Background: With the evolution of data, via information into knowledge and beyond, intangible information assets (seen as an integral part of IT assets in this article) increasingly come to fore. A contemporary issue facing organisations in the knowledge economy and beyond is how best to safeguard and derive optimum value from their evolving information assets. A well-known fact is that risk exists because there is the possibility of threats to an asset. Likewise, no assets equals no risk. Although a large body of work is addressing threat models, the nature of the assets of the knowledge economy and beyond has not been well researched.Objectives: To investigate the definition of information assets across a number of financial, risk and information technology standards, frameworks and regulations, in order to ascertain whether a coherent definition exists across the board. If there is none (or limited), then propose a workable definition that is apt for the knowledge economy and beyond.Method: Qualitative thematic content analysis and a comparative study based on four main themes (Assets, Types of Asset, Information, and Information Assets). This then serves as a basis for argumentation schemes that lead to a proposed re-definition. The qualitative research approach assists us to address the concern of the incoherent definition of information and information assets across the board.Results: Contrary to expectations, the research study found the current definition to be incoherent. When the asset to be controlled is not properly defined and understood, it stands the risk of not being identified properly. This implies that the effectiveness, efficiency, reliability of internal control, and compliance with the applicable legislation and regulations would not be appropriate. This article highlights the need for a fundamental shift in how information assets (valuable, but unvalued organisational intangible assets) are being viewed and treated, especially with regard to information risk and internal controls.Conclusion: This article has identified a major defect in most standards, frameworks, and regulations dealing with regard to the safeguarding and management of information assets (and IT assets). It has established from the review carried out that information assets have not been properly defined across the board. Beyond this significant finding, it was further shown that the principle of risk (assessment) across the board requires the identification of the asset that needs to be controlled. A starting point, then, is a coherent definition (as proposed) for the information asset in itself. Therefore, proper definition across the board might assists in proper identification that could result in appropriate control and graceful handling of the end-of-life disposal.Keywords: infonomics; information asset; information risk; internal control; reputation loss
Read full abstract