Minimizing Risk through Information Management Program Execution

In many of the organizations we work with today, the model for records and information management (RIM) is highly distributed. Usually there is a centralized RIM function, but too often it plays only an advisory role: that is, the RIM team establishes the record policy, standards, and retention schedule, and communicates them to the organization’s various business units – but then it is the business units themselves who are ultimately responsible for managing their own records and implementing the processes, controls, and technology approaches to ensure compliance with the policy and standards.

With such a model, too much is left to chance at the business unit level. For business functions that are focusing on strategic imperatives while struggling with typical resource constraints, building solid RIM practices is far from a top priority. At best, the result is inconsistent approaches to managing business-critical information and content over-retention. The result is risk, in the form of lack of compliance, as well as increased storage costs, increased effort and cost for e-discovery, and lack of proper information security or data protection.

Those of our clients with more mature information management disciplines have RIM programs that recognize that the business functions’ main job isn’t managing records. They need help, so the RIM program is set up to provide it to them – with support resources that define and deliver practice standards, guidance, training, and monitoring. Among the areas that mature RIM programs facilitate for their business partners are the following:

  • Defining and maintaining records inventories at the business functional area level, and a repository inventory/data map that show what records are being managed in which locations or systems
  • Reviewing IT systems and business processes for records management requirements/impact to ensure that records will be managed in a secure location, maintained in an accessible and readable format, and purged when expired (working with IT and the business)
  • Responding to specific organizational events or incidents (e.g. selling a department, dissolving a department, reorganization, disaster recovery, etc.) and moving records as appropriate
  • Periodically purging expired records, whether onsite, offsite, or electronic
  • Implementing and tracking legal holds (working with Legal and the business)
  • Working with offsite storage providers (i.e. standards and process for moving documents offsite, retrieving docs, using vendor tools, etc.)
  • Educating all levels of the organization about their records management obligations

If your RIM program has defined standards for these areas, but your departments are lacking in execution, you likely need to make some changes in your RIM operating model. The types of changes will depend on what aspects of your RIM program are already mature and which ones have gaps (which Doculabs can evaluate relative to your industry peers: https://www.doculabs.com/services/benchmark-program). Is it your overall strategy and organizational backing? Your processes, roles, responsibilities, and communications? Your technology? Your information architecture?

In many cases, we find it comes down to resources and organizational support: Does the organization have top-down support for improving information management (and thus information governance)? And is the organization applying enough resources in roles that can be leveraged across all business units, thus reducing the effort and hidden costs involved in having the business units fend for themselves under limited guidance?

 

 

Rich Medina
Joe Fenner
I’m VP of Consulting. I oversee Doculabs’ delivery team and consulting practice, as well as leading numerous client engagements.