have been met and your program is running smoothly. In the 20 years that I’ve been doing information management I’ve rarely seen an organization that even approaches level 5 so never fear if you haven’t met level 5 because you are in really great company.
Next installment is transparency