Engaging with and addressing risk is an important component of information governance. 'Information management risk' is a summary term for all risks which relate to information management.
For example, information management risk may be inherent in areas of practice:
- Preservation is focused on protecting information assets from risks over time
- Disposal must consider the risks of not having information assets available after destruction.
Other risks may occur because of failures in information management, such as:
- Information not being available or trusted as needed to meet business needs
- Not maintaining agency professionalism and capability to undertake information management
- Negative scrutiny if your information management processes are not defensible
- Breaches when information not handled with appropriate consideration of sensitivities or ethics.
Such risks are often not recognised until a disaster occurs and when they do, they affect organisational outcomes and can become enterprise risks for your agency .
Information management risk assessment tool
The National Archives offers a tool which can help Australian Government agencies to identify, assess and manage risks related to information management.
Download the Information management risk assessment tool (XLSX 88.2 kB)
The tool will help address risks related to information management including:
- Foundations for best practice including culture, governance and capability
- Areas of practice such as creation, preservation and disposal
- Considerations such as ethics and administrative change.
It also includes sources for reference and authorities including:
- Policy, standards and advice issued by the National Archives
- Whole of Government guidance for related topics such as code of conduct, security, privacy and freedom of information
- The relevant international standard guiding management systems for records, ISO 30301.
Application and use
The tool is intended to help anticipate and manage the likely risks which may occur as part of regular information management practices within Australian Government, adapted to the specific needs of your agency's operating environment.
Development of the tool was informed by consultation with Australian Government agencies to understand possible sources of risks and their experience managing them. However, this tool is not intended to reflect or suggest the extent to which any such risks are present within Australian Government agencies.
The tool is suitable for information management professionals, risk officers, governance specialists, and any Australian Government staff responsible for managing and safeguarding information.
Enterprise risk
Risks related to information management should be considered as an important element of addressing enterprise risks. To ensure consistency with your agency’s overall risk management approach, the tool has been developed to align with other Australian Government resources to manage risk including: