Information Audit

No matter what the size of the organisation it will know exactly how many assets it has, be they hand-dryers, desks, buildings, financial reserves, employees and customers. Each will be listed in a database and collectively they will appear, in some form or another, on the balance sheet. However there will no line item for information assets. The traditional way of checking on corporate assets is through an audit process. In this respect information assets are no different. Information audits have become more widely adopted through the process of migration. Without knowing the number and characteristics of the assets it is impossible to plan the migration. The website of a consulting company offering migration services states “Before migrating anything, you must know your existing content inside and out – quantity and quality, analytics, patterns, problems, and holes.” However it offers no advice on how this should be carried out! There are certainly software tools that will provide counts of files based on metadata tags, but I would argue that is not an information audit at an organisational level. At best it is at an application level.

Information audits developed out of the information resources management (IRM) movement in the USA in the 1970s and 1980s led by Forest Woody Horton and Neil Burk. Their primary focus was on ‘information mapping’ and was catalysed by the Paperwork Reduction Act 1980. Tom Davenport also played an important role in IRM. He argued that seeking to map all aspects of a business is misleading and inappropriate and that businesses need to select a domain to map and ‘drive detail with usage’. In the UK Elizabeth Orna gained a reputation for innovative approaches to information management, and there is a substantial section in her book Practical Information Policies published in 1999, about how to undertake an information audit. In a series of papers published in the International Journal of Information Management (not open access) in 2007 and 2008 Steven Buchanan and Forbes Gibb considered information auditing in considerable detail, culminating in a paper entitled ‘The Information Audit: Theory versus Practice‘ in which they presented the outcomes of some case studies which validated their methodology.

In 2010 and 2012 two papers of exceptional quality were published in Business Information Review (not open access) by Peter Griffiths, who was one of the most senior information managers in the UK Civil Service. His 2010 paper is notable in comparing the audit approaches adopted by the information profession and the financial audit profession. The theme of his 2012 paper is on the need for common guidelines and standards, incorporating work by Graham Robertson. Sadly Peter Griffiths died before he could publish further papers on his research and experience. Other than the paper by Buchanan and Gibbs there were no rigorous case studies of information audits published until Alice Jones, Alistair Mutch and Néstor Valero-Silva published an outstanding paper on ‘Exploring information flows at Nottingham City Homes‘.  One of the major challenges in an information audit is how to capture and present the outcomes of the audit, and these are assessed by Andre Schneider in his thesis for the University of Koblenz. The text is in English.Two other references are worth noting. In 2001 Susan Henczel, an information consultant based in Australia, wrote ‘Information Audits – a Practical Guide‘ based on her own experience in undertaking information audits. The Wikipedia entry for Information Audit has clearly been written by someone with an excellent knowledge of the subject. However despite the fact that it was revised in July 2016 the papers listed in this paragraph are not included, nor is there is there a citation to Elizabeth Orna’s book.

See also Information Audit, Information Governance, Information Management

Martin White

October 2016

To find out more about the unique range of information management consulting services please get in touch