Audit and Compliance

Compliance and Electronic Records as Documentary Evidence

Posted on

Compliance should not be looked as a project after a serious incident has made it a priority.  It is your responsibility is to ensure that your records maintain all of the organizational, legislative and regulatory requirements.  Meeting compliance regulations has become one of the top priorities of organizations as fines and lawsuits increase. Electronic records need to be organized and maintained to be easily retrieved and identifiable as evidence especially in the event of an audit, a Freedom of Information Act (FOIA) request, or a discovery in a lawsuit.

Records Management in the digital age

There has been a rapid transition of manual document processes to digital platforms. The key reasons for keeping records have not changed: accountability, efficient business processes, Freedom of Information and the Protection of Privacy, and the ability to reconstruct the past. It subsequently follows that the records kept in digital environments need to have a robust set of concepts and principles to support the new digital age.

Pillars of Compliance

  • Executive Level Approval and Accountability Structure
  • Records Management Governance for defined Roles and Responsibilities
  • Record Capture, Workflow and Management Systems
  • Policy and Procedure Document Controls
  • Records Communication and Employee Training Programs
  • Corporate Audit, Monitoring and Evaluation Practices

These Pillars establish the core concepts and principles for the design, implementation and management of policy, information systems and business processes allowing organizations to:

  • Create and capture records to meet requirements for evidence of business activity
  • Take appropriate action to protect the authenticity, reliability, integrity and usability of records, as well as their business context, and to identify requirements for their management over time.

Organizations need to take a technology agnostic approach to Records Management and implement best practices on more specific aspects of managing records. This means incorporating new principles – metadata for records standards, the analysis of business context and work processes, and to validate exactly how all your records are created, captured and managed in the digital age.  Sometimes that cannot be achieved solely with internal resources and your internal staff should be able to focus on their core activities.

The creation and management of records today can have far-reaching consequences to the conduct of you current business and affairs.  This will prove crucial into the future because without well-managed records there are no archives. The age of digital disruption and the resulting changes from it demands Risk Management in your organization consider potential liability from mishandling information.