Records Management & Compliance: Making the Connection
Kahn, Randolph A., Information Management
Organizations must take a proactive and holistic approach to compliance that ensures the business, technological, and legal challenges of records management are addressed
At the Core
* discusses the importance of a records management program to an organization
* defines the concept of information management compliance (IMC)
* examines the seven key elements of an IMC framework
* In response to the WorldCom bankruptcy filing, the Securities and Exchange Commission (SEC) takes swift and dramatic action to deal with what was perceived as a wholly inadequate records management program and imposes an $800-an-hour monitor on WorldCom (now MCI). The monitor's task is to ensure that the company "has developed document retention policies and... has complied with these policies"
* A. U.S. federal agency notifies a flight school six months after the September 11 terrorist attacks that two of the terrorists have been approved for student visas. The agency admits that its "current system for collecting information is... antiquated, outdated, inaccurate, and untimely."
* The SEC fines five brokerage firms $8.25 million for failure to retain e-mail records. In addition to the monetary penalty, the firms are required to "review their procedures to ensure compliance with recordkeeping statutes and rules."
* The former CFO and sales manager of a defunct Internet company are indicted on charges of falsifying records, among other things.
* The CEO of a pharmaceutical company is found guilty, sentenced to seven years in jail, and forced to pay a $3 million penalty for obstruction of justice because he "directed another individual to ... delete certain computer files... containing phone messages he received ... and documents evidencing [his] instructions."
Cases of records mismanagement, improper destruction, and falsification have cost billions of dollars, ended careers, decimated reputations, and caused some companies to wither away. Clearly, something is seriously broken. Although many records management programs probably never functioned as they should have to begin with, for most corporations it was not until the last few years that anyone took notice. Now everyone ostensibly cares about records. In reality, however, how many records management programs are effective enough to serve business objectives and protect the organization?
The Records Program as Business Facilitator and Insurance Policy
Records are the way that institutions "speak." Over time, employees transfer, retire, forget, die, or quit. Records, however, are and always will be needed to ensure that the organization continues to function and can protect its business and legal interests. More specifically, records allow organizations - among other things - to perform business planning, deal with customers' needs, protect legal interests, take care of business needs, and comply with laws, regulations, auditors, and courts. Records management is the process of managing the corporate memory in a way that makes trustworthy records readily accessible any time they are required.
While these business drivers and generalized legal needs are real, what increasingly drives the discussion today is the organization's goal to be perceived as a good corporate citizen. Corporate directors, executives, and investors all demand assurance that the records management program will not negatively impact them and will provide a degree of protection from claims of wrongdoing.
Just as they need insurance, companies of size and substance need a records program to ensure that they are covered if and when trouble strikes. In the records management context, that means an organisation can demonstrate that it has an effective and institutionalized way to manage all records and to do what is expected of a good corporate citizen. At minimum, that means that an organization retains records based on sound business judgment and in conformity with legal requirements and considerations. …