Sue Henczel FUMSI Report Excerpt: Preparing and planning an audit
Jinfo Blog

30th September 2007

By Sue Henczel

Item

Sue HenczelIn recent years, much progress has been made in the way organisations gain value from information audits. Now there is a range of experienced practitioners and consultants to draw upon. By using this article, you can learn what goes into an information audit, and prepare for data collection, analysis and reporting. You can read our step-by-step guide for staging an information audit in the FreePint FUMSI report Information Auditing Report and Tool Kit.

An information audit is a research process that has planning, data collection, analysis, evaluation and reporting stages. The planning stage is often the longest and most tedious, as it needs to examine all aspects of the audit process and then customise them to align with the characteristics of the organisation to be audited. The planning stage allows you to find a project sponsor, understand how the organisation works and the value it places on information and to anticipate the barriers that can impact on the success of the audit (communication, cultural, political, resource-based).

Below is an outline of the components of an information audit and some of the preparatory processes that need to be completed prior to commencing an audit.

Components of an information audit

Generally all information audits should have the following common features:

  • What is: An assessment of the information resources created, acquired and used in the organisation, including an understanding of how information flows through the organisation. Including the role of people and information systems

  • What should be: An information needs analysis derived from examining organisational objectives and business processes. This will identify critical information requirements

  • Gap analysis: An analysis of what should be against what is

  • Recommendations for action: Recommendations and actions focused upon eradicating the gaps in terms of organisational priorities. These are broken down into short and long term actions, and also prioritised

  • Actions: Actions that form new organisational policies, procedures, strategies, and systems

  • Performance measurement: The setting of indicators and targets to measure the effectiveness of action related to business objectives

  • Plans for subsequent audits: The cycle of subsequent audits will depend on business need and the rate of change being experienced by an organisation.

Prior to commencing an information audit, it is critical that those driving the project understand their organisation including its internal and external environments.

  • The organisation's mission, goals and values determine the focus of the project objectives

  • The size and geographical diversity of the organisation determines the ideal or necessary scope of the audit

  • The internal culture of the organisation determines the type of data gathering methodology that will work best and the timing of the project

  • The internal political situation and management structure impacts on the levels of support, resourcing and stakeholder buy-in

  • The external environment (legislative, political, economic) can impact on how and when the audit is conducted, the level of support it receives and the level of acceptance of the findings.

Develop clear objectives

Sometimes an audit is clearly triggered by an event that makes the purpose clear but it is often the case that once an information audit is put forward as a process, many different stakeholders across the organisation will have differing purposes in mind. It is critical that the purpose for conducting an information audit is established and that clear objectives are defined. The objectives must be articulated in the language of the organisation and agreed to by all members of the audit team and key stakeholders. Ideally they should conform to SMART criteria (Specific, Measurable, Achievable/Action-oriented, Realistic and Timely).

Once established in the planning process, the objectives will be refined and further defined once the project is resourced, the audit team is formed and support for the project has been generated. You can find an exercise to help you develop clear objectives from the Information Auditing Report and Toolkit.

Identify key stakeholders

Stakeholders may be internal or external to an organisation, and their support is critical to the success of an information audit. Key stakeholders include:

  • The project sponsor or champion from a strategic level of the organisation

  • Managerial stakeholders

  • Operational stakeholders - those who deal with information at an operational level (eg, staff in a call centre)

  • Staff who will be directly influenced by the outcome of the audit.

Depending on the purpose and scope of the audit, stakeholders may also include regulatory bodies, customers or the general public.

An excellent resource for understanding the role of stakeholders can be found at <http://digbig.com/4ttnb>. Written for anthropologists, this website is useful in that it provides definitions of stakeholders, types of stakeholders and details of how to do a stakeholder analysis.

Defining the scope of the audit

The issue of scope is a common problem for information auditors. If an organisation is medium sized or large the problem is often daunting - where do I start and who/what should the audit cover? Ultimately the scope will be defined by the purpose of audit, strategic priorities and resources and budget issues.

The physical scope of an information audit could be:

  • Organisation-wide (preferred)

  • Based around core business processes, for example processes related to sales or marketing

  • Business unit or department based

  • Geographic, for example a specific site, campus, office, region, country.

The information scope of an information audit could be:

  • Information type or format, for example electronic records, inhouse or external databases, print subscriptions, etc.

  • Information related to a specific area of legal or regulatory compliance, for example risk management, Freedom of Information (FOI), workplace safety, etc.

Ideally, an information audit is conducted across an entire organisation, as this provides a comprehensive view of the current information environment - needs, usage, behaviours, flows, etc. If an audit is scoped more narrowly, or geographically or by information format/type, it must be realised that a full picture is not possible as many interactions with other units and the external environment are excluded.

Note: Sampling is only an option if there are homogenous groups that use the same information in the same way. Therefore, the size of the organisation and the availability of resources to conduct the audit are inextricably linked.

Create an audit team

Consider whether in-house or external expertise and resources will be used for the various stages of the information audit. Use cost comparisons to support the case for additional resources from within the organisation or authorisation to employ external resources.

When putting together an audit, the following skill groups should be considered:

  • Project Management: Skills in task and resource management

  • Research: Primary research method skills in terms of questionnaire and interview design, data analysis and evaluation

  • Information Management: Understanding and managing the lifecycle of information

  • Human Resources: Skills in understanding staff development and training needs

  • Negotiation and Facilitation: Skills in drawing out key ideas and discussion from groups of people.

The team roles required for an audit, depending on the scope would be:

  • Project Manager: Coordinating and ensuring the project comes in on time and budget, plus ensuring consistent processes for documentation and write the final report

  • Auditors: Actually carrying out the audit

  • Data/information Managers: Managing data and information inputs and outputs and conducting statistical manipulation.

It is important that staff working in the information management function of the organisation are made aware that an information audit is not evaluation of their own personal performance, but an assessment of information in order to improve organisational performance. Equally important is to communicate to them that they are the best-placed people in the organisation to play a key role in the audit process.

Obviously heavily dependent on the scope, it can often be hard to generally quantify costs of an information audit. The main component of costs will be staff time - of those managing the audit and those interviewed and surveyed. There could also be costs in terms of technology investment if specialist software for analysis or mapping is required.

Outsourcing

Outsourcing the work of an undertaking the audit can be attractive proposition to an organisation if the funds are available. However outsourcing does not mean that an organisation should lose ownership of the audit project: there still must be drive, commitment and leadership in order to make sure the audit achieves the desired outcomes. It is important that subsequent information audits are conducted in a similar manner to previous ones so that trends can be identified and measured. If a consultant or external team is selected, ensure that the team works closely with staff to ensure that an understanding of the process is transferred to them.

The advantage of outsourcing can be that the company contracted can take a detached outside view of information in the organisation without any pre-conceived ideas. This can be very important in an organisation where 'information politics' have been taking place with regard to disputes over information ownership and information sharing.

However the disadvantage may be that the company contracted does not understand your organisational culture and structure and that the findings lack real insight.

When evaluating companies the following issues should be considered:

  • Has the company worked in your sector before - do they have some background knowledge of the issues faced by your organisation?

  • What scale of audit has the company worked on before -do they have the resources to meet your deadlines?

  • What do they agree to supply in terms of survey results and reports? What format will they be supplied in?

  • Can you contact any of the other organisations audited by the company?

  • Is the company linked to software suppliers - is there an interest related to software solutions that may be sold? Will this prejudice the audit findings?

  • What skills do the auditors that will be working on your audit have? IT/IS? Project Management? Information Management? Negotiation? Facilitation?

Ready to begin

Now that you know what goes into an information audit and have begun assembling your team, you can plan data collection, analysis and reporting. Learn all about how to run your own audit in the FreePint FUMSI report Information Auditing Report and Tool Kit.


Related FreePint links:

« Blog