Article

Business Information Review

2019, Vol. 36(1) 15–22
Information audit as an important ª The Author(s) 2019
Article reuse guidelines:
sagepub.com/journals-permissions
tool in organizational management: DOI: 10.1177/0266382119831458
journals.sagepub.com/home/bir
A review of literature

Ayinde Lateef
Pan Atlantic University, Nigeria
Funmilola Olubunmi Omotayo
University of Ibadan, Nigeria

Abstract
This article considers information as a strategic asset in the organization just as land, labour and capital. It elaborates how
information assets help organizations to meet its organizational objectives and also examine issues that led to the pro-
liferation of information assets; because of the proliferation of data and information, it becomes difficult for organization
to make effective use of these information assets to meets its objectives. This leads to management of information assets
and management of information risk. These two areas are critical to organization. It was concluded that information audit
is the effective tool that could be used to manage the information asset and information risk. Also that information policy
should be drawn; information professional should be among those handling information-related issues.

Keywords
Information, information asset, information audit, information management

Introduction risk management and safety programmes to mitigate

Information is recognized as the vital and most strategic
business asset (Tieto, 2013). Prior to 21st century, informa-
tion is not seen as an essential asset or factors of production
in an organization such as land, labour and capital. Over the
last few decades, it has been shown that the information
revolution has begun to change the very source of wealth
for given countries (Bowes, 1995). Wealth is perceived as
information to create value. The quest for wealth is now the
quest for information and its relevance in business. Infor-
mation has become a top-3 organizational priority for 80
per cent of the organizations surveys (Capgemini, 2008).
Also in a world survey of 1375 subscribers conducted by
Harvard Business Review Analytic Services (2010), 85 per
cent of respondents agreed that information is a key strate-
gic asset, and only 7 per cent believed they are very well
positioned to exploit it. Information is used to drive busi-
ness models. Information in modern economies describes
how the paradigm of production, distribution and consump-
tion of products and services is dramatically altered by big
data and predictive analytics (Blasé and Rao, 2013).
Exploiting information-driven in an organization results
in good feedback, increases customer’s knowledge with
better information, assists them learn how to rapidly adjust
hazards. Information informs how organizations can
improve decision-making by systematically building ana-
lytics and information capabilities to monetize more of
their data assets. Information is any piece of text or data,
document, report, book collection, knowledge, market
intelligence, link, association, perception, hunch or simple
idea held in any medium (Corrall, 2008).
Information asset and organization
An information asset is a body of information that can be
used to meet the organization objectives. Examples of
information assets in organizations are documentation of
previous information audit (IA), registers, configuration
management databases or softwares, emails, spreadsheets,
images, records, books, journals, dictionary, directory,
almanacs and year books, handbooks and manuals, seri-
als/periodicals, Manuscripts, audio tapes or cassettes, pho-
nodiscs, financial data, backup and archive data, system
Corresponding author:
Ayinde Lateef.
Email: ayindelateef0606@yahoo.com
16
software, policies and procedures, emails, encrypted data
and so on. All these can be grouped together and treated as
an information asset. These information assets can be print
or electronic format. Information asset could be in the form
of structured, semi-structured or unstructured data that is
physically stored not only in computer systems but also in
paper records, drawings, photographs, libraries and so on
(Borek et al, 2013). Before we could call information an
asset (information asset), National Archives (2017)
asserted that it must possess the followings: valuable, risk
associated with privacy and storage, possess specific con-
tent, have a manageable life cycle (creation–disposition),
expandable, compressible, substitutable, transported at
ultra-high speed for a low cost, diffusive and sharable.
Analysing the value of information asset, it is often
difficult to measure the financial value of information
assets consistently. Oppenheim et al. (2003) carried out a
case–study research in information-intensive companies in
the UK to investigate current business approaches for the
identification and management of information assets and
their attributes, and it was cleared that linking the business
benefits of managing information assets to commercial
objectives is key to senior managers. Adler et al. (2016)
also elaborated information asset from the angle of
accounting, its potential value and price, identifying differ-
ent types of valuation/pricing methods to overcome this
valuation problem and offering a model to select the most
appropriate valuation/pricing method for a particular situ-
ation. They identified highly unique, lack objective price
benchmarks and have a high potential for piracy, has effect
on the value and pricing of information assets.
Quality information is needed in any organization in
order to achieve the organization objectives. Organizations
have a management structure that determines interrelation-
ship among the different tasks and the staff, divides and
authorizes staff to carry-out roles, responsibilities to differ-
ent tasks. The ability of employees to locate, use, archive
and share information helps in conducting research, devel-
oping new products, collaboration and organization effi-
ciency is made possible through the use of information
professionals. Orna (1999) asserted that in order for the
organization to interpret the answers and make decisions,
organizations need to understand the organizational objec-
tives, organization culture and also the information politics
that flows from it. The key elements of an organization are
its people, structure, business processes, politics and cul-
ture (Laudon and Laudon, 2015).
The two major trends that brought us to the Information
Age which are massive abundant of information and glo-
balization of all economies and which put organizations
under constantly increasing pressure to adapt, innovate
and speed-up their processes to keep up with their com-
petitors. Because of the proliferation of information prod-
ucts and delivery methods, information users within
organizations are suffering from information overload
Business Information Review 36(1)
(Henczel, 2001). Organizations having too much data,
information, these lead to information overload. It is too
easy for people to get a lot of information and too difficult
for them to find the right information at the right time, in
the right place in their organizations. Some of the infor-
mation assets may not be the most appropriate for their
needs because of super abundance of information. It over-
whelms an organization’s ability to sift through, organize
and act on them. Ptacek (2008) asserted that duplication of
employee efforts, gaps in information wasted on unsuc-
cessful searches also manifest a lack of information man-
agement (IM) and create a lack of knowledge
management where employees fail to learn from each
other, share information and collaborate on projects.
Henczel and Robertson (2016) asserted that executives
are bypassing the information professionals in search of
solutions that have been identified as significant risk and
compliance challenges. They do not employ the informa-
tion professionals that have the skills and do not know
how to navigate these overcrowed information assets, that
is, to select, process and de-select appropriate information
which leads to duplication of employee efforts, bridges in
information, time and money waste. In organizations,
there is need to organize information and monitor its use
to meet the organizational objectives, and this is done
through IM. In order for an organization to achieve high
performance, it is stated that, effective IM is the key
(Roglaski, 2006).
Information management
IM is a rational approach in managing information in an
organization. IM can be defined as the management of
individual information, system development and improve-
ment. It is a process that aims to manage information for the
benefit of the organization as a whole by exploiting, devel-
oping and optimizing information resources. There is the
need to have a clear and visible alignment of the informa-
tion that is acquired by the information users with the
objectives of the organization to which they belong. It is
also necessary to identify the information that is needed to
optimize the achievement of organizational objectives.
Information managers or professionals in an organization
should take into consideration the organizational culture,
organizational structure as well as organizational politics in
order to achieve the organizational goals.
IM serves managers, professionals, database administra-
tors and senior executives of organizations. Information
professionals coordinate and integrate a wide range of
information handling activities within the organization.
These include the formulating corporate information pol-
icy, design, evaluation and integration of effective infor-
mation systems and services, the exploitation of IT for
competitive advantage and the integration of internal and
external information and data. IM describes the means by
Lateef and Omotayo
which an organization plans, arranges, uses, controls, dis-
seminates and disposes of its information and ensures that
the value of that information is identified and exploited
effectively and efficiently. Corporate IM is a process of
strategic sense making, planning the supply for future
information needs, increasing the utility value of available
information resources, eliminating redundant information,
ensuring compliance to legislation, and increasing the
return on investment in information technologies (ITs)
(Pieterse, 2007).
The content and scope of IM has been applied in several
fields such as business and management, information sys-
tem, information communication and technology, public
administration, communication, library science, informa-
tion science, knowledge management and so on. IM can
be described as the process whereby resources are used
with the purpose of optimizing the use and dissemination
of information within an organization. Many authors
defined IM by focusing on IT, IM is not a technology
problem, and rather, it is about organizational, cultural and
strategic factors that must be considered to improve the
management of information within organization (Dandago
and Rufai, 2012). Often the term is used interchangeably
with others, for example, IM is often equated with the
management of information resources, the management
of IT or the management of information policies or stan-
dards (Choo, 2002). IM is the right decisions and actions at
the right time based on correct information (Tieto, 2013).
Thus, IM is the ability of organizations to acquire pro-
cess, manage, store, preserve and deliver the right informa-
tion to the right people at the right time in the right format.
An information asset that is of high quality for a particular
task might be of low quality for another different task, that
is, information assets quality depends on the content of the
usage and on the users. In order to manage information
assets, information professionals should analyse the quality
of the information asset in terms of accessibility, accuracy,
completeness, currency, availability, relevance, reliability,
timeliness, understandability, format and consistency
which will in turn influence the objective of the organiza-
tion. Poor information quality problems, lower business
process performance and eventually leads to negative risks
in organizations (Borek et al., 2013).
Information risk
Information is the lifeblood of the organization, in order to
manage it, there are a lot of risks in information from
receiving, creating, storing or retaining, using, reusing,
updating, consulting, imparting, sharing and disposing of
information; all these processes are risky. The International
Organization for Standardization (ISO) in the ISO Guide 73
defined risk as the effect of uncertainty on objectives (ISO,
2009). Risk is the likelihood that a specific threat will
occur, in order to manage risk, we need to understand what
17
is involved, and the level of risk. Risk management
involves the following: risk identification, understanding
the present state of the risk, putting protective measures
in place, then the business impact. It also involves placing
risk into categories (low, middle or high risk) or numerical
value risk. It is important to know that there will always be
risk in organization, it is highly effective to reduce the risk
or mitigate against the risk.
Information risk could be in the followings: risk of dis-
seminating sensitive information, risk of wasting time and
resources for searching for multitudes of files on the web or
database, network failure, server failure, technical failure,
risk of destroying information in order to identify what is
important or not. A research carried out at Harvard Busi-
ness School (2011) reviewed that despite the high value
that executives place on information from their customers,
less than half of the respondents 44 per cent said their
organizations are managing information security threats,
such as customer and company data theft well. This chal-
lenge will be heightened over the next few years as com-
panies, trying to get more value from information assets,
must balance the competing imperatives of increased open-
ness on the one hand and greater security on the other.
Harvard Business School research asserted that security
incidents on computer networks and ramifications of some-
one or something gaining unauthorized access to sensitive
information assets are the elements of information risk.
This can have a damaging impact on the organization,
causing reputational damage, financial loss and business
inefficiency.
Klassen et al.’s (2012) anatomy of information risk
explains the aftermaths of ineffective IM is poor data/infor-
mation and poor information quality. They elaborated that
the consequence of poor information quality is a lowered
business process performance which will in turn create
operational, strategical and opportunity risk. They went
further to clarify that poor information will lead to financial
performance risk, customer satisfaction risk, compliance
risk, health and safety risk, operational efficiency and cor-
porate strategy risk in all of the business processes that are
essential to achieve the organizational goals and objectives.
It is therefore critical that the organizations put mea-
sures in place to mitigate against these risks. Research has
it that most of the data or information loss from organiza-
tion is as a result of corporate culture and employee beha-
viour towards information (PWC, 2012). Issues caused by
employees’ behaviour attached to information risk are: lack
of awareness of information risk management, lack of
training, negligence on confidential files or information
assets, disgruntled and disengaged employees, malicious
insider attacks. However, the common element linking all
seven high risk factors is employee behaviour. The lack-
adaisical attitude of employees towards information is
alarming. Sixty per cent of businesses were unsure whether
their employees had the necessary tools to protect against
18
information risks (PwC/Iron Mountain Information Risk
Study, 2011/2012).
Information risks are typically placed in one of three
categories: confidentially, integrity and availability. These
are the model for Information security.
1. Confidentiality: only authorized persons can access
the information and prevent unauthorized person
from it.
2. Integrity: assuring the authenticity, accuracy and
completeness of data throughout its entire life cycle.
3. Availability: assuring the authorized people can
access the information when they need to, at the
right times in the right ways.
Henczel and Graham (2016) opined that organization
should not underestimate IM in terms of managing risk,
compliance, performance and financial outlay. Information
risk management is balancing act between ensuring exploi-
tation of the information at hand effectively and efficiently
and also high value assets protection. In order to ensure that
the information and records that the organizations pro-
cesses are managed in accordance with best practice pro-
cedures and comply with legislation and regulation,
governance services, IA should be conducted. The IA is a
risk mitigation exercise and quality improvement process.
IA identifies, stores, protects and evaluates information that
organization holds and how this is being processed, assess
where there are areas of risk and put procedures in place for
improving the management of our information. Informa-
tion risk should be audited and addressed with abundant
resources in terms of personnel as well as funds. Manage-
ment should take a leadership role in the management of
information risks. This includes the forming of a govern-
ance structure, in which an Information Risk Management
team, composed of information professionals, business
executives, reports to the management board.
Information audit
An audit is a process for studying, discovering, monitoring
and evaluating something. According to Dubois (1995) and
Dante (2008), AI is constituted as one of the most important
tools to the management of information and management
of information risk in the organizations. Its importance
roots not only on its contribution to an adequate manage-
ment of these assets, risk and services of information but
also to make the organization aware about what constitutes
these information assets, risks and services to the develop-
ment of work. The IA is central to the effective organiza-
tional management of information (Buchanan and Gibb,
2008). IAs are not a counting exercise but a platform from
which to develop a total knowledge management strategy
and a regular IA is the only way to ensure your business is
really efficient. The idea that information is an asset which
Business Information Review 36(1)
needs effective and efficient management has led to the
development of interest in the use of an IA. A large number
of organizations spend a great deal of time, money and
effort to practice and implement information auditing
within their organization. The main purposes of informa-
tion auditing are to establish what information assets are
already available within the organization and what the
needs for information might be, what information risk are
involved. IA establishes or improves effective IM pro-
cesses in an organization and necessary to determine the
value, risk, functions, evaluation and utility of information
assets in organizations.
Definitions of IAs
LaRosa (1991) defines IA as systematic method of explor-
ing and analysing where a library’s various publics are
going strategically, and determining the challenges and
obstacles facing those publics. Underwood (1994) defines
IA as a process that enables one to log onto the information
resources held by an enterprise, identify their location, use
and responsibility for maintenance. St. Clair (1997) states
that IA is a process that examines how well the organiza-
tion’s information needs and deliverables connects with the
organizational missions, needs, goals and objectives.
Buchanan and Gibb (1998) defines IA as discovering, mon-
itoring and evaluating an organization’s information
resources in order to implement, maintain or improve the
organization’s management of information. An analogous
definition is provided by Orna (1999) which definition
states that IA is a systematic evaluation of information use,
resources and flows, with verification by reference to both
people and existing documents, in order to establish the
extent to which they are contributing to an organization’s
objectives.
Henczel (2001) defined IA as a process that will effec-
tively determine the current information environment by
identifying what information is required to meet the needs
of the organization. It establishes what information is cur-
rently supplied and allows matching of the two to identify
gaps, inconsistencies and duplications. Sharma and Singh
(2012) describe IA as a process and an analysis of infor-
mation for the accuracy, suitability and validity. It is a
systematic process through which organizations understand
its knowledge and information needs, what are knowledge,
the information flows and gaps. Kilzer (2012) defined an
IA as a tool that can be used to discover and identify pat-
terns and changes of information in an organization. Frost
and Choo (2017) IA encompasses all the methods and tools
needed to catalogue, model, evaluate, quality-control, and
analyse an organization’s information assets and IM. Henc-
zel (2017) asserted that the findings of 1A are used to
develop measurement processes to determine market pene-
tration, satisfaction, service levels and value or benefit of
the services and products provided. IA involves systematic
Lateef and Omotayo
evaluation of the strength, weakness, opportunities and
threat of information in any given organization.
Buchanan and Gibb (2008) asserted that A.1 influence
on IM, technology, systems, and content are well estab-
lished in much of the foundational literature on IA (Bucha-
nan and Gibb, 1998; Burk and Horton, 1988; Henczel,
2001; Orna, 1999). IA can also be defined as the evaluation
of an information environment in order to identify if there
are gaps, duplication and inefficiencies in organization.
From the above definitions, a majority focus on the orga-
nizations and the management of their information. It is
only LaRosa who makes reference to the end users (pub-
lics) of this information, and only a few make reference to
the use of IT in their primary definition of IA which can
now be seen as an essential part of every organization and
the way information is managed.
Thus, IA entails the systematic examination and evalua-
tion of the information assets, information use, information
flows, information risk and the management of these in an
organization. It involves information use, information
needs, ITs, information flow, information services, infor-
mation risk, information assets and also provides solution
to information processing, information control and secu-
rity, information value, information presentation, circula-
tion, information storage, maintenance and destruction,
information ownership, responsibility and accountability
and in addition, the monetary and value of the information
assets to the organization are calculated and determined. It
also evaluates information assets as strategic competitive
advantages, integrates investments of information and
communication technology with a strategic initiative of the
business, identifies information flow and processes, identi-
fies information risk and security, develops an information
policy, observation and evaluation of the correspondence
with rules, laws and policies.
Henczel (2015) identified the three components of IA:
process review, information content, capacity and
behaviour.
Process review: task analysis – information life cycle:
from creation to disposal.
Information content: identify important information
asset, gaps, duplications and evaluate suitability for
purpose.
Capability and behaviour: identifies skills gaps related
to information life cycle. It identifies behaviours that influ-
ence effective IM.
Benefits of IA to organizations
a. Validity and accurate information: IA makes the
accurate information available and ensure its valid-
ity, as corporate source information.
b. Feedback capability: IA is an important element in
the process of feedback. It also determines whether
19
the information used is specific information
required/needed, that is, it determines whether
information provided is the one needed in the orga-
nization in order to perform its task.
c. Focus of communication: IA focus attention on the
process of communication in an organization and its
improvement.
d. Opportunity to train staff: IA provides opportunity
to involve the staff in audit processes and progress,
which enhances the efficiency and audit skill and
provides better job opportunities of information
manager in corporate IM.
Kilzer (2012) also highlights the importance of IA,
which are enhancement of the understanding of communi-
cation patterns, succession planning, documentation prac-
tices, strategic planning and service evaluation. However,
despite these numerous benefits, Buchanan and Gibb
(2008) highlighted three challenges which affect the prac-
tice of IA which are limited guidance on management of
scope, ambiguous linkage to related Information and Com-
munication Technology scope and lack of standard meth-
odological approach. They further state that ideally the IA
should include all the above aspects in order to provide a
comprehensive and integrated strategic approach. Till date,
there is no single accepted methodology supported by sta-
tute, standard or professional body. Buchanan and Gibb
(1998) continued to state that there are several methodolo-
gies available many of which are characterized by a very
definite purpose and scope, which makes widespread
implementation difficult. In order for organization to apply
IA to its objectives, Ayinde and Omotayo (2017) elabo-
rated on various methods that could be applied:
a. Cost-benefit approach: A comparative analysis of
information products and services based on their
cost and perceived benefit.
b. Geographical approach: The identification of the
major components of the information system in
order to map their relation to one another.
c. Hybrid approaches: Hybrids of the cost-benefit and
geographical methods.
d. Management IAs: Confined to the identification of
formal information and reports with a strong
emphasis on management, information systems.
A good IA conducted will lead to formulating informa-
tion policy which will address the issues identified during
the IA and provide workable solutions.
International and national standards
related to IA processes
There are numbers of international and national standards
that define, describe and prescribe audit processes such as
20
ISO 19011: 2015, Guidelines for Auditing Management
Systems (ISO), which states that audit processes can be
applied more widely than the Standard might indicate, pro-
vided that consideration is given to context and the specific
competence needed. ISO 9001:2015 Quality Management
Systems Requirements (ISO, 2015) set out requirements for
documented IM with mention of review for suitability and
adequacy, availability for use where and when needed,
confidentiality, improper use and loss of integrity, access,
distribution, retrieval and use.
AS 5037 2005: Knowledge Management – A guide
(Standards Australia, 2005), which presents both IA and
knowledge audits as ‘enablers’ of knowledge management.
However, there are no stated process skills or competence
requirements highlighted in the standards. There is currently
no ISO standard, and Standards Australia may take its stan-
dard to the ISO, as happened with records management and
metadata standards (Halbwirth and Sbarcea, 2005).
Sarbanes–Oxley Act (SOX Act), the law requires that a
company’s financial records must be complete, true and
accurate, accessible, retained in accordance with the law
and good faith, and fully usable in support of any audits,
investigations or other regulatory requirements. The Sar-
banes–Oxley clearly has the potential to elevate the records
management function to a new and higher level in organi-
zation (David, 2005). Section 802 of the Act contains the
three rules that affect record keeping and in turn enhance
IA. The first deals with destruction and falsification of
records. The second strictly defines the retention period for
storing records, On the other hand, retaining information
assets longer than required can pose the risk of litigation,
organization could be sued or audited .The third rule out-
lines the specific types of business records that need to be
stored, which includes electronic communications.
Sarbanes–Oxley has impacts corporate electronic
records management policies concerning the corporation’s
procedures for retention of records, destruction of records
and response to incidents must be shown to employees and
auditors. Section 802 also prohibits tampering with wit-
nesses or whistleblowers in the course of an investigation
(Sarbanes–Oxley Act, 2002). A record retention policy
determines the length of time before records can be
destroyed (Barker, 2009). It requires that Organizations
consider the impact of electronic records and their auditing
members in regard to the destruction and retention of elec-
tronic record.
Conclusion
Information is ubiquitous in organizations which ought to be
seen as a strategic resource as other factors of production.
Strategic organizations cannot exist without information
assets. Organizations find it difficult to get the right infor-
mation at the right time in the right quality because of the
proliferation of information assets and information
Business Information Review 36(1)
professionals are cast aside from operating in their roles as
information managers. It becomes difficult to get the right
information assets at the right place in the right format.
Organizations need to collect, organize, protect and evaluate
information assets in order to meet the organizational goals.
The article identifies two important aspects which need crit-
ical evaluation which are IM and information risk. An effec-
tive tool used to manage these two aspects is IA.
All previous literatures on IA did not identify IA from
the angle of information risk, international and national
standards related to IA processes. It was concluded that a
good information policy should be drawn from the IA,
which will lead to knowledge audit. It also includes forma-
tion of governance structure in which information risk
management team, consisting of information professionals,
business executives which will reports to the management
board.
Further literature review on this should be on knowledge
audit as an importance tool in organization.
Declaration of Conflicting Interests
The author(s) declared no potential conflicts of interest with
respect to the research, authorship, and/or publication of this
article.
Funding
The author(s) received no financial support for the research,
authorship, and/or publication of this article.
References
Adler R, Stringer C, Yap M (2016) The valuation and pricing of
information assets. Pacific Accounting Review 28(4):
419–430.
Ayinde LA (2017) Information Audit of the School of Arts and
Social Science, Adeniran Ogunsanya College of Education,
Lagos State, Nigeria, Library Philosophy and Practice. Avail-
able at: https://digitalcommons.unl.edu/libphilprac/1602/
(accessed 25 July 2018).
Barker RM, Cobb AT, Karcher J (2009) The legal implications of
electronic document retention: changing the rules. Business
Horizons 52(2): 177–186.
Blasé P, Rao A (2013) Information as an asset. Financial Times.
Available at: https://www.ft.com/content/0919f8b2-6105-
11e3-b7f1-00144feabdc0 (accessed 24 June 2018).
Borek A, Parlikad AK, Webb J, et al. (2013) Total Information
Risk Management: Maximizing the Value of Data and Infor-
mation Assets. Newnes, Australia: Morgan Kaufmann.
Botha H, Boon JA (2003) The information audit: principles and
guidelines. Libri 53(1): 23–38.
Bowes R (1995, May) How best to find and fulfill business infor-
mation needs. In: Aslib Proceedings 47(5): 119–126. MCB UP
Ltd.
Buchanan S, Gibb F (1998) The information audit: an integrated
strategic approach. International Journal of Information Man-
agement 18(1): 29–47.
Lateef and Omotayo
Buchanan S, Gibb F (2008) The information audit: theory versus
practice. International Journal of Information Management
28(3): 150–160.
Buckland MK (1991) Information and Information Systems
(No. 25). ABC-CLIO.
Burk CF, Horton FW (1988) Infomap: a complete guide to dis-
covering corporate information resources. In: Infomap: A
Complete Guide to Discovering Corporate Information
Resources. Englewood Cliffs, NJ: Prentice Hall.
Campengi (2008) The information opportunity report: harnessing
information to enhance business performance. Available at:
http://www.eurim.org.uk/activities/ig/voi/The_Information_
Opportunity.pdf (accessed 25 June 2018).
Choo CW (2002) Information Management for the Intelligent
Organization: The Art of Scanning the Environment. Medford,
NJ: Information Today, Inc.
Cohen R (2012) It’s Not the Size of Your Data, It’s How You Use
It. Available at: https://www.forbes.com/sites/reuvencohen/
2012/06/05/its-not-the-size-of-your-data-its-how-you-use-it/
#6ddaa0e63a9b (accessed 12 June 2018).
Corrall S (2008) Information literacy strategy development in
higher education: an exploratory study. International Journal
of Information Management 28(1): 26–37.
Dandago KI, Rufai MAS (2012) The effect of information man-
agement on the financial performance of banks in Nigeria
(2006–2010). International Journal of Arts and Commerce
1(5): 263–278.
Dante GP (2008) Information and knowledge organizational
audit: genesis of an integration. Brazilian Journal of Informa-
tion Science 2(2): 3-15.
Dobson C (2002) Beyond the information audit: checking the
health of an organization’s information system. Searcher
10(7): 32–37.
Dubois CPR (1995) The information audit: its contribution to
decision making. Library Management 16(7): 20–24.
Frost RB, Choo CW (2017) Revisiting the information audit: a
systematic literature review and synthesis. International Jour-
nal of Information Management 37(1): 1380–1390.
Griffiths P (2010) Where next for information audit?. Business
Information Review 27(4): 216–224.
Halbwirth S, Sbarcea K (2005) The spotlight on knowledge man-
agement. In: Joint presentation by Sue Halbwirth and Kim
Sbarcea at the NSW KM Forum, held at Standards Australia,
Sydney, 7th September.
Harvard Business Review (2010) Unlocking the value of the infor-
mation economy, Harvard Business Review, Analytic Services
Report, 2011. Available at: http://eval.symantec.com/mktginfo/
enterprise/other_resources/bhbr_unlocking_value_info_econ
omy_21028773.en-us.pdf (accessed 12 June 2018).
Henczel S (2001) Department of Justice and Attorney-General,
Brisbane, Queensland, Australia. In: The Information Audit: A
Practical Guide. München: KG Saur, pp. 206–212.
Henczel S (2000) The information audit as a first step towards
effective knowledge management: an opportunity for the spe-
cial librarian. Inspel 34(3/4): 210–226.
21
Henczel S and Graham R (2015) Demystifying the Information
Audit: SLA Master Class (SLA, 2015). Available at: https://
www.sla.org/wp-content/uploads/2015/06/1650_Demystifying-
the-Information-AuditHenczel.pdf (accessed 25 June 2018).
Henczel S (2017) Information audit and impact assessment. In:
The Emerald Handbook of Modern Information Management.
Emerald Publishing Limited, pp. 271–288.
Henczel S, Robertson G (2016) The widening horizons of infor-
mation audit. Qualitative & Quantitative Methods in Libraries
5(3): 561–571.
ISO (2009) ISO Guide 73:2009 – Risk Management – Vocabu-
lary. Available at: http://www.iso.org/iso/iso_catalogue/catalo
gue_tc/catalogue_detail.htm?csnumber¼44651 (accessed 10
July 2018).
ISO 9001 (2015) International Organization for Standardization. Avail-
able at: https://www.iso.org/files/live/sites/isoorg/files/archive/pdf/
en/documented_information.pdf (accessed 12 June 2018).
Kilzer R (2012) Information audit: keys for understanding the
academic library. Technical services quarterly 29(3):
200–206.
Klassen V, Borek A, Parlikad AK, et al. (2012) Quantifying the
business impact of information quality – a risk-based
approach. In: European conference on Information Systems,
p. 239.
LaRosa S (1991) The corporate information audit. Library Man-
agement 14(2): 7–9.
Laudon KC, Laudon JP (2015) Management Information Systems:
Managing the Digital Firm Plus MyMISLab with Pearson
eText – Access Card Package. Boston: Prentice Hall Press.
Lewis BR, Snyder CA, Rainer RK Jr (1995) An empirical assess-
ment of the information resource management construct. Jour-
nal of Management Information Systems 12(1): 199–223.
Manyika J, Chui M, Brown B, et al. (2011) Big data: the next
frontier for innovation, competition, and productivity. Report,
McKinsey Global Institute, McKinsey & Company.
Merzuki SE, Latif HA (2009) Information management (IM) for
academic staff advancement programme in higher institutions.
Journal of Technology Management & Innovation 4(1):
94–104.
National Archive (2017) Identifying Information Assets and Busi-
ness Requirements, pp. 1–24. Available at: http://www.natio
nalarchives.gov.uk/doc/open-government-licence/open-gov
ernmentlicence.htm.
Oppenheim C, Stenson J, Wilson RM (2003) The attributes of
information as an asset (ed.). In: Advances in Library Admin-
istration and Organization. Emerald Group Publishing Lim-
ited, vol. 20, pp. 123–147.
Orna E (1990) Practical Information Policies: How to Manage
Information Flow in Organizations. Aldershot: Gower.
Orna E (1999) Practical Information Policies. Aldershot, UK:
Gower Publishing, Ltd.
Pieterse J (2007) The six dimensions of corporate information man-
agement. Available at: Toolbox.com (accessed 12 June 2018).
Ptacek GM (2008) An Information Audit of a Business Intelli-
gence Portal. Master’s Paper.
22
PWC report (2012) Beyond cyber threats: Europe’s First Infor-
mation Risk Maturity Index; A PwC report in conjunction with
Iron Mountain. Available at: http://www.continuitycentral.
com/BeyondCyberThreats.pdf (accessed 15 May 2018).
Roglaski S (2006) The rising importance of enterprise content
management. DM Review 16(11).
Sarbanes–Oxley (2002) Sarbanes–Oxley Act of 2002, Pub. L. No.
107-204, 116 Stat. 745. Available at: http://www.sec.gov/
about/laws/soa2002.pdf (accessed 12 June 2018).
Sharma CK, Singh AK (2012) An evaluative study of information
audit and knowledge management audit. Brazilian Journal of
Information Science: Research Trends 5(1).
St. Clair G (1997) The information audit: defining the process.
Info Manage 4(6): 5–6.
Stephens DO (2005) The Sarbanes–Oxley Act: records manage-
ment implications. Records Management Journal 15(2):
98–103.
Tieto (2013) White paper on Information Management: Financial
Times, White paper: Information Management. Available at:
https://www.tieto.com/sites/default/files/files/information-
management-white-paper.pdf (accessed 12 June 2018).
Underwood PG (1994) Checking the Net: a soft-systems approach
to information auditing. South African Journal of Library and
Information Science 62: 59–59.
Vo-Tran H (2011) Adding action to the information audit. The
Electronic Journal Information Systems Evaluation 14(2):
167–282. Available at: www.ejise.com/issue/download.html?
idArticle¼777 (accessed 12 June 2018).
Business Information Review 36(1)
Wurzler J (2013) Information Risk and Risk Management, Inter-
net Security Alliance & American National Standards Insti-
tute. Available at: https://www.sans.org/reading-room/ . . . /
information-risks-risk-management-34210 (accessed 12 June
2018).
Author biographies
Ayinde Lateef is an information professional at Lagos Business
School, Pan Atlantic University. His areas of specialization are
information auditor, information society, information and digital
resource management and information policy. He trains MBA
Students and researchers on the use of information resources to
meet their information needs such as Bloomberg training, infor-
mation literacy and so on. He is a member of Internet society and
also Oracle Certificate Associate.
Funmilola Olubunmi Omotayo is a lecturer at the Africa
Regional Centre for Information Science (ARCIS), University
of Ibadan, Nigeria. She also obtained her Doctoral degree in
Information Science from the University of Ibadan in 2005.
Dr Omotayo is an Associate Member Nigerian Institute of Man-
agement (Chartered); Associate Member Institute of Corporate
Treasurers and Accountants. Her teaching/research interests
include Information and Communication Technologies (ICTs),
Information marketing, Social and ethical issues in information
technology, Information technology training design and imple-
mentation, ICT and the Society, Knowledge organization and
management, Information Policy, e-banking, e-commerce, and
has published articles in local and international journals.