Common information risks and why they could be happening to you November 22, 2012



Here are some possible information risks that could be affecting your organisation and some ideas on why they might be occurring.

Give us your feedback on whether these risks are impacting you, what is causing them and any solutions you have put in place for their mitigation.

If after reading this post you recognise any of these risks as occurring in your organisation, take the opportunity to work with your ICT staff and put in place some strategies to fix them. Let us know how you go!


Risk: Information is not created

Why this could be happening

Business requirements for information are not defined and included in ICT design, purchase or outsourcing arrangements.

  • Example: Dynamic business systems have been implemented in areas where there is a need for a fixed representation of business information


Risk: Information is incomplete

Why this could be happening

 Business requirements for information are not defined and included in ICT design, purchase or outsourcing arrangements.

Systems are not configured to make and keep complete and accountable business information.

System integrations are not comprehensively defined, resulting in limited information capture.

Lack of comprehensive information management strategies across multiple business systems and information creation environments.

  • Example: When it is not possible to track and share data about a client acorss email, social media and business platforms resulting in separate silos of information and service duplication


Risk: Information is meaningless

Why this could be happening

Post system upgrade, some information has not migrated adequately and can no longer be understood.

Inadequate system documentation about design and configuration.  

  • Example: Poor system documentation maens a superseded database structure can no longer be interpreted and the data within it can not be accessed or understood
  • Example: Picklists, drop downs, encoding schemes that define data values have not been carried forward or documented. Without these, data values no longer make sense and the meaning of all related information is lost.


Risk: Information is corrupted

Why this could be happening

Information has been poorly migrated.

Information is created  in a vulnerable format that did not migrate well.

Information is poorly stored.

Rendering software required to access certain forms of data has not been maintained.


Risk: Information cannot be trusted

Why this could be happening

In systems design, the organisation has not considered requirements for audit trails or process management.

No standard process has been established at system design to generate and maintain necessary business information, leading to ad hoc and non-comprehensive information creation.

Information has been poorly stored in network environments, allowing its integrity to be compromised.

Uncontrolled information management practices mean no version control and uncontrolled storage environments.

Migrations have been poorly designed, compromising integrity and accountability data.

Uncontrolled data purging means full knowledge of corporate action is impossible.

Lack of data sharing means definitive corporate information cannot be identified.


Risk: Information is inaccessible

Why this could be happening

Information was not exported from its creating applications before purge or over-write.

Information is contained in a legacy system which was not maintained and now cannot be accessed.

Information is contained in an orphan system which was not maintained and is now lost.

The volume of uncontrolled data created across the organisation means that important information cannot be identified through all the noise.

Backup systems have been used as default information management systems and it is cost prohibitive to routinely access information in these environments.

Routine, authorised information destruction has not occurred and the excessive volume of corporate data means accessing information is now difficult.


Risk: Information has not survived

Why this could be happening

Information was not exported from its creating applications before purge or over-write.

Information of long term business value was not proactively identified and managed and has been lost.

Poor information management practices mean extensive data volumes cannot continue to be migrated or maintained and so high value data has been routinely but inappropriately purged.

Complex legacy systems mean information of long term value cannot be carried forward into new operating environments. Access to this data is effectively lost.

Pat Jackson November 22nd, 2012

Thanks State Records NSW (and Madame Kate) for your thoughtful, engaging and clearly written articles. I shall definitely be pointing out the risks you’ve written about above to the not for profit who have employed me to ‘fix their records’.

I’ve said it before and I’ll say it again, State Records NSW has the best website, the best social media platforms and the most engaging way of delivering messages with meaning.

Thanks for sharing!

Pat – looking after records in the Wet Tropics (not NSW but FNQ)

Stacy Vail November 27th, 2012

Thank you for such a great summary!

Kate Cumming December 3rd, 2012

Thanks Stacy, you’re welcome!

Kate Cumming December 3rd, 2012

Thank you for your very kind words Pat! Best wishes for your recordkeeping challenges up in FNQ. Cheers, Kate

Leave a Reply

You must be logged in to post a comment.