FUMSI Report Excerpt: Preparing and planning an audit
Jinfo Blog
30th September 2007
By Sue Henczel
Item
In recent years, much progress has been made in the way organisations gain value from information audits. Now there is a range of experienced practitioners and consultants to draw upon. By using this article, you can learn what goes into an information audit, and prepare for data collection, analysis and reporting. You can read our step-by-step guide for staging an information audit in the FreePint FUMSI report Information Auditing Report and Tool Kit.
An information audit is a research process that has planning, data collection, analysis, evaluation and reporting stages. The planning stage is often the longest and most tedious, as it needs to examine all aspects of the audit process and then customise them to align with the characteristics of the organisation to be audited. The planning stage allows you to find a project sponsor, understand how the organisation works and the value it places on information and to anticipate the barriers that can impact on the success of the audit (communication, cultural, political, resource-based).
Below is an outline of the components of an information audit and some of the preparatory processes that need to be completed prior to commencing an audit.
Components of an information audit
Generally all information audits should have the following common features:
- What is: An assessment of the information resources created,
acquired and used in the organisation, including an understanding of
how information flows through the organisation. Including the role
of people and information systems
- What should be: An information needs analysis derived from examining
organisational objectives and business processes. This will identify
critical information requirements
- Gap analysis: An analysis of what should be against what is
- Recommendations for action: Recommendations and actions focused
upon eradicating the gaps in terms of organisational priorities.
These are broken down into short and long term actions, and also
prioritised
- Actions: Actions that form new organisational policies, procedures,
strategies, and systems
- Performance measurement: The setting of indicators and targets to
measure the effectiveness of action related to business objectives
- Plans for subsequent audits: The cycle of subsequent audits will
depend on business need and the rate of change being experienced by
an organisation.
Prior to commencing an information audit, it is critical that those driving the project understand their organisation including its internal and external environments.
- The organisation's mission, goals and values determine the focus of
the project objectives
- The size and geographical diversity of the organisation determines
the ideal or necessary scope of the audit
- The internal culture of the organisation determines the type of data
gathering methodology that will work best and the timing of the
project
- The internal political situation and management structure impacts on
the levels of support, resourcing and stakeholder buy-in
- The external environment (legislative, political, economic) can
impact on how and when the audit is conducted, the level of support
it receives and the level of acceptance of the findings.
Develop clear objectives
Sometimes an audit is clearly triggered by an event that makes the purpose clear but it is often the case that once an information audit is put forward as a process, many different stakeholders across the organisation will have differing purposes in mind. It is critical that the purpose for conducting an information audit is established and that clear objectives are defined. The objectives must be articulated in the language of the organisation and agreed to by all members of the audit team and key stakeholders. Ideally they should conform to SMART criteria (Specific, Measurable, Achievable/Action-oriented, Realistic and Timely).
Once established in the planning process, the objectives will be refined and further defined once the project is resourced, the audit team is formed and support for the project has been generated. You can find an exercise to help you develop clear objectives from the Information Auditing Report and Toolkit.
Identify key stakeholders
Stakeholders may be internal or external to an organisation, and their support is critical to the success of an information audit. Key stakeholders include:
- The project sponsor or champion from a strategic level of the
organisation
- Managerial stakeholders
- Operational stakeholders - those who deal with information at an
operational level (eg, staff in a call centre)
- Staff who will be directly influenced by the outcome of the audit.
Depending on the purpose and scope of the audit, stakeholders may also include regulatory bodies, customers or the general public.
An excellent resource for understanding the role of stakeholders can be found at <http://digbig.com/4ttnb>. Written for anthropologists, this website is useful in that it provides definitions of stakeholders, types of stakeholders and details of how to do a stakeholder analysis.
Defining the scope of the audit
The issue of scope is a common problem for information auditors. If an organisation is medium sized or large the problem is often daunting - where do I start and who/what should the audit cover? Ultimately the scope will be defined by the purpose of audit, strategic priorities and resources and budget issues.
The physical scope of an information audit could be:
- Organisation-wide (preferred)
- Based around core business processes, for example processes related
to sales or marketing
- Business unit or department based
- Geographic, for example a specific site, campus, office, region,
country.
The information scope of an information audit could be:
- Information type or format, for example electronic records, inhouse
or external databases, print subscriptions, etc.
- Information related to a specific area of legal or regulatory
compliance, for example risk management, Freedom of Information
(FOI), workplace safety, etc.
Ideally, an information audit is conducted across an entire organisation, as this provides a comprehensive view of the current information environment - needs, usage, behaviours, flows, etc. If an audit is scoped more narrowly, or geographically or by information format/type, it must be realised that a full picture is not possible as many interactions with other units and the external environment are excluded.
Note: Sampling is only an option if there are homogenous groups that use the same information in the same way. Therefore, the size of the organisation and the availability of resources to conduct the audit are inextricably linked.
Create an audit team
Consider whether in-house or external expertise and resources will be used for the various stages of the information audit. Use cost comparisons to support the case for additional resources from within the organisation or authorisation to employ external resources.
When putting together an audit, the following skill groups should be considered:
- Project Management: Skills in task and resource management
- Research: Primary research method skills in terms of questionnaire
and interview design, data analysis and evaluation
- Information Management: Understanding and managing the lifecycle of
information
- Human Resources: Skills in understanding staff development and
training needs
- Negotiation and Facilitation: Skills in drawing out key ideas and
discussion from groups of people.
The team roles required for an audit, depending on the scope would be:
- Project Manager: Coordinating and ensuring the project comes in on
time and budget, plus ensuring consistent processes for
documentation and write the final report
- Auditors: Actually carrying out the audit
- Data/information Managers: Managing data and information inputs and
outputs and conducting statistical manipulation.
It is important that staff working in the information management function of the organisation are made aware that an information audit is not evaluation of their own personal performance, but an assessment of information in order to improve organisational performance. Equally important is to communicate to them that they are the best-placed people in the organisation to play a key role in the audit process.
Obviously heavily dependent on the scope, it can often be hard to generally quantify costs of an information audit. The main component of costs will be staff time - of those managing the audit and those interviewed and surveyed. There could also be costs in terms of technology investment if specialist software for analysis or mapping is required.
Outsourcing
Outsourcing the work of an undertaking the audit can be attractive proposition to an organisation if the funds are available. However outsourcing does not mean that an organisation should lose ownership of the audit project: there still must be drive, commitment and leadership in order to make sure the audit achieves the desired outcomes. It is important that subsequent information audits are conducted in a similar manner to previous ones so that trends can be identified and measured. If a consultant or external team is selected, ensure that the team works closely with staff to ensure that an understanding of the process is transferred to them.
The advantage of outsourcing can be that the company contracted can take a detached outside view of information in the organisation without any pre-conceived ideas. This can be very important in an organisation where 'information politics' have been taking place with regard to disputes over information ownership and information sharing.
However the disadvantage may be that the company contracted does not understand your organisational culture and structure and that the findings lack real insight.
When evaluating companies the following issues should be considered:
- Has the company worked in your sector before - do they have some
background knowledge of the issues faced by your organisation?
- What scale of audit has the company worked on before -do they have
the resources to meet your deadlines?
- What do they agree to supply in terms of survey results and reports?
What format will they be supplied in?
- Can you contact any of the other organisations audited by the
company?
- Is the company linked to software suppliers - is there an interest
related to software solutions that may be sold? Will this prejudice
the audit findings?
- What skills do the auditors that will be working on your audit have?
IT/IS? Project Management? Information Management? Negotiation?
Facilitation?
Ready to begin
Now that you know what goes into an information audit and have begun assembling your team, you can plan data collection, analysis and reporting. Learn all about how to run your own audit in the FreePint FUMSI report Information Auditing Report and Tool Kit.
Related FreePint links:
- "Information Auditing Report and Tool Kit" 2nd edition by Sue
Henczel <http://web.fumsi.com/go/report/>
- "Information Auditing: Key Concepts and How To Get Started" By Steve
Wood <http://www.freepint.com/issues/111104.htm#feature>
- Review of "Information Auditing - A Guide for Information Managers"
<http://www.freepint.com/bookshelf/infoauditing.htm>
- FreePint FUMSI Reports
<http://web.freepint.com/go/shop/report/>
- Blog post title: FUMSI Report Excerpt: Preparing and planning an audit
- Link to this page
- View printable version
- FUMSI Report Excerpt: Preparing and planning an audit
Sunday, 30th September 2007
From information retrieval to integrated intelligence - with Dow Jones
23rd January 2025
AI contracting and licensing; Strategic information managers; End-user training
10th December 2024
- Jinfo Community session (TBC - Mar 2025) (Community) 20th March 2025
- Jinfo Community session (TBC - Feb 2025) (Community) 25th February 2025
- From information retrieval to integrated intelligence - with Dow Jones (Community) 23rd January 2025