CRICOS Provider Number 00103D 1 LN-4 Information Management Strategy ITECH 1005/5005: Business...
-
Upload
nathaniel-mcallister -
Category
Documents
-
view
218 -
download
5
Transcript of CRICOS Provider Number 00103D 1 LN-4 Information Management Strategy ITECH 1005/5005: Business...
CRICOS Provider Number 00103D
1
LN-4 Information ManagementStrategy
ITECH 1005/5005: Business Information Systems
Dr Zhaohao SunGSITMS, University of Ballarat
CRICOS Provider Number 00103D
2
After reading this chapter or LN-4, you will be able toJustify the need for a defined information management
(IM) strategy;Relate IM strategy to other organizational strategies;Describe the management issues that need to be
addressed in an IM strategy.
Objectives and Outcomes
CRICOS Provider Number 00103D
3
Typical questions facing managers related to this topic:Do we need an IM strategy?How does the IM strategy relate to IT/IS and
knowledge management (KM) strategies?How should we structure and resource information
management?Which management controls should be built into an
information strategy?
Management Issues
CRICOS Provider Number 00103D
4
Organisational strategy defines the future direction and actions of an organization or part of an organization. For example, Johnson and Scholes (2003) define organizational or corporate strategy as:
‘the direction and scope of an organisation over the long-term: which achieves advantage for the organisation through its configuration of resources within a changing environment to meet the needs of markets and to fulfil stakeholder expectations.’ Chaffey 2011:163
Organisational Strategy
CRICOS Provider Number 00103D
5
This definition highlights the following elements of strategy:1. Strategies define the future direction of an organization.2. Strategies are devised to achieve advantage for the
organization (strategic objectives).3. Strategies define the allocation of resources to achieve
this advantage.4. Strategies are primarily driven by the needs of the
organization, but also by the needs of stakeholders such as shareholders, customers, suppliers or employees.
5. Strategies should be responsive to the dynamic environment in which an organization operates.Chaffey 2011:163
Strategy Elements
CRICOS Provider Number 00103D
IM Strategy IM Strategy define management approaches to the
organisation, control and application of organisational information resources through coordination of people and technology resources in order to support organisational strategy and processes. Information assets of an organisation is a resourcePeople resourcesTechnology resourcesThey must been structured and controlled. Chaffey 2011:163
6
CRICOS Provider Number 00103D
Why is an IM strategy needed?
Information is an asset Knowledge is power Data and information Data are the raw numbers or facts. Information is
produced when those data are analysed. Knowledge is having an understanding of the significance of that information
Data and information needs-concerns about data quality Data and information needs-concerns over time, quality
and cost. Chaffey 2011:164
7
CRICOS Provider Number 00103D
The Information lifecycle
The sequence of activities involved in IM from creation through to permanent deletion of information.
Information lifecycle consists of the following activities (steps): capture, organise, process, maintain, and destroy.
See Fig. 4.1. The Information lifecycle Chaffey 2011:166
8
CRICOS Provider Number 00103D
9
Poor customer service (can’t answer queries) Poor decision making (relevant info unavailable) Difficult to win new business (B2B) Poor understanding of market dynamics and customer needs
(B2C and B2B) Difficult to control through management metrics Information cannot be used to deliver value
Organisational problems of poor data quality
CRICOS Provider Number 00103D
10
Mini case 1 – the utility company Utility companies are fighting tooth and claw to gain and retain
customers. One utility company estimated that it lost an average of 30 customers per day or more than 10,000 customers per year, because staff did not have access to the right information to handle customer queries. This was equivalent to $5.5 million in lost revenue.
Mini case 2 – the bank Inconsistent information and structures between different systems
often means that the same data have to be entered into more than one system. A study at a UK bank estimated that duplication of effort totalled more than $3.2 million per year.
Mini case 3 – the insurance company An insurance company spent $67 million developing a replacement
information system. After acquisition of another company, they found it would cost nearly the same amount to adapt the system to their new requirements. If the previous system had an adaptive information architecture this effort and cost would have been avoided.
Source: Evernden and Evernden (2003)
Example problems with information management
CRICOS Provider Number 00103D
11
Figure 4.2 Problems with organizational data quality (Chaffey 2011:168)
Problems with organisational data quality
CRICOS Provider Number 00103D
12
It becomes possible to integrate all information activities, and to use all information quickly and effectively to make efficient business decisions.
Promotes openness of communications throughout the company, both between and within levels.
Will foster a culture of innovation and knowledge sharing. Forms a sound strategy for investment in information
systems and technology. Ensures that awareness of opportunities and threats is
communicated throughout the company, and allows timely responses to these.
Source: Orna (1999)
Benefits of an IM strategy
CRICOS Provider Number 00103D
13
Figure 4.4 Principal options for ownership of IM strategy Chaffey 2011:174
Principal options for ownership of IM strategy
CRICOS Provider Number 00103D
Schools of Studying Business IM
Different academic fields of study related to business IM also have different emphases. These naturally mirror the information-led and
technology-led approaches of business The main fields of study are (named as school of)
IM, IT/IS, Knowledge management (KM)Behaviour control Management control.
Chaffey 2011:175
14
CRICOS Provider Number 00103D
15
Focus:Selecting appropriate technology to support decision
making Typical job titles:
IT or IS Manager Strengths (+) and weaknesses (-):
- IT applied to support operational and tactical decision making
- IT less effective in supporting strategic decisions involving unstructured dynamic information
- Focus on Return on Investment (RoI) of new systems - Limited focus on how information is
used by people
Chaffey 2011:176
Information Technology School
CRICOS Provider Number 00103D
16
Focus:Managing the information lifecycle for different types of
information. Knowledge management. Typical job titles:
Chief Information Officer (CIO),Information or library services manager
Strengths (+) and weaknesses (-):+ Information viewed as a strategic resource to be
managed- IM not commonly viewed as of strategic importance,
so often relegated to low-level departmental roles- Difficult to establish value of information and
ROI for knowledge management (KM) initiatives
Chaffey 2011:176
Information Management (IM) School
CRICOS Provider Number 00103D
17
Focus:Improving people’s information usage behaviours and
values (Informal, but related to KM activities sometimes instigated through human resources)
Typical job title:HR Managers
Strengths (+) and weaknesses (-)+ Recognises the importance of motivating, rewarding and
managing staff to promote change to best practices - Improving Information usage and behaviours not seen as
a significant part of the role for HR - Limited research and dissemination of best practice
on this topic Chaffey 2011:176
Behaviour and Control School
CRICOS Provider Number 00103D
18
Focus: Using information to manage people and link their performance to
business performance Typical job titles:
Chief Executive Officer (CEO), senior managers and directors Strengths (+) and weaknesses (-):
+ Helps to link individual and business unit performance to company performance
- Control viewed negatively by staff as a way of making them ‘work harder’ rather than ‘work smarter’
Chaffey 2011:176
Management Control School
CRICOS Provider Number 00103D
19
Figure 4.5 Different forms of strategy needed for effective business information management (Chaffey 2011:177)
Strategy needed for effective BIM
IM Strategy (Ch 4)
IS Strategy (Ch 6)
KM Strategy (Ch 5)
CRICOS Provider Number 00103D
20
Stages in the Strategy Process (SOSAC)1. ‘Where are we now?’ – the situation analysis (S).2. ‘Where do we want to be?’ –the vision and objectives
(O).3. ‘How are we going to get there?’ – the strategy (S).4. ‘How do we introduce the changes?’ – the
implementation of the strategy (Action: A). 5. ‘How are we doing?’ – the monitoring and control of
strategy (Control: C).
Chaffey 2011:177
Developing an IM strategy
CRICOS Provider Number 00103D
21
Ten strategic issues (The Hawley Committee IM Guidelines)1 Information relevance2 organizational significance of information management3 Legal and ethical compliance4 Assessing information value5 Information quality6 Legal and ethical compliance with specific reference to
information lifecycle management7 Information management skills of employees8 Information security including risk management9 Maximising value from information10 Information systems strategy
Chaffey 2011:179
IM Strategy Issues
CRICOS Provider Number 00103D
22
How information is acquired, recorded and stored Where information resources are located in the
organization and who has responsibility for them How information flows within the organization and
between the organization and the outside world How the organization uses it [information quality] How people who handle it apply their skills and co-operate
with one another How information technology supports the users of
information What information costs and the value it contributes How effectively all these information-related activities
contribute towards achievement of the organization’s objectives
Chaffey 2011:177; Ornas IM issues (1999)
IM is concerned with
CRICOS Provider Number 00103D
23
Figure 4.5 The relationship between Orna’s tools for IM (Chaffey 2011:182) Source: BIM
Information policy, audit and strategy
CRICOS Provider Number 00103D
IM Themes and approaches
There are many themes and approaches in IM Strategies. themes and approaches:= topics.
Themes (5)Information value, Information quality, Information
security, legal and ethical compliance, KM, Technology support
Approaches (6): Structuring the IM function, Responsibilities, Information
resource analysis, Information policy, risk management
Chaffey 2011:183-202
24
CRICOS Provider Number 00103D
25
An IM strategy forces an organisation to question the value of its information.
Information can be classified into 4 categories according to its value to current strategy and future strategy:
1. Strategic information. Information is critical to business and of greatest value.
2. High potential information. The potential value to the business may be high, but it is not confirmed.
3. Key operational information. Information is essential for core processes and its value is enhanced by horizontal integration
4. Support information. Needed for supporting the operation of the business
Chaffey 2011:183-4
IM Theme 1: Information Value
CRICOS Provider Number 00103D
26
Content dimension
Accuracy Information correct
Relevance Information can support decision making
Completeness No data items missing
Conciseness Information is not too detailed
Scope May be broad or narrow, internal or external to the organization
Time dimension
Timeliness Available when needed. Immediate or real-time information is a common requirement. Alerts are also a requirement
Currency Information is up-to-date.
Frequency Information supplied at appropriate regular intervals
Time period A time-series covers the right period of time
Form dimension
Clarity Information readily interpreted
Detail Both summary ‘dashboard’ views and detailed ‘drill-down’ views may be required
Order Data sorted in a logical order and can be modified
Presentation Tabulations and graphs
Media Hard copy (print-outs) and soft copy (electronically stored and displayed)
IM Theme 2: Information Quality (Chaffey 2011:185)
CRICOS Provider Number 00103D
27
BS7799 standard defines the following process for information security: Plan - business risk analysis Do - internal controls to manage the applicable risks Check - a management review to verify effectiveness Act - action as necessary
Ten guiding principles (see LN-11): 1. Security Policy 2. Security Organization 3. Asset Classification & Control 4. Personnel Security 5. Physical & Environmental Security 6. Communication & Operations Management 7. Access Control 8. Systems Development & Maintenance 9. Business Continuity Planning 10. Compliance
(Chaffey 2011:186-7)
IM Theme 3: Information Security
CRICOS Provider Number 00103D
28
Examples of information privacy issues Sharing customer data with a third party without the customer’s
consent. Sending out unsolicited e-mail to a consumer. An e-mail from an employee which denigrates another
organization or defames an individual. Monitoring employee access to data and online services. Not providing online access suitable for those with visual
impairment. Records access – The modification, the person who modified it
and time it was made should be recorded. Records Disposal – The information policy may need to specify
how long records are kept before they are deleted for legal compliance.
(Chaffey 2011:187-8)
IM Theme 4: Legal and Ethical Issues
CRICOS Provider Number 00103D
29
Typical questions facing managers related to KM (Week 5, LN-5):How do we use knowledge to increase organizational
efficiency and competitiveness?How can ICT support a knowledge management
strategy?What are typical barriers to effective knowledge
management?How should knowledge management
strategy be aligned with corporate strategy? (Chaffey 2011:188)
IM Theme 5: Knowledge Management
CRICOS Provider Number 00103D
30
Typical questions facing managers related to this topic (Chapter, 2, 3, 6):How should we align IS strategy with business
strategy?How should Information and Knowledge management
strategies be integrated with IS strategy?Who should be responsible for IS strategy within an
organization?How can organizations evaluate and control the
effectiveness of IS strategy? (Chaffey 2011:188)
IM Theme 6: Technology/System Support
CRICOS Provider Number 00103D
31
An information management unit is responsible for IM strategy within an organisation. provides a focus for improving IM that everyone in the
organization is aware of. The creation of this unit demonstrates a commitment by
senior management to IM since they have empowered the group with the resource and responsibility to improve IM.
Chaffey 2011:189
IM Management Approach 1: Structuring the IM function
CRICOS Provider Number 00103D
32
Evernden and Evernden (2003) suggest that when developing an information architecture for an organization, there should be four types of responsibility or ownership:
1. Governance responsibility.
2. Stewardship responsibilities.
3. Infrastructure responsibilities.
4. Usage responsibilities.
Chaffey 2011:192
IM Management Approach 2: Responsibilities
CRICOS Provider Number 00103D
33
The joint IS committee (JISC) of the UK suggests that it is important to identify clear responsibilities for information. They envisage five main roles:
1. Information strategy committee.
2. Information (strategy) manager/director.
3. Information custodians.
4. Information users.
5. Information service.
Chaffey 2011:193
JISC Responsibilities
CRICOS Provider Number 00103D
34
Chief information officer (CIO)Managers with responsibility for information assets and/or
IS strategy. CIO is a senior post with a wide remit and that it has a 'dotted
line' chain of command linking the CIO into decisions made on IT and information services within each of ICI's four business units.
in several cases, companies were confused by the question of whether they had someone that fitted the description of a chief information officer (CIO). They tended to say:‘Yes, we have a CIO, but he (and it is usually a he) handles
IT without ever getting involved with information services.’
Chaffey 2011:194
The CIO
CRICOS Provider Number 00103D
35
Information audit and information mapping are two techniques for Information resource analysis
a systematic examination of information use, resources and flows, with a verification by reference to both people and existing documents, in order to establish the extent to which they are contributing to an organization's objectives.
Information audit: an evaluation of the usage and flows of information within an organisation.
Chaffey 2011:192
IM Management Approach 3: Information Resource Analysis
CRICOS Provider Number 00103D
36
An approach for identifying the value of and relationships between organisational information resources.
Using this approach ‘information resource entities (IREs)’ are identified. These include information sources, systems and services. IREs are then plotted on a organizational information matrix with these axes:Information holdings (goods that produce revenues
and reports)Information handling function (responsibilities for
managing information such as library or information resource)
Information content (specific content)Information media (form in which information is
captured, stored or accessed such as internal mail, application, intranet, e-mail)Chaffey 2011:197
Information Mapping
CRICOS Provider Number 00103D
37
Information Policy is a statement of an organisation’s approach to IM.
Information policy should be :At the level of principlesFairly short statements (providing principles by which
future action may be conditioned)Each developed at one go (as a result of preparatory
work)Meant to be robust enough to last (not detailed action
plans) This differs from the information strategy which is used to
support action through a plan fora specific period (yearly, three yearly).Chaffey 2011:197
IM Management Approach 4: Information Policy
CRICOS Provider Number 00103D
38
Risk management is used to identify potential risks in a range of situations and then take actions to minimize the risks.
Risk management typically has these four steps:
1. Identify risks including their probabilities and impacts.
2. Identify possible solutions to these risks.
3. Implement the solutions targeting the highest impact, most likely risks.
4. Monitor the risks to learn for future risk assessment.
Chaffey 2011:199
IM Management Approach 5: Risk management
CRICOS Provider Number 00103D
39
Area of risk Solution for reducing risk
1 Accidental damage or loss (including disk corruption)
Back up and restore procedures (See Chapter 11 for further details)User education
2 Deliberate acts of theft, abuse, vandalism etc.
Security procedures such as anti-virus software, firewalls (See Chapter 11)Employee contracts and disciplinary procedures
3 Loss of people Employee contracts Succession planning
4 Inaccurate or untimely information Validation and verification procedures (see Chapter 11)Staff development and training
5 Externalrelations
Security proceduresContractual measures
6 Intellectual Property Rights (IPR) Employee contractsRegistration of IPR
7 Destruction of facilities Disaster recovery planning (See Chapter 11)
8 Legalaccountability
Protection and securityEmployee training
Risk management assessment for IM (Chaffey 2011:199)
CRICOS Provider Number 00103D
40
Summary
Justify the need for a defined information management (IM) strategy;
Relate IM strategy to other organizational strategies; Describe the management issues that need to be
addressed in an IM strategy. Read the summary in Chaffey (202-203)
CRICOS Provider Number 00103D
41
References
Chaffey and White (2011) Business Information Management © Pearson Education Limited
Chaffey and Wood (2005) Business Information Management © Pearson Education Limited
Harvey W. LN-4 2008, UB Sun, Z (2010), LN-4, 2010, UB.