Reducing Risk through Records Management
Bieri, Gregg, Risk Management
In most companies, records management is often taken for granted or viewed simply as a matter of convenience and organization. But records management programs can also protect an organization from significant risks such as compliance issues, disaster recovery, public relations crises, confidentiality breaches and security threats. A well-executed records management program helps mitigate these risks in much of the same way that legal counsel or an insurance policy does--by acting as a safeguard against unexpected future events.
Take, for example, a large food manufacturer that did not have a records management program in place. Somewhere buried deep in boxes of unorganized records was a decades-old, long-forgotten insurance policy that protected the company against legal action requiring it to clean up a site in which toxic materials were found.
Knowing that the company was potentially at risk for such litigation, a concerned records manager pushed the company to audit, organize and manage its records and put in place an advanced records management program. Shortly after implementing the program, the company was hit with a multi-million-dollar class action lawsuit. Within days, the company was able to produce the insurance policy, which paid for nearly the entire settlement amount at virtually no cost to the company.
It is no longer simply an industry best practice to retain vital records as part of a business plan, however. There is now legislation that imposes severe penalties for not producing valid information when requested. This could then lead to liability issues if damages are suffered by the corporation or any third party that relied on the documents. This failure to maintain procedures can cause financial pain and reputation damage. For example, under certain legislation, such as the Sarbanes-Oxley Act, regulators can levy large monetary fines on any company that alters, destroys, falsifies or covers up entries in records. Companies should educate employees about their organization's records retention strategy. If an employee unknowingly fails to retain an important document, that employee will not be held liable. Rather, it is management who will be held responsible and, if the mistake is egregious enough, prosecuted. …