Conducting an information review

An information review is a process for identifying and evaluating the ability of your agency's core information assets to meet your business needs. An information asset is information in any format which supports a business process.

An information review is the basis for an effective information governance regime and is a key action identified in the
Digital Continuity Plan. It focuses on the value of information as a business asset, rather than on the technology used to capture or manage the information.

A Check-up 2.0 self-assessment provides a whole-of-agency perspective of information management capability and can include major business information systems, but it does not address individual information assets in detail.

Outcomes of an information review

The main outcomes of an information review are:

  • Improved understanding of your agency's business.
  • Improved understanding of the information needs of the business. This includes identification of what information is captured, created or used, who uses it, how effectively it meets the needs of the business and the users, how long it is useful for, and who is responsible for the information assets remaining fit for purpose.
  • Identification of both strategic and operational opportunities and risks. These may include new opportunities, potential business benefits and efficiencies, information that is being underutilised or areas where insufficient or untrustworthy information is a barrier to efficient business practices or public trust.

Secondary benefits of an information review include:

  • Identification of 'silos' of information – information closely held by one part of an organisation, but which has wider uses within an agency. By breaking down those silos and encouraging information to be freely shared within your organisation, the business benefits will be optimised.
  • Ability to meet obligations for an Information Publication Scheme, required by the Freedom of Information Act 1982 following major changes to the Act in 2010, and the Personal Information Digest, required by the Privacy Act 1988.
  • Input to an information asset register, as recommended by the Office of the Australian Information Commissioner's
    Principles on open public sector information.
  • Identification of additional information that can be made available to the public.
  • Assistance in developing an information Architecture.
  • Development of other information-based resources such as controlled document registers required by ISO 9001-based systems.
  • Although an information review does not include comprehensive or rigorous analysis, it may be useful in developing
    a records authority.

Information review and Check-up 2.0

Check-up 2.0 is a self-assessment tool developed by the National Archives for agencies to assess their information and records management capability. All agencies were required to complete and submit an assessment to the Archives as part of the Digital Transition Policy from 2011 to 2013. The information from your assessments will guide you in planning improvements.

An information review is related to the following Check-up 2.0 questions:

1.3 How comprehensive is your agency's information architecture?

1.4 How well does your information and records management strategy identify who is responsible for information and records management?

2.2 How effectively does your agency manage Cabinet documents in accordance with the provisions of the Cabinet Handbook?

3.1 How comprehensively does your agency perform audits of its information and records management functions and the information and records management aspects of other business activities?

4.1 How comprehensively is your agency managing the information and records of its high risk business?

8.1 How comprehensively has your agency identified what records need to be created and captured?

13.1 To what extent does your agency have a strategy to manage electronic records for as long as they are required?

16.1 To what extent does your agency identify where digital records are created?

16.7 To what extent does your agency discourage the creation and use of paper records?

Conducting the review

The scope and steps in an information review will vary with the size and complexity of your organisation and your information assets. It is important that an information review should:

  • focus on the most important business activities and related information assets
  • not restrict the scope to a particular format for information (for example, paper or digital).

It may be useful to take a staged approach to conducting the information review by establishing priorities or a sequence of business areas or business processes.

Obtain management support, Gather data, Analyse data, Report, Monitor.

Obtain management support

You will need a senior management sponsor or champion who understands the benefits of an information review and is prepared to support the project.

You may need to prepare a business case or project brief in accordance with your agency's policies and procedures, and the governance and management arrangements for the review will need to be agreed before commencing.

Ensure that the amount of effort in the review is appropriate to your agency. You may consider initially focussing on core business functions or identified areas of risk

Gather data

Gather data by holding focus groups, interviewing key stakeholders or surveying staff. You should also consider any information gathered in previous reviews or as a part of your Check-up 2.0 assessments. By using the older information as a 'baseline' you can tailor your questions to suit.

Draft the questions carefully as responding to questions can be burdensome and meaningful analysis of the responses can be challenging if questions are not framed with a clear purpose in mind.

Key questions to consider are:

  • What are the core information assets created or used in each business area?
  • What is the business purpose served by the information asset?
  • Who creates and uses the information asset?
  • Who is responsible for maintaining the information asset?
  • What problems or issues, such as timeliness, accuracy or completeness of the information asset, impact on business effectiveness?
  • What is the value, business criticality and importance of the information asset?

Depending on the purpose of your information review, you may wish to collect additional data about some of the following areas:

  • legislation, standards, policies, procedures and commitments which dictate how things are done
  • security or privacy issues relating to the information asset
  • systems used to manage the information asset
  • possibilities for information reuse
  • changes to business practices over time
  • detail on the actual information such as the format
  • rules or restrictions about alteration of the information
  • location of the information and how secure it is
  • processes including systems and technology used to create and access the information
  • how long the information remains useful for agency business
  • volume of the information
  • duplication of the information
  • consequences of the information asset being unavailable
  • for digital information, adequacy of backups
  • intentions for digital transition if the information asset is maintained as paper or another physical format
  • suggestions for improvement
  • opportunities for and impediments to making the information available to the public.

Analyse data gathered from the review

When analysing the data, you should be able to identify your agency's information assets and the strengths and weaknesses of that information to support your business. Issues need to be prioritised against organisational performance and risk, as well as the likely cost and time to address the issues.

You should be able to identify information assets that are suitable for inclusion in an information asset register. This register can be used:

  • as part of ongoing governance of information assets by identifying them, their purpose and who is responsible for them;
  • to identify important and valuable information assets required for business continuity.

Report your findings

When documenting the findings of the review, you should highlight the strengths and weaknesses of each information asset and which business processes the information supports.
Potential weaknesses of information assets include those that:

  • have been identified as inadequate for the business purpose;
  • are a source of frustration for people using or managing them;
  • are unavailable to those with a legitimate need;
  • do not appear to serve a purpose, are underutilised, or
  • appear to be duplicated.

Your report should outline the key issues identified and an overview of the significance and status of each. Recommendations for further projects or action should be based on the reporting framework that is in use in your agency.

Monitor

Business processes are always changing. You should regularly review the status of your core information assets and update your information asset register. This will ensure the currency of the data gathered as well as the being able to amend or update your recommendations to reflect any changes or developments in your agency's core business.

Further information

The method of conducting an information review outlined in this advice is one way of proceeding. There may be other methods more suitable to your circumstances. There is no agreed 'best practice' method, but the method should be scalable and should be adapted to meet the needs of your agency.

An 'information review' is sometimes referred to as an 'information audit'.

The Office of the Australian Information Commissioner also has further information on information asset registers and providing public access to information.

Copyright National Archives of Australia 2014