Is It Time to Take The Spotlight Off Compliance?
In the five years since 2001, the electronic records management landscape has become dominated by pressures and compliance requirements that reflect a shift in the way organizations think they need to do business. Two major threats to the commercial status quo were revealed in the form of a string of financial irregularity scandals coupled with new fears of attack on the institutions that facilitate stable social and economic environments. From that era of uncertainty and mistrust sprung a new wave of legislative and regulatory mandates: Sarbanes-Oxley, USA PATRIOT Act and enhancements to a range of data protection, privacy and disclosure laws worldwide.
Leading industry analysts such as Gartner routinely measure just how much the cost of compliance has become for businesses and government. In a March 2006 forecast note on "Enterprise Content Management Software, Worldwide, 2005-2010," Gartner expects that compliance will continue to be a key driver in the continued growth of the enterprise content management (ECM) market into 2010.
Yet recent surveys show a disconnect between the expected costs/benefits of compliance efforts and the real outcomes. A January 2006 survey by Accenture finds that IT management and finance management have widely diverging views of the effectiveness and success of compliance projects, particularly with Sarbanes-Oxley requirements. And whither the records manager in this mix? Often expected to apply the established best practices developed for paper in the brave new world of the wired and online knowledge worker, often without formal support from IT and network administrators. This article will examine some of the current trends in the world of electronic records and discuss whether the specter of compliance has perhaps distracted organizations from making the best possible use of their investments in ECM and RM technologies.
Compliance: A Natural Outcome of Doing Good Business
Technology vendors who claim one-stop-shopping turnkey compliance solutions do a disservice to their customers and prospects. Bolting records management functionality onto existing document, content or image management applications is not a quick fix to meeting the compliance mandates that may originate from multiple levels of government, regulatory bodies, industry best practices or internal quality systems.
Government agencies and companies in tightly regulated markets have traditionally been on the forefront of adopting records management systems. Commercial enterprises that are only in recent years feeling compliance pressures would be well advised to learn from those sectors because they have felt the change management, implementation and business process retooling stresses that often come from deploying content capture tools to knowledge workers. Organizations that purchase and implement records and content management technologies with the narrow focus of addressing the retention requirements of the wide range of compliance mandates often have failed to address the requirements of the business unit and end user. Pushing records management activities out to the knowledge worker desktop and asking for more involvement in filing, email capture, file plan/taxonomy navigation using compliance as a cudgel is a recipe for deployment disaster. Organizations in public and private sectors that place value on the intellectual capital of their employees have recognized that content must be protected, secured, appropriately shared and preserved above and beyond basic retention guidelines coming from rules and regulations. A broader perspective of what constitutes a successful deployment and project execution must be demonstrated when measuring the adoption of records and content management systems. Compliance mandates often start not with retention rules, but with requirements for organizations to understand, assess and document the business procedures that are core to their major financial disclosure, product development, human resources or manufacturing activities. Whether looking to meet the requirements of Sarbanes-Oxley, ISO 900x or many recent privacy laws, organizations need to begin with an assessment of core procedures and understand how data, documents and approvals flow through the organization.
Alignment of IT Investments with Business Objectives
When IT management and business owners have different perceptions of the ability of technology to solve compliance challenges, companies risk creating new problems. Throwing in a records management system to manage the lifespan of particular types of corporate content often has the result of capturing only a subset of valuable organizational knowledge. A narrow vision of what constitutes corporately managed content risks sacrificing the ongoing needs of the organization.
Internal legal counsel, records and IT managers need to have a common definition of the types of physical and electronic content that need to be managed to meet compliance pressures. However, line-of-business managers face the challenge of having to deal with a much broader range of information creation, capture, preservation and publication concerns and requirements...concerns that often precede any notion of compliance driven records management.
How can content and records management systems enhance worker productivity? How can all forms of business communication, including emails, website content or instant messages be better leveraged, categorized and re-used to serve customer retention goals or improved contract/deal closure targets? The blinder of compliance often distracts an organization from implementing good content and records management systems to serve a broader range of corporate objectives.
Companies that value their knowledge assets and intellectual capital created by employees need to ensure that a broad range of business mandates are met— compliance being but one of several.