Pergamon PII. S0268~4012(97)00038-8 International Journal of Information Management, Vol. 18. No. 1, pp. 29-47, 1998 © 1998 Elsevier Science Ltd. All rights reserved Printed in Great Britain 0268-4012/98 S19.00 + 0.00 The Information Audit: An Integrated Strategic Approach S BUCHANAN AND F GIBB Fundamental to the development of an effective information strategy is the recognition of information as • key organisational resource. The role of the Information audit is to provide a method for identifying, evaluating, and managing information resources in order to fully exploit the strategic potential of information, in consideration of this strategic role the Information audit should provide strategic direction and guidelines for the management of an organisation's information resources. However, a review of existing methods concludes that none provide a comprehensive information auditing solution or completely fulfil this strategic role. Therefore a universal methodology is proposed. © 1998 Elsevier Science Ltd. Ail rights reserved Steven Buchanan is an IT Management Consultant at SMS Consulting Group PTY Ltd, Level 18, West Tower, South-gate, 60 City Road, Southbanlc, VIC 3006, Australia. Email:sbuchanan@sms.-com.au Forbes Gibb is with the Department of Information Science, Strathclyde Business School, University of Strathclyde, 26 Richmond Street, Glasgow, Gl IXH, UK 'The Hawley Committee, Information as an asset: the board agenda. KPMG, London, 1996. 2Joint Information Systems Committee, Guidelines for developing an information strategy. JISC, Bristol, 1995. 'information management survey. Deloitte and Touche, London, 1996. Introduction The strategic exploitation and effective management of information and enabling technologies is increasingly recognised as critical to organisational success. The Hawley Committee 1 have highlighted the need to classify and value the information assets of an organisation while, within higher education, much attention is currently focused on information management following publication of the Joint Information Systems Committee (JISC) guidelines 2 for developing an information strategy. However, many fundamental problems persist. For example, Deloitte and Touche's latest biennial information management survey 3 reveals that information overload, organisational misunderstanding of the role of information management, inadequate locator tools, poor co-ordination of information with decision-making needs, and costs associated with paper handling, non-compliance and information loss are still significant features of the information terrain. In response to these problems this paper discusses the strategic role of the information audit in helping to achieve the twin goals of effective information management and maximum exploitation of an organisation's information resources. We look at the requirements for an information strategy and describe a framework for the alignment of information strategy with business strategy; Next, the paper addresses the role of the information audit and reviews some popular approaches; We then propose a new integrative approach to the information audit; and finally summarise the conclusions of this study. 29 The information audit: S Buchanan and F Gibb 4Remenyi, D., Information Management Case Studies. Pitman, London, 1993. 5Marchand, D. and Horton, F.W., Info-Trends: Profiting from your Information Resources. John Wiley, New York, 1986. "Earl, M.J. ed.. Information Management: The Organizational Dimension. OUP, Oxford, 1996. The strategic requirement Remenyi provides considerable evidence 4 that many organisations have underestimated the strategic importance of information and associated technologies and that this has resulted in poor planning and unfulfilled potential of IT. Remenyi argues that in several cases organisations have failed to realise the strategic benefits of IT because they have mistakenly regarded IT as merely a replacement for manual and administrative functions rather than as a strategic resource. This echoes the view of Marc-hand and Horton: The firms that just survive in the information economy will be the ones that just use information resources and computer technologies only as cost-displacement and labor-saving tools. The firms that compete effectively and flourish in the information age will be the ones which use information technologies in strategic ways to manufacture new and better products, find new markets, and distribute products and services in creative ways. These will be the intelligent organizations of the future.5 Remenyi also highlights several management problems associated with IT initiatives: • The culture gap between IT managers and business managers resulting in mistrust, poor working partnerships, and a lack of strategic alignment. • A lack of procedures or a policy statement for the acquisition of IT and the creation of operational guidelines. • A failure to measure the benefits delivered or derived from information systems. • A failure to deliver cost effective systems and to identify, cost and allocate appropriate resources to deliver and maintain systems. • A lack of integration between information systems resulting in substantial amounts of data duplication, unnecessary data entry and data processing. • Failure to integrate IT investments with strategic business initiatives. Further problems which may affect the successful implementation of IT/ IS include: • A lack of transparency in decision-making. • A lack of a clear project sponsor and owner. • Inheritance of projects by sponsors with new agendas and priorities. • A lack of user involvement in all aspects of the system life-cycle. • A lack of core competencies. • Power-mongers, who have no project specific responsibilities, attempting to influence project goals. • Multiple reporting lines where the initiative serves multiple stakeholder groups. • Ineffective change management. Earl 6 argues that senior managers need to take responsibility for positioning the use of IT as an enabling force in shaping business plans and initiatives. This implies the need for senior management and other users to become more aware of the opportunities and associated competitive threats presented by IT. The requirement is for a clearly defined information management function that reflects the need to shift from an emphasis on technology management to one of matching information resources to business objectives. Thus, it is no longer sufficient to be technically competent to manage IT and information systems. A multi-disciplinary The information audit: S Buchanan and F Gibb approach is required that combines both business and information management skills in order to effectively bridge the gap between IT and the organisation's strategic business objectives. Remenyi proposes that what is required is a new paradigm for information management that applies basic business principles through a process of commercialisation: To ensure commercialisation, and therefore value for money, in the mid-1990s, firms will have to manage their information resources in innovative ways which will tend to reshape the business, use information and data more fully and ultimately deliver real and measurable benefits. This means "inter alia" that better costing systems and better benefit measuring and managing systems are required, (emphasis added) 7 The change to viewing information as a resource recognises that IT does not, of its own, confer competitive advantage or other business benefits. This reflects growing awareness that emphasis must shift from the container to content and context; from means to meaning and management (see for instance, Massey,8 Best,9 Vickers,10 Marchand and Horton," Orna I2). Information must be recognised as a resource that needs to be managed and accounted for like any other resource. This management philosophy was first popularised by Burk and Horton as information resource management.13 Information resources are those resources which facilitate the acquisition, creation, storage, processing, or provision of information that generates the knowledge or other value required to achieve the goals and objectives of the organisation. Developing an effective information strategy requires determining what and where these information resources are. This is the primary role of the information audit and is addressed later in this paper. Firstly, however, it is important to define the scope of information strategy and its relationship to business strategy. 7 op. cit, Ref 4. BMassey, J., Vital assets. Information Age. June, 1995, 25-33. 'Best, D. ed., The Fourth Resource: Information and its Management. Aslib, London, 1996. "Vickers, P., Information management Selling a concept. In Information Management from Strategies to Action. ed. B. Cronin. Aslib, London, 1985. "op. cit, Ref 5. 12Orna, E., Practical information Policies: How to Manage Information Flows in Organisations. Gower, Alder-shot, 1990. "Burk, C.F. and Horton, F.W., Info-Map: A Complete Guide to Discovering Corporate Information Resources. Prentice-Hall, Englewood Cliffs, 1988. A framework for information strategy The alignment of information strategy with business strategy is a critical ingredient for the success of the parent organisation. The relationship between business and information strategies is shown in Figure 1. It should be emphasised that the distinctions made between the various components represent an ideal and that the size or attitude of an organisation to information technologies may blur boundaries, conflate roles, or simply ignore some of these building blocks. Business strategy will typically involve four key components: mission, objectives, policy and constraints, and planning (see Figure 2). The mission provides a top-level, often highly generalised, statement of what the organisation wishes to be. It should be capable of being a touchstone which is immune to all but the most dramatic changes in the organisation's environment. The mission statement is often criticised as being overly simplistic, intentionally non-controversial, and worded in terms of motherhood and apple-pie. This is in part because it is intended to be placed in the public domain and must strike the right chord with the market. It will attempt to convey the values of the organisation and should be capable of persisting, even through times of rapidly changing market conditions. The mission statement is developed through a series of objectives, only some of which may be placed in the public domain. The objectives will not necessarily have the same degree of permanence as the mission statement and will be reviewed regularly to ensure that they reflect the current 31 The information audit: S Buchanan and F Gibb Consumed resources: Materials, Money, Time Depreciated resources: Machines/Plant, Buildings Non-consumed resources: Information, Expertise, Labour Environment Mission Objectives * \ Policy and constraints Planning •.Products'. Processes Information Information Msnagement 5 Strategy f IS Strategy S IT ■ Records " J Stretegy Strategy J Services Figure 1 Business and information strategies market conditions and perceptions regarding the best way(s) to satisfy the enterprise's mission. The objectives will also have to be interpreted within the context of the enterprise's policy on, for instance, investment, procurement and recruitment, and constraints such as the availability of capital, the regulatory regime and technologies. Policy is likely to be articulated for both public and private consumption, whilst the constraints will be divided into those which are purely for private use and those which are not. Having established the objectives, and identified the relevant policy issues and constraints, the enterprise will then develop specific plans for the realisation of the agreed objectives. The enterprise will then have to identify, design, implement and manage the key processes which will be used to achieve its strategy. Processes can be grouped under four main headings:14 • Core processes (servicing external customers); • Support processes (servicing internal customers); • Business network processes (crossing company boundaries); • Management processes (establishing the strategic framework for the other processes). These processes will take inputs, transform them, and create value-added outputs which will ultimately represent the products and services offered by the enterprise. The processes must therefore be underpinned by a series of strategies which are concerned with the effective management of the resources required by each process. The adoption of a process, rather than a functional, view of the organisation has major implications for the information manager. Many organisations now accept that while it is important to recognise functions (such as personnel, sales, finance, etc.) they can create barriers to effec-Earl, M.J. and Khan, B., How new is {j information flow and encourage managers to adopt protectionist business process redesign? European ■ . - * ■ . • •„ Management Journal, 1994,12<1>, 21. stances. A process transcends this functional view as it 32 The information audit: S Buchanan and F G/'bb Mission • Strategie Intent • Value • Vision Objectives • Purpose and contribution • Quality and criteria • Position and destination Policies A constraints • Resources snd limits • Glvens and context • Policies and guidelines Plans & Goals • Projects and priorities • Targets and goals • Journeys Figure 2 Mission, opportunities, policies and plans (adapted from Earl15) • Has customers (external or internal); • Crosses organisational boundaries (again external or internal); • Has inputs and outputs from many parts of the organisation; • Is highly information and technology dependent. Focusing on processes therefore forces the organisation to look at how information flows and how functions must co-operate in order to achieve customer satisfaction. The analysis of these flows falls within the information audit, which is discussed in the next section. The role of the information audit 15Earl, M.J., Management Strategies for Information Technology. Prentice-Hall, London, 1989. "Costello, J., The united way to better management. Computer Weekly, 14 March, 1991, pp. 22-23. Information managers will need to call on a number of tools in order to define and implement an information strategy. One popular approach is the mapping of dynamic information processes and information flows. This approach links technical and social systems as it involves an analysis of the communications (processes and information) that take place between agents (people) in a social context (the organisation) using a variety of media and channels (technology). Information strategy is therefore concerned with managing the relationships between these components (see Figure 3). Taken further, organisations can be viewed as a series of conversations.16 Managerial work consists of many short interactions (traditionally oral) in which managers create, meet, and initiate further commitments. The core of an organisation is a network of recurrent conversations based on initiating, monitoring and co-ordinating, and the lifeblood of an organisation is these information flows. One criterion for deciding on investment in information systems therefore should be the extent to which the system^plays a role in supporting these communi- 33 The information audit: S Buchanan and F Gibb cative acts. The upsurge in interest in group-oriented systems can be understood within the context of this appreciation of the importance of effective information flow. The information audit is a process for discovering, monitoring and evaluating an organisation's information flows and resources in order to implement, maintain, or improve the organisation's management of information. The information audit should not be considered as an option, but as a necessary step towards determining the value, function, and utility of information resources in order to fully exploit their strategic potential. The exact boundaries of an information audit may be difficult to draw as it may subsume more specific audit processes or be subsumed itself by others; for example, the communications audit. A typology of audits is shown in Figure 4. The business audit is designed to assess the health of the organisation in terms of its current strategy, its target and potential markets, and the products and services it has available to meet those market demands. The communication audit is designed to evaluate the management style of the organisation and the methods for communicating to and with its workforce. It is concerned with the sociological and organisational aspects of information flow. The information audit then looks at the managerial aspects of information flow by evaluating the key processes, their interaction and the information resources needed to service them. The systems audit then evaluates the functionality, usability and effectiveness of specific applications, while the technology audit is principally concerned with asset management. Traditionally, information audits have tended to be designed specifically for the individual organisation in which they are to be implemented and, consequently, their role has varied depending upon the particular circumstances and objectives of the organisation. Because of this, the role of the information audit has neither been clearly defined or universally agreed upon. For example, in its simplest form the purpose of the information audit is to: • Identify an organisation's information resources. • Identify an organisation's information requirements. However, when used to its full potential the purpose of the information audit can also include: • Identifying costs and benefits of information resources. Figure 3 The co-ordinating role of information strategy 34 The information audit: S Buchanan and F Gibt Technology Audit Systems Audit Information Audit Communication Audit Business Audit Strategy, Markets, Products & Services J Organisational Communication Information Resources £ Flows Systems Functionality Technology Base Figure 4 A Typology of audits • Identifying opportunities to use information resources for strategic competitive advantage. • Integrating IT investments with strategic business initiatives. • Identifying information flows and processes. • Developing an integrated information policy. • Creating awareness of the importance of IRM and defining the management role. • Monitoring and evaluating conformance with information-related standards, legislation, and policy guidelines. Ideally, an information audit should include all of the above to provide a truly comprehensive and integrated strategic approach. This approach would as its ultimate goal, produce an integrated information strategy encompassing and providing overall direction for each of the functions defined by Earl 17 and illustrated in Figure 5. Note that each strategy component is complemented by its own audit approach (IM strategy: information audit; IS strategy: IS Audit; IT strategy: IT audit). An alternative view of the same model is given in Figure 6 which highlights some of the responsibilities which fall under each strategy. To achieve this level of integration the information audit method should be similar in approach to Earl's multiple methodology for information system strategy formulation (see Figure 7). Leg one of Earl's model matches IS investments with business needs by adopting an analytical top-down approach supported by a formal methodology and inputs from business teams. These business teams should involve representatives from relevant stakeholder groups and not be restricted to technical specialists. Leg two evaluates current information systems by conducting bottom-up surveys and internal audits to identify 35 The information audit: S Buchanan and F Gibb "ibid, "ibid. ^Barker, R. L, Information audits: designing a methodology with reference to the R & D division of a pharmaceutical company. Department of Information Studies, Occasional Publications Series No. 8. University of Sheffield, Sheffield. 2,Robertson, G., The information audit: a broader perspective. Managing Information, 1994,1(41, 34-36. "Haynes, 0., Business process re-engineering and information audits. Managing Information, 1995, 2(6), 30-32. "Underwood, P.G., Checking the net: a soft-systems approach to information auditing. South African Journal of Library and Information Science, 1994, 62(2), 59-64. "Ellis, D., Barker, R., Potter, S. and Pridgeon, C, Information audits, communication audits, and information mapping: a review and survey. International Journal of Information Management, 1993,13(2), 134-151. 2SGillman, P., Information audits, and what they tell about services. TIP Applications, 1996,9(8), 6-10. "Gibson, P., Information audits: can you afford not to? Library Manager, 17 April, 1996, pp. 12-13. "Bertolocci, K., The information audit: An important management tool. Managing Information, 1996, 3(6), 34-35. "Dimond, G., The evaluation of information systems: A protocol for assembling information auditing packages. International Journal of Information Management, 1996,16(5), 353-368. continued on page 37 system gaps that need to be filled. As discussed above there are a number of audits that may be undertaken and typically these will be undertaken by relevant specialists. Leg three identifies opportunities afforded by IT which may yield competitive advantage or create new strategic options by a creative approach that encourages entrepreneurial managers to generate innovative solutions. The information strategy should encompass each of these legs with the second leg expanded to become the identification and evaluation of information resources (which would include information systems). As a basic framework, the information audit should begin by identifying the business goals and activities, before identifying the related information resources, and then exploring innovative IT solutions as part of the final information strategy development stage. The end result will allow the organisation to identify where it wants to be, what it currently delivers, and what it must provide to bridge the gap between demand and capability (see Figure 8). Existing information audit methods A problem with existing information audit methodologies is that although there has been much recent debate on the subject (Barker,20 Robertson,21 Haynes,22 Underwood,23 Ellis et al.,24 Gillman,25 Gibson,26 Bertolluci,27 Dimond28) very few of the methods proposed or discussed go beyond basic frameworks which require further development. As yet, there is no single accepted methodology that is supported by statute, standard, or professional association. Although several methods exist (Riley,29 Henderson,30 Gillman,31 Quinn,32 Worlock,33 Reynolds,34 Barker,35 Best36) many are characterised by a very definite purpose and scope which makes their universal adoption difficult. For this reason the most commonly adopted methodologies are those provided by Burk and Horton,37 and by Orna.38 Each of these methods is briefly reviewed below. What? Applications IS Strategy • SBU/Process bated • Demand oriented • Organisation focused How? Delivery IT Strategy • Activity/function baaed • Supply oriented • Technology focused Who? Why? Management IM Strategy • Organisation based • Relationship baaed • Management focused Figure 5 Interlinking information strategy components (adapted from Earl18) The information audit: S Buchanan and F Gibb Meaning: • Processes • Information • Logical security • User tools • Information Interchange • Application standards Means: • Architecture • Infrastructure • Technical standards • Physical security • Maintenance • Procurement Information Systems Strategy Information Management Strategy Information Technology Strategy Management: • Legal issues • Training • Best practise • Health & safety • Ownership • Accountability Figure 6 Information strategy agendas Corporate Plans ft Goals I Top down Current Systems Bottom up Analytical Planning Methodologies ft Frameworks Organisation«! teams IT Opportunities Inside out Evaluative Surveys ft Audita Users ft Specialists Creative Intelligence gathering Mavericks ft Entrepreneurs Information Strategy Portfolio Figure 7 A multiple approach to information strategy development (adapted from Earl19) continued from page 36 29Riley, R.H., The information audit. Bulletin of the American Society for Information Science. 1976,2(5), 24-25. "Henderson, H.L., Cost effective information provision and the role for the information audit. Information Management, 1980,1(4), 7-9. 3lGillman, P.L., An analytical approach to information management. The Electronic Library, 1985, 3(1), 56-60. S2Quinn, A.V., The information audit: a new tool for the information manager. Information Manager, 1979, 1(4), 18-19. 33Worlock, D.R., Implementing the information audit. Aslib Proceedings, 1987, 39, 255-260. "Reynolds, P.D., Management information audit. Accountants Magazine, 1980,84(884), 66-69. 35op. cit, Ref 20. continued on page 38 Horton's infomap InfoMap, developed by Burk and Horton,39 provides a step by. step process to discover, map, and evaluate information resources. The methodology is highly structured and provides a framework for carrying out a comprehensive inventory of an organisation's information resources. There are four main stages: • Survey: the organisation's existing information resource base is defined by carrying out a preliminary inventory of all information resource entities (IREs) via interviews with staff involved in using, handling, supplying, and managing information. • Cost/Value: a multi-disciplinary approach drawing from accounting, business, and economics is adopted to measure the cost and assess the value/benefits of each IRE in order to relate cost and value in the form of ratios to provide an overview of costs and value across the organisation. • Analysis: three information resource mapping techniques are used to relate the identified IREs to the structure, functions, and management of the organisation. Through this process the particular functions and 37 The information audit: S Buchanan and F Gibb Demand Business Strategy IM Strategy What's Missing? IS Strategy IT Strategy Supply Business Processes Ownership, end-user support, resource management, training, contractor management, legal Isaues, etc. Applications, information processes and stsndards Technologies, technical ■tandards and infrastructure Figure 8 potential Bridging the gap between business needs and technological continued from page 37 MBest, D., Information mapping: A technique to assist the introduction of information technology in organisations. In Information management From strategies to action, ed. B. Cronin. Aslib, London, 1985, p. 79. 37op. cit, Ref 13. 38op. cit, Ref 12. ^op. cit, Ref 13. *°op. cit, Ref 23. configurations of IREs can be identified and related to the organisational structure in order to identify corporate resources. • Synthesis: by careful selection of a set of resource criteria (nature, cost, and value of each IRE) the organisation's information resources are identified along with their strengths and weaknesses relative to the objectives of the organisation. InfoMap is arguably the most comprehensive method available for identifying and defining an organisation's information resources. For the organisation there are a number of benefits: • It helps to identify all formal information resources (e.g. is comprehensive rather than selective). • It provides a measurement of the cost and value of IREs. • It draws attention to problems and opportunities relating to current information management practices and policies. • It creates and stimulates awareness of the importance of IRM. However there are also a number of potential problems: • The main purpose is discovery and awareness of information resources, not how to manage information. • The process is time consuming and can incur considerable expense. • Measures of cost and value are, in most instances, rough approximations. • Attention is focused on information resources and does not include an organisational analysis. • It provides a snapshot analysis of the organisation that will require periodic updating. One the limitations of InfoMap identified by other commentators is the neglect of the issue of organisational context. Burk and Horton do point out the importance of context at various stages but do not provide any method or technique for its analysis. Underwood 40 argues that because InfoMap is dependent on users identifying information 38 The information audit: S Buchanan and F Gibb resources, more emphasis is placed on the discovery process than on the use of such information. This can then make analysis of the results difficult because of a lack of detailed knowledge regarding the context of information use within part(s) of the organisation. Underwood also points out (hat InfoMap is dependent on there being a reasonably stable and coherent set of views about the range and value of information resources within the organisation. He argues this world view is typically found in organisations that have reached a point of evolutionary stability (or maturity) and therefore have comparatively little lo gain from an information audit. However, the organisations with the most to gain from an information audit may be those experiencing instability but which ironically could be hampered by their own organisational immaturity. Underwood provides an example of this problem from a recent case study.41 The organisation being audited was three years old, had a highly divi-sionalised structure, and was going through a period of rapid growth and change. At the time of investigation the organisation was considering a central information service or resource centre to support the various divisions. The first step was to establish an information map of the organisation. The chosen methodology was InfoMap. However it was extremely difficult to establish a shared organisational view of information resources and to persuade divisions that resources available to them could also be of value elsewhere in the organisation. In the end, the results of the audit provided no common view and ultimately relied more on the judgement of the consultants. Underwood's experience should not be considered as a serious criticism of InfoMap, but more as an example of some of the problems that can disrupt the audit process. The purpose of InfoMap is to carry out an inventory of information resources and therefore the problem lies more with the organisation than the particular method. However Underwood's experience does highlight the need in some cases for a more extensive audit process that includes more of an organisational analysis. One such method is provided by Orna's flow based approach 42 Orna's information flow analysis In contrast to the bottom up approach of InfoMap, Orna's top down approach places more emphasis on the importance of organisational analysis. While InfoMap focuses on static IREs, Orna's method focuses on dynamic information flows. Also, while the end product of InfoMap is a series of maps (or tables) to provide an inventory of information resources, the end product of Orna's approach is a corporate information policy. There are four main stages to Orna's method: • Initial investigation: a top-down analysis of the organisation's objectives, structure, and culture with the knowledge gathered forming the basis of the information audit. • Information audit: adopts several steps from InfoMap but goes on to identify information flows, human resources, and the distribution of IT in relation to information flow. • Balance sheet: the findings of the information audit are related to the organisation's objectives to identify positive and negative relationships. 39 The information audit: S Buchanan and F Gibb • Policy development: the development of a corporate information policy to provide strategic direction and management guidelines for the organisation's future use of information. Orna's method has three main advantages over other methods of information auditing: • A top-down organisational analysis is carried out. • Dynamic information flows are identified. • The end product is a corporate information policy. However, a potential challenge with Orna's method is that it lacks the practical tools and techniques required to carry out several of the steps. For example, during the initial investigation (stage one) a crucial step is an in-depth investigation of the organisation's objectives, structure, and culture. However to carry out the initial investigation requires a number of important research skills (e.g. interview technique, qualitative data analysis, and organisational analysis tools to identify the organisation's mission, environment, structure, and culture) that can be easily underestimated in terms of their potential complexity and need for a structured, methodical approach. Further, it is highly probable that the information audit will be managed or carried out by an information professional or senior member of staff with an information background who consequently may lack one or more of these required skills. This has been highlighted by Best:43 ..the skills needed, spanning as they do business, information and technology areas, are rare and not yet part of training programmes for managers in MBA and other Buriness School courses. The solution of course is to have a multi-disciplinary management team and this is recommended by Oma. However, there will still remain a need to identify suitable tools and techniques to carry out several of the steps involved in the audit process. Nickerson 44 has highlighted this problem and suggests that tools and techniques are simply outside the scope of Orna's methodology. However, whether this is true or not, it does highlight a potential barrier to success that cannot be ignored. It is apparent from this review that no single method can provide a complete information audit solution and that none fully fulfil the strategic role of the information audit. The distinguishing feature that each method has in common is that they all have a very definite purpose and scope, which inevitably acts as a trade-off with universal applicability. Perhaps the most useful and applicable method is provided by Orna but this ultimately depends on the objectives of the information audit. Therefore it is essential that the purpose and scope of the information audit are clearly defined, for only then can an appropriate methodology be selected or developed. For the purposes of developing an information strategy, a comprehensive top-down integrated strategic approach is required. This should incorporate the appropriate tools and techniques to guide and support what is essentially a complex and multi-disciplinary approach that requires a broad range of business and research skills. Two aspects should be highlighted in this context: *3op cit Ref 9 "Nickerson, G„ Book review. Practical (1) There is a need for a more comprehensive top-down integrated stra-information polices: how to manage tegic approach to information auditing which enables the develop-information flows in organisations. { of an jnformation strategy. Database, 1991,14(6), 86. 40 The information audit: S Buchanan and F Gibb (2) The success of this approach is critically dependent on the identification of appropriate management tools and techniques to make it work. An integrated strategic approach to information auditing In consideration of the limited choice of information audit methodologies it was decided that a universal model should be developed that might be of use to other organisations. The methodology is therefore presented in its entirety, identifying each and every prerequisite for the development of an effective information strategy. Organisations may find that they already possess the knowledge to satisfy some of these steps. For example, they may already have a mission statement with clearly identified objectives; if this is the case they will be able to skip the relevant steps. There are five main stages to the methodology: • Promote • Identify • Analyse • Account • Synthesise The information audit is led by the information auditor (a senior information professional — internal or external) in association with a working group. The working grolpshould be a representative team of senior members of the organisation selected for their information-related backgrounds. Promote The purpose of this stage is to promote support and co-operation for the information audit. There are three steps, the first two of which are completed by the working group while the final step is completed by the auditor: (1) Promote the benefits of the information audit. Ideally the organisation should hold a conference or series of seminars which explains the role of the information audit and why the organisation needs one. The purpose of this step is twofold: • To promote support and co-operation by increasing awareness ■ and understanding of the strategic importance of information management and highlighting the benefits to be gained from the information audit. • To reduce suspicion and hostility among staff members. Foster co-operation throughout the organisation. This is achieved by circulating a passport letter 45 signed by the chief executive that succinctly reiterates the issues addressed by the previous step and informs staff of the procedures to be followed during the information audit. The passport letter acts both as a medium of introduction for the auditor, and as a symbol of approval from the top executive. Carry out a preliminary survey of the organisation. The purpose of this step is to allow the auditor to make preliminary assessments of the level of awareness and value of information throughout the orga- (2)