Conducting an information review
An information review is a process for identifying and evaluating the ability of your agency's core information assets to meet your business needs. An information asset is information in any format which supports a business process.
An information review is the basis for effective information governance. It focuses on the value of information as a business asset, rather than on the technology used to capture or manage the information.
Outcomes of an information review
The main outcomes of an information review are:
- Improved understanding of your agency's business.
- Improved understanding of the information needs of the business. This includes identification of what information is captured, created or used, who uses it, how effectively it meets the needs of the business and the users, how long it is useful for, and who is responsible for the information assets remaining fit for purpose.
- Identification of both strategic and operational opportunities and risks. These may include new opportunities, potential business benefits and efficiencies, information that is being underutilised or areas where insufficient or untrustworthy information is a barrier to efficient business practices or public trust.
Secondary benefits of an information review include:
- Identification of 'silos' of information – information closely held by one part of an organisation, but which has wider uses within an agency. By breaking down those silos and encouraging information to be freely shared within your organisation, the business benefits will be optimised.
- Ability to meet obligations for an Information Publication Scheme, required by the Freedom of Information Act 1982 following major changes to the Act in 2010, and the Personal Information Digest, required by the Privacy Act 1988.
- Input to an information asset register, as recommended by the Office of the Australian Information Commissioner's
Principles on open public sector information.
- Identification of additional information that can be made available to the public.
- Assistance in developing an information architecture.
- Development of other information-based resources such as controlled document registers required by ISO 9001-based systems.
- Although an information review does not include comprehensive or rigorous analysis, it may be useful in developing
a records authority.
Conducting the review
The scope and steps in an information review will vary with the size and complexity of your organisation and your information assets. It is important that an information review should:
- focus on the most important business activities and related information assets
- not restrict the scope to a particular format for information (for example, paper or digital).
It may be useful to take a staged approach to conducting the information review by establishing priorities or a sequence of business areas or business processes.
Obtain management support
You will need a senior management sponsor or champion who understands the benefits of an information review and is prepared to support the project.
You may need to prepare a business case or project brief in accordance with your agency's policies and procedures, and the governance and management arrangements for the review will need to be agreed before commencing.
Ensure that the amount of effort in the review is appropriate to your agency. You may consider initially focussing on core business functions or identified areas of risk
Gather data by holding focus groups, interviewing key stakeholders or surveying staff. You should also consider any information gathered in previous reviews or as a part of your Check-up 2.0 assessments. By using the older information as a 'baseline' you can tailor your questions to suit.
Draft the questions carefully as responding to questions can be burdensome and meaningful analysis of the responses can be challenging if questions are not framed with a clear purpose in mind.
Key questions to consider are:
- What are the core information assets created or used in each business area?
- What is the business purpose served by the information asset?
- Who creates and uses the information asset?
- Who is responsible for maintaining the information asset?
- What problems or issues, such as timeliness, accuracy or completeness of the information asset, impact on business effectiveness?
- What is the value, business criticality and importance of the information asset?
Depending on the purpose of your information review, you may wish to collect additional data about some of the following areas:
- legislation, standards, policies, procedures and commitments which dictate how things are done
- security or privacy issues relating to the information asset
- systems used to manage the information asset
- possibilities for information reuse
- changes to business practices over time
- detail on the actual information such as the format
- rules or restrictions about alteration of the information
- location of the information and how secure it is
- processes including systems and technology used to create and access the information
- how long the information remains useful for agency business
- volume of the information
- duplication of the information
- consequences of the information asset being unavailable
- for digital information, adequacy of backups
- intentions for digital transition if the information asset is maintained as paper or another physical format
- suggestions for improvement
- opportunities for and impediments to making the information available to the public.
Analyse data gathered from the review
When analysing the data, you should be able to identify your agency's information assets and the strengths and weaknesses of that information to support your business. Issues need to be prioritised against organisational performance and risk, as well as the likely cost and time to address the issues.
You should be able to identify information assets that are suitable for inclusion in an information asset register. This register can be used:
- as part of ongoing governance of information assets by identifying them, their purpose and who is responsible for them;
- to identify important and valuable information assets required for business continuity.
Report your findings
When documenting the findings of the review, you should highlight the strengths and weaknesses of each information asset and which business processes the information supports.
Potential weaknesses of information assets include those that:
- have been identified as inadequate for the business purpose;
- are a source of frustration for people using or managing them;
- are unavailable to those with a legitimate need;
- do not appear to serve a purpose, are underutilised, or
- appear to be duplicated.
Your report should outline the key issues identified and an overview of the significance and status of each. Recommendations for further projects or action should be based on the reporting framework that is in use in your agency.
Business processes are always changing. You should regularly review the status of your core information assets and update your information asset register. This will ensure the currency of the data gathered as well as the being able to amend or update your recommendations to reflect any changes or developments in your agency's core business.
The method of conducting an information review outlined in this advice is one way of proceeding. There may be other methods more suitable to your circumstances. There is no agreed 'best practice' method, but the method should be scalable and should be adapted to meet the needs of your agency.
An 'information review' is sometimes referred to as an 'information audit'.
The Office of the Australian Information Commissioner also has further information on information asset registers and providing public access to information.