Information management

© Ross Woods,  2005, '15, '18

 

Information has different roles in an organization. Some is used to make decisions. All organizations use information to maintain the efficiency and effectiveness of their internal business processes, and most use information to maintain their business processes with clients and prospective clients. Some kinds of businesses put data into a marketable form and sell it.

Information management or knowledge management is defined as equipment, strategies, methods, activities and techniques used formally and informally by individuals and the organization to identify, collect, organize, store, retrieve, analyze, share and draw on information and knowledge valuable to the work of the organization.

Breaking it up:

• It can be called either information management or knowledge management.
• It refers to a set of equipment, strategies, methods, activities and techniques, and comprises policies, protocols, procedures and practices.
• The system can include both formal and informal aspects.
• The system can be used by individuals, the whole organization, and other relevant stakeholders (e.g. clients).
• The system is used to identify, collect, organize, store, retrieve, analyze, share and draw on information and knowledge valuable to the work of the organization.

 

What has value?

The main question is "What kinds of organizational knowledge has value?" One kind is staff skills to do their jobs, and, sometimes, their networks of contacts for getting new business or resources. Organizational knowledge is more highly sensitive in industries such as research on patentable products and the military. It can also be sensitive in humanitarian work in "difficult" countries with uncooperative governments.

Knowledge management is essential when Intellectual Property (IP) is the core business of a company. First, publishing and broadcasting companies hold information that is not secret, but they need to prevent hackers from downloading free copies without payment. This applies to books, newspapers, information services, music, videos and software.

Inventions form a separate category, including those that could be developed for a patent and those that are already patentable. It includes knowledge about inventions that is necessary to interpret the patent. As long as they are not ready to apply for a patent, they must keep the project secret and discuss it only under the terms of non-disclosure agreements. Although Intellectual Property laws should give protection, the protection can be quite limited:

• Will you take someone to court for infringing your IP? It is time-consuming and expensive, and you might lose the case through some unforeseable reason.
• Copyright laws don't give much protection if all the words are different but the actual ideas are the same.
• You might be unwilling, unready, or unable to invest potentially large amounts of money in a patent, especially an international patent.
• Even if you get a patent, it will have an expiry date. Consequently, it is not advantageous to apply too early so that the patent has maximum lifespan for the product in the marketplace.

Because litigation against patent infringers is so expensive, some organizations choose not to get patents and prefer improved secrecy. Others choose their timing to get their product to market and gain a market share before competitors. Others do not trust a patent to protect their intellectual property, so they apply for the patent in another country in a relatively obsure language. Even though the information is legally public, it is unlikely that anybody will locate it and pirate it.

Some other kinds of information are valuable, for example, commercial in confidence information such business plans, business deals currently in discussion, and details of highly efficient or profitable procedural innovations that give a competitive advantage.

The value of some kinds of knowledge relates not so much to the value they contribute, but the level of loss if divulged to persons outside the organization. This most clearly includes security protocols for building, equipment, and software, and source code for software. It also includes commercial in confidence information such as business deals currently in discussion, and procedural innovations that give a competitive advantage.

Many organizations hold information that is saleable on the black market, particularly identities of clients and their credit card information. Client lists are very valuable, but privacy laws already cover their use. It would be a breach of the Act to use client lists for purposes other than those for which they are collected (e.g. another business). The normal way to get around this is to include a "Conditions of use" segment in an application webform that has a privacy policy and an authorization to disclose certain kinds of information. The most common kind of disclosure is a credit rating check with a credit ratings agency. Some organizations, however, more blatantly authorize the sale of information. Most people agree to it without reading it carefully.

As a business model, one recent trend has been to monetize previously valueless information. For example, an organization might take an internal procedure and transform it into a reproducible system that it can publish, sell, license, or franchise.

 

Variation in systems

The role of information management differs greatly between different organizations. Small organizations and small teams generally have very simple systems. Systems must be much more sophisticated if the organization is large, spread over many sites, has very exacting compliance requirements, or is being computerised.

Organizations have many different ways of communicating, such as orally one-to one, group meetings, websites, in writing, phone calls, etc. Each kind creates different kinds of information. Look at these examples:

• Staff look up information on a database.
• Managers get information from board, industry organizations, accountants, government, etc.
• Staff meetings are a forum for discussion and might produce minutes.
• Clients make requests and explain what they want.
• Managers get information from board, industry organizations, accountants, government, etc.
• Managers and staff research current industry trends and observe competitors.
• Management gives instructions to staff.
• Staff give feedback to managers.
• The organization sends advertising materials to potential clients and sponsors.
• The organization gets feedback from clients. E.g. observe client behavior, analyze trends in client behavior, get direct feedback.
• Staff move records to archives.
• Staff share information with each other in different kinds of staff meetings.
• Staff collect information through professional development.
• Various people talk with specialists (consultants, auditors, union representatives, etc.)

The kind of communication needs to be appropriate. For example, it's completely adequate to pass on some kinds of information orally, some can be in email, while some must be on signed letterhead paper and approved by a superior.

 

Risks

In doing so, you will also need to assess the risks of miscommunication, such as:

• Inaccurate and useless information
• Information overload
• People forgetting to communicate
• People overlooking what has been communicated to them (forgetting, misremembering, losing the piece of paper)
• The system being too simplistic or too complicated
• Information being overlooked in decision-making
• Many layers of management between board and staff
• Organization has activities spread over many sites, especially if each site has its own organizational culture.
• Muddled lines of communication (e.g. Chinese whispers, unclear who needs to know what)
• Unhelpful assumptions in interpreting information
• Individual and organizational blind spots
• Emotional factors (frustration at not being told what's going on, people hearing only messages they like, or interpreting messages to mean what they want them to mean, ambivalence)
• Risk of confusion or resistance when changing systems.

 

Knowledge management policy

Many organizations need a knowledge management policy, especially if their shared knowledge is among their most valuable assets. The policy should at least cover:

1. What is to be put in writing
2. What is to be put in other forms of recorded information (voice recordings, graphics)
3. Definition of the knowledge (it should be more than just the documents themselves)
4. Permissions for input
5. How it is circulated and to whom
6. What documents may be taken off the premises
7. What copying is permitted and what is not
8. Confidentiality of commercially valuable information, especially for persons leaving employment to work for competitors
9. Security protocols for buiding, equipment, and software
10. How it must be updated and reviewed for currency
11. How to make sure it is most effectively implemented
12. Who owns intellectual property on it, including any patents arising from it
13. Consequences of employee non-compliance.
14. Compliance with legal requirements such as privacy legislation, confidentiality and defamation requirements
15. Compliance with other policies and procedures
16. Content guidelines
17. Ensuring accuracy and relevance of knowledge input into the system
18. Formats and styles of input to system, which might include alternative formats for people with a disability
19. Removing and disposing of content that is out-of-date or inaccurate.

Some legal advisers suggest that employment contracts should protect the company from use of its internal knowledge by employees after they leave the organization. Some require that employees may not take or subsequently use client lists if they leave the organization, and some state that if the employee leaves the organization, he/she may not work for a competitor for a period of two years.

 

Reviewing the existing system

1. What does your organization do?
2. What does your existing system do and how does it work?
3. What kinds of problems do people encounter when using it?
4. What has been done to prevent and solve problems?
5. Is information checked? If so, how often? By whom?
6. How often is it updated?
7. Is any of it never used?
8. What are your organization's performance requirements?
9. Is the system effectively contributing to achieving the intended outcomes of the organization's business and operational plans?

Next, check the system's performance measures. They should include all the following:

1. key performance indicators and performance objectives
2. a system for assessing how, when, where and why outcomes are being achieved
3. performance standards (including codes of conduct)
4. a system for assessing the individual performance of staff.

Then check your organization's policies and procedures, for example:

1. Records management
2. Information management
3. Customer service
4. Commercial confidentiality
5. Managing risk
6. Recording feedback
7. Registering problems of all kinds and resolving them.
8. Monitoring effectiveness of the system against performance measures.

 

Mapping your information flow

Start by drawing a chart of information flow. If procedures are already well defined, they can probably be translated fairly easily into a flowchart. In some cases, it might be easier to think of people's tasks, as people might have a better idea of what they do rather than the information they handle.

To do so, you will need to answer the following questions:

1. What kinds of data and information are we using?
2. Where does it originate?
3. Who originates it?
4. What is it used for?
5. What decisions are made and who makes them?
6. How is it stored?
7. Where does it end up? (E.g. archive, destruction, forgotten.)

Check your dependencies, that is, when one item of data is a pre-requisite for a task. This is not always obvious, for example, when "searching around for data" is listed as part of a task.

Look for glitches in the data flow:

1. Are webforms easy to understand and easy to use?
2. Where can data be lost, stolen or overlooked?
3. What data is unnecessarily printed into hard copy?
4. What data is unnecessarily duplicated?
5. Which processes depend on human memory?
6. What decisions are made and who makes them?
7. Where can data be misinterpreted?
8. What data could disappear in email?
9. What kind of effects can it have on human interactions? (E.g delays, complaints.)
10. What kinds of communication need confirmation of acceptance? Many need some kind of record of an information interaction.

The next stage is to evaluate decision-making processes. Find out what information people need to make decisions. In some cases, they haven’t mapped what decisions they make, and don’t know exactly what information they need to make them. People often feel that their decisions require human judgment and might simply ask for as much information as possible

Some of those decisions could be automated through an algorithm if you helped them to define exactly what the decisions are and what information is needed to make them.

1. What decisions need to be made?
2. What information is required for each decision?
3. Which decison-making processes can be simplified and proceduralized?
4. Which kinds of information can be put into digital form? Which cannot or should not be digitized?
5. Which decisions can be automated by a computer algorithm, and which need human judgment?

 

Computerization

If data can be be digitized, some decision-making and data-handling processes should be automated. This accelerates services and business processes, minimizes human error, lowers costs, and increases the potential scale of services. Not everything can or should be computerized. For example, a sign of a healthy organization is constructive, collaborative interpersonal relationships.

Some principles:

1. Information has a source, a final ending place, and a pathway from source to end.
2. Decision-making depends on information.
3. Only decisions needing human judgement should be made by humans.
4. Software follows distinct workflows.
5. Software needs to be easy to use.
6. Data is entered only once, by the person originating it.
7. There is only one central copy of all data, because multiple copies increase the likelihood of conflicting versions of data.
8. If several tasks all share a set of data, it is probably better to computerize them all together. See ERP systems below.
9. Some software advice from Steve Landers:
1. Based on your business plan, define exactly what you need. Don’t try to have all the bells and whistles that you want.
2. Look for existing open source software that meets your needs. It’s fairly easy to move sections of code around if you need to. If the software you find doesn’t work, keep looking. It’s probably out there.
10. Some functions are very easy to automate:
1. A computer clock can be set to run routines at particular times.
2. The user’s login can identify the user and the exact time they did something.
3. Software can initiate communications such as email, screen messages, text messages, and voicemail.

 

Policy-based software principles

Policy-based software only does what the policy allows. What the policy says is the same as what people may do. For example:

1. The software follows the structure of an organization, with each level having a different level of authority.
2. People can see only what they’re entitled to see, and can do only what they’re authorized to do.
3. The stages in performing tasks are clearly defined in terms of what is to be done and who is to do it.
4. If a required field on a form is not filled in, the software won’t accept the form.
5. People cannot make unauthorized "adjustments" of information submitted by other people.
6. The software only allows permitted responses.

Policy-based software has the following advantages:

1. Although It requires a complete and consistent definition of a business' processes, guidelines and procedures, it re-uses and duplicates an expert’s knowledge and processes.
2. When problems occur, the software intervenes at computer speed, not at human reaction speed.
3. It prevents depending on humans to remember to do tasks.
• When a task can be automated and must be done on time, the computer can do it without human input.
• Some tasks must be done on time but cannot be automated, usually because they require human judgment or personal authorization. In these cases, the computer can issue a timely reminder to the human operator who must do it.
4. The software can respond to trends in data or user inputs. (It can apply “if-then” conditions to operational data.)

Adapted from "What Is Policy and What Can It Be?" Andrea Westerinen, VP of Technology, Senior Architect and Manager, Cisco Systems, IEEE Policy 2003 Conference.

 

What are ERP programs?

An Enterprise Resource Planning program is an integrated suite of software that covers the range of needs of an organization. The purpose is to prevent the double-handling of information that occurs when separate databases have inter-related or overlapping purposes. ERP programs often include:

• Client management • Accounting for accountants • Accounting for management • E-commerce and point of sale

• Scheduling • Inventory and purchasing • Project management • Data management

• Human Resources: recruiting, employee records, and payroll • Supply chain

Consider the example below of non-integrated software. It has separate client management software, client order software, e-commerce software, accounting software, and inventory software.

1. The employee gets a client, and records the client's details in the client management software.
2. The employee gives a quote, and records it in the client order software.
3. The employee takes an order, and records it in the client order software.
4. The client buys the product online through the e-commerce software, which issues an invoice.
5. The bookkeeper downloads the e-commerce sales data to the accounting software.
6. The employee is paid a commission on the sale, using a separate payroll feature of the accounting software.
7. The employee orders replacement stock using the inventory software.
8. The company pays for the replacement stock using the bank's online system and records it in the accounting software.
9. And so on ...

If the company in this example had an ERP system, the client management function would relate to the order, which would relate to the e-commerce software, which would relate to the accounting program, the inventory, and the employee's commission.

When an ERP program relates specifically to education, it is sometimes called a "Student Information System" (SIS), or "school management software." Of course, some software programs in this category are no more than regular databases used for students. Their value is that some of them have features that are not common in ERPs, particularly alumni relationships and pathways for students facing difficulties. Click here to see an explanation of SIS and here to see a brief review of open source SIS programs.

Unfortunately, a Learning Management System doesn’t have many other necessary features to be a whole solution. Educational organizations actually need an ERP program that automates and integrates all administration that must be done on a mass scale. For example, colleges presently to have to keep all these different systemic, interdependent data sets and relate them manually: Local campus student and staff data, local campus finances, central office student and staff data, central office finances, central office archives, and scheduling. That doesn't make sense.

To function on a large scale, data management needs to be integrated and automated. Just through sheer volume, it would be quite impossible to do much manual data entry or to hope for easy data transfer between databases. The advantages of an ERP system include:

1. Reduced staff costs
2. Consistent systems and standards across the organization
3. Easy to use
4. Increased enrollments
5. Accessible information
6. Minimal paperwork
7. Data integrity
8. Auditability
9. Ubiquitous online interaction

(Based on "ERP in Higher Education" David F. Rico.)

Besides, the more data entry and update that is done in the field, the less needs to be done in database upkeep. If people depend on the system and it's easy to use, you don't have to motivate them to use it. In fact, they can't avoid it.

It's best to start with an ERP from the beginning because it is so difficult to implement one later, when integrating different databases will be horrendously difficult and expensive, with a high risk of complete failure.

Open source programs are preferred to avoid license costs and legal risks. Organizations can modify them how they like, add to them in any way they liks, and deploy them as many times as they want. However, open source software also has limitations, such as the jumble of features and add-ons, and the expense of writing any customized modifications.

 

Why ERP comparisons are difficult

1. Some ERP systems are quite generic while others are industry-specific (e.g. medical services, manufacturing). A few are specific for education, sometimes at the expense of other functionalities.
2. Some Learning Management Systems already have some ERP features. Moodle already has some ERP features but conspicuously omits others.
3. Some ERP systems are truly open source and copyleft. Some providers only give the "Lite" source for free and users must pay for the full-featured version. Others, of course, are full-price commercial products.
4. When an ERP has few features, its website tends to itemize minor features to make it look more full-featured.
5. Some are specific to a particular software platform (Linux, LAMP, etc.)
6. They are written in different computer languages, affecting the cost of any further development.
7. There are different mixes of off-line and on-line features.
8. There are various server-side, client-side and thin client aspects, with different server loads.
9. They are designed for organizations of different sizes.
10. They have different levels of community support.
11. They have different kinds of sponsoring bodies with different business models.
12. The discussion is clogged with lots of unexplained techno-babble.

 

Your analysis and recommendations

Analyze the effectiveness of the existing system and report on its strengths, weakenesses, and limitations. Evaluate its suitability for your organization’s particular purpose, and recommend improvements to the system, the policy, the training systems, and work practices. Include a change management strategy, which is a whole separate topic.

Your report must be presented in a way that your supervisors can examine your recommendations and make decisions. If your organization needs a written report, then it must be done as a written report. Otherwise it may be done as an interview or as a presentation, but you will need a set of prepared notes.

 

Implementing a new system

Implementation of an information management system includes making sure that people learn to use the system, managing the system, and improving business outcomes.

First, train people use the system.

1. Decide which personnel and stakeholders need to learn to use it.
2. Choose how they should learn to use the system, for example:
• coaching and mentoring programs
• help desks
• information sessions
• briefings
• workshops and training programs
• paper-based or electronic (including intranet)
• use of experts
3. Find out what resources you will need to teach people how to use the system. Resources can be human, financial, software, and/or physical.
4. Organize learning activities and make them happen.
5. Promote the use of the system throughout the organization and support it.
6. Monitor the effectiveness of training, and document what you find.

Manage the use of the system and ensure it works according to your organization’s expectations.

1. Ensure that someone monitors the implementation of policies and procedures. It doesn't have to be you, but you need to make sure it is done.
2. Check the system for compliance, effectiveness and efficiency, and integration with other business systems, especially any data and information systems.
3. Solve any problems as they arise, and manage any contingencies. For example, you might need technical specialists to prevent and handle system failure.
4. Collect information on whether the system is achieving the performance goals as planned.