Researcher and Professor, Ali Daneshmandnia, shares his research on organizational culture and its' effects on Information Governance. How can one shift to a culture that is more likely to accept and accelerate Information Governance efforts? Learn in this unique session with critical research for the profession.
Ali Daneshmand - How Does Institutional Culture Influence Information Governance
1. HOW DOES INSTITUTIONAL
CULTURE INFLUENCE
INFORMATION
GOVERNANCE?
HOW AN INSTITUTION CAN MAKE IG EFFECTIVE
DR. ALI DANESHMAND
CITY UNIVERSITY OF NEW YORK
COLLEGE OF TECHNOLOGY
2. INFORMATION GOVERNANCE
WHAT IS I.G.?
• INFORMATION GOVERNANCE (IG) INVOLVES ESTABLISHING AN
ENVIRONMENT, OPPORTUNITIES, RULES, AND DECISION-MAKING
RIGHTS FOR VALUATION, CREATION, COLLECTION, ANALYSIS,
DISTRIBUTION, STORAGE, USE, AND CONTROL OF INFORMATION.
• IF APPLIED CORRECTLY, IT WILL ANSWER THE QUESTIONS:
• WHAT INFORMATION DO WE NEED?
• HOW DO WE MONITOR AND EVALUATE IT?
• WHO IS RESPONSIBLE FOR IT?” (KOOPER, MAES AND ROSS LINDGREEN
2011)
3. PURPOSE OF THE STUDY
• To explore institutional culture as a determinant of IG effectiveness in private
and public higher education institutions (HEIs), using 4 elements of
organizational culture—Control, Competition, Collaboration, and Creativity.
What are the various elements that would make information governance effective
in HEIs?
Why is this study important?
• HEIs, much the same as healthcare organizations, capture an abundant amount
of confidential information on an everyday basis—in healthcare from patients
and medical staff, in education from students and faculty—and all stakeholders
must be aware of how to protect information according to policies set forth by
federal, state, and regional accreditation agencies.
4. ACCOUNTABILITY
FERPA
Information collected from students is subject to privacy under the Family Educational Rights and
Privacy Act (FERPA) of 1974.
“FERPA was enacted to ensure the confidentiality of personally identifiable information in education
records and to guarantee parents access to their children’s education records.”
On January 8, 2010, FERPA went through a change reflecting the position taken by the courts in
interpreting the act and the imposition of new requirements. The changes affect access to educational
data for “research and accountability” and have an impact on safeguarding educational records.
6. COMPLEX LEVELS IN INFORMATION GOVERNANCE
IN HIGHER EDUCATION INSTITUTIONS
• The level of interaction among all departments makes
management of information a complex task at HEIs
• Interaction among federal, state, and the university’s own
governing body (e.g., the board, president, key administrators)
• The multiplicity of stakeholders makes information governance a
challenge:
• Tensions between faculty and trustees, where faculty are
interested in pursuing their scholarly work without much
concern for the operation of the university
• Dualism of control among faculty and administration
• Government guidelines created for oversight of access and
7. ISSUES FACING
THE CHIEF INFORMATION OFFICER (CIO)
• PRIORITIZING IT INITIATIVES
• STAYING CURRENT WITH RAPID CHANGES IN TECHNOLOGY
• MANAGING IT-ENABLED BUSINESS ENDEAVORS
• INTEGRATING IT INTO ENTERPRISE VIA INNOVATION
• COMMUNICATING INFLUENCE OF BUSINESS DECISIONS ON IT SPENDING
• PRIORITIZING IT-RELATED PROJECTS
8. ISSUES FACING THE CIO
(CONT.)
• LACK OF FUNDS
• MANAGING DEMAND AND EXPECTATIONS FOR IT SERVICES
• IT COMPETING FOR RESOURCES
• RECOGNIZING IT AS A KEY STAKEHOLDER IN THE INSTITUTION
• BUSINESS PRODUCTIVITY AND COST SAVING
• ALIGNMENT OF IT AND ‘BUSINESS’
• BUSINESS PROCESS REENGINEERING
• LACK OF FUNDS
• MANAGING EXPECTATIONS FOR IT SERVICES
9. CIO ROLE
CATEGORY (Chun and
Mooney 2009)
(Jaana, et al.
2011)
(Glaser and
Williams 2007)
(Gomes and Lapao
2008)
Roles of CIOs in
Healthcare
-Deliver value to
the business
-Conduct
investment
analysis
-Enforce IT
governance
-Develop training
policies
-Manage change
-Collaborate and
influence other
C-level managers
-Bridge between
administration,
IT, and medical
-Cut costs
-Manage and
maintain
institution’s
legacy IS
infrastructure
-Decision maker
-Leadership
skills with non-IT
personnel
-Embrace
innovations
-Implement
large-scale
initiatives
-Manage and
extend process
change
-Use best
practices to
manage
healthcare
information
-Engage in
interoperability,
technical
expertise
-Evaluate
management
security standards
and implement
them based on
their suitability
10. ISSUES FACING CIOS
CATEGORY (Chun and Mooney
2009)
(Jaana, et al. 2011) (Glaser and
Williams 2007)
(Gomes and
Lapao 2008)
Issues
Facing CIOs
-Prioritizing IT
initiatives,
-Staying current with
rapid changes in
technology.
-Managing IT-enabled
business endeavors
-Integrating IT into
enterprise via
innovation
-Communicating
influence of business
decisions on IT
spending
-Prioritizing IT related
projects
-Lack of funds
-Managing demand
and expectations for
IT services
-IT competing for
resources
-Recognizing IT as
key stakeholder in
the institution
-Business
productivity and cost
saving
-Alignment of IT and
business
-Business process
reengineering
-Lack of fund
-Managing
expectations for IT
services
-Perceived as
mainly technologist
by CEO and other
C-level executives
-May feel other
executives are
uncomfortable
because of the
“techy” image
-CIOs may have
limited
understating in
working with
clinical leadership
-Security policy
-Organizing
information
security
-Asset
management
-Human resources
security
-Physical and
environmental
security
-Communication
& operation
management
-Access control
-Information
system acquisition
-Information
security incident
management
11. IG PROCESS
IG PROCESS:
• Strategic decision-making involving the business process owner, the information
steward, and the information custodian; and the exact level of their integration
within the organization.
• The business owner is responsible for providing the specifications of the system
process (e.g., transactions involved in a task, prioritization of tasks), stewards
govern and advise the custodian on its usage, and the custodian of information
implements the system based on defined specifications (Ballard et al. 2014).
12. ELEMENTS OF IG PROCESS
Elements of IG process
Relational
Communication
Stewardship
Data quality
Information
Security/Compliance
Information
LCM
IG Policies and
framework
Records
Information
Management
and Green 2007; Ballard, et al., 2014).
13. CONCEPTUAL FRAMEWORK
Organizational
Culture
IT function,
IT Budget
External
Environment
Characteristics
Executive
Management
Support
Information
Governance
Impact of IG on the institution
Size of HEI
•Internal business
process
•Learning and growth
•Satisfaction
that will be tested in this study
Size of
Institution
14. QUESTIONS THAT GUIDED RESEARCH
•What are the determinants of information
governance effectiveness in HEIs?
•Is size of institution (expressed in terms of
enrollment) correlated with perception of IG
effectiveness?
•Is organizational culture at HEIs correlated
with perception of IG effectiveness?
15. WHO TOOK PART IN THIS STUDY?
TITLE PERCENTAGE OF RESPONSES
Chief Information Officer (CIO) 39% 42
Associate CIO 6% 6
Chief Information Security Officer
(CISO)
13% 14
IT Director 19% 20
Compliance Officer 4% 4
IT Project Manager 4% 4
Help Desk Manager 2% 2
Others: 15% 16
Information Security
Manager
7
Project Manager 1
Chief Privacy Officer 1
University Record Officer 1
IT Budget Director 1
System Analyst 2
19. IG PROCESSES AT UNIVERSITIES
ANSWER
OPTIONS
Yes No, but we
are in the
process
of selecting
one
No, but we
are
considering
selecting one
No, nor do
we have a
plan to
select one
Don’
t
kno
w
RESPONS
E
COUNT
Don’t
know
In our inst.,
we have a
CISO
113
or
67%
12 14 28 1 168 1
At our inst.,
we have an IG
council
77 or
46%
20 30 35 6 168 6
Does your
inst. have a
RIM prog.
(dept.)?
56 or
33%
7 17 73 15 168 15
Does your
inst. have a
88 or
52%
4 12 57 7 168 7
20. IG PROCESS STATUS OF HEIs
113
77
56
88
12
20
7
4
14
30
17
12
28
35
73
57
1
6
15
7
0
20
40
60
80
100
120
Have CISO? IG Committee? RIM Department? Have Compliance officer?
Presence of IG Process
YES
No, but in the process of
selecting/forming one
No, but we are considering
selecting one
No, nor do we plan to select
one
21. IG PROCESSES, INFORMATION STEWARDS,
AND ILM
33
70
29
35
21 22
44
20
41
12
PRESENCE OF
INFO STEWARDS
INFO. LIFE CYCLE
MANAGEMENT
IG Processes, Information Stewards,
and Information Life Cycle
Totally
Disagree
Somewhat
Disagree
Neither Agree
Nor Disagree
Somewhat
Agree
Totally
Agree
23. ORGANIZATIONAL CULTURE FRAMEWORK
• Organizational culture concerns internal interaction, the feeling of belonging (or
not) and commitment regarding the creation of an environment consistent with
the mission of the organization (e.g., competitive), and the development of the
social glue that bonds the organization together.
• Organizational culture is a predictor of other organizational outcomes such as
effectiveness (Cameron and Quinn 2011)
• The assessment instrument used (OCAI – Competing Value framework) for
organizational culture in HEIs is a framework divided into 4 areas of culture:
Collaboration, Creativity, Control, and Competitiveness. (Cameron and Quinn
2011)
24. MAP OF ORGANIZATIONAL CULTURE
OF AN INSTITUTION
• Competing value framework (Cameron and Quinn 2011)
Create
Collaborate
Control
Compete
25. SURVEY RESULTS OF QUESTION 1B: DOES
ORGANIZATIONAL CULTURE AT HEI POSITIVELY
CORRELATED WITH PERCEPTION OF IG PROCESS
EFFECTIVENESS?
STATISTICS Q3A-
Collaborative/
Trust within HEI
Q3B-
Culture of
Creativity/
Entrepreneurial
Q3C-
Culture of
Competition/
Result-
oriented
Q3D-
Culture of
Control and
Structure
N
No Response
134 133 134 135
34 32 32 32
Mean 4.92 3.82 4.08 3.56
Median 5.00 4.00 4.00 3.00
Mode 5 3a 3 3
Standard
Deviation
1.425 1.471 1.492 1.519
Minimum 1 1 1 1
Maximum 7 7 7 7
26. QUESTION ASKED FROM PARTICIPANTS OF
THE CURRENT STUDY
• A-THE ORGANIZATION IS A WELCOMING PLACE. THE GLUE THAT HOLDS THE ORGANIZATION
TOGETHER IS TRUST.
• B-THE ORGANIZATION IS A DYNAMIC AND ENTREPRENEURIAL PLACE. PEOPLE ARE WILLING TO STICK
THEIR NECK OUT AND TAKE RISKS.
• C- THE INSTITUTION IS VERY RESULT ORIENTED. A MAJOR CONCERN IS WITH GETTING THE JOB
DONE. PEOPLE ARE VERY COMPETITIVE AND ACHIEVEMENT ORIENTED.
• D- THE ORGANIZATION IS VERY CONTROLLED AND STRUCTURED PLACE. FORMAL PROCEDURES
GENERALLY GOVERN WHAT PEOPLE DO.
• 1-TOTALLY DISAGREE, 2- MOSTLY DISAGREE, 3-SOMEWHAT DISAGREE, 4- NEITHER AGREE
NOR DISAGREE, 5- SOMEWHAT AGREE, 6-MOSTLY AGREE, 7- TOTALLY AGREE,
COMMENTS:_____________________________________
28. FINDING BASED ON ORGANIZATIONAL
CULTURE AND IG
• Collaborative/trust: Highest mean, 4.92 with standard deviation of 1.42, closely clustered,
indicating agreed upon characteristics of organizational culture. The histogram shows many
participants agreed trust served as glue in their organization.
• Creativity/Entrepreneurial: Mean of 3.82 and SD of 1.47. The histogram shows a binominal
bimodal curve, perhaps indicating that many organizations did not embrace entrepreneurship,
and that there are those who highly welcome entrepreneurship.
• Competitiveness/Result oriented: Mean of 4.08 with SD of 1.49. The histogram emerged as a
well-rounded bell curve, indicating that the distribution is normal and, perhaps, that
participants regard the result-oriented characteristic as a common theme in regard to
organizational culture.
• Control and Structure: Emerged as a well-rounded bell curve, indicating that the distribution
is normal and, perhaps, that participants regard the result-oriented characteristics as a
common theme in regard to organizational culture.
29. FINDING BASED ON A CULTURE OF
COLLABORATION/TRUST
• Out of 133 survey participants, the average response (1-7, totally disagree-totally agree) was 4.92 (5=Somewhat
agree), and mode was 5.
• Lack of control over IG because of the “silo nature of things”
• Lack of a specific information policy about having solid information practices
• Lack of confidence in IT staff to make a difference toward the IG of the institution
Solution
• Hiring an IG director to break down existing barriers and build on IG initiatives across the institution.
• CIO empowering IT staff through spirit of teamwork to solve problems, and the team cultivates close relationships
across all divisions of the institution (such as with an IG committee)
• Continuous collaboration with faculty based on “the culture of inclusion.” Trust and transparency in collaboration
are major enablers of IG functions.
However, even when institutions embrace innovation and collaboration, a significant shift in culture, if
interconnection across information platforms has not taken place, this shift does not make IG processes easier.
30. CREATIVE AND ENTREPRENEURIAL
• Few CIOs considered an entrepreneurial or creative culture as a policy in their
institutions, “in using data, the way we work with people, or how we deploy
technology.”
• Sending IT staff to departments of the institution to serve as liaisons and learn
the business of those departments.
• The creative/entrepreneurial culture was not evident among participants. Only 2
(out of 15) participants discussed embracing a creative approach to IG.
• A top-down approach to IT management, showing a move to centralization.
31. COMPETITIVE AND RESULT-ORIENTED
• A core value for some institutions since they are science and data driven.
• Making decisions based on data is a major part of their culture.
• The result-oriented culture leads IT authorities to take charge in order to provide
accurate information.
• The IT department’s mission emphasizes employees’ commitment to end-results.
• Deployment of a review policy to identify what IT staff have done to advance their
careers.
• Creation of a governance team drawn from mid-level managers and a director
appointed by VPs. It would collaborate closely with the data standards team, which
deals with detailed information about the institution’s everyday business
transactions and communication.
32. STRUCTURED AND CONTROLLED
• Many CIOs in this study perceived leeway and freedom in management as a contradiction
to IG.
• Central control of IT represented a culture of control in many subjects’ positions.
• “We run centrally so, yes, we are involved.” This notion was particularly evident in the
case of information security.
• For information security, in particular, a centralized IT management, removes the chance
of having a “shadowy” system running within the information spectrum of the
organization.
• The IT compliance officer at a community college explained that the culture of control is
essential to ensure that his institution is in compliance in all aspects of information
governance.
• Many CIOs and CISOs indicated that their institutions are reinvesting in various
technologies (“Identity Finder” and “Content Finder”) so sensitive data in servers can be
33. EMERGED FROM THE CURRENT STUDY
:
Figure 1: CIO’s role in IG conceptual model
34. CONCLUSIONS
• The current study’s findings confirm that, much like in healthcare (Brailer, 2005),
interoperability is the key to breaking down information silos.
• The presence of an organizational culture that nourishes collaboration, trust, and
inclusion serves as an important vehicle for effective IG.
• Subjects indicated a strong affiliation with Structure and Control: “[a] strong value
toward shared governance,” “culture as centralized.”
• Communication was highlighted as crucial to effective IG. Respondents emphasized
that lack of communication was a reason for not being effective at IG: “one thing
missing here is communication.”
• Trust/collaboration/communication was repeatedly mentioned as an important
factor in IG.
• Some subjects had already taken steps toward initiatives mentioned by creating
positions such as data integrity director.
36. REFERENCES
• Brailer, D. J. (2005). Interoperability: the key to the future health care system. Health affairs, 19-21.
• Ballard, chuck, john Baldwin, Alex Baryudin, Gary Brunell, Christopher Giardina, Mark Haber, Gary O‘Neill, and Sandeep shah. 2014. IBM
information governance solutions. IBM Redbook.
• Cameron, K. S., & Quinn, R. E. (2011). Diagnosing and changing organizational culture. San Francisco: Jossey-bass.
• Chun, mark, and john Mooney. 2009. "CIO roles and responsibilities: twenty-five years of evolution and change." Information & management
323-334.
• Glaser, john P., And Robert B. Williams. 2007. "The definitive evolution of the role of the CIO." Journal of healthcare information management 9-
11.
• Gomes, R., And LV Lapao. 2008. "The adoption of IT security standards in a healthcare environment." Studies in health technology and informatics
journal 136: 765-70.
• Gordon, Jeffrey. 2003. "Governance failures of the Enron board and the new information order of SOX." Harvard law school center for law.
• Kooper, M. N., Maes, R., & Ross lindgreen, E. O. (2011). On the governance of information: introducing a new concept of governance to support
the management of information. International journal of information management, 195-200.
• Smallwood, R. F. (2014). Information governance: concepts, strategies, and best practices. Hoboken, NJ: john Wiley & sons, Inc.