Records management programs are often neglected when internal auditors conduct their annual risk assessments. Consequently, many organizations are left more vulnerable to regulatory penalties, steep legal costs and faulty business decisions. To mitigate these risks, an organization must have a sound information governance program—a strategic framework comprising standards, processes, roles and metrics that hold the organization accountable for managing information in ways that align with its goals.


Driving the urgency for sound information governance—and, thereby, the urgency for measuring its success through audits – is the explosion in electronically stored information (ESI). According to StoredIQ, companies with annual revenues of at least a billion dollars typically spend between 2.5 million dollars and four million dollars a year on legal discovery of electronic files alone.


A records retention policy that prescribes when to dispose of records can help manage discovery costs and limit corporate liability. For example, Morgan Stanley agreed to pay 15 million dollars to settle a civil action brought by the US Securities and Exchange Commission (SEC) for failing to produce tens of thousands of emails requested during the SEC investigations from 2000 to 2005.


Adding to the challenges that stem from the explosive growth in records are the Federal Rules of Civil Procedure (FRCP) requirements for the production of ESI, as UBS Warburg learned when it was fined 29.2 million dollars for failing to produce all relevant ESI. In Zubulake v. UBS Warburg LLC, 217 F.R.D. 309, 312 (S.D.N.Y. 2003), what began as an employment discrimination action in federal court escalated after the defendant produced only 100 emails in response to the plaintiff’s request to produce “all documents concerning any communication by or between UBS employees concerning Plaintiff.” The plaintiff learned that UBS Warburg had not searched its back-up tapes containing archived emails, which provoked a long battle that resulted not only in monetary sanctions against UBS Warburg but also an "adverse inference" instruction at trial.


These few examples represent dozens, if not hundreds, of instances of the repercussions of poor information governance. It is incumbent, then, on internal auditors to be able to assure an organization that its recordkeeping processes are consistent across all business units and that records are secured consistent with its regulatory and policy requirements. 






For more information on how to build a solid information governance program, visit ARMA International for their Generally Accepted Recordkeeping Principles® and Information Governance Maturity Model to assess records management programs and practices. Together, they will help internal auditors and others identify the gaps between an organization’s current practices and the desirable level of information governance maturity.




 
  • Across the globe, organizations are seeking to better cater to increasingly diverse customer populations. In the United States, for example, the number of non-English speakers has tripled over the las
  • A recent article on Chiefmartec asked an interesting question about automation in marketing: Is automation making things more efficient for the company or the customer? The example they gave is someth
  • Seamless and personalized customer interactions are no longer just a competitive advantage — they’re an expectation. Whether a customer is applying for a credit card, opening a bank account, or on
  • Change is the only constant when it comes to IT applications. Specifically for Enterprise Content Management (ECM) and Robotic Process Automation (RPA), proper knowledge is a necessity before inevitab
  • Remember the last time you filled out a mortgage application? If you're like most people, you probably spent hours wrestling with confusing forms, deciphering legal jargon and hunting down supporting

Most Read  

This section does not contain Content.
0