It was an embarrassing confession for the UK government. In February 2002, the Department for Work and Pensions (DWP) was forced to admit that more than 1,000 people over 60 were still waiting for their winter fuel payments, two months after they should have been paid.
The reason for the blunder: the computer system that handles the £200, tax-free payments had ‘lost’ the records of these recipients. DWP staff, the BBC’s Money Box radio programme was told, were attempting to find the original paper records. They would then re-key the data into the system. The process, inevitably, would take some weeks.
The incident was all the more embarrassing in the light of the stringent records management requirements that the UK government has set for all of its departments and agencies as part of its ‘Modernising Government’ initiative. By 2004, UK public services must be able: “to bring existing electronic record practices within a managed environment; to design electronic record procedures into new ebusiness systems; and to plan for the integration of existing electronic record resources into a coherent framework”.
|
It is a mammoth task, and one that is not unique to the public sector. All organisations need to know what records they keep (or should be keeping), how long they need to be kept for, and to ensure those records are accessible only by authorised people.
Corporate efficiency and avoiding bad publicity aren’t the only drivers, however. Increasing regulatory pressures and stockholder scrutiny are now forcing organisations to consider how they apply record retention and disposal policies to their electronic information assets.
SOX appeal
“In the US, corporate scandals at companies such as Enron, Worldcom and Tyco have thrown corporate accountability into sharp relief,” says David Gingell, European marketing director at document management software veteran, Documentum. In response to these scandals, the US government passed the Sarbannes-Oxley Act (SOX) in July 2002, which establishes more stringent practices for accountability and makes chief executives and chief financial officers personally liable for the completeness and accuracy of the information held in corporate systems.
“Without an Enron or a Worldcom scandal in Europe to give the impetus for [similarly] tough legislation, it is not surprising that there is a lack of urgency in corporate compliance issues,” Gingell concedes. But, he points out, any company that is listed on Nasdaq or the New York Stock Exchange must comply with SOX, regardless of its country of origin – this could affect many large European companies.
US-based multinational companies will also have to ensure that SOX is observed in their international offices, after cases such as that of the now-defunct accounting giant Arthur Andersen, which was indicted in March 2002 for obstruction of justice in the Enron scandal. Arthur Andersen employees had been involved in the widespread destruction of documents not only in US locations, but also in its London offices.
Finally, UK Secretary of State Patricia Hewitt has already announced that she is working with the Department for Trade and Industry and other government bodies such as the Financial Services Authority to examine how existing UK legislation might be tightened up.
A vast number of industry standards exist already that govern records management practices for UK companies. Standards for UK public sector organisations, for example, are set by the Public Records Office (PRO), which also makes these standards available for use by private enterprises.
In particular, organisations in the financial services, utilities and pharmaceutical sectors must all comply with regulatory requirements for the retention and disposal of records.
In December 2002, for example, the Royal Bank of Scotland (RBoS) was fined £750,000 for failures in its money laundering controls. Although there was no evidence that “actual money laundering” had taken place, said the Financial Services Authority, RBoS was unable to provide sufficient documentation to adequately establish customers’ identities. It also failed to retain such documentation in an “unacceptable number of new accounts”.
Digital discipline
So how can an organisation ensure that it keeps accurate, up-to-date records that it is able to quickly locate and retrieve if called upon to do so? Most organisations have already established at least some records management policies – the trouble is, they apply only to paper-based records.
“Records management is an established discipline, but it has more to do with cardboard boxes filled with files and stored at an off-site storage facility,” says Ronan Lavelle, marketing director for northern Europe at data management software supplier Hummingbird. What organisations need, he argues, is software that applies established records management practices to electronic documents as they proliferate throughout the organisation.
Many organisations will have existing investments in content management software, but this may not be suitable for this purpose. This is due to an important distinction between content and records management, explains Kelly Mannix, records management consultant within the global services arm at content management company Open Text: “A record is static evidence of a business action, transaction or decision. Everything a company does creates a record that can be used as evidence of compliance and also in future decision-making.”
Records management software recognises the necessity of capturing static information for legal purposes. In order to ensure that an organisation adheres to compliance regulations, it then defines how long records are kept and what happens to a record at the end of the retention period, including the regulated archiving and subsequent destruction of documents. The PRO provides certification to records management software that complies with its standards.
Mainstream content management systems, by contrast, tend to focus on creating, processing and publishing dynamic information. Many companies find that an add-on piece of software is required if these systems are to handle records. Oil exploration and production company Premier Oil, for example, has implemented the LiveLink a content management system from Open Text in order to handle the creation and storage of technical documents in a library system for use by the company’s engineers.
According to Hugh Bannister, global information systems manager at Premier Oil, LiveLink has enabled the company to make these technical documents more accessible, and to cut down the amount of money the company spends on off-site storage of paper documents. But what the company also needed was a system that handled retention and disposal of company records.
This was achieved by implementing an add-on module to the LiveLink system, LiveLink iRIMs, acquired by Open Text in 1999. “[The software] enables us to specify the lifecycle of a document the moment it is created – and this will be different according to whether it is financial information, a legal contract, or a job description,” he explains.
Other suppliers are now scrambling to offer customers records management capabilities that can be integrated with existing content and knowledge management systems. To this end, in November 2002, IBM announced its acquisition of Tarian Software, while rival Documentum announced it would be acquiring another records management specialist, TruArc.
This could prompt similar moves by other content management companies, says Nicholas Wilkoff, an analyst with IT market research company Forrester Research. “Vendors such as Interwoven, FileNet and Stellent have been focused on features like portal integration, repository integration and collaboration. These acquisitions will force [them] to address records management head-on.”
And the demand will be there, say analysts at the Meta Group. “We expect most Global 2000 organisations to re-evaluate their records management policies this year, with budgeted initiatives becoming annual projects during 2002 and 2003,” they predict. Those who do not, is the implicit warning, may face adverse publicity (as in the case of the Department for Work and Pensions), hefty fines (like the Royal Bank of Scotland) – and worse still, legal action.