Filed under: Articles, Document & records management, Information management, Intranets
Organisations wrestle with a wide range of business risks. Some of these represent frequent but minor irritations, while others may prevent the delivery of core services, or threaten to undermine the organisation as a whole.
Day-to-day business risks arise from the creation and use of information, as well as relating to the delivery of core services and products, such as:
- whether decision-making is guided by the best possible information
- the degree to which staff know corporate policies, and follow them
- the strength of information management practices, ensuring that information is accurate, trustworthy, available and findable
- the level of compliance with mandated standards, such as recordkeeping legislation or ISO-9000 compliance
- quality of advice given to customers and clients
- mistakes or errors in manufacturing or operations
- reputational risks arising from incorrect information
- breaches of environmental or safety standards
Intranets can mitigate these diverse risks in a range of practical ways.
(This is an excerpt from Essential intranets: inspiring sites that deliver value, by James Robertson. This can be obtained online from Step Two: store.steptwo.com.au)
Business risks range from small to catastrophic
Business risks comes in many shapes and sizes
Many of the business risks listed above may be small and frequent, hidden from oversight but nonetheless impacting on the success and sustainability of organisations.
In some cases, external issues such as a law suit can then bring these otherwise small issues to light, leading to big impacts in aggregate. Major legislative changes, such as those stemming from the global financial crisis, can also put pressure on risk management practices.
Business risks also result from the extraordinary impact of disasters, both natural and man-made. For example, the Icelandic volcano Eyjafjallajokull erupted in a relatively minor way in 2010, in a comparatively remote location.
Despite this, over 95,000 flights were cancelled all across Europe during the six-day travel ban, accounting for 48% of total air traffic and roughly 10 million passengers.
Without warning, CEOs, senior managers and other staff were stranded across the globe, without access to physical offices. The role of online solutions, including intranets and collaboration tools, suddenly became of critical importance, determining for many people whether daily work could continue.
Major floods, fires, hurricanes, landslides and snowstorms have all hit organisations across the globe, with even greater impact than Eyjafjallajokull.
These natural disasters can flood server rooms, disable office buildings, strand staff, overwhelm transport links and destroy infrastructure. These events can happen without warning, and the results can be catastrophic.
How intranets can mitigate business risks
Intranets are the visible face of information management practices that address and mitigate business risks. They provide a central point of access to trusted information and tools, and connect staff in ways that reduce mistakes and improve coordination. They also provide a platform for meeting regulatory and compliance needs, which is critical in many industries.
Intranets also offer virtual workspaces that allow organisations to rapidly respond to disasters, and to keep staff working even when offices are cut off from the rest of the world.
In practice, intranets can help to mitigate business risks in a variety of practical ways, including:
- increase compliance with policies
- manage audit and compliance information
- address recordkeeping requirements
- improve information management practices
- respond to natural and man-made disasters
Each of these is explored in the coming sections.
1. Increase compliance with policies
Policies are produced within organisations to standardise operations, reduce risks (to individuals and the organisation) and improve outcomes. In any given organisation, there will be hundreds of corporate policies, plus many more within individual business areas.
These policies are only effective if staff know about them, understand them, and follow what they specify. Staff also need to know when they change, and what has changed.
Policies are typically heavily cross-linked, and supported by numerous procedures, guidelines and work instructions.
There are a number of strategies that can be taken to improve compliance with corporate policies, ranging from simple to more advanced approaches:
- Publish policies in a form that is easily digestible by staff. This may involve replacing the 150-page policy PDFs, or supplementing them with intranet-based summaries of key points.
- Ensure policies can be easily found by staff. Depending on the circumstances, this may involve consolidating policies into a single well-structured area, or creating multiple areas targeting the needs of key staff groups.
- Communicate policy changes. Effective communications channels ensure staff are notified of changes (see the earlier article Intranets as a news channel for more).
- Update consolidated policies. Changes and updates should be made directly to the consolidated set of policies, rather than requiring staff to keep track of ‘deltas’ outlined in multiple news items.
- Require staff acknowledgement. In highly regulated or high-risk environments, staff can be required to check a box to acknowledge they have received and read policy updates.
- Notify staff at the point of need. The most sophisticated approach is shown in Figure 1. This associates key forms with related policies, and proactively notifies staff when policies have changed since they last used the form. This greatly increases visibility of policy updates, and provides information directly at the point of need.
Many organisations operate in highly regulated ways
2. Manage audit and compliance information
Beyond the policies and procedures outlined in the previous section, there are situations where documentation is even more tightly controlled. This may be to ensure compliance with the quality standard ISO-9000, to meet Sarbanes-Oxley (SOX) legislation, or because the organisation operates in a highly regulated industry.
There are many examples of this:
- regulated documents addressing engineering requirements in infrastructure and utility companies (such as water or power companies)
- technical documentation in the aerospace industry
- safety documents for staff working in high-risk environments (such as in factories or nuclear power stations)
- operating instructions that are audited by external regulators (such as in the financial services industry)
Intranets provide a natural home for this type of information, as they offer effective ways of managing content, as well as pre-existing channels to deliver the information to staff.
For audit and compliance content, intranets can:
- Provide a dedicated space for audit and compliance information. This brings together detailed standards and related processes into the one location.
- Apply more rigorous management, including workflow processes for changes, audit trials and supporting governance practices.
- Structure information to meet audit needs, such as matching the specific requirements of ISO-9000 or equivalent.
- Manage information in structured formats, such as XML, where technical documentation is both extensive, important and highly complex. This allows information to be repurposed between documents, and published into multiple formats.
While this type of content is primarily produced to meet regulatory needs, it must also be delivered in a format that is usable by staff, as well as being integrated into initial training and ongoing working practices.
Requirements for simplicity and usability should therefore still be met for this type of content.
Recordkeeping is complex but important
3. Address recordkeeping requirements
Recordkeeping covers the classification, retention and disposal of documents within organisations. In simple terms, it’s about keeping important information so that it can be retrieved at a later date, while deleting content that is no longer relevant or needed.
Recordkeeping requirements may be mandated at a government level, typically applied to government agencies and associated bodies. It may also be a requirement for organisations in regulated industries, such as financial service firms, power companies and other utilities.
Recordkeeping requirements may be both extensive and complex, and are generally addressed by specific records management systems (EDRMS). As intranets increase their management of documents as well as pages, recordkeeping concerns become of greater importance.
In practice, there are many ways that intranets can support recordkeeping objectives:
- Directly link to documents stored within the recordkeeping system.
- Provide search interfaces for records management systems, allowing staff to easily find documents they require without having to use separate records management tools.
- Include records in enterprise search, returning information stored in records management systems alongside intranet pages and unmanaged documents.
- Surface records on the intranet, such as by automatically presenting documents drawn via a query from the records management system behind the scenes.
These cross-links between the intranet and records management systems provide a win-win outcome: use of the EDRMS is increased, while the intranet provides usability benefits for staff.
Intranets are also becoming places to store platforms for document-centric collaboration. In these scenarios, intranets can directly meet recordkeeping requirements when a suitable technology platform is in place.
Work within an information management framework
4. Improve information management practices
Information management looks at the ways that content is created, managed, accessed, used and archived across organisations as a whole. Problems with information management practices spawn a wide range of business risks, including:
- poor or uninformed decision-making
- errors or mistakes (in service delivery, manufacturing, etc)
- incorrect information or advice provided to customers or clients
- information recreated or duplicated
- multiple versions of documents
- inefficiency due to difficulties in finding and using information
- poor coordination between different business areas
These are general risks that apply across all organisations. Within any given industry, there are very direct business risks stemming from information management failures. These include, for example, poor patient outcomes in clinical settings, or environmental breaches in manufacturing and infrastructure businesses.
An intranets is both an element of overall information management strategies, and the visible face of information management practices. Intranets assist by:
- providing an entry point to corporate information
- providing a trusted source of information
- communicating timely information
- connecting staff and making interactions visible
- automating key business processes
Intranet projects and solutions provide the greatest benefits when they are delivered as part of a holistic information management strategy that explicitly recognises key risks.
Enable staff to coordinate their response to a crisis
5. Respond to natural and man-made disasters
There are many natural disasters that can befall organisations, including fire, flood, tornado, snow and volcanic eruptions. Added to this are a wide variety of man-made disasters, including terrorist acts, war and infrastructure failures (power, water, road access, etc).
These disasters typically happen without warning, and can have a catastrophic impact on organisations’ ability to operate.
Intranets clearly can’t prevent these disasters from happening, or directly protect organisations from them. They can, however, help organisations to respond to the issues as they arise, and help staff to conduct their work regardless of the problems at hand.
Time and time again, real-life stories have shown how organisations have reacted in extraordinary ways to protect their business, and to ensure that they can still provide core services.
Intranets can support these efforts in many ways:
- Providing a communications channel, allowing timely updates to be sent to all staff.
- Providing remote access to tools and information, even when there is no physical access to offices. This allows staff to work at home during the disaster, or in temporary facilities.
- Allowing staff to collaborate on rapid responses, using social and collaborative tools. This allows informal processes and structures to quickly emerge in response to the changing nature of the disaster.
- Providing a home for disaster response policies and procedures, ensuring they are available to act on during a disaster.
Figure 2 provides a powerful example from UNICEF. Sadly familiar with the impact of humanitarian crises, UNICEF uses these intranet pages to help coordinate their vital fundraising efforts.
Where to start
Intranets help organisations manage and deliver information in better ways, reducing a wide range of business risks. They also help organisations respond to natural disasters.
- Improve the delivery of policiesA valuable first step can be to bring policies together into a small number of sections, structured in a usable way, with well-written content. Further improvements can then be made to the underlying management of policies, as well as how they are delivered to staff.
- Seek out risk ‘owners’In any larger organisation, there will be senior managers who are the ‘owners’ of key business risks, including legal, financial and compliance. Establish good relations with these managers, and use these to identify and formalise business risks, and find opportunities for the intranet to help.
- Discuss risks with service delivery areasSimilarly, managers in key service delivery areas will generally have a good understanding of the business risks that threaten them. Work with them to find ways that the intranet can mitigate these risks.
- Establish a disaster response plan for the intranetHelp the organisation to quickly respond to a disaster by enabling remote intranet access for staff, establishing good communication channels, and ensuring the resilience of intranet infrastructure.
- Align intranet strategy to business risksDocument an explicit business risks register, and outline how the intranet can help to mitigate these risks. Align intranet business cases and project plans to key business risks.
More information
This is an excerpt from the best-selling book Essential intranets: inspiring sites that deliver value.
Obtain a copy of the book to see the full set of screenshots and examples, and to explore the other ways that modern intranets can support business goals.
Copies can be obtained online:
store.steptwo.com.au