Strategies for Merging Recordkeeping Systems: The Critical Role That Records Play in Business Operations Demands That Acquired Records Be Thoroughly Assessed and Their Integrity Assured before Their Conversion and Deployment to a New System

Article excerpt

Corporate mergers, acquisitions, and divestitures play an increasingly prominent role in today's business world. Large-scale operational assets change hands as corporations realign their organizational structure and operational scope to better meet the needs of customers and shareholders. In acquiring another company's operations, the purchasing company will also need recorded evidence of the business activities that kept those operations going. These business records may be in either physical (e.g., paper) or electronic format, and their volume can be enormous.

Acquiring records from a major business acquisition is often treated as an afterthought to legal, financial, and other due diligence exercises, focusing on little more than finding space in shelves, cabinets, or file servers. This perspective overlooks the critical role that records play in a company's business operations.

[ILLUSTRATION OMITTED]

As essential business information, records directly participate in the transactions and decisions that make up the company's daily business activities. Meanwhile, records provide evidence of those same activities, giving them a level of risk or liability comparable to that of the activities themselves. Failing to properly care for and respect records, then, can result in significant corporate compliance risks as well as interfere with a company's ability to fully capitalize on an important acquisition investment. It is therefore of the utmost importance to address records management issues before, during, and after the acquisition.

BEFORE: Audit the Records To Be Acquired

A full audit of the selling company's records holdings and practices reveals risks and opportunities for the buyer to better maximize its investment. Such an audit is most effective if performed before I the final decision to proceed, though this is not always feasible given the extreme sensitivity that can surround corporate-level negotiations.

Some companies perform a records management audit after the major decisions have been made, but before the final details of I the acquisition have been worked out. Issues that may be brought to light during a preliminary records audit include:

1. Documentation and Retention Requirements: Any business acquired by another company will be subject to a host of legal requirements, ranging from broad-based business laws to detailed technical regulations. Many of these laws and regulations will state which records must be retained and for how long. Others imply a records retention period by limiting legal liability to a certain period of time--records must be retained in case of legal action, which can occur during that time period. Still other requirements may prescribe which documents must be kept in a given file, or even which specific data dements must be included within the individual document.

With so many diverse requirements affecting records retention, companies should examine whether the records they are acquiring meet those requirements. Look first at overall collections: Do the records of given business activities go back far enough to meet the requirements of laws and regulations affecting those activities? Where records have been destroyed, were they disposed of according to a records retention schedule, with sign-off by designated authorities?

Next, focus on samples from key collections. Are all of the specific documents required by regulators present? If not, can they be recovered with reasonable effort from internal and external sources? What level of risk is associated with not having the missing documents?

2. Privacy Compliance: Depending on where a company operates, it will need to follow one or more sets of rules for what it does with personal information about employees, customers, and other individuals. Canada's Personal Information Protection and Electronic Documents Act, the United States' Health Insurance Portability and Accountability Act, and the European Union's Data Protection Directive are just a few examples of current legislation requiring organizations to protect privacy. …