Bill Neale, of IBM Enterprise Content Management, presented to
NCC-AIIM May Meeting. Neale is on the
AIIM board of directors and represents AIIM at the International Standards Organization.
Neale opened with some general observations about records and the virtues of an automated records management system. He spoke about the risk of keeping records you don’t need as well as failing to comply with records management laws (probably not necessary for a Washington audience, here in the land of investigation, litigation, and e-discovery).
According to Cohasset Associates, 90% of records are born electronically. Obviously, as much as possible, it is preferable to keep them in electronic format, rather than on paper.
65% of all of an enterprise’s information is subject to records retention requirements. 50% of records are retained longer than legally required. Neale pointed out that what is retained is legally “discoverable,” which is why it is wise to destroy records once the legal requirement for their preservation has expired. The NCC AIIM audience understood this instantly, because so many of its members work as government contractors.
Neale observed that in order to achieve compliance, an enterprise has to establish controls, reports, and a documentation process. Once procedures have been established, the enterprise must be able to prove compliance. Keep in mind that records management is a continuing process; systems must be acquired with the thought of future migrations in mind. Will the software be available? Are the storage media appropriate for long term records?
I asked about open source systems, where the buyer would have the source code, and whether this was an important consideration in purchasing a records management system. Neale agreed that access to the source code was a consideration in acquiring a system.
He gave a list of the different kinds of required compliance:
Sarbanes Oxley (Sox)
TurnbullTabaksblat/a>
Basel IICFR 21 Part 11The Patriot ActThe Freedom of Information ActPersonal Information Protection and Electronic Documents ActHIPAAOperational Risk ManagementNeale pointed out that a good automated records management system would record the metadata in a manner that would be invisible to end users. A document’s metadata tags would be automatically attached without special effort by the end user. Metadata would enable businesses to monitor and analyze business processes.
He reminded the audience of the obvious; good policies are not enough. Policies must be communicated through good training and properly enforced.
Manual systems are unsatisfactory, because business workers make mistakes, so that information is not captured and cannot be audited. There is also a significant loss of worker productivity. Neale emphasized that records managers making a business case for an automated system need to include these costs when they go to management.
Neale reviewed the results of an
ARMA study on the return on investment of an automated system:
- compliance
- the relationship between collaboration, document management, and electronic records
- the relationship between message archiving and electronic records
- the role of electronic records in Web Content Management implementations
- collaboration between records management, IT, legal, and business professionals
He emphasized that records appear across the enterprise: statements, asset management, loan documents, and other kinds of transaction documents. For meeting the demands of tracking an ever increasing volume of documents, Neale observed that automation was the obvious, cost effective, choice. Records managers need to emphasize the negative and the positive, the risk of litigation, and the positive of improved business intelligence. In his presentation, Neale spoke only of the possible civil liabilities and loss of corporate reputation. I will add the obvious, in some cases, failure to comply carries criminal penalties. Your corporation will pay a hefty fine, but if you are a CEO, CFO, or here in Washington, an agency director, you could be looking at jail time. Something to keep in mind.
An automated records system can create a workflow from a single metadata tag. For example, the date tag could create a report for records destruction five, seven, or ten years hence, depending upon your state and the legal requirements for records retention. Almost all records should be destroyed. A few, such as articles of incorporation, must be kept for the life of the enterprise, but most should be destroyed. Storage costs money; destroying expired records saves money.
Neale reviewed a series of slides that documented the soaring cost of manual records management as the number of employees and the number of records generated grows.