Tagged: aiim

Can We Really Change Organizations? Cultural Engineering and Information Governance

“It was a profoundly man-made disaster — that could and should have been foreseen and prevented. And its effects could have been mitigated by a more effective human response . . . For all the extensive detail it provides, what this report cannot fully convey — especially to a global audience — is the mindset behind this disaster.”

Kiyoshi Kurokawa, Chairman of the Fukushima Nuclear Accident Independent Investigation Committee, July 2012

“In the first minute after the autopilot disconnection, the failure of the attempt to understand the situation and the disruption of crew cooperation had a multiplying effect, inducing total loss of cognitive control of the situation . . . A review of pilot training did not provide convincing evidence that the associated skills had been correctly developed and maintained.”

French air investigator’s final report on the 2009 crash of Air France Flight 447, resulting in 228 deaths, issued July 2012. ˆ

“’Someone was in danger,’ explained Mr. Lopez . . . ‘I wasn’t going to choose my job over someone in danger. My job is to help people in distress. It was a moronic rule in my opinion that they set up. I understand the liability issues, but . . .’ He breached protocol by running to an area outside his beach zone without waiting for his supervisor to arrive to cover his station, posing a potential liability problem.”

Lifeguard Says He Chose Saving Man Over Saving Job, New York Times, July 5, 2012

The most powerful earthquake in Japan’s recorded history. A Tsunami with 130′ waves that penetrate six miles inland. Thousands of lives lost. Reactors in a coastal nuclear power plant start to melt down.  Radioactive gas is released into the atmosphere.  It’s a nuclear disaster. The cause? Obvious: forces of nature.

Wrong. Organizational culture.

On an Air France flight from Rio de Janeiro to Paris, instruments designed to measure airspeed fail, causing some autopilot systems to fail. The crew, confused about their speed and angle of flight, put the plane into a stall and it crashes into the ocean, killing everyone on board.  The cause? Obvious: mechanical failure.

Wrong. Organizational culture.

A young lifeguard in Florida is fired. Why? Because he disobeyed company procedure to rescue someone he thought was drowning. The procedure had a single purpose: protect his employer from legal liability. He mistakenly believe that he had a single purpose as a LIFEGUARD: guard lives.

I picked each of these three stories from Section A of the New York Times this morning, not because I was looking for them, but because the thread connecting them resonated with me, and some thinking I have been doing about the role of organizational culture in information governance. These are from one section of one newspaper on one day, picked out by someone jostling for a seat on a sweaty F train ride. Not exactly random, but not exactly exhaustive research either.

The hardest part of information governance is changing (or at least challenging) organizational culture.

This is such a glib statement. Borderline tautological. Almost axiomatic. But, there is truth here, somewhere.

For the past twelve years, I have made my living as a subject matter expert. But lately I’ve been wondering which subject matter really matters. Over the dozen years I have thought of myself – and marketed myself – as an expert on a variety of topics (not necessarily at the same time): information security, electronic evidence, privacy, software product marketing, content development, records management, compliance, IT governance, electronic content management, taxonomies, ghost-busting, information architecture, e-discovery,  information governance. I’ve always been this way, I guess. In high school I started an business fixing cars. In university I made extra money teaching university-level classes on HTML and hand-coding webpages for professors.

However, I have never thought of myself — nor marketed myself — as an expert on organizational culture.  I never set out to become an expert. But, after witnessing the gooey inner workings of dozens and dozens of organizations large and small, in multiple industries, I seem to have learned something.  I don’t directly sell what I know corporate disfunction to clients, but it might be the most valuable thing I offer.

Organizational culture is the rocky, rugged shore upon which the bravest barques crash. I have concluded that it is nearly impossible to fundamentally change organizational culture. Not completely impossible, just very difficult.

And yet, the success or failure of most multi-million dollar enterprise software implementations ABSOLUTELY DEPENDS on thousands of individuals changing their behaviour. CRM or sales force automation software mostly fails if sales and marketing people don’t change they way they do their jobs, in dozens of tiny ways, every day. Content management and collaboration software fails if thousands of employees don’t change they way they find, create, and communicate information – assuming you can get them using the platform at all. Enterprise social media fails unless most employees see the rewards of total transparency at work.

This is no secret – those who sell the software will tell you this. For example, here’s a quote from a recent OpenText blog post:

“What’s the biggest barrier you’ll face when deploying collaborative or social software (or even straight document management)? It’s swaying people’s attitudes and behaviors towards their information, knowledge, and content.”

Organizational culture isn’t much easier to engineer than national culture. Despite being forced by Canadian cultural content laws as a teenager to listen to Rush, Corey Hart, Gowan, and Kim Mitchell, I still think they all suck (sorry, Tamir).

Cultural Engineering is hazardous work. In fact, it is so hard that a certain breed of startup software company is choosing to avoid it altogether by chucking the bitter controls that big companies need to function and focusing instead on the sweet candy users want – willfully ignoring the long-term effects on the organization. What are the long-term effects? At minimum, the creation of new toxic silos of disorganized, neglected, disconnected information bristling with all kinds of business and legal jagged edges. At maximum this strategy sends the customer blissfully skipping down a gilded path that can only lead to loss and theft; privacy disasters; millions of dollars spent in unecessary electronic discovery costs and lawyer fees; and fines and penalties for failing to comply with any number of the thousands of laws and regulations affecting a large corporation’s information.

You don’t have to move very much soil in a large company to find the fossilized relics of systems past that were earlier incarnations of this myopia. To whit: a manufacturing client with 34,000 Lotus Notes databases that nobody knew what to do with — the legacy of an earlier generation’s blind bliss of “empowering users” through self-provisioning and finally, once and for all, freeing them from the machinations of their evil IT overlords. The 34, 000 Lotus Notes databases that were the sweetest e-discovery honey hole for every plaintiffs attorney east of the Mississippi; the glorious user-empowered, next generation environment that caused my client to settle case after case because it was cheaper than extracting data from the wonderful, self-provisioned mess. The amazing, hands-off application building environment that they couldn’t afford to keep around, but that was too expensive to get rid of.

Some observers are criticizing today’s startup software companies for focusing on trivial problems (Nicholas Carr, for example: “An app for making vintage photos isn’t exactly a moonshot”). There’s even a parody website on the subject. I don’t know if this is true, or if it just seems this way (the topic has the smell of a “trend piece,” like the rise of Satanic cults in the 1980s). If it is, maybe there are BIG IMPORTANT sociological reasons for this. But one thing is certain: building software that provides real value to a big organization is hard, if only because cultural engineering is hard.

So, what are the enterprise startups working on? Well, here’s one category: shared drives in the cloud. It just makes me — I don’t know  — tired? that some seem to think that putting a shared drive in the cloud is innovative. Or even edgy and “disruptive.” Conceptually, there is nothing innovative about it. Yes, the mobile and the multi-device user gives it legs. But it’s still just a damn shared drive — a great way to share information, but terrible for almost anything else. What happens after that glorious moment that the content is shared? Does the content just disappear? Are we keep supposed to never think about it again? What if we want to keep some information and throw some away? What if some of it needs special treatment because of some pain-in-the-ass law? Why are we pretending that shared drives in the cloud are immune from the problems of old-fashioned Windows networked shared drives? Shared drives stand in the way of every big company’s effort to do something meaningful with their pile of unstructured content. Do you spend millions cleaning them up? Millions migrating them to SharePoint? Even with the best “automated classification tools,” this still costs a large company millions — IF it can get the lawyers to bless the plan in the first place.

A few days before Microsoft purchased the company, I saw a senior executive from Yammer speak. It was a product pitch with the self-laudatory axiom, “adoption is the new ROI” as its centrepiece. Yammer (which some have called “FaceBook for the enterprise”) built its company in large part by offering the service to corporate users for free, then charging IT administrators to manage the resulting mess. The axiom was proven out by the company, as user counts no doubt were a central metric used by Microsoft to justify its $1.2B investment, but as an axiom for enterprise software it is gibberish. And cynical. Companies in this space also seem to love marketing slogans like, “75% of the Fortune 500 use our software,” which tells you about as much about their enterprise penetration as it would if Rovio, the maker of Angry Birds, claimed that  “100% of the Fortune 500 use our software.”

Are these companies thinking big? Do they have an enterprise moonshot? Are they tackling the truly complicated information problems of the large enterprise?

Many companies, both old and new, are tackling complicated problems. Bringing Internet scale to enterprise data. Layering massively powerful analytical tools on top of the data. Empowering the messy, risky big decisions that must be made about vast pools of we create. Refusing to be cowed by legal FUD. Cleaning up mind-boggling volumes of junk. Investing the time and money it really takes to understand vertical, business unit, and departmental problems, and deliver unsexy, but truly valuable software and process. Empowering users in a way that balances shiny new toy syndrome with the complex realities of a real-world operating environment.

But, perhaps even these companies are focusing their attention on enterprise problems that do not require cultural change or engineering. Problems that do not require any change in what a user does or does not do. Billions of dollars of enterprise software have been sold over the years because the person writing the checks believed that changing user behaviour was possible. The engineering of organizational culture has been the sine qu non of enterprise software.

Have we now reached the point where it is simply old fashioned to believe that it is possible or desireable to dicate, or at least motivate, a user to do something, or to not do something? Perhaps, but any number of corporate programs, from safety to sales practices to performance reviews, rely on this dynamic. At the same time, it’s obvious that culture engineering adds significant friction to the process of selling and implementing enterprise software, so providers are logically looking for ways to minimize or avoid it altogether.

Engineering organizational culture is engineering human behaviour itself, on a large scale. In that sense, it is not mysterious. Show the value of the change to the individual. Use incentives and consequences to create social pressure –  the true motivator. Rinse and repeat. Despite the challenges, I don’t think we have moved past the need for organizational change in the world of Information Governance.

Author: Barclay T. Blair

Safeguarding Critical E-Documents: New Information Governance Book by Robert F. Smallwood

Safeguarding Critical E-Documents with Foreword by Barclay T. Blair

Congratulations to Robert F. Smallwood on the publication of his new book, “Safeguarding Critical E-Documents: Implementing a Program for Securing Confidential Information Assets,” published by Wiley. Bob asked me to write the foreword to the book, which I have provided below, to help get you juiced up into an Information Governance frenzy so you rush out and buy his book (we authors need all the help we can get, right?)


Today, yet another organization will be forced to admit that it has lost control of its information. It will be forced to admit this by a court, by a regulator, by a reporter, or even by a hacker. It will admit that it really has no idea what information it owns, where that information resides, or what value it has. Finally, it will have to admit that this fundamental lack of information oversight has put the company, its shareholders, and its customers and partners at risk.

We are suffering a plague of information mismanagement. And yet, each year, we spend more on hardware and software to take control of this mess. What’s broken?

Let’s start here.

Imagine a world where your Chief Privacy Officer doesn’t care about privacy.  Where your Chief Operations Officer thinks operations are someone else’s problem.  Or, where your Chief Financial Officer thinks that her job is managing spreadsheets – not money.

Welcome to the world of information management: a world where we have C-level executives who, despite having the word “information” in their title, are not actually responsible for information. Most organizations have had Chief Information Officers for at least two decades, and yet, most still cannot answer this question:

“Appointing a chief information officer also raises the question of who owns databases — those who maintain them or those who produce them?”

A question, which by the way, was raised in 1984, by Modern Office Technology Magazine.

The failure of institutions worldwide to clearly answer this question is at the root of the problems Robert addresses here. It’s not the CIO’s fault – in fact, most CIOs are very clear about their role. Most view themselves more as Chief Infrastructure Officers, i.e., stewards of the information systems; the people who keep the lights on but who do not generate the electricity; the owners of the storage tanks, pipes, and faucets, but not of the water itself. Pick your analogy.

Rather, fault lies with CEOs and boards who have failed to understand that information governance lies at the heart of corporate governance.  Who fail to listen to the CIO when he talks about the real scope of his job.  Who are stuck in a different decade (century?) because they think the problem is about moving boxes of paper from facility to facility. And who, finally, have failed to adapt the CIO role, delegate the problem to another C-level executive, or create a new assignment.

This is the world that Robert’s book enters. And, it couldn’t be more timely.

In this book, Robert lays out a framework for understanding this problem, and a plan for dealing with the details – from strategy to software. Both elements are essential. We need to redefine the way we look at the information problem, which Robert helps us to do. But we also need a practical manual for information governance action, which Robert has also provided in the form of authoritative and seasoned guidance.

Information Governance is a long journey. This book should help make your journey shorter and less painful. Safe travels!

Let’s define “Information Governance”


Keep your definitions coming via Twitter (send to @btblair)!  Here is a shortened, Tweet-able link to this post if you want to help spread the word: https://barclaytblair.com/1ux

@TamirSigal InfoGov is an accountability program to enforce desirable behavior in the creation, use, archiving, and deletion of corporate information

@RGiganti IG is the reimagining of records mgmt for the 21st century. It provides an easy conceptual framework for strategic level decisions to occur.

@dgschultz #InfoGov: Set of activities, policies, stds & measures dev. & enforced to ensure info is managed according to its value to the org

@richardmedinarm Information governance is a part of corporate governance, and focuses on managing an organization’s information (content) in order to increase its value and reduce its cost and risk to the organization. In our various Program Frameworks (particularly Compliance and Discovery Readiness), we focus on the issues around the taxonomy, retention plan, and ESI inventory (sometimes called a data map). (Okay, so this one was sent in as a blog comment, and is longer than 140 characters, but I’m going to allow it, only because Richard is such a nice guy.)

@rimman An organizational policy for effectively managing Information as an Asset consistent with other Policies and Principles


Earlier this month I spoke at a webinar (link goes to recorded version) hosted by AIIM where I talked about Information Governance – what it is and why it makes sense.  IG is still a nascent concept that needs some definition. One the one hand, it seems to be about the same stuff we have already been doing (RIM, information protection, ECM, privacy, etc., etc.), and on the other it seems like it could be a new – or at least evolved –  concept that will really help us manage information better.

I am starting to write my new book on IG (more on that later), so I guess I had better make up my mind! To that end, on my webinar, I put out a call to all the participants to tell me how they define IG. But, to make it extra challenging, I asked them to send me the definition as a tweet, i.e., in 140 characters or less.

I’m repeating that call here –  Twitter message me – my address is @btblair – and give me your definition of Information Governance. I will tweet your definition and will use the best ones in my new book.

Look forward to your thoughts!