10 Records-Management Resolutions for the New Year
2007 - As governance needs, litigation pressures, and legislative
mandates continue to increase the demand for records management,
so does the imperative for companies to develop and maintain
an effective records-management program. This article recommends
10 resolutions—five immediate steps for entities new
to the area, and five that are key to ongoing success—that
can reduce the risks, costs, and complexity of an organization’s
records-management program. Many companies have taken at least
several of the following steps to achieve compliant records
management, and those that haven’t should make them
a priority for the coming year.
Create and empower a records-management steering
committee. A steering committee that includes
executives from the legal, compliance, and information
technology (IT) departments is critical. First, an executive-level
committee sends a strong signal about the company’s
commitment to compliant records management. Second, this
steering committee can provide the leadership and planning
to ensure that the program is enforced and remains compliant.
Identify and classify all physical records.
As a company grows, departments or divisions are likely
to have records categorized according to outdated schedules—or
worse, not classified at all. These “rogue”
records should be brought under a centrally controlled
retention schedule to ensure organization-wide records-retention
consistency and uniformity.
Apply the retention schedule to all electronic
records. Most organizations do a good job
of consistently applying their records-retention schedules
to their physical records. But independent research indicates
that fewer than 50% of companies keep e-mail records for
the required time period. Applying the retention schedule
to e-mail reduces storage and discovery costs and mitigates
the risks of litigation and spoliation (information being
e-mail classification as simple as possible for end users.
Simplifying the classification scheme for
electronic records makes it easy for end users to classify
e-mails within their native e-mail application and increases
the likelihood that end users will consistently classify
Implement processes to ensure that all confidential
records are securely disposed. In June 2005,
the FACTA Disposal Rule took effect, mandating that businesses
properly dispose of consumer information. To ignore or
fail to fully comply with the law exposes an organization
to very serious risk.
Ensure that a records-management program is
current. Today’s legal and regulatory
climate is extremely dynamic; new laws and regulations
that affect records-retention requirements are continually
being introduced. As a result, a retention schedule can
quickly become outdated. Legal research on retention is
a good first step to make sure the program is current.
Extend a U.S.-based records-retention schedule
to overseas operations. With the regulatory
climate changing internationally, now is a good time to
make sure that international divisions retain and dispose
of records in compliance with the appropriate laws and
regulations in other countries.
Update the company’s litigation hold
policy. If a company has no formal written
litigation hold policy, one should be developed. If it
has a written policy, ensure that it is up to date with
the latest federal and state regulations, and that it
includes provisions for physical records, electronic records,
and backup tapes.
Monitor and enforce the program to ensure
employees are doing their part. How does
a company know if employees are appropriately classifying,
managing, and destroying records? How does a company measure
employee compliance? When was the last time communication
with employees reinforced their records-management responsibilities?
Review any program on a regular basis. If
a company hasn’t reviewed its records-management
program in the past year, now is a good time to review
all key components, such as policies and procedures, retention
schedule, and secure shredding processes. Once such a
review is complete, the records-management steering committee
should discuss areas to focus on for future improvement.
Murphy is a senior vice president of Iron Mountain
and leads its Records Management Consulting Services, a professional
service organization that helps businesses implement compliant
and legally credible records-management programs.
CPA Journal is broadly recognized as an outstanding, technical-refereed
publication aimed at public practitioners, management, educators,
and other accounting professionals. It is edited by CPAs for CPAs.
Our goal is to provide CPAs and other accounting professionals
with the information and news to enable them to be successful
accountants, managers, and executives in today's practice environments.
The New York State Society of CPAs. Legal