Compliant Records Management and Compliance Efficiency

Today's "Band-Aid" Compliance Fixes Won't Hold

Now that large public companies have achieved the initial phase of Sarbanes-Oxley compliance, there may be a tendency within these companies to shift their focus to other strategic priorities. This is a mistake. Public companies should expect a gradual ratcheting up of control standards over the next few years. Manual “band-aid” fixes that were sufficient for initial compliance won't hold for 2006 and beyond.

Companies that continue to rely on traditional, manual processes will see their compliance efforts eating up a greater percentage of their operating budgets. They will fall behind competitors who implement processes and systems to achieve compliance at a lower cost and risk. World-class organizations of all sizes will focus on optimizing their processes and IT systems to reduce the costs and risks of compliance and to gain “compliance efficiency.”

Compliant Records Management and Compliance Efficiency

An effective records management program can help your organization achieve compliance efficiency by providing:

Information accuracy and trustworthiness to support regulatory compliance. A properly executed program gives senior executives confidence in the integrity of the information they are certifying for compliance with Sarbanes-Oxley and other regulations. It also helps demonstrate that your company is not only meeting the letter of the law but the spirit of the law as well, with sound, consistent record keeping practices.

Proactive litigation responsiveness and risk management. A Compliant Records Management program puts into place the processes and systems that can help your company respond more effectively to regulatory inquiries and discovery requests. It will create a proactive discovery environment that reduces your legal exposure by providing your legal team counsel with the ability to analyze discovery information, not just gather it to react to a pending request.

Better control of records management costs. A Compliant Records Management program can help reduce your costs of compliance by reducing the amount of information that your company needs to retain. If there is less information to review, it can be retrieved faster.

The Six Stages of a Compliant Records Management Program

How do you design, execute and maintain a Compliant Records Management program? Based on our experience designing and implementing records management programs for some of the world's leading organizations, we recommend a six-stage approach. All six stages are designed to promote consistency - the central theme and success factor. They are provided here as a practical approach to Compliant Records Management.

Stage One: Get Organized

The best place to start is to get organized for success. The first steps you should take:

• Determine your program scope
• Gain executive level commitment

Stage Two: Assess and Plan

After you have determined your program scope and coordinated staffing, your next steps should be to evaluate your current program status, identify your most substantial gaps and then create a master plan to address and close these gaps.

Stage Three: Develop Retention Schedule, Policies and Procedures, and Audit Metrics

Developing a comprehensive retention schedule, standard, company-wide policies, and audit metrics is the foundation for credible, compliant records management.

You need one universal Records Retention Schedule that captures all of the records - regardless of media - that are created or received by your organization. To create this comprehensive schedule:

• Create a universal records classification scheme that covers all records in all formats
• Identify the legal retention requirements that apply
• Assign retention periods to all record classes

Documented policies and procedures demonstrate your organization's commitment to meeting compliance standards, and provide clear direction to employees on their records management roles and responsibilities. Your policies and procedures should provide governing advice for the creation, management, access, retention, and disposal of all records.

Audit metrics must be defined so you can measure the effectiveness of your program and identify the top areas that need improvement.

Stage Four: Implement

Implementation is a critical step in the building of a Compliant Records Management Program. In the final analysis, your program will be judged on the quality of the implementation, not the design. In the implementation phase we recommend that you:

• Take a phased approach - implement a base program first, then implement programs for specific applications where you are most at risk (e.g. e-mail)
• Design and rollout training that is tailored for specific audiences
• Implement technology to assist with program management and measurement

Stage Five: Manage and Enforce

The benefits of your initial investment in an enterprise records management program will be short-lived if you don't put in place methods to manage and enforce compliance. You should ensure your program stays up to date with the latest laws and regulations, and that employees are continually reminded of their roles. It is important to:

• Enforce classification and destruction review via reports and periodic formal reviews
• Maintain training, communications and certification programs
• Update retention schedule, policies and procedures
• Plan and budget for program maintenance, enforcement, audit and enhancement

Phase Six: Audit

For your compliant records management program to remain compliant you must have clear accountability. Accountability necessitates regular audits. Our recommendations:

• Incorporate into your internal audit function
• Benchmark against your audit metrics
• Recommend improvements and get approval for corrective actions

Compliant Records Management: The Destination

A self-funding compliant records management program will result in real, tangible results:

• A records management organization and systems infrastructure
• Clearly documented and easily accessible policies and procedures
• A legally credible program with consistent retention schedules, policies, procedures & certification programs
• The ability to retrieve records - consistently and efficiently - for regulatory, legal or operational needs
• Compliance efficiency - compliance in the most cost effective manner