Records Management - Program Assessment/Audit

From EDRM

Information Management

The Records Management Program The Objectives of a Comprehensive Records Management Program Record Definition Incorporation of Electronic Records into a RM Program The Complexity of Metadata Managing Information Copies/Duplicates Records Storage and Maintenance Storage/Access/Security/Disposition of Records - Legal Requirements Records Disposition Program Assessment/Audit Training Suspension of Records Destruction During Litigation Holds When the Duty to Preserve Relevant Materials Arises What Happens to Records Once Hold Terminated Emerging Technologies Records Management - RM Technology Solutions E-Mail Content Filtering and Monitoring Software E-Mail Archiving Encryption and Security EDMS/ECMS/RMS Web-Based Compliance Training Records Home Page Other Solutions Additional Materials Participants

There are 4 major reasons to audit a records management program:

• To ensure that an organization is following its internal standards and practices;
• To ensure compliance with an organization's regulatory or oversight bodies;
• To ensure that an organization's records are legally defensible; and
• To improve business processes.

Although Records and Information Management/Technology Groups should conduct their own assessments of the program, it is often desirable that an independent source also conduct a periodic audit to ensure corporate accountability. Audits and assessments should be part of an organization's written records management policy.

The records themselves are not the only area of a records management program that should undergo periodic assessment. Assessments should also ensure that policies and procedures are being followed throughout the lifecycle of a record.

The records systems should be examined to verify that records are not only retrievable, but that they are legally defensible. Records retention policies should meet an organization's business needs, as well as all legal and regulatory requirements.

Auditing for internal compliance ensures that all applicable records and information management policies and procedures are being met. Compelling an organization to follow applicable policies and procedures has a three-fold effect. First, it ensures that records are available as needed for business purposes, thereby promoting efficiency within the organization. Second, it ensures that records are being created and maintained in accordance with regulatory standards. Lastly, it ensures legally defensible records if the organization is involved in litigation or is investigated for regulatory compliance.

An assessment for regulatory compliance should begin by looking at the policies and procedures and comparing them against the regulatory or oversight standards to verify they are being met. Assuming that an organization's policies and procedures take into account their regulatory needs, this type of audit is usually an extension of the internal audit.

Regularly conducted assessments and audits can also document to the court, if needed, that an organization is in compliance with both its internal policies and procedures as well as those of its external regulatory bodies. This is the foundation of legally defensible records. Strict and consistent compliance with records processes and procedures also ensures the integrity of organizational records. Verifying that processes and procedures are being followed ensures that not only are the records defensible, but that they are also available in case of litigation. In light of several recent court cases, this is a major issue in litigation and the resulting sanctions for spoliation of evidence.

Following good records management practices promotes business efficiency. Since an audit is usually done on a wide scale and encompasses several process and procedures, it occasionally highlights areas where improvements can be made to business processes. Assessment of the records program can also assist in determining the quality and quantity of work, which can then be measured against any organizational benchmarks.

(back to top)