What is the most common mistake organizations make when starting an information governance program?
The most common mistake is treating information governance (IG) as a one-time technology purchase or storage cleanup project, rather than an ongoing, cross-functional discipline. Organizations often expect a tool to “solve” governance, then move on. In practice, IG fails without sustained policy, accountability, and culture change behind it.
Why This Happens
When IG is framed as an IT initiative, several predictable problems follow:
- No executive sponsorship. Without a senior owner, the program has no authority to set policy across departments or resolve conflicts between legal, IT, privacy, and the business.
- Technology before policy. Buying systems before defining what records you have, how long to keep them, and who is accountable produces expensive tools that no one knows how to use correctly.
- Treating it as a project, not a program. A cleanup with an end date ignores that information is created continuously. Governance must be maintained, not “completed.”
A Healthier Starting Point
Effective programs start with people and rules, then apply technology:
- Define scope and stakeholders. IG spans records management, privacy, security, legal/e-discovery, and the business. Bring those functions together early so the program reflects real obligations, not one department’s view.
- Know your information. Inventory what you hold and where it lives, then build a defensible retention schedule grounded in legal, regulatory, operational, and historical value.
- Assign clear accountability. Name an owner with authority, and define roles for everyday staff who actually create and handle records.
- Start small and iterate. Pilot in a high-value or high-risk area, demonstrate results, and expand. Trying to govern everything at once usually stalls.
The Underlying Principle
Recognized records management standards describe governance as a systematic, policy-driven framework supported by leadership and embedded in routine business processes, not a feature you switch on. International guidance such as ISO 15489 frames records management as an ongoing organizational responsibility, and professional bodies emphasize the same point: governance is a continuous practice, not a deliverable.
A program designed as sustained policy plus accountability plus appropriate technology, in that order, avoids the trap that derails most early efforts.
To explore related fundamentals, see the information governance topic hub.
Sources & further reading
Authoritative government and non-profit references.
- ISO 15489-1 Records management — ISO
- ARMA International — ARMA International
How to cite this page
APA
RM University Editorial. (2026). What is the most common mistake organizations make when starting an information governance program?. Records Management University. https://www.recordsmgmt.org/questions/most-common-mistake-starting-an-information-governance-program/
MLA
RM University Editorial. "What is the most common mistake organizations make when starting an information governance program?." Records Management University, 16 June 2026, www.recordsmgmt.org/questions/most-common-mistake-starting-an-information-governance-program/.
Related questions
- Big-bucket vs item-level retention schedules: how do I choose between them?
- Can a company be penalized for keeping data too long under privacy laws even if nothing was breached?
- Can a US company store records in the EU, or do data localization and cross-border transfer rules block it?
- Can executives or board members be held personally liable for information governance failures?
- Can information governance help reduce cloud storage costs, and how?