|
|
|
Features
< Back
Sarbanes Oxley : Technology : Content Management
Compliance and Beyond
Establishing an Effective ERM Strategy
By
Charles Brett
|
|
Charles Brett
Managing Principal
Xerox
|
Today?s business conditions are driving a new focus on management of all types of records throughout the enterprise.
As government mandates require companies to capture and manage increasing amounts of both hardcopy and digital documents, business leaders are tasked to be more proactive than ever about putting Enterprise Records Management (ERM) strategies in place.
Research shows that the markets for both e-mail archiving and ERM applications are expected to grow more than 35 percent annually in response to Sarbanes-Oxley regulations alone.
Companies that have not considered the impact this will have on the way they do business should bear in mind that implementing a successful ERM strategy will solve a variety of paper and electronic document management challenges, beyond those posed by government regulations.
As much as organizations would like to eliminate paper, a document strategy that ignores the complementary relationship of paper and digital information will be ineffective. In a study conducted by Xerox Corporation and research firm IDC, fewer than 40 percent of organizations surveyed have digitized their document-dependant business process.
As technology and services to manage records mature, the process and strategy for enterprise-level records management requires preparation, planning and an approach that includes integration of both paper and electronic documents into the daily workflow.
Currently, there are no out-of-the-box ERM solutions for handling different types of information. As a result, many companies do not address the simultaneous multi-media nature of documents, and treat electronic documents?Web, e-mail, and fax output from enterprise applications like ERP and CRM?separately from paper. In other instances, organizations focus only on the paper document production process and ignore the need for electronic document integration.
To reap the benefits of an ERM system, linking document strategies with investments in ERP, CRM, document management, and other software is vital to bringing structure to unstructured information. The program must include all media defined as a record.
A "record" is a legally binding document that if improperly managed may create a major risk or exposure to the organization (i.e., invoices, contracts, customer statements, etc.) This includes paper, electronic records (including e-mail and instant messaging in some cases) and all other media, such as microfilm and backup tapes.
Successful ERM strategies also require the consideration of all aspects of business culture, process and technology. While the technology is essential, it accounts for only about one-third of what is required to implement and maintain a records management program. It is important to remember that records support the way people conduct business and serve customers?not the other way around.
The Challenge of Corporate Governance
The increased interest in corporate governance offers additional obstacles for organizations with large volumes of records. Regulations like Sarbanes-Oxley require companies to be able to provide traceable, auditable proof that corporate records, which contain the supporting documentation for the reported financials, are being managed and maintained accurately.
Yet most CIOs and IT managers are focused on other priorities such as cutting costs, growing revenue, increasing customer satisfaction and worker productivity?not on how documents are managed within their organization.
However, severe consequences can result if the proper attention is not paid to government regulations. Staying current on regulatory changes and new requirements is crucial to avoiding these penalties.
The growing focus on corporate litigation poses yet another challenge, and is becoming an integral part of corporate records management strategies in order to minimize corporate risk. Amid numerous controls on e-mail management, paper documents still remain a constant challenge for large enterprises.
While digital records can be easily indexed and tracked once entered into a system, paper documents require a large amount of physical space, are difficult to index and retrieve, and possess limited chain of custody if the company faces litigation.
For companies facing litigation, the symptoms of losing control over records can be pervasive and expensive. American corporations lose millions of dollars annually due to the spiraling costs of managing multiple litigation vendors and the sheer volume of handling digital documents.
Dangers of an ineffective document management process can include a greater risk of court sanctions for missing deadlines and personal exposure to corporate officers and counsel for criminal and civil penalties. Litigation continues to become an ever-more critical element of business.
Companies that actively prepare before litigation commences are much more likely to avoid court sanctions and manage court-imposed deadlines. Equally important, proactive information management such as ERM allows a company to focus on its core business, mitigates risk, and invariably drives down the costs of their overall legal services.
Where to Start
When implementing a records management program, organizers should take a macro view and follow records from creation to final distribution, looking for better management opportunities. The benefit of taking this broad approach is to uncover opportunities for the enterprise that otherwise would remain hidden.
An important part of this broad approach is to consider the large amount of physical space that paper documents require, as well as the difficulty of indexing and retrieving them. Being able to transfer physical documents to digital can cut down on both internal and external storage costs.
Many organizations store content much longer than necessary, costing significant dollars and posing potential legal risk. Electronic records control is frequently passed on to the IT department where management of electronic data files is often based on transaction volume and storage requirements.
A typical solution for retention of electronic files is to automatically delete email after 60-days or to delete electronic records after a period of inactivity. Both of these solutions circumvent established hard copy records management controls and place the credibility of the records management program at risk.
An ERM program complete with a structured plan for approved destruction of records, and archival transfer of records having permanent value, will prevent critical documents from being deleted automatically and will allow companies to ensure that their records are in order.
To accomplish this, an ERM management team should be established to create a strategy that involves objectives from key departments including IT, legal and human resources along with upper management. By not relying solely on IT to organize the ERM effort, the whole organization can ensure its objectives are met and tasks are not duplicated.
Engaging subject matter experts from each department along with strategic advisors who understand the applicable technologies and regulations will help build a strong, knowledgeable ERM team.
In order to prevent a gap in information management, organizations should examine legal, business and other sources to identify record-keeping requirements for evidence information and determine where improvement is needed.
At this time redundancies should be eliminated by examining existing backup and disaster recovery and storage systems in use and integrating them into the new ERM system. While backup systems are NOT records management systems, and should not be used as such, it is essential to integrate them with the new ERM system.
A Measurable Approach
For the daunting task of gaining control of paper- and electronic-based information, the most efficient solutions use a Lean Six Sigma approach.
A combination of Henry Ford?s Lean Flow manufacturing process of the early 1900?s and Motorola Corp.?s Six Sigma process from the 1980?s, Lean Six Sigma is the application of lean techniques to increase speed and reduce waste and process complexity.
The method also seeks to improve quality and focus on the voice of the customer. Lean Six Sigma means doing it right the first time, implementing changes that generate value, while acting quickly and efficiently.
The Lean Six Sigma ideals of improving quality and reducing waste can be attached to virtually any process. Some ERM solution providers like Xerox Global Services employ Lean Six Sigma to help customers obtain vast improvements in how they produce, store and distribute both paper and electronic documents and records. Document-related Lean Six Sigma follows a work process that can benefit from quality and waste reduction.
Best Practices
Topping this list is the need for organizations to initiate an ERM program by implementing an internal assessment, to determine what electronic and paper documents a company is retaining. This assessment should employ methodology such as Lean Six Sigma that uses special information-gathering techniques to capture the very essence of an enterprise?s work processes. The result will provide a clear road map for rest of the ERM process.
Next ERM initiators must prepare the organization for change by explaining to employees what regulations and potential risks the company faces without an ERM system, and train them on their role in the implementation of the process. Too often money is spent on enterprise-wide solutions without considering the impact it will have on employees? daily work routines.
To ensure new standards are deployed most effectively, consider work habits and cultural norms that will be affected and educate employees on how the implementation will integrate with current work processes.
After assessment and awareness phases have been established, attention should be turned to compliance and regulatory issues. Daily work within any organization requires the capture of information that is both structured (forms, invoices) and unstructured (staff notes, e-mail).
As these institutions compile the appropriate information for Sarbanes-Oxley, the U.S. Patriot Act, even HIPAA and Basel II, incorporating various document types into the workflow is key to minimizing time and labor costs and achieving ROI.
Upon ensuring the ERM plan covers all such compliance concerns, companies should engage their IT departments in order to map out a fully integrated plan throughout the enterprise.
The next step is vendor selection. As the majority of enterprise records content is in both physical and electronic formats, the selection of a single vendor offering integrated solutions is highly recommended. During this phase, it is imperative a company work with its own IT department to ensure optimal performance and compatibility.
Even when internal resources are limited, records management software and Web-based document repositories exist to help workers easily and accurately manage documents such as patient records, customer invoices, e-mails and other scanned images as legally-binding records.
For instance, organizations have implemented Xerox DocuShare records management to effectively manage organizational records with affordable maintenance and deployment costs.
Once a plan has been outlined, the initial pilot implementation should focus on business areas that are most exposed, subject to immediate compliance mandates, or seeking to minimize risks associated with current ERM practices. Overlap in documentation retention will arise at this step, since much corporate content is created, accessed, managed and reused across many parts of the organization.
The final step on the best practices list involves enterprise-wide implementation, where collaboration between multiple departments within the organization is necessary. Organizations should also address other existing enterprise content applications, such as imaging, document management, ERP, etc. Any revisions to the plan at this point should involve input from the ERM management team.
Since developing a clear road map for records management requires a comprehensive assessment of the organization. Service providers and vendors can serve as a valuable resource in developing a program that complies with all regulatory requirements, meets the organization?s business needs and provides overall accountability.
Ultimately, companies must remember to be flexible. The right ERM system will take shape based upon each company?s specific needs. Whether on-site or hosted, electronic and/or physical storage, the solutions will vary depending on industry requirements and overall business goals.
Once the plan has been set in place companies must remember to write, circulate and enforce user policies and procedures in order to gain employee acceptance and buy-in. This may be through an employee manual, handbook, or even advanced online learning and certification programs. E-mail usage guidelines, if not already part of an employee handbook, must also be developed.
Ancillary Benefits and Future Preparedness
Once implemented, successful ERM programs can not only make a company compliant with Sarbanes-Oxley and other government regulations, but can help them improve productivity and protect their assess with a comprehensive implementation and strategy for future document management needs.
Implementing an ERM solution has a number of important business benefits. The first being the creation of a knowledge management environment within the enterprise that will capture, preserve and share critical business information throughout the organization.
Employees will be able to retrieve records faster, more securely and with greater flexibility regardless of their location, medium or system type. Reliability and authenticity of the records can also be enhanced through access permission.
A permanent record of document decisions and actions will be kept as long as required to support research and program needs. This control will also guarantee that any records that the public has rights or entitlement to will be available for as long as the law requires, and can assist in making sure the public has easy access to any such records.
A reliable method for the preservation of company documents will safeguard the company against accidental or unauthorized disposal, or undocumented alteration of records.
Should an organization face an audit or litigation and discovery demands, a successfully implemented ERM program will allow a company to not waste time and resources searching for necessary records and will prevent costly fines associated with the inability to produce court-ordered documents on time.
Return on Investment
Although maintaining compliance and meeting regulations are seen as the cost of doing business, implementing sound records management policies, procedures and technologies at the strategic and infrastructure level can demonstrate a return on investment.
Reducing response costs and access, creating a single point of entry for all corporate records, minimizing data and records stored in multiple systems, and overall business process improvements are possible when companies implement a successful ERM program.
Along with return on investment, results such as avoidance of duplication across data stores, reduced response costs, and better integration with broader content and compliance initiatives also offer paybacks when implementing ERM systems and technologies.
Predictable discovery production with consistent results, enhanced data culling, search and review, and better collaboration with internal and outside counsel are additional benefits to be gained for this type of effort if properly coordinated and viewed within a larger records and content scenario.
In summary, the complexity of enterprise records management is only going to increase and gain in necessity in the years to come. Tools and procurement process are maturing, though not necessarily in a straight line. Overall, it is imperative to develop a comprehensive approach to records management that balances the requirements of culture, process and technology.
Charles Brett
Managing Principal
Xerox
Charles Brett is an industry recognized expert on the technical and market aspects of enterprise content management, archival and storage strategies, records management, and compliance.
As a Managing Principal with Xerox Global Services, he engages with clients on enterprise content management and compliance strategies, best practices in physical and electronic records management, and manages implementations and deployments.
Prior to joining Xerox Global Services, Mr. Brett was responsible for enterprise content planning and program management for several Global 2000 enterprises, and was most recently a Vice President with META Group.
|
|
|
|
|
