Information audit

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

The information audit (IA) extends the concept of auditing holistically from a traditional scope of accounting and finance to the organisational information management system. Information is representative of a resource which requires effective management and this led to the development of interest in the use of an IA.[1]

Prior the 1990s and the methodologies of Orna, Henczel, Wood, Buchanan and Gibb, IA approaches and methodologies focused mainly upon an identification of formal information resources (IR). Later approaches included an organisational analysis and the mapping of the information flow. This gave context to analysis within an organisation's information systems and a holistic view of their IR and as such could contribute to the development of the information systems architecture (ISA). In recent years the IA has been overlooked in favour of the systems development process which can be less expensive than the IA, yet more heavily technically focused, project specific (not holistic) and does not favour the top-down analysis of the IA.[2]


A definition for the Information Audit cannot be universally agreed-upon amongst scholars, however the definition offered by ASLIB received positive support from a few notable scholars including Henczel, Orna and Wood; “(the IA is a) systematic examination of information use, resources and flows, with a verification by reference to both people and existing documents, in order to establish the extent to which they are contributing to an organisation’s objectives” [3] In summary, the term audit itself implies a counting,[4] the IA being much the same yet it counts IR and analyses how they are used and how critical they are to the success of a given task.

Role and scope of an IA[edit]

In much the same way as the IA is difficult to define, it can be utilised in a range of contexts by the information professional,[5] from complying with freedom of information legislation to identifying any existing gaps, duplications, bottlenecks or other inefficiencies in information flows and to understand how existing channels can be used for knowledge transfer [6]

In 2007 Buchanan and Gibb developed upon their 1998 examination of the IA process by outlining a summary of its main objectives:

  • To identify an organisation’s information resource
  • To identify an organisation’s information needs

Furthermore, Buchanan and Gibb went on to state that the IA also had to meet the following additional objectives:

  • To identify the cost/benefits of information resources
  • To identify the opportunities to use the information resources for strategic competitive advantage
  • To integrate IT investment with strategic business initiatives
  • To identify information flow and processes
  • To develop an integrated information strategy and/or policy
  • To create an awareness of the importance of Information Resource Management (IRM)
  • To monitor/evaluate conformance to information related standards, legislations, policy and guidelines.

Methodology evolution[edit]


In 1976 Riley first published a definition of IA as a way of analysing IR based on a cost-benefit model. Since Riley, scholars have outlined further developed methodologies. Henderson took a cost-benefit approach hoping to draw focus from manpower-costing to information storage and acquisition which he felt was being overlooked. In 1985 Gillman focused upon identifying the relationships which existed between various components in order to map them to one another. Neither Henderson nor Gillman’s methods offered alternative approaches beyond the existing organisational frameworks. Quinn took a hybrid-approach combining Gillman and Henderson’s methods to identify the purpose of existing IR and to position them within the organisation, as did Worlock. The differentiator between Quinn and Worlock lay in Worlock’s consideration of solutions outside of the current organisational structure. These approaches had thus far had paid little attention to the needs of the user or in making structured recommendations for the development of a corporate information strategy.[7] Therefore, here follows a brief outline and overall comparison of four published strategic approaches in order that one might understand the development of the IA methodology.

Burk and Horton[edit]

In 1988 Burk and Horton developed InfoMap, the first IA methodology developed for widespread use. It aimed to discover, map and evaluate the IR within an organisation using a 4-stage process:

  • Survey staff using questionnaires/interviews
  • Measure the IR against cost/value
  • Analyse resources
  • Synthesise the findings and map the strengths and weaknesses of the IR against the objectives of the organisation.

Although the method inventoried all IR (and therefore met standard ISO 1779) this bottom-up approach revealed limited analysis of the organisation holistically and the steps were not explicit enough.[8]


Orna produced a top-down methodology in contrast to Burk and Horton, placing emphasis upon the importance of organisational analysis and aimed to assist in the production of a corporate information policy. Initially the method had just 4-stages, this later revised to a 10-stage process which included pre and post-audit stages as below:

  • Conduct a preliminary review to confirm operational/strategic direction
  • Gain support/resource from management
  • Gain commitment from the other stakeholders (staff)
  • Planning including the project, team, tools and techniques
  • Identify the IR, information flow and produce a cost/value assessment
  • Interpret findings based upon current versus desired state
  • Produce a report to present findings
  • Implement recommendations
  • Monitor effects of change
  • Repeat the IA

Orna’s method introduced the need for a cyclical IA to be put in place in order for the IR to be continually tracked and improvements made regularly. Again this method was criticised for lacking some practical application and in 2004 Orna revised the methodology once more to try to rectify this problem [8]

Buchanan and Gibb[edit]

In 1998, similarly to Orna's earlier publication, Buchanan and Gibb took a top-down approach, drawing techniques from established management disciplines to provide a framework and a level of familiarity for information professionals. This set of techniques was a notable contribution to IA methodologies [8] and understood the need to be flexible for each organisation. Theirs was a 5-stage process:

  • Promote benefits of the IA through seminars/surveys/CEO letter for cooperation
  • Identify the mission objectives of the organisation, define environment (PEST), map information flow and examine organisation culture.
  • Analyse and formulate action plan for problem areas, flow diagrams and a report of findings and recommendations
  • Account for cost of IR and related services using Activity Based Costing (ABC) and Output Based Specification (OBS).
  • Synthesise the whole process in final audit report and provide an information strategy (strategic direction) in relation to the organisation’s mission statement.

This was the introduction of a new approach to costing the IR and had an integrated strategic direction, yet the scholars admitted that this method may be impractical for smaller organisations.[9]


Henczel’s methodology drew upon the strengths of Orna and Buchanan and Gibb to produce a 7-stage process:[10]

  • Planning and submission of business case for approval to proceed
  • Data collection and development of an IR database and population through survey techniques
  • Structured data analysis
  • Data evaluation, interpretation and formulation of recommendations
  • Communication of recommendations through a report
  • Implementing recommendations through a devised programme
  • The IA as a continuum-establishment of a cyclical process

Focus was made once more on the strategic direction of the organisation conducting the IA. Furthermore, Henczel made examination into the use of the IA as a first-step in the development of a knowledge audit or knowledge management strategy [11] as discussed in the later section.

Case studies[edit]

Scholars and information professionals have since tested the above methodologies with varied results. An early case study produced by Soy and Bustelo in a Spanish financial institution in 1999 aimed to identify the use of information resources for qualitative and quantitative data analysis due to the rapid expansion of the organisation within a six-year period.[12] Although the methodology was not explicitly credited to any of the above-mentioned scholars, it did follow a strategic (post 1990's) IA process including gaining support from management, the use of questionnaires for data collection, analysis and evaluation of the data, identification and mapping of the IR, cost-analysis and outlining recommendations to assist with the establishment of an Information policy. In addition the IA report suggested that the process would need to be continual (cyclical as Orna, Henczel and Buchanan and Gibb suggest). Conclusions of this case-study stated that the IA allowed a greater understanding of the basis of the organisation's information policy and personnel and identified technical problems within the organisation. In addition this method was believed to be cost and time-effective to the two auditors involved and the organisation used the results of the IA as a marketing tool to promote services users may not have been previously aware of.[13]

In 2006 a paper testing the 'viability' of Henczel's methodology was published in the South African Journal of Library and Information Science. The purpose of the study was to determine the financial position of an organisation (Statistics SA) through a report of financial statements made over a period of time. The IA was used as part of the holistic audit process and was limited to just the methodology of Henczel after consideration and dismissal of others.[14] The IA followed the seven-stage process as outlined above (planning, data collection, analysis, evaluation, communicating and implementing recommendations and the IA as a continuum) and the objectives were outlined as identifying the needs of respondents, identifying information sources and their significance, mapping information flow and identifying gaps in available sources.
Upon conducting the IA several recommendations were made including making print the preferred format for information and that the library should be responsible for missing information and address this in a development plan. Finally, advantages and disadvantages to this methodology were identified. It was reported that the methodology was flexible in its application as it provided a framework which could be adjusted to suit the needs of an organisation, that the scope could be easily expanded to cover more objectives and that guidelines for data collection and analysis were varied. Secondly it was felt that the methodology was cost-effective as it made use of existing resources (email, workspace etc.). The greatest disadvantage reported was that the process was 'cumbersome' and that the researcher became weary with the repetitive nature of the planning process.
In conclusion, the study reported that Henczel's methodology had allowed the information professionals to effectively manage the information management activities of the public sector organisation in question.[15] Positively it had been viewed as cost-effective and depicted a snapshot of the use of information in the organisation, yet it had been a 'cumbersome' process with some repetition within the planning phases.

In 2007 Buchanan and Gibb published another examination of the IA to include case studies of their own methodology, an element they had been previously criticised for not including.[16] In the first case study conducted in a university research department, the objectives were to identify how effective information flow within the department was and what improvement would be required. The methodology was tailored to the study by removing the costing stage and establishing a workgroup to assist at various stages of the process, whilst all other stages remained as per the above (promote, identify, analyse and synthesise). Recommendations were made by the auditor towards greater synergy and systems analysis and it was found that staff immediately recognised the value of this output.[17]
The second case study dealt with a public body within the arts sector with the objectives to streamline evaluation and approval processes and to improve communications between stakeholders. The sponsor also specified that a list of recommendations were required to be incorporated into a change management programme and this aligns well to Buchanan and Gibb's strategic directional method. The IA methodology was scoped to be primarily resource-orientated and once again the costing stage was removed. All else remained as per the original methodology. The IA output recommended that for all organisational processes a shift was needed from process-modelling to capturing process descriptions.[18]
The main strengths identified in Buchanan and Gibb's methodology were its logical structuring of stages, provision of tools, inclusive process for stakeholders, adequate illustration of the role of effective Information Management within an organisation and much like Henczel, the flexibility to tailor the methodology. Their scope matrix was also proven to be useful. A weakness lay still in the limited instructional depth which affected the qualitative data analysis. As regards the applicability of this method, it should be noted that the costing stage was not included in either study and that this might suggest it is not required in an information audit. Further study is required to produce a more conclusive analysis of the methodology.[19]

Methodology comparisons and conclusions[edit]

The conclusions of the case studies suggested that further development into the methodologies for IA was needed to include further explanation of tools, techniques, templates, interview preparation, process modelling and analysis. In 2008 Buchanan and Gibb drew comparisons from the published IA methodologies of the following scholars: Burk and Horton, Orna, Buchanan and Gibb and Henczel, with the purpose of understanding if a hybrid-methodology could be produced as a ‘baseline’ from all four.

The hybrid-methodology was formed of seven stages and is as below:

  • Set-up including project plan, communications, endorsements, business case and preliminary analysis
  • Review strategic (internal and external) analysis and organisational (cultural) analysis
  • Survey information users, identify IR and map the information flow
  • Account the cost/business benefits and value of IR
  • Analyse all findings
  • Report on the production and dissemination of recommendations
  • Guide towards development of an organisation’s information management policy/strategy, establish the IA as a cyclical process, monitor and control.

However, Buchanan and Gibb themselves declared that this should not be considered a conclusive comparison as it is high-level "and does not assess how well each methodology addresses each stage."[20]

Development of a knowledge audit[edit]

In more recent years, since the development of the top-down methodologies, IA have been used as a basis for the development of a knowledge audit, which itself in-turn contributes to an organisation's knowledge management strategy. Once complete, the IA allows examination into where knowledge is produced, where there may be need for further input and where knowledge transfer is required. Furthermore, this analysis develops strategy for knowledge capture, access, storage, dissemination and validation.[21] Dissimilarly to the IA, the objectives of the knowledge audit are to identify any people-related issues which impact the ways in which knowledge is created, transferred and shared and to identify where knowledge could be captured, where it is required and then determine how best to undertake a knowledge transfer as "unlike information, knowledge is bound to a person, organisation or community."[22] Similarities between the knowledge and information audit methodologies can be noted however, as questionnaires, the development of an inventory, analysis of flow and a data map[23] are here again used. The importance of this audit therefore is to understand the strategic significance of an organisation's knowledge assets to ensure management is focused to those areas it is specifically required.

See also[edit]


  1. ^ Ellis et al, 1993, p.134.
  2. ^ Buchanan & Gibb, 2007, p.161.
  3. ^ Buchanan & Gibb, 2007, p.159
  4. ^ Henczel, 2000, p.96.
  5. ^ Wood, 2004, p.6.
  6. ^ Henczel, 2000, p.92.
  7. ^ Ellis et al, 1993, p.137.
  8. ^ a b c Buchanan & Gibb, 2008, p.4. Paper on methodology selection.
  9. ^ Buchanan & Gibb, 1998, p.46.
  10. ^ Buchanan & Gibb, 2008, pp.4-5.
  11. ^ Henczel, 2001, p.16.
  12. ^ Soy & Bustelo, 1999, p.30. Part I of the study.
  13. ^ Soy & Bustelo, 1999, p.61
  14. ^ Raliphada & Botha, 2006, p.242.
  15. ^ Raliphada & Botha, 2006, p.248.
  16. ^ Buchanan & Gibb, 2008, p.150.
  17. ^ Buchanan & Gibb, 2008, pp.151-155.
  18. ^ Buchanan & Gibb, 2008, pp.155-156.
  19. ^ Buchanan & Gibb, 2008, p.160.
  20. ^ Buchanan & Gibb, 2008, p.6. Paper on methodology selection.
  21. ^ Henczel, 2000, p.104.
  22. ^ Mearns & Du Toit, 2008, p.161
  23. ^ Burnett et al, 2004, p.2


BUCHANAN, S. and GIBB, F., 1998. The information audit: an integrated strategic approach. International Journal of Information Management, 18(1), pp. 29–47.

BUCHANAN, S. and GIBB, F., 2007. The information audit: role and scope. International Journal of Information Management, 27(3), pp. 159–172.

BUCHANAN, S. and GIBB, F., 2008. The information audit: methodology selection. International Journal of Information Management, 28(1), pp. 3–11.

BUCHANAN, S. and GIBB, F., 2008. The information audit: Theory versus practice. International Journal of Information Management, 28(3), pp. 150–160

BURNETT, S. et al., 2004. Knowledge Auditing and Mapping: a Pragmatic Approach. Knowledge and Process Management, 11(0), pp. 1–13.

ELLIS, D. et al., 1993. Information audits, communication audits and information mapping: a review and survey. International Journal of Information Management, 13(2), pp. 29–47.

HENCZEL, S., 2001. The Information Audit: a practical guide. Wiltshire: Anthony Rowe Ltd.

HENCZEL, S., 2000. The information audit as a first step towards effective knowledge management. IFLA Publications, 108(1), pp. 91–106.

MEARNS, M.A. and DU TOIT, A.S.A., 2008. Knowledge audit: Tools of the trade transmitted to tools for tradition. International Journal of Information Management, 28(1), pp. 161–167.

RALIPHADA, L. and BOTHA, D., 2006. Testing the viability of Henczel’s information audit methodology in practice. South African Journal of Library and Information Science, 72(3), pp. 242–250.

SOY, C. and BUSTELO, C., 1999. A practical approach to information audit: case study. Managing Information, 6(9), pp. 30–36.

SOY, C. and BUSTELO, C., 1999. A practical approach to information audit: case study La Caixa Bank, Barcelona Part 2. Managing Information, 6(10), pp. 60–61.

WOOD, S., 2004. Information auditing: a guide for Information Managers. Middlesex: Freepint.

Further reading[edit]

BRYSON, J., 2006. Managing Information Services : A Transformational Approach. Hampshire: Ashgate Publishing Ltd.

GILLMAN, P.L., 1985. An analytical approach to the information audit. Electronic library, 3, pp. 56–60.

HENDERSON, H.L., 1980. Cost effective information provision and the role for the information audit. Information Management, 1(4), pp. 7–9.

HIGSON, C. and NOKES, S., 2004. The information audit asset register: a practitioner’s guide for the Freedom of Information Act. London: Rivington Publishing Ltd.

QUINN, A.V., 1979. The Information Audit: a new tool for the Information Manager. Information Manager, 1(4), pp. 18–19.

RILEY, R.H., 1976. The Information Audit. Bulletin of the American Society for Information Science, 2(5), pp. 24–25.

THEAKSTON, C., 1998. An information audit of National Westminster Bank UK’s Learning and Resource Centres. International Journal of Information Management, 18(5), pp. 371–375.

WEBER, R., 1999. Information systems, control and audit. New Jersey: Prentice-Hall Inc.

External links[edit]