Beyond Good Intentions: Insights from the 2014 PwC and Iron Mountain Risk Index Report!

By: In: Information Management On: Jun 12, 2014

Recently, we commissioned two pieces of research conducted by Cohasset Associates and Pricewaterhouse Coopers LLP.  The goal?  Prove what we’ve suspected all along: when it comes to information management and governance, at its heart, there is no significant difference in the challenges faced by all sizes of organizations, industry verticals, or even between North America and Western Europe. Using the numbers, it appears we were right. But while I believe that our premise of “we have more in common than not” is valid, each industry is at a different level of maturity in certain aspects of information governance. This is likely due, in part, to their unique obligations, interpretation, and awareness of the risk and value of their information assets.  In our newly published PwC Risk Index Report, this is evident in the statistics related to the slightly better risk index score for companies with more than 2,500 employees (65.7 out of a possible 100) than for companies with less than 2,500 (55.3). As with the previously published 2013|2014 Cohasset Benchmark Survey Report, the PwC Risk Index Report demonstrates that the chasm between an organization’s good intentions –investing in the development of a Records and Information Management (RIM) Program – and the reality that the policy is being put to practice has not been closed since last year’s Risk Index Report.  In fact, it appears that most organizations have stalled out when it comes to embedding metrics and compliance testing into daily operations. This hinges on the fact that records and information management resources are not extensive enough on their own to police the activities of an organization’s business units (sales, manufacturing, R&D, mortgage services, etc.) – nor should they be.  They have been successful in writing and publishing policy, which is why 87% of organizations believe they have a mature RIM program in place.  But they cannot close the compliance loop – only 8% of organizations use metrics. It’s worth your time to read the PwC Risk Index Report for a number of reasons.  In particular, it shows very clearly that the majority of organizations have allowed their business units to abdicate the responsibility of managing their information to the information technology department.  While IT is perfectly receptive to, and capable of, being the custodian of your organization’s assets, they do not know what data has inherent value beyond its original purpose, what constitutes a business record, and/or when it can be defensibly disposed of.  That intelligence resides with the creators or recipients of the information within the functional areas of the organization – the same ones to whom the RIM department provides guidance. The advisory portion of the report calls for renewed and increased attention to people and processes in order to return responsibility back to the business units the responsibility creating and using data. They are more able to evaluate its risk and value, to understand workflows, identify where it is stored, and to determine how it should be managed through its lifecycle.  The end goal should be to capture and embed as much intelligence as possible about the information as it travels through a work process without putting the burden of “hands-on” management on the employee – time has shown us that they just want to “do their job.”  Only 7% of the Cohasset report respondents indicate that their employees are engaged in records and information management – – – are you? At the end of the day, the commonalities for information governance across industry verticals abound.  There are many resources for you to take advantage of on your journey to get beyond just good intentions.  In the next days and weeks, make  one of your first stops along the way – we’ll be sharing more advice on how to improve your risk awareness maturity in a responsible and pragmatic way.

← The Psychology of Records Management – Organizational Placement Matters All Business is Personal →

Leave A Comment


About the author

Sue Trombley

Sue Trombley, Managing Director of Thought Leadership at Iron Mountain, has more than 25 years of information governance consulting experience. Prior to her current role, Trombley led Iron Mountain’s Consulting group responsible for business development, managing a team of subject matter experts, and running large engagements. Trombley holds a Master’s degree in Library and Information Science and recently was certified as an Information Government Professional. She sits on the AIIM Board, the University of Texas at Austin of School of Information Advisory Council, and is President of the Boston ARMA Chapter. She is Iron Mountain’s representative on the newly formed Information Governance Initiative and is frequent speaker at association events.