Funding: The First Best Practice for Records Management and Regulatory Compliance

We're four years into Sarbanes-Oxley, even longer into our new understanding of records compliance management, and there are still many, many companies paying out big fines for failing to implement a proper infrastructure for managing and archiving electronic records.

While there are many explanations for these shortcomings, one common reason is also the most basic: Organizations don't have the executive support and/or financial commitment they need to implement the right or, frankly, any electronic records management and archiving infrastructure. In the real world, these projects compete for priority and capital with every other IT initiative, and it seems easier to get budget to buy more storage than it is to get budget to reduce the need for more storage and to begin the process of managing the risk associated with corporate content.

There should be a logical train of thought when assessing the importance of these projects. Obviously, the first priority is to get the funding to implement the solution. To get the funding, you need a compelling business case; to build a business case, you need to clarify the return on investment (ROI) for your organization.

Presto, it's all about ROI. One way to understand ROI is to examine the certainty of the following issues:

Hard money returns: Real and measurable, they affect the bottom line and make a strong business case;
Soft money returns: Real and somewhat measurable, but they often don't affect the bottom line. These are frequently referred to as cost avoidance and tied to freeing existing resources. For instance, staff are able to work on other things, but they continue as a cost; and
Risk or probable returns: Related to reducing risks or costs of risk-related events such as litigation or regulatory actions. Much like an insurance policy, their value can be hard to measure and even harder to predict, and may only be realized if and when such an event occurs.

To develop the ROI, we need to understand the value that records compliance management and archiving bring. We need to identify and quantify the related risks and costs. These can be divided into two general categories: operational risks and costs and behavior risks and costs.

Operational risks and costs result from operational failures or excessive operational expense. They include:

On-line storage costs;
Server proliferation;
Network backup windows;
Backup tape costs;
Email system failures;
Data loss; and
.pst and .nsf proliferation.

The first four operational risks and costs are hard money issues. Measure them. Determine their impact. Understand the cost of doing nothing. Then compare that to the cost savings that can be achieved with the right solution.

In a properly implemented records compliance management and archiving solution, these savings are very real. In tiered storage and tape backup alone, many companies can reduce deep archive costs by as much as 90%, and some actually save more. If you have long retention cycles or frequent backups that you retain as your archives, you should look at these costs. For many companies this can amount to tens of millions of dollars.

Email system failures, data loss and .pst or .nsf proliferation, while significant, generally result in soft money returns. With email failures and data loss, employee work is interrupted and productivity is negatively affected. Records can be permanently lost. These are all compelling arguments, but they're hard to measure, and although they can affect the bottom line, it's difficult to tell how much and how often.

Private file proliferation is another matter. The storage they consume is not necessarily on central storage. The value of the elimination of private files is risk reduction since there's no clear knowledge of what's in them. They possibly contain data that should have been deleted long ago. Much of it exists outside IT's control and so is not subject to backup, access control, tamper-proofing or encryption. They provide an easy mechanism for intellectual property theft.

Behavior risks and costs are the result of employee actions. They include:

Fraud and business misconduct;
HR misconduct;
Intellectual property leaks;
Litigation expense;
Litigation support costs;
Regulatory compliance;
Spoliation; and
Identity theft and unauthorized access.

Records management and archiving significantly reduce the cost of responding to these risks and improve the ability of the enterprise to reduce them. Litigation support costs are the most predictable and measurable, and they go all the way to the bottom line. At some companies, the litigation support costs of one major case alone have funded the cost of implementing a solution.

For the other issues, their value in an ROI may be difficult to clearly define, and varies widely from one company to the next. The likelihood is uncertain, but their impact can be immense. Company history is the best indicator. If incidents related to some of these issues occur often, then the value of addressing them is high.

Building a real business case means identifying every relevant issue, quantifying its value and developing a compelling justification in the language that's spoken in the rest of the company. Going through this exercise can be frustrating, complex and time-consuming. But done right, it puts records management in the context of the organization's specific IT and business environment, rather than some government or legal abstraction, and helps get the resources every initiative needs.

AXS-One (AMEX:AXO) is a leading provider of high- performance records compliance management software. The AXS-One Compliance Platform™ enables organizations to significantly reduce the risk and cost of managing growing volumes of disparate electronic records, including email, instant messages and SAP documents and reports. By providing industry leading performance, scalability, reliability and agility, AXS-One archiving, records management and e-discovery solutions enable organizations to address corporate governance, legal discovery and regulatory compliance while delivering measurable ROI. Visit AXS-One at www.axsone.com

Free

for qualified subscribers

Subscribe Now Current Issue Past Issues

KMWorld 2024 Is Nov. 18-21 in Washington, DC. Register now for Super Early Bird Savings!

Funding: The First Best Practice for Records Management and Regulatory Compliance

How Knowledge Graphs Make Generative AI Consumable in Enterprise Environments

Building a KM Foundation for Enterprise AI

TRANSFORMING ENTERPRISE KNOWLEDGE: THE JOURNEY TO SAFE, SECURE, AND TRUSTWORTHY AI

More

Intelligent Content Management: Game-Changing Technologies and Strategies

Optimizing LLMs with RAG: Key Technologies and Best Practices

What's Ahead in Search: AI, NLP, Knowledge Graphs, and More

Rethinking KM for Agility, Efficiency, and Innovation

More Webinars