Knowledge management has become a term of art, not to be confused with records management or risk management. Emerging as its own discipline since the late 1990’s, this field is actively working to impress corporate leadership with a philosophy that staff can be more efficient and share embedded knowledge more quickly. Consider the Consortium for Service Innovation and the Knowledge Management Association, both of which discuss a conceptual framework to foster a better work place for staff by empowering them with knowledge. In this writing, such a framework is termed a “knowledgebase” and defined as the collection of knowledge in a searchable, retrievable system driven by employees for their own use. Developing knowledgebases within organizations creates potential risk to the organization, possibly not fully understood by knowledge managers or the staff using the framework. Prima facie there is more literature discussing the ways knowledge management can integrate with enterprise risk management than how practicing knowledge management can create new areas of risk.
Moreover, there may be an interesting paradox in that there is robust information available on how law firms use knowledge management in-house, more so than how they can advise clients about the risks. To wit: “knowledge management counsel” are not attorneys that can advise on the risks of a knowledge management program, but rather attorneys being asked to contribute their knowledge to a management platform to help manage firm costs. This is the first of several potential misinterpretations that can occur when the legal field and the knowledge management field try to communicate.
In an age where in-house counsel are routinely asked to advise on guardrails for discoverable, company produced content and external counsel may represent the efficacy of knowledgebase findings, this disconnect seems problematic. This writing identifies and discusses three gaps in existing knowledge management frameworks: discoverability, actionable information, and determining risk tolerance. While the field of knowledge management is on a trajectory of growth post-foundation building, it may be wise for practitioners to consider these blind spots.
Premise One – Is a company’s knowledgebase discoverable?
The principles of a corporate knowledgebase have been articulated through a group called the Consortium for Service Innovation. The Consortium has a methodology of client content creation which states, “The organization must shift to a perspective that sees knowledge as an asset owned and maintained by the team, not by an individual or a small group of dedicated content creators.” The idea that “the workers” own knowledge as opposed to “subject matter experts passing it down” is embedded in their views and training.
This should justifiably stir interest from in-house counsel, as peer-sharing of knowledge on corporate servers (such as might be found in a knowledgebase platform) without attorney client privilege could be a data mine for discovery. A search of materials to date presents no articles discussing this concept specifically – but who wants to be the first company to test the concepts in the courts? For those that practice on the side of caution, allowing free-range of “knowledge” production and sharing, capturing business processes and norms within the organization, may struggle to find a balance between the free flow of information and mitigating litigious risk. Of note, in the knowledge management field, “discovery” seems to mean something different than in the legal field, referring to extracting useful of knowledge from data. No wonder nobody is talking about it – there is fundamentally a language disconnect.
The Consortium philosophy does acknowledge that some material may need a review due to compliance concerns. However, because knowledge “should not be SME created” and should be efficiency driven, one possible solution could be to have the material reviewed after it has tested as useful by the user population. Because this is such a manual process, there is significant room for compliance review to be skipped over – and too late after misinformation has spread.
The more vetted the information prior to publication on the knowledgebase, the more a chilling effect is created, both in terms of time to real-world use and content published. What can be done? Organizations must assess what their risk tolerance is for inaccurate information to be live. Review what the original purpose of the organization’s knowledgebase is, who the users are, as well as any external communication points where the information may be conveyed. The key is to find a balance between the level of risk the company is willing to accept, the resources available to manage and review the knowledgebase, and the need for expedient content. Are there topics of higher risk that must be reviewed? Tailor the focus to those. Will a quarterly or semi-annual audit of content do the job for low-risk material? Add it to the annual project plan. Whatever course of action the organization decides upon, there should be action. Don’t forget that the content exists, lying in wait for plaintiff’s counsel to request.
Premise Two – Is your knowledgebase even accurate?
One of the components of the knowledgebase philosophy is knowledge maintenance. This should be folded into the peer review and editing process that underpins how the collection of knowledge is maintained. However, this assumes several things. First, that users will take the time to search through and update existing content, rather than simply producing new content without a concern for version control. The mantra of “search early search often” is only as effective as the staff’s willingness to use it, coupled with their conscious decision that updating existing material is a more effective strategy than producing new content.
Second, content creators and users are only as helpful as the ownership they are willing to take. Knowledge articles written by individuals who have left the company or declined to include links to primary sources, for example, create gaps in accountability and potential follow-up. Content creators or viewers who do not flag information that is outdated or using broken links are another problem for accuracy. Articles that cite to each other, creating a loop without any primary sources, are another potential problem to be mindful of.
Last, and potentially most troubling from a risk perspective, are articles that purport to document business processes demonstrating the way work is accomplished, when in fact the work may not be handled in the documented manner. When content is created, there must be a cognizant understanding that the risk of an external party bringing this material to light, followed by the questions, “Is this true and accurate? Reflective of current business practices?” should be considered. Having contrary content come to light at an inopportune time would be a difficult situation to defend.
How can this be addressed? Asking this question is a step in the right direction. Part of knowledge management is, in fact, managing the content that is created within a knowledgebase. Jamieson and Loeng’s research capture these risks as relevant to businesses. They note two additional risks: lack of end-user buy-in to the knowledgebase platform and declining organizational creativity. Consider these as areas of opportunity and risk mitigation, as well. Stressing the ownership value of the system and allowing for continuous improvements (including new and revised knowledge content) by those owners (the users) can help. Foster a community where the information is understood to be trusted (and useful) because peers are accountable to each other and structured content standards are in place.
Premise Three – Who decides what the risk tolerance is?
Reasonably assuming that the knowledgebase is discoverable and contains factual errors, knowledgebase architects may consider, what level of risk is the organization willing to accept toward the knowledgebase? Ruzic-Dimitrijevic discusses a risk assessment option that captures “degrees of harm” within a knowledge environment, using structured definitions and numerical calculations to weigh knowledge risk. This method suggests that rather than fixing the known issues, running them through an algorithm is also an option. Is there a statistically significant risk tolerance? Can counsel advise on this? Who would make these decisions?
Ethically, in a consumer oriented society, these questions are the wrong approach. Using statistics to refute the fact that inaccurate information is in a platform designed for rapid dissemination to many users does not negate mal-advisement. Accepting that there will be a tolerable level of error creates complacency. Fahey and Prusak summarize this slippery slope best: “A core tenet of any organizational learning project is that without detecting and correcting errors in ‘what we know’ and ‘how we learn,’ an organization’s knowledge deteriorates, becomes obsolete, and can result in ‘bad’ decisions.” In short, the risk is that bad decisions will be made based on information that has an embedded threshold for inaccuracy.
Spangler notes that “knowledge management” may be the wrong course of action – with “knowledge strategy” a more refined approach. Figure out what it is the organization needs the knowledgebase to do, and establish protocols to ensure those objectives are met. Creating a clear, simply understood strategy early on could help to avoid confusion leading to unnecessary risk. Similarly, Reige notes that “knowledge sharing practices often seem to fail because companies attempt to adjust their organizational culture to fit their KM, instead of implementing them so that they fit their culture”. This means that, while knowledge management experts and even counsel may advise and consult, the true expertise lies with those in the organization who understand the company’s critical need for accurate information and the risks that come with the production of faulty content.
 The closest article, which presents some good foundational insights, may be Bierce & Kenerson, P.C.’s (2012) “Knowledge Management in Strategic Alliances & Outsourcing”.
 One article came within striking distance of this concept – Hedley, A. (2016). “Why the concept of knowledge management needs to be repositioned.”
 Jamieson, R. & Loeng, D. (2003). “An Exploratory Study of Risks and Issues in Knowledge Management”. http://aisel.aisnet.org/cgi/viewcontent.cgi?article=1308&context=acis2003
 One study that discusses this concept further: Abdelrahman, M., Papamichail, K. N., & Wood-Harper, T. (2016). To Share Or Not To Share: An Exploratory Review Of Knowledge Management Systems And Knowledge Sharing in Multinational Corporations. In: UK Academy for information systems (UKAIS) 21st Annual Conference – 2016, 11-13 April 2016, Oxford. A summary of findings for this study can be found in the February 3, 2017 post at http://www.nancydixonblog.com/knowledge-management-strategies/
 Ruiz-Dimitrijevic, L. (2014). Risk assessment of knowledge management system. Online Journal of Applied Knowledge Management 3(2). Available at: http://www.iiakm.org/ojakm/articles/2015/volume3_2/OJAKM_Volume3_2pp114-126.pdf
 For a recent (non-knowledgebase) case in which a corporation’s argument that inaccurate fact sharing was “statistically insignificant” failed, see Federal Trade Commission v. DeVry, 2016: https://www.ftc.gov/system/files/documents/cases/160127devrycmpt.pdf
 Fahey, L. & Prusak, L. (1998). The Eleven Deadliest Sins of Knowledge Management. California Management Review, Vol.40 No.3. Available at http://www.comp.dit.ie/dgordon/courses/researchmethods/Countdown/11DeadliestSins.pdf
 Riege, A., (2005). Three-dozen knowledge-sharing barriers managers must consider. Journal of knowledge management. Vol. 9 No. 3, pp. 19-35.