The Dilemma of Records Management in the Information Age – To Keep or Not To Keep?
As Jason and Ethan pointed out in their previous posts, the regulatory environment has increasingly required that companies prove that their business transactions meet the law. Sarbanes-Oxley, or “SOX” as it’s been called in the abbreviated version, has received a lot of attention. You’ve seen the headlines, heard of the trials, read about the fines and penalties. But did you know that SOX is only one of the thousands of laws and regulations that require a business to keep records? Running a business requires a company to keep books and records to show how its business was conducted. There are tax regulations from the IRS or the State tax authorities, employment laws, privacy regulations, financial regulations, not to speak of industry specific regulations, issued by agencies such as the FDA, the FCC, and many more. Additionally, a business needs to keep information of the products and services it sells, of sales contracts and obligations, records of assets and liabilities, documentation of the processes of running the business, of success strategies, customer lists, sales metrics, and much more - not just to satisfy regulatory requirements, but for use in day-to-day operations and for the continuation of the business as a profitable enterprise.
Traditionally, documentation of business practices and business records existed primarily on paper. These records were created slowly and manually, often via dictation and typewriters, and had to go through many physical routing approval processes before they were published. Only a small number of authorized individuals in key positions in a company were able to create such official records. The volumes of records were small, duplication rarely existed, and the documents were stored in manila file folders and eventually boxed up and sent to a centrally managed storage warehouse.
Today, on the other hand, we have high volumes of documents with many versions, often duplicated through e-mail transport, created by many individuals, in a multitude of electronic and physical formats (e-mail, Word documents, spreadsheets, data warehouses, data tapes, paper, etc.), stored in a decentralized manner on many types of storage media (from networks over hard drives, flash drives, CDs or DVDs, cell phones and more).
Even though the ability to create documents has increased as a whole, and more documents are created daily, only a small subset of these documents and information truly has a long-term and critical retention requirement – both from a business and legal perspective. Many documents have only a short-term value for immediate use.
Considering the high volumes of documents generated daily, the business challenge is to determine which document is the right one to keep, store and manage, so that it can be easily and quickly retrieved at the right time. Not keeping the required documents can be detrimental, but keeping too many unnecessary documents presents its own difficulties to manage. For example, if a business cannot find a legally required document in the volumes of other less important items during an audit or investigation, it could be treated by an auditing agency as if the document was never kept in the first place –not a good thing. Or, if the latest and approved version of a contract is needed for final signature and cannot be located, it could be costly. Again, not very desirable. In other words, business success can sometimes depend on finding the “needle in the haystack”.
Thus, to meet both their legal and business requirements, companies must find ways to keep their required documents in a well managed way, while not drowning themselves in huge volumes of information that have only temporary value to the company. To succeed in this endeavor, it is important to design document lifecycle business processes and policies that are in tune with the rhythm of the business, while incorporating the legal and corporate requirements.
Stay tuned for more….
Tina Torres, Corporate Records Manager