Friday, 20 January 2012

Why Records Management?


By Priscilla Emery                                

Ed.'s Note: This article is excerpted from the Records Management Report, published by CMS Watch.

To some, managing records represents one of the most boring and onerous business functions that anyone could possibly undertake within an organization. Of course, most people don’t even understand what records management is -- making it easy to malign an activity that is so misunderstood.
Indeed records management crosses numerous disciplines. Did you know…
  • That categorization and indexing are two elements that are critical to the success of a records management program? Sounds a little like knowledge management.
  • That vital records preservation is one of the key steps in developing a disaster recovery plan? Sounds like infrastructure management.
  • That by ignoring records management policies employees and their companies can potentially end up facing criminal penalties? Sounds like a legal profession.
  • What led to Arthur Andersen’s downfall? Shredding — inappropriate shredding — shredding of records that should have been retained according to the policies of both Andersen and Enron.

Despite what people may say, what you don’t know can hurt you and, in the case of records management, what you choose to ignore can cripple you and your organization.

Recent dramatic headlines have made it quite apparent that records management (or the lack thereof) is an essential activity to ascertain and confirm the credibility of many business transactions and government activities. The proliferation of electronic documents (especially e-mails) and the potential litigation exposure that they cause are becoming the bane of legal advisors and records managers in many corporations and government agencies. Microsoft, Texaco and other Fortune 500 companies have taken hits from “runaway” e-mails introduced as evidence in high stakes cases.

But, to records managers e-mail is just another record type in the scheme of things (not a trivial record type but a record type just the same). They know that in fact, “smoking guns” can come in many different guises, including: paper, electronic image files, video tape, voice recordings, etc. It’s all potential evidence and therefore potential deposition fodder. Making sure that all the relevant information is accessible in a timely fashion, should an organization need to defend itself in a lawsuit, is also what records managers are responsible for.

These days a records manager’s job is anything but boring, and in many organizations there aren’t enough of them to handle the increased compliance laws and regulations that have cropped up in recent months.

Not surprisingly, then, many companies are looking at records management software as a way to get a better grip on the increased volume of all kinds of records. Although that approach can help, a basic understanding of what records management is and its concomitant practices are required before even looking at any software product. If you don’t have a records management policy in place along with the appropriate retention and destruction rules for the records, the software will be useless.

What is Records Management?

There are many different definitions of records management but one that I like the best is,

“A professional discipline that is primarily concerned with the management of document-based information systems. The application of systematic and scientific controls to recorded information required in the operation of an organization’s business. The systematic control of all organizational records during the various stages of their life cycle: from their creation or receipt, through their processing, distribution, maintenance and use, to their ultimate disposition. The purpose of records management is to promote economies and efficiencies in recordkeeping, to assure that useless records are systematically destroyed while valuable information is protected and maintained in a manner that facilitates its access and use.”

Some people have the mistaken impression that records management is about hoarding everything that comes across one’s desk in the course of doing business. In some highly regulated industries it may seem that is the case. But in most cases it’s not only making sure that what needs to be kept as a record is retained but also prescribing how long it should be kept, where it should be stored, who has access to it and when it should be destroyed (if ever).

There is even an ISO standard for developing a records management program (ISO 15489). However, even though records retention practices are considered systematic and scientific, deciding what is a record and how long it should be retained is a combination of both prescribed practice and a certain amount of subjectivity depending on the actual documents in question. Just defining what is a record can get somewhat confusing to people.

What is a Record?

According to the Federal Records Act a record is, “recorded information, regardless of medium or characteristics, made or received by an organization that is evidence of its operations and has value requiring its retention for a specific period of time.”

According to the National Archives and Records Administration (NARA) records include,
“… all books, papers, maps, photographs, machine-readable materials, or other documentary materials, regardless of physical form or characteristics, made or received by an agency of the U. S. Government under Federal law or in connection with the transaction of public business and preserved or appropriate for preservation by that agency or its legitimate successor as evidence of the organization, functions, policies, decisions, procedures, operations, or other activities of the Government or because of the informational value of the data in them.”

Got it?

This can be confusing for non-governmental organizations that don’t believe that these definitions necessarily apply to them so a more generic definition would be that records are recorded information, regardless of physical form, that are generated or received and used while conducting business, and preserved because of their informational value or as evidence of an organization’s functions, policies, decisions, procedures, operations, mission, programs, projects, and activities.

This is why there is no real cookie-cutter approach to defining a records retention program for every document out there — every company has to look at its own business operations and examine what should be considered a record and then decide what retention rules to apply against them. Again, the government and other industry regulators may help in that decision by defining exactly what they expect to see if they have to do an audit or investigation, but audits and investigations aren’t the only reasons to have a records management program.

There are other ways to determine if an information item should be considered a record or not:
  • Does the information document your daily business process?
  • Does the information provide input to a mission-critical business decision?
  • Does the information provide evidence as to whcy a business decision was made?
  • Is the information required for legal, fiscal, audit, or tax purposes?

"Vital Records" contain unique or irreplaceable information and require special protection, such as articles of incorporation, annual reports and shareholder records. These should be defined as an integral part of a disaster recovery plan or operation.

RM Programs, RM Software

Essential elements of a records management program include a records retention policy and a set of procedures where records are classified, retention periods are defined and destruction procedures are prescribed. Classification of records and then maintaining them with the appropriate metadata are necessary so that this information can be retrieved quickly when required.
Record integrity depends on three attributes: content, context, and the structure of the original record. Authenticity is very important to determining if a piece of information is the “true” record of an event or business transaction, which is why the management of electronic records, most especially e-mails, web pages and instant messages, is so problematic. The ability to generate larger volumes of records in a shorter period of time has increased the productivity of many organizations but that productivity gain can be lost if essential records can’t be found during the course of doing business or, in even more critical procedures such as when an audit takes place or a legal discovery of evidence is required. Finding lost records costs money in terms of lost productivity and in more the substantial costs of fines, court costs and lawsuit settlement costs.

Hence the need for records management software that aid in the record repository management activities of many organizations. These products help users:
  • manage retention schedules,
  • store records in their appropriate classifications along with the prescribed metadata,
  • search for records when required,
  • destroy records according to prescribed schedules,
  • put holds on records so they don’t get destroyed while the company goes through an audit or investigation, and
  • track the access of the record over its active and in-active life cycle.

In many cases these systems track not only electronic documents but also other record objects such as paper, boxes and tapes...

Amid all the focus on key records management features such as record declaration and standards certification, one key factor sometimes gets lost in the shuffle. Records management is a core activity within many different business processes within the organization itself. It is in and of itself not meant to be the core application. Just like filing is an adjunct activity to one's work, records management must fit into the core business process in order to be truly effective.
Therefore, technological elegance shouldn't be the focus -- integration with core business processes is more important. Ability to support and integrate with key business applications and be imbedded as an activity within a workflow should become more important evaluation criteria in the long run.