Top 10 Records-Management Resolutions for the New Year

By Brian Murphy

E-mail Story
Print Story
JANUARY 2007 - As governance needs, litigation pressures, and legislative mandates continue to increase the demand for records management, so does the imperative for companies to develop and maintain an effective records-management program. This article recommends 10 resolutions—five immediate steps for entities new to the area, and five that are key to ongoing success—that can reduce the risks, costs, and complexity of an organization’s records-management program. Many companies have taken at least several of the following steps to achieve compliant records management, and those that haven’t should make them a priority for the coming year.

  • Create and empower a records-management steering committee. A steering committee that includes executives from the legal, compliance, and information technology (IT) departments is critical. First, an executive-level committee sends a strong signal about the company’s commitment to compliant records management. Second, this steering committee can provide the leadership and planning to ensure that the program is enforced and remains compliant.
  • Identify and classify all physical records. As a company grows, departments or divisions are likely to have records categorized according to outdated schedules—or worse, not classified at all. These “rogue” records should be brought under a centrally controlled retention schedule to ensure organization-wide records-retention consistency and uniformity.
  • Apply the retention schedule to all electronic records. Most organizations do a good job of consistently applying their records-retention schedules to their physical records. But independent research indicates that fewer than 50% of companies keep e-mail records for the required time period. Applying the retention schedule to e-mail reduces storage and discovery costs and mitigates the risks of litigation and spoliation (information being destroyed prematurely).
  • Make e-mail classification as simple as possible for end users. Simplifying the classification scheme for electronic records makes it easy for end users to classify e-mails within their native e-mail application and increases the likelihood that end users will consistently classify their messages.
  • Implement processes to ensure that all confidential records are securely disposed. In June 2005, the FACTA Disposal Rule took effect, mandating that businesses properly dispose of consumer information. To ignore or fail to fully comply with the law exposes an organization to very serious risk.
  • Ensure that a records-management program is current. Today’s legal and regulatory climate is extremely dynamic; new laws and regulations that affect records-retention requirements are continually being introduced. As a result, a retention schedule can quickly become outdated. Legal research on retention is a good first step to make sure the program is current.
  • Extend a U.S.-based records-retention schedule to overseas operations. With the regulatory climate changing internationally, now is a good time to make sure that international divisions retain and dispose of records in compliance with the appropriate laws and regulations in other countries.
  • Update the company’s litigation hold policy. If a company has no formal written litigation hold policy, one should be developed. If it has a written policy, ensure that it is up to date with the latest federal and state regulations, and that it includes provisions for physical records, electronic records, and backup tapes.
  • Monitor and enforce the program to ensure employees are doing their part. How does a company know if employees are appropriately classifying, managing, and destroying records? How does a company measure employee compliance? When was the last time communication with employees reinforced their records-management responsibilities?
  • Review any program on a regular basis. If a company hasn’t reviewed its records-management program in the past year, now is a good time to review all key components, such as policies and procedures, retention schedule, and secure shredding processes. Once such a review is complete, the records-management steering committee should discuss areas to focus on for future improvement.

Brian Murphy is a senior vice president of Iron Mountain ( and leads its Records Management Consulting Services, a professional service organization that helps businesses implement compliant and legally credible records-management programs.




















The CPA Journal is broadly recognized as an outstanding, technical-refereed publication aimed at public practitioners, management, educators, and other accounting professionals. It is edited by CPAs for CPAs. Our goal is to provide CPAs and other accounting professionals with the information and news to enable them to be successful accountants, managers, and executives in today's practice environments.

©2009 The New York State Society of CPAs. Legal Notices