The Suite Spot
With the word “chief” in the title, the CIGO role clearly implies a “C-suite” position. But does the IG leader need to be in the C-suite? Ideally, and eventually, yes. Ultimately, IG should be elevated to this level of prominence and authority at an organization to get the work of IG done effectively. That said, title is not enough, and some organizations may not be ready today for a CIGO.
In the alphabet soup of C-level roles, a CIGO role without requisite authority is useless. Further, a non-C-suite position might be able to wield significant influence if it had a direct reporting path to an influential C-suite role. Introducing, whole-cloth, an IG leadership role at the C-suite, even if it is given nominal authority at that level to perform its job, is likely to fail at many organizations, today. The Task Force noted the political realities that exist at most organizations that might preclude success. Introducing the CIGO into this existing structure without some finesse might be perceived as a “turf invasion” which could lead to resistance and eventual failure.
In addition, the maturity of the organization’s IG program would also impact what an IG leader could realistically achieve. At many organizations, the IG leadership role would need to evolve over time as relationships within the organization were established and the IG program matured. To address these issues, the Task Force developed the maturity framework, below.
When creating the CIGO role, the location of the CIGO within the executive team is a critical decision. The location will reflect the perceived importance of information within the organization and will dictate how the CIGO will proceed in implementing information governance within the organization.
Reporting to the CEO
The ideal location for a CIGO is reporting directly to the CEO. This is most likely in an organization that is mature in their adoption of IG methods and practices. Even when the CIGO does not report directly to the CEO, it is important that the CIGO, like other C-Suite positions, can talk directly to the CEO as necessary. This helps to ensure that the CIGO is able to fully integrate the IG roadmap into the organization’s overall strategic plan.
Reporting to the CEO does open the potential for conflict with the CIO. With both the CIO and CIGO having “Information” in their titles, defining the line between responsibilities can be delicate. The key to making this work is for the CIGO to approach and work with the CIO as a partner. A CIGO owns the information, not the systems that store and manage that information. By working with the CIO and asking their advice on how to use existing, and potentially new, systems to meet the IG needs of the organizations, both the CIGO and the CIO can demonstrate an ability to create value for the organization.
Reporting to the CIO
When reporting to the CIO, the CIGO can work as part of the larger team delivering solutions to the business. This allows the CIGO to ensure that IG requirements are met at every turn.
When working for the CIO, the CIGO can become too associated with the technology team and not an independent leader working to provide value to the business through information. The lines of communication with the business must not only be strong to counter this perception, they must be constant so that perception does impact the CIGO’s ability to deliver on their vision.
Reporting to the General Counsel
The General Counsel’s office is a naturally location evolving from information governance’s roots in the compliance world. This will be the most logical location to many leaders when they think about IG but carries historical baggage.
Reporting to the General Counsel (GC) has the advantage of direct access those that fully understand the regulations and risks that influence decisions around the proper governance of information. It also makes the organization’s understanding of the CIGO’s role to create value from information a harder one. The line of business often views information governance as a purely compliance issue that creates work. Having the CIGO sit in the GC’s office can exacerbate that perception. Working to demonstrate how IG can create value for the business is important early on to dispel that misconception and create a solid working relationship with the business.
Other Reporting Structures
With IG impacting so many aspects of a business, there are as many potential reporting structures as there are organizations. The key with any location in the structure is to make sure that the emphasis implied in the role by its location is offset through direct communication so that all the leaders within the organization fully understand the breadth of the role.
There are several other roles that the CIGO must work with closely. As businesses move deeper into the Information Age, everyone not only has a business need to work closely with information, they also believe that they must have control of the information to ensure its availability.
The Chief Information Security Officer is another role, like the CIO, where the word “information” can become a point of contention. The CISO’s primary responsibility is protecting information so the organization does not end-up in the headlines. The CIGO needs to work with the CISO to make sure that information is accessible to everyone who needs it and that the value to be gained by sharing the information internally is balanced against the risks of a data breach. This means working together to design the processes and tools that seamlessly protect the information as the business uses it to drive revenue.
There are two CDO roles in the marketplace today, both working with data. The first is the Chief Data Officer. This CDO focuses on analyzing the vast amounts of data that the organization has accumulated to create insights. The second is the Chief Digital Officer who is working to transform and automate many of the key processes and flows of data to fully transition the organization into the digital world. Both are seeking to create more value from existing data through analysis and integration. The CIGO must work with both these roles to make sure that all information is properly tracked and managed in ways that comply with applicable rules and regulations. Working together to identify all the data and where it resides will allow both CDOs to streamline their efforts.
When it comes to making things happen, the CEO makes the decisions, the CFO writes the checks, but it is the CIO and CTO (Chief Technology Officer) with whom the CIGO must team with to provide the systems that support IG. They hold the technology and know where all the systems are located and how they are managed. If automated controls need to be implemented, systems need to be linked or acquired. The CIO and CTO are the ones who will be needed to make sure that those efforts are successful. Together with the CIGO, both sides of IT, the information and technology, can work together to create the value and apply the necessary governance to the systems.
This publication is possible through the generous help of the leading providers of information governance products and services that are Supporters of the Information Governance Initiative.
Acaveo ∙ Actiance ∙ Active Navigation ∙ Catalyst ∙ Consilio ∙ Drinker Biddle & Reath LLP ∙ DTI Global ∙ Exterro ∙ EY ∙ GlassIG ∙ Guidance Software ∙ HP Enterprise ∙ iDiscovery Solutions ∙ Integro ∙ Iron Mountain ∙ kCura ∙ Nuix ∙ OpenText ∙ Preservica ∙ Recommind ∙ Tritura ∙ Veritas ∙ ViaLumina ∙ Viewpointe, LLC ∙ ZL Technologies