CARRYING OUT AN INFORMATION AUDIT.

Similar documents
UNDERTAKING EMPLOYEE ATTITUDE SURVEYS.

Testing for Personal Effectiveness Checklist 164

INTRODUCING PERFORMANCE MEASUREMENT.

Managing (your relationship with) your Boss Checklist 047

Business Continuity Planning for Major Disruptions Checklist 255

Manager s Quick Guide: Project Management MANAGING PROJECTS. Driving Business Performance

IMPLEMENTING STRATEGY.

Motivating the Demotivated Checklist 221

Information Outlook June, The Information Audit as a First Step Towards Effective Knowledge Management. Author: Susan Henczel

INTERNATIONAL STANDARDS FOR THE PROFESSIONAL PRACTICE OF INTERNAL AUDITING (STANDARDS)

The Widening Horizons of Information Audit

1 Management Responsibility 1 Management Responsibility 1.1 General 1.1 General

Government Knowledge and Information Management (KIM) Professional Skills Framework Guidance for Library Management

Involve your team in continuous improvement: Content guide

HANDLING CONFLICT SITUATIONS.

International Standards for the Professional Practice of Internal Auditing (Standards)

Information governance strategy

Pathways Plus Strategic Management and Leadership

1 JOB DESCRIPTION. Faculty of Social Sciences and Law (Supplementary information for recruitment only) Professional/Administrati

Pathways to Management and Leadership SAMPLE. Level 5: Management and Leadership. Unit 509. Managing Stakeholder Relationships

International Standards for the Professional Practice of Internal Auditing (Standards)

Which qualification is right for you?

Digital Delivery, Quality and Innovation Project Officer Job Description and Person Specification

ENVIRONMENTAL AUDITING GUIDE TD 16/16/E

Internal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017)

SAMPLE MATERIAL. Pathways Plus. Strategic Management and Leadership. Level 7. Unit 7001 Personal Development as a Strategic Manager

Element IA3: Measuring and Reviewing Health and Safety Performance

International Benchmarking and Evaluation of Outreach Activities of IP Offices

Centre Assessment Guidance. for. Level 4 Certificate in Police First Line Management (QCF)

A Public Interest Framework for the Accountancy Profession

ICAEW REPRESENTATION 92/17

Role Profile. Crime Command: Support Officer

Corporate Governance Statement John Bridgeman Limited

Board committees. Role of the board

Administrative: Clear and Systematic Assessment. July 2017 Office of Assessment and Accreditation University of Miami

POSITION DESCRIPTION KEY RESULT AREAS

Assessor Assessment Pack

Centre Assessment Guidance. for. CMI SCQF Level 6 First Line Management

JOB VACANCY PORTLAND TOWN CLERK

NOT PROTECTIVELY MARKED. HM Inspectorate of Constabulary in Scotland. Inspection Framework. Version 1.0 (September 2014)

HSE INDICATOR TOOL USER MANUAL

The Advantage of Implementing a Safety Management System. Integrating Occupational Safety Management into Other Management Functions

Board Charter. Page. Contents

Executive Certificate in NGO Management in Nigeria A Training Programme for NGO Leaders and Managers

International Standards for the Professional Practice of Internal Auditing

Enhanced Risk Management Policy

DEVELOP TEAMS AND INDIVIDUALS FACILITATOR MANUAL & ASSESSMENT BSBLED401A

Is Artificial Intelligence on your Board/Audit Committee s Agenda? Hossam El Shaffei, RSM Egypt

How to plan an audit engagement

IMPLEMENT WORKPLACE INFORMATION SYSTEM CANDIDATE RESOURCE & ASSESSMENT BSBINM401A

Transition plan for Global Certification Pty Ltd ISO Bruce Smith

LEICESTERSHIRE COUNTY COUNCIL HEALTH, SAFETY & WELLBEING POLICY. July 2011 To be reviewed: July 2014

Model Induction Checklist

Level 2 Award in Leadership and Team Skills Candidate Pack

GROUP HEALTH & SAFETY POLICY

Turning. Customer Data into Profits. A Whitepaper from ProcureData

Achieve. Performance objectives

IMPLEMENT WORKPLACE INFORMATION SYSTEM FACILITATOR MANUAL & ASSESSMENT BSBINM401A

JOHN ADAIR: ACTION-CENTRED LEADERSHIP.

QUALITY CONTROL FOR AUDIT WORK CONTENTS

Pathways to. Management and Leadership SAMPLE. Level 3: Principles of. Unit 314 Managing Budgets and Resources

HSE Assurance Overview

Internal Audit Service LOCH LOMOND & THE TROSSACHS NATIONAL PARK AUTHORITY INTERNAL AUDIT PLAN

Office of the Police and Crime Commissioner Devon & Cornwall

Pathways to Management and Leadership SAMPLE. Level 5: Management and Leadership. Unit 514 Managing Change

ISO & ISO TRAINING DAY 4 : Certifying ISO 37001

LEGAL AID BOARD BOARD EVALUATION FINAL REPORT

Applicant Pack. Thank you for your interest in the CMI. The aim of this pack is to provide you with an understanding of CMI.

Sample Only Property of Cengage

CORPORATE GOVERNANCE. as at 12 September Lycopodium Limited ABN: Level 5, 1 Adelaide Terrace, East Perth Western Australia 6004

Pathways Plus Strategic Management and Leadership

MANAGEMENT AUDITS OF PROJECTS AND PROGRAMMES HOW TO IMPROVE PROJECT MANAGEMENT AND PROGRAMME MANAGEMENT QUALITY

ESSEX POLICE, FIRE AND CRIME COMMISSIONER, FIRE AND RESCUE AUTHORITY

GUIDELINE FOR WRITING A BUSINESS PLAN

appointing the chair and, if the Company has one, the deputy chair and/or senior independent director;

SAI Global. About SAI Global. The most comprehensive standards information, acquisition and management power house

1. OBJECTIVE 1.1 This Charter outlines the roles and responsibilities of the Board.

Training Needs Analysis

Skillsets and Core Competencies to Facilitate Business Transformation in the Non-Profit Community Housing Sector

Chartered Institute of Internal Auditors

CONNECTING THE INTERNAL AUDIT DOTS AN OVERVIEW OF INTERNAL AUDIT S ROLE, SCOPE, STANDARDS AND ENGAGEMENT APPROACH

Bidding and Tendering. National Occupational Standards October 2018

Canberra Convention Bureau Strategic Plan Updated July 2012 with revised targets

CSL Limited. Board Charter

Auditing data protection

Knowledge Management

BOARD CHARTER Introduction Company Board Responsibilities

Digital Industries Apprenticeship: Assessment Plan. IS Business Analyst. March 2017

Procurement Manager Outwood Grange Academies Trust. Application Pack

General Guidance for Developing, Documenting, Implementing, Maintaining, and Auditing an SQF Quality System. Quality Code. SQF Quality Code, Edition 8

QUALIFICATIONS WALES STRATEGY 2018 to 2022

Review of Information Systems Development

A Guide to Business Continuity

Candidate Information Booklet. Finance and Governance Manager (Ref FGM03/18)

GoldSRD Audit 101 Table of Contents & Resource Listing

IJB SCHEME OF DELEGATIONS TO OFFICERS

Pathways to SAMPLE. Management and Leadership. Level 3: Principles of. Unit 305 Building Stakeholder Relationships using Effective Communication

AUDIT COMMITTEES. Fulfilling annual reporting requirements

Occupational Health and Safety (OHS) Coordinator

Media Handling Procedure

Transcription:

CARRYING OUT AN INFORMATION AUDIT. Checklist 013» INTRODUCTION Information is now recognised by organisations as a key strategic asset which has a vital role to play in decision making and in improving productivity. As with any other resource, it is of critical importance to ensure that information is effectively acquired, managed and used. Easy access to information in a whole range of digital formats has brought with it problems such as information overload and the need to assess the quality of information to ensure it is reliable, accurate and up to date. Carrying out an information audit can help organisations to ensure that: information resources reflect business needs decisions on investment in systems and resources are effective there is a clear understanding of the organisation s information requirements business critical information is accessible to those who need it gaps in provision that could affect the competitive or innovative capacity of the organisation or its ability to meet customer needs are identified return on investment in information resources and systems is maximised compliance with legislation such as the Data Protection Act and the Freedom of Information Act is achieved. It can also: highlight the resources that are already available to the organisation raise awareness of the value of information to an organisation in fulfilling its mission act as an organisational learning process for effective information management identify areas of information management expertise within the organisation provide a basis for the development of an organisational information policy. This checklist provides an outline for the process of carrying out an information audit. Two common approaches to information auditing have generally been used in the past. The first, from the perspective of the information professional, which is the approach taken in this checklist, and the second from the perspective of the financial auditor. Some writers are now suggesting combining these approaches to form a single methodology.introduction text - paragraph multiple line at 1.15» DEFINITION Although, there is no universally agreed definition of information audit, the following definition developed by ASLIB is supported by authors Elizabeth Orna, and susan Henczel. This defines information audit as:

A systematic examination of information use, resources and flows, with a verification by reference to both people and existing documents, in order to establish the extent to which they are contributing to an organisation s objectives.» ACTION CHECKLIST 1. Establish objectives Start by reviewing the overall context for the audit the aims and objectives of the organisation or department and any expected changes in direction. This will provide perspective on the organisation, its key stakeholders and the information they need to achieve organisational goals. It is also important to take the structure, culture and values of the organisation into account as this will have an impact on how information is used and how it flows (or doesn't flow) through the organisation. 2. Decide on the scope of the audit An information audit may be carried out for an individual business area or across the whole organisation. You may wish to start with a limited audit to establish procedures and demonstrate benefits before moving to a more comprehensive and complex audit. Decide, for example, whether the audit will cover: information acquired from external sources and/or generated internally electronic information resources and/or any paper-based information and whether it will be comprehensive, or focus on specific issues such as: identifying specific information needs improving efficiency or cost effectiveness managing the flow of information within the organisation. Consider also which categories of information should be included, for example: customer information competitor intelligence and market research broader information on the business environment and sectors of interest financial results personnel records research and development reports operational reports. 3. Secure support at senior level The support of senior management will be vital for gaining the resources needed to carry out the audit and take action on the results. Make sure that managers have a clear understanding of the objectives of the audit and the benefits that can be expected from it. 4. Decide who will carry out the audit Weigh the pros and cons of using in-house staff, engaging an external consultant, or a combination of both, to plan and carry out the audit. One option is to put together an internal audit team in order to bring in a range of knowledge, skills and experience, and to include those with standing and influence in the organisation.

5. Plan the audit It is important to identify in advance precisely what you need to find out and to put in place an effective strategy for gathering the required information. Broadly speaking an organisational information audit focuses on: the information available how information is used the relationships that govern the flow of information. It needs to establish: what the current position is what is ideally required what can be done to address the difference between the actual and the ideal how improvements in provision and efficiency can be made. Areas that may be covered by an information audit include: What information is needed to achieve organisational objectives? Which information is business critical and which is desirable or nice to have? Who needs access to it? What information resources are currently available? What mismatches exist between what is available and what is needed? Are there any gaps in provision or is any unnecessary information acquired? How is information acquired or collected? By whom? How much does it cost? Is there any duplication of effort or unnecessary expenditure? What budgets are allocated and how are they controlled? Are budgets adequate or excessive? How is information created within the organisation? By whom? How is it captured, made available, and used by others? How is information organised and stored? What IT systems are in place? How is information delivered? Is it accessible to all who need it? How is information being used and by whom? Is it being shared and used effectively? Which information is not being used? Who is responsible for information handling and management? Do they have the knowledge and skills they need? Are training and development required? How does information flow through the organisation? How is this controlled and by whom? What factors hinder or facilitate the flow of information? What policy documents, guidelines or procedures are in place? How are compliance issues handled? Who is responsible for ensuring that legal requirements relating to matters such as data protection, privacy and freedom of information are met? Who is responsible for the security of personal or commercially sensitive information? Are adequate controls and procedures in place? Keeping the objectives and scope of the audit in mind, consider how these should be addressed. Consideration must also be given to how the information will be recorded choose formats that will be easy to use and will facilitate analysis and evaluation. 6. Establish measures of effectiveness Think about how you will assess the importance of the data you collect. For example, you may gather information on where files of information are kept but their value will depend on how the information is used. It is relatively easy to calculate the cost of acquisition, processing, storing and delivery of information, but this will not necessarily indicate the value of the information to the organisation. Value or effectiveness may be

assessed in more interpretative or qualitative terms, such as accuracy, relevance and contribution to decisionmaking, ease of use and impact on efficiency, as well as return on investment in terms of the bottom line. 7. Collect the information Those responsible for the audit need to establish a method of carrying out the investigation, securing access to the appropriate people and the relevant documentation. Methods that can be used for data collection include: physical audit questionnaires observation interviews with key staff focus groups. 8. Analyse and evaluate the results Once data has been gathered and recorded, examine the emerging patterns in terms of efficiency, effectiveness and cost-effectiveness. Ask questions such as: To what extent does this activity or resource support objectives, or help to meet targets? How efficient is it in terms of the time, and cost, required? Are any positive (or negative results) directly or indirectly related to it? Does it (and can it?) need to be adapted to fit changing needs? Is there a good or a bad fit between the resources available and information needs? Are there any information gaps? Or is any information superfluous? Are there incidences of information disappearing into a black hole without being used? Are there gaps where results are not forthcoming because responsibility for information process has not been assigned? 9. Map information flows As part of your analysis, map out a chart showing how information comes into and out of the organisation and how it passes from person to person and from one business unit to another. This will help to identify fault lines and gaps that need to be plugged, blockages and bottlenecks that need to be cleared and overflows that need to prevented. 10. Report on findings You should now be in a position to identify problem areas which need to be addressed and opportunities that can be exploited. Where necessary, research alternative means of acquiring and providing information, and draw up proposals for making processes and procedures more effective and improving efficiency and cost effectiveness. Summarise your findings and make clear and concise recommendations, in line with your stated objectives, focusing on the potential benefits. Consider how best to communicate your proposals effectively to decision makers and other stakeholders. 11. Implement recommendations An information audit is useless unless it is acted on. Once changes have been approved, put together an action plan, making the reasons for change and the expected benefits clear to all those involved.

12. Plan for the future The successful implementation of improvements in one area of the business may pave the way for additional audits to cover more areas of the business or the organisation as a whole. Bear in mind, too, that the information needs of the organisation will change over time as new areas of business open up, new products and services are developed or old ones discontinued. The availability and cost of specific information resources will also need to be reviewed at regular intervals. Ask yourself: Are the resources subscribed to still the most cost effective? Is the information available still of high quality in terms of accuracy and currency? Is it still relevant and authoritative? Are processes and procedures working smoothly? Are new staff made aware of the resources available to them?» POTENTIAL PITFALLS Managers should avoid: taking too much of people s time by asking more questions than necessary describing the current situation without analysing the reasons underlying it making promises at the information gathering stage trying to cover too much at once thinking that an information audit is a one off task.» ADDITIONAL RESOURCES BOOKS The data asset: how smart companies govern their data for business success, Tony Fisher, Hoboken NJ: John Wiley, 2009 Strategic information management: a practitioners guide, Jela Webb, Oxford: Chandos Publishing, 2008 Introducing information management: the business approach, Matthew Hinton ed. Oxford: Elsevier Butterworth-Heinemann, 2006 Information strategy in practice, Elizabeth Orna Aldershot: Gower, 2004 The information audit: a practical guide, Susan Henczel Munich: K G Saur, 2001 This is a selection of books available for loan to members from CMI s library. More information at: www.managers.org.uk/library RELATED CHECKLISTS 049 Internal audit 150 Handling information avoiding overload 166 Knowledge management

INTERNET RESOURCES Information Commissioner s Office www.ico.gov.uk Provides information on legislation relating to data protection, privacy and freedom of information. Information and Records Management Society http://www.irms.org.uk/ Information Audit guidelines and guides on related topics. ORGANISATION» NATIONAL OCCUPATIONAL STANDARDS FOR MANAGEMENT & LEADERSHIP This checklist has relevance for the following standards: Unit C2 Manage information, knowledge and communications systems Unit C3 Manage knowledge in your area of responsibility» MORE INFORMATION e enquiries@managers.org.uk t +44 (01536) 204222 w www.managers.org.uk p Chartered Management Institute Management House, Cottingham Rd, Corby, Northants, NN17 1TT This publication is for general guidance only. The publisher and expert contributors disclaim all liability for any errors or omissions. You should make appropriate enquiries and seek appropriate advice before making any business, legal or other decisions. Revised May 2013

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback