Minimizing Risks through a Corporate Information Compliance-Initiative: Corporate Governance Programs for Information Management Are a Crucial Risk-Management Investment for Organizations

By Myler, Ellie | Information Management, January-February 2008 | Go to article overview

Minimizing Risks through a Corporate Information Compliance-Initiative: Corporate Governance Programs for Information Management Are a Crucial Risk-Management Investment for Organizations


Myler, Ellie, Information Management


The Enron scandal that involved shredding of documents in anticipation of a government investigation and the subsequent passage of the Sarbanes-Oxley Act of 2002 (SOX)--which makes corporate executives accountable for certifying the accuracy of their organization's records--have dramatically heightened organizational awareness of the need to manage information properly.

In this new era of corporate accountability, many organizations are establishing corporate governance programs for managing records and information as part of their risk management and compliance strategies. In fact, although the final numbers had not been reported when this magazine went to press, an AMR Research report earlier last year projected that the total governance, risk management, and compliance spending in 2007 would exceed $29.9 billion--with about 20 percent of that allocated to SOX compliance.

While SOX holds executives accountable, organizations have begun to recognize in this technology-enabled world that every employee has responsibilities surrounding records and information. With the exploding volume of electronic records they are generating, employees must adhere to the controls provided by an information management policy to ensure the integrity, accuracy, and reliability of their organizations' information assets, intellectual property, and capital. Developing such a program begins with creating a formal policy statement.

Creating a Policy Statement for Corporate Governance

As a first step, it is essential to get senior management support for the initiative. If senior management is vested in the effort, they will direct management to dedicate time, resources, and budgetary funding to it.

The next step is to write a policy statement. According to ISO/TR 154892:2001 Information and Documentation--Records Management--Part 2: Guidelines, "A records management policy statement is a statement of intentions. It sets out what the organization intends to do and, sometimes, includes an outline of the program and procedures that will achieve those intentions."

The policy statement defines the charter for the program and should include:

* Purpose, scope, and applicability.

* Roles and responsibilities.

* Ownership, legal status, access rights, and privacy

* Goals, objectives, and principles

* References to other and related program documentation

It is imperative that senior management clearly communicates the policy statement to all levels of the organization so all can see that the initiative is being taken seriously. The message can be further supported with recent news items about the consequences suffered by Organizations because of their faulty recordkeeping. To find internal examples to support the need for the program, consult the legal department about discovery actions and the audit department to find out how the program initiatives can be integrated with the organization's compliance initiatives.

Defining Important Terms in the Policy

In today's electronic world, the concept of managing "records" (evidence of business transactions) is expanding to include managing "content," which can be anything from free-floating virtual text in cyberspace to official language contained in corporate acquisition due-diligence work papers.

How an organization defines "content" is key to managing it, so those definitions must be dearly articulated in the organization's corporate governance policy. For example, some organizations may consider works-in-progress (drafts) to he just "documents" and only final transactions to be "records" (evidence of business transactions). In other organizations, documents, records, information, and data may all be considered evidence of business transactions. How these terms are defined will affect how an organization's content is captured as final documentation for business transactions. …

The rest of this article is only available to active members of Questia

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items

Items saved from this article

This article has been saved
Highlights (0)
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

Citations (0)
Some of your citations are legacy items.

Any citation created before July 30, 2012 will labeled as a “Cited page.” New citations will be saved as cited passages, pages or articles.

We also added the ability to view new citations from your projects or the book or article where you created them.

Notes (0)
Bookmarks (0)

You have no saved items from this article

Project items include:
  • Saved book/article
  • Highlights
  • Quotes/citations
  • Notes
  • Bookmarks
Notes
Cite this article

Cited article

Style
Citations are available only to our active members.
Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

Cited article

Minimizing Risks through a Corporate Information Compliance-Initiative: Corporate Governance Programs for Information Management Are a Crucial Risk-Management Investment for Organizations
Settings

Settings

Typeface
Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Help
Full screen

matching results for page

    Questia reader help

    How to highlight and cite specific passages

    1. Click or tap the first word you want to select.
    2. Click or tap the last word you want to select, and you’ll see everything in between get selected.
    3. You’ll then get a menu of options like creating a highlight or a citation from that passage of text.

    OK, got it!

    Cited passage

    Style
    Citations are available only to our active members.
    Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

    1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25, http://www.questia.com/read/27419298.

    Cited passage

    Thanks for trying Questia!

    Please continue trying out our research tools, but please note, full functionality is available only to our active members.

    Your work will be lost once you leave this Web page.

    Buy instant access to save your work.

    Already a member? Log in now.

    Author Advanced search

    Oops!

    An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.