Canada - English

Information Management: Risk mitigation or someone else’s problem? 

In May 2010, the International Data Corporation (“IDC”) published an EMC sponsored report entitled the “2010 Digital Universe Study” where they projected that the global growth of digital information would increase 44 fold by the end of the decade. This would bring the total volumes into the zettabyte range – a trillion gigabytes each.1

Information Management: Risk mitigation or someone else’s

As business leaders conduct their strategic planning, the technical infrastructure is a key consideration for those looking through the IT lens. How should the growth in storage demand be met? Should one move to the cloud? Could one possibly slow or manage the growth in information? For many, the increase is inevitable and the idea of slowing the growth is often relegated to being a "nice idea".


What if we were to look at the challenge of slowing growth as the primary opportunity?


A current view of information management


The term "information management" (IM) has existed for years, often perceived as a component of information technology (IT) as in IMIT which was popular a few years back. In reality though, there is a strong distinction and separation between the two terms – IT dealing with the infrastructure, access, and reliability dimensions whereas IM deals with the governance and control dimensions. IM has tended to be the lesser understood or focused upon dimension particularly as the push to just add storage has become almost a mantra – why not simply keep it all?


On one hand, keeping it all can be an attractive proposition – fairly straightforward to accomplish from a technology perspective while not needing a lot of focus from the business side. Certainly it has its attractiveness. You know that the information will all be available if it is ever needed – think about that email you know you received last year but just can't put your finger on it today – however, availability does have its downside. Information that is retained beyond the obligatory retention period – be it defined by statute or regulation – can represent a liability. From a litigation perspective this could be a proverbial smoking gun.


Another aspect of defaulting to keeping it all is that the information often remains either in a source location – network shared drives, SharePoint sites, or even local drives – or on backup media. True, it's all there, but is it really accessible and useable? What about the quality of the information? Both structured and unstructured data can suffer from quality issues that contribute to less than optimal performance management and business intelligence.


Information management today is not a topic that management generally talks about – it is assumed to be part of the IT function and the practice is generally to follow the path of least resistance – just keep it all. Now may be just the time to start talking.


Information management as a strategy


If we look at the emerging leading practices for IM, the first would be to adopt a strategic approach by looking at the holistic dimensions of IM. This strategic approach could include the dimensions of:


Information management as a strategy
Information management as a strategy

image source: KPMG


Governance – Establishing an oversight capability supported by an appropriate policy framework.


Performance Management Reporting & Business Intelligence – Through a holistic lens, the underlying challenges centre on the issue of data quality which can be addressed as part of a strategic IM effort.


Integrated Information Management (IIM) – As a central pillar to the strategy, IIM seeks to address the records/documents/data management aspects of IM. It is this aspect that is often underestimated from a value perspective.


Infrastructure – Tying the strategy back to the IT world is the underlying infrastructure – optimized for the efficient management of the information.

Rounding out this are the dimensions of Information Strategy and Business Intelligence. These, by defining the strategy for getting information into an organization and providing the capabilities to extract value from the information, enable the organization to succeed.


So why look at IM through a strategic lens (see above)? The highest value aspect is the governance dimension. In today's experience, organizations have a number of policies and committees that cover parts of the IM space – Acceptable Use Policies describe the employee responsibilities for the use of company equipment and internet access, IT Security Policies prescribe the access controls and security provisions. It is, however, the rare organization that has introduced a governance framework that includes a robust policy framework that crosses the traditional boundaries of IT and Business.


A current view of information management
A current view of information management

image source: KPMG


An Overarching IM Policy should provide the strategic direction for the organization, the supporting policies need to address the following specific dimensions:


  • The Data Management Policy provides the guidance for the structured data systems by reinforcing the principles of Master Data Management.2
  • The Document Management Policy provides the guidance for how to manage the physical and electronic transitory (non-record) documents.3
  • The Records Management Policy provides the details on how to manage those documents that are declared as records.
  • Messaging Management Policy addresses the increased use of electronic communications from email to voicemail to social media.
  • The Legal Hold Policy provides the framework for the management of legal holds – the actions surrounding the identification and preservation of potentially relevant information in response to litigation or other legal requirements.
  • The Digital Imaging Policy outlines the processes and requirements for the transformation of physical documents into an electronic format.
  • The Information Disposal Policy is often the most effective in changing the organizational culture around IM. By introducing the expectation and obligation for the regular and systematic disposal of information - records at the end of the defined retention period and transitory documents at regular intervals.


The taxonomy classification plan, list of metadata, and retention schedule are supporting elements to the policies that provide the additional granularity in the operationalizing of the policies.


Information management as a cultural transformation


While the governance framework will provide an organization with the directional controls for the adoption of information management, in and of itself governance does not fully address the solution. The true key of information management is the realization that it is a cultural transformation that affects the underlying business processes and the people themselves. By introducing the policies and practices of information management an organization is able to begin the journey of transforming their culture – empowering employees to identify and manage the records that are created in the course of their daily work; shifting from a practice of hoarding of information to one of disposing of the transitory, low value information in exchange for high value records; and confidently being able to mitigate the risks of information growth, litigation and over/under retention of information.






2 Wikipedia appropriately describes Master Data Management (MDM) as follows: In computing, MDM comprises a set of processes and tools that consistently defines and manages the master data (i.e., non-transactional data entities) of an organization (which may include reference data). MDM has the objective of providing processes for collecting, aggregating, matching, consolidating, quality-assuring, persisting and distributing such data throughout an organization to ensure consistency and control in the ongoing maintenance and application use of this information. (


3 A Record is generally defined as evidence of a business process that must be retained and managed for regulatory or legal reasons. Transitory Documents generally refers to all non-records.



Contact: Dominic Jaar or +1 514 840 2262

At Risk Volume 6, No.2

For further information, please contact any of the authors


Visit KPMG’s new Information Management and eDiscovery blog! You will find various pieces of news, in-depth analyses, and presentations given by our team members. Whether you are responsible for any aspect of Information Management or eDiscovery in your organization or simply interested by the subject, come by and comment!