Do companies need a Chief Information Governance Officer (CIGO)? (3) – IG in organizational change. Digitization needs information governance

“Information technology strategy plans in the absence of business policies are symptoms of policy-making avoidance by top executive management.”

(Paul Strassmann, Governance of Information Management. The Concept of an Information Constitution, 2004, p.16)



The last article CIGO (2) organizational change is needed! dealt with the cultural challenges of information governance in the sense of change management, keywords: agile or lateral leadership culture. How do the relevant actors deal with each other? What happens when the residents of the WG in our refrigerator analogy no longer get along, when the poisoning of the working atmosphere progresses?

We have pointed to a realist approach that involves finding a balance between power, trust, and understanding that is appropriate to the organization(Cooling in CIGO(2). So much for the theory. The Hamburg model, which in the last article bridges the gap between top-down and bottom-up approach based on our MATRIO® model, will be concretized in this article with regard to the implementation of IG initiatives.

What are the conditions and requirements for a practically functioning and lived IG environment and culture?

First of all, it is striking how the topic of “agile management” is experiencing a sudden boom[1]. Without culture, a digital strategy is indeed worthless[2]. “A company’s workforce is the Achilles’ heel of digitization” and “agile, cross-functional methods require flat hierarchies “3. So far so good.

At the same time, an unimagined activism in terms of “digitization” has broken out in most companies; yet such a strategy should have been on the agenda of a vigilant organization long ago. After all, the urgency to act to master the digital keyboard has now gripped (almost) everyone and everything.

The KRM understands “digitization” primarily as the controllability of information and data over the entire life cycle in all conceptual aspects and characteristics. Every digital business model needs targeted control and steering of data and information, i.e. “information governance”. This is not new.

In 2009, the Gartner Toolkit for Information Governance was published with the warning: Attention heart attack![4]… because information governance lacks the corresponding business vision[5].

In the same year, KRM/Wildhaber Consulting published its Information Management Strategy.

The opening quote underscores all the information management requirements contained therein: the mastery of business information (digitization) must be supported by the decision-makers relevant to corporate policy. At the same time, the implementation must be orchestrated by a solid foundation (IG house with the main pillars: Information Management, Risk Management, IT Governance)

IG House

Information Governance Guide, p.69

No efficient and effective digitization without governance! Whether the implementation starts at the bottom or at the top is initially less relevant; what is important is the pincer movement that should lead to a common understanding of IG.

It is important to focus more on these demands and to do so in a sustainable manner. The following catalog includes a few key implementation points based on our experience[6].

  1. Digitization and IG must be imperatively linked to the business strategy. IT acts as a “business enabler”. However, during implementation, responsibilities between governance and management roles should be separated as much as possible (legislative and executive). In the MATRIO® model, such structures are built up gradually and pragmatically depending on the corporate culture and requirements.
  2. The inclusion of core processes (business) in the setup prevents a pure staff exercise from the outset, as is often initiated by central staff departments. All relevant stakeholders must be at the same table from the beginning (steering committee). This is the only way to achieve orchestration that creates practical synergies. Also, avoid overloading the roadmap. Start simple and not with the most difficult functions or projects. “Work smarter not harder!
  3. Marketing: It must be possible to sell the advantages of information control and guidance to concrete business functions (business buy-in through “value proposition”). This promotes the function-specific business understanding of data and information. Every business is an information business ( flyer). This fact is often not understood until information is perceived not only as a by-product of a business activity, but as an indispensable factor for the successful realization of business. Do they have access to the right information at the crucial moment? Because … without reliable access, there is no transparency. Without transparency, we cannot expect accountability. Without transparency and accountability, reliable business does not work.
  4. Make a distinction between information governance (content and context) and IT governance (infrastructure) (see Guide 44). At the same time, however, the bridge between business and IT must be embedded in the culture. The motto: “Everyone pulls together” becomes part of the architecture.
  5. Leadership acts as mentor and coach (communication, balancing of interests, supervision, mediation, etc.) ideally with agile teams. This requires special social and communication skills from all actors, which should be taught. Experiments must have room, “sharing is caring”. Strong bonus cultures prevent cross-functional collaboration and coordination. (promote an ECO rather than EGO culture).

Stay tuned. When dealing with the uncertainties of the future, they think of Peter Drucker: “the best way to predict the future is to make it.”



[1] Cf. Harvard Business Manager No.5, May 2016; here especially M. Leitl: Lost in transformation, pp.30-37.

2 This is how the best work. Digitally successful companies master the entire keyboard of digitization, in: SHZ No.15, 14.4.2016, p.55

[3] ibid

[4] “Not for the faint of heart. Governance is technically complex, organizationally challenging and policitically sensitive. ”

[5] Many IG initiatives turn out to be a real culture shock because there is no business vision about IG and “existing cultures and organizational relationships are not conducive to the division of labor that IG demands” Gartner (2009), Toolkit: Information Governance Project, April 2009, link:

[6] Cf. the partly operational case studies in chap. 4.5 to 4.9 in the Guide; cf. also the paper by J.Hagmann: Information Governance – Beyond the Buzz, in: Records Management Journal 2013, Vol. 23 Iss: 3, pp.228 – 240. (now available in German on our blog): It was also made clear here that IG is really just old GRC wine (Governance Risk and Compliance) in new disrupted IT hoses. See also the 7 deadly sins of information governance.


Submit a Comment

Your email address will not be published. Required fields are marked *

Related articles

On 16.3. is Digital Cleanup Day

On 16.3. is Digital Cleanup Day

Tidying up is clearly not everyone's cup of tea, but we all know the good feeling that a tidy room, a tidy desk or ... a tidy drive! You can feel proud with a clear conscience, because deleting data also has an important effect on energy consumption. I have calculated...

read more
Dealing with data risks: Data breach notification

Dealing with data risks: Data breach notification

A data breach notification or "data breach notification" refers to the process by which an organization or company is required to notify the relevant data protection authorities and, if applicable, data subjects of a data breach that is likely to result in a high risk...

read more