ISACA Journal
Volume 3, 2,015 

Book Reviews 

Information Governance: Concepts, Strategies and Best Practices 

Robert F. Smallwood | Reviewed by Upesh Parekh, CISA 

“By 2016, one in five chief information officers in regulation industries will be fired from their job for a failed information governance (IG) initiative.” If this quote does not jolt the reader of Information Governance: Concepts, Strategies and Best Practices out of any doubt about the importance of information governance, then what will?

Like many predictions made in this dynamic information era, some may challenge this as an exaggeration. But the information provided in Information Governance: Concepts, Strategies and Best Practices may make this suggestion appear to be an understatement.

It is estimated that 90 percent of the data existing worldwide today were created in the last two years.1 The pace of data generation is increasing daily. Advocates of big data are unanimously pushing the message of more is better.

As per a survey by the Compliance, Governance and Oversight Counsel Summit, 69 percent of the information in most companies has no business, legal or regulatory value.2 Capturing, storing, collating, organizing, reporting, retaining and disposing of large amounts of data have costs associated with them. And a large amount of information that is not appropriately governed is a risk to any organization. There is risk related to data privacy, data accuracy, integrity and failed legal discoveries.

Governing information is not an option—it is a necessity. This book discusses the concept of information governance in a detailed manner, and includes contributions from many experts in the field.

Information governance is a multidisciplinary concept. It includes aspects of business value of information, legal and regulatory requirements related to e-discovery, records management, information technology and governance of IT, privacy, and security. The author of this book discusses these areas and how they relate to information security.

Technology and information governance cannot be separated in today’s world. In fact, the prime culprits of the information explosion are the advancements made in the field of IT. To address these technical advancements, the author has discussed information governance for different delivery platforms such as email, instant messaging, cloud computing, social media, mobile devices and SharePoint.

As repeated throughout the book, information governance is not a one-time activity. It should be an ongoing program. To assist readers with this task, the author has covered the program and culture change aspects of information governance.

The importance of information governance may vary based on legal and regulatory pressures. However, all organizations can benefit from governing information better. Information Governance: Concepts, Strategies and Best Practices will surely help senior executives, consultants and technocrats jumpstart information governance initiatives in their workplaces.

Editor’s Note

Information Governance: Concepts, Strategies and Best Practices is available from the ISACA Bookstore. For information, see the ISACA Bookstore Supplement in the latest print edition of the ISACA Journal, visit, email or telephone +1.847.660.5650.


1 Paknad, Diedra; “Defensible Disposal: You Can’t Keep All Your Data Forever,” 17 July 2012,
2 As cited in the book

Reviewed by Upesh Parekh, CISA, who is a governance and risk professional with more than 10 years of experience in the fields of IT risk management and audit. He is based in Pune, India, and works for Barclays Technology Centre, India.


Add Comments

Recent Comments

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and from opinions endorsed by authors’ employers or the editors of the Journal. The ISACA Journal does not attest to the originality of authors’ content.