Assessing Records Management Risk
Managing records requires managing risks.
In 2010, WikiLeaks released hundreds of confidential diplomatic files it had acquired from unnamed sources. The contents ranged from casual criticisms of world leaders to harsh assessments of certain governments and organizations. While reactions ranged from anger to embarrassment, the “Cablegate” leak engendered, in part, at least one significant event: the overthrow of the government in Tunisia.
The lesson is clear: Poor records practices can have huge consequences. Conversely, an effective records management program is defensible, is supported and followed consistently, adheres to legal and regulatory standards, and ensures the right information is stored in the right way. This means that it is secure, while accessible to the right people and useful to your organization.
At its heart, managing records is about managing risk. Assessing the level of risk to your records management is vital. Sadly, many organizations turn a blind eye to the need — or simply struggle to measure up. A 2011 survey by the U.S. National Archives and Records Administration found most government agencies were “at high to moderate risk of compromising the integrity, authenticity and reliability of their records.” Those agencies lacked adequate controls, training and practices.
To manage risk, you need to take a hard look at your overall records management program. Here are the steps you should take:
- Understand the business context. Records management is more than just deciding where to store files. It means understanding the breadth and depth of the business, and the role those documents play in its current and long-term success. You also need to know the legal and regulatory compliance standards for the industry as a whole, and translate that to the impact on every type of record — what to keep, how long to keep it and how to dispose of it properly.
- Identify risks. Start with pinpointing the documents that are vital to your business. Then consider how those documents might be at risk for loss or misuse, what those risks might entail, and how that would impact your operation. This is likely to be a long list, but that’s OK. Better to note every possibility than to miss the one that actually happens.
- Assess probability. While planning for all risks is a gargantuan (and likely impossible) task, you can identify and plan for the most likely scenarios. Apply those possibilities to strategies for protecting vital records and determining the course of action if those records are lost. What are your options for reducing specific risks? What are the costs? What are the steps to implement this strategy?
- Develop and pressure-test strategies. By this point, you will have a solid view of what needs to be done and how to do it. Once you have your strategy developed, ideally with senior management support, adequate resources and proper training test your approach regularly with all the people who would be involved in an actual situation. This will give you confidence should a potential risk become real.
- Monitor and review success. Like records management, risk management is a continual process that requires regular communication and training, evaluation and adaptation. The challenges to maintaining records are ever-changing; your strategy and processes will need to be equally flexible.
No business succeeds without taking risks, and no business survives if those risks aren’t calculated. Records management is a critical arena where you can anticipate — and plan for — this risk.
# # #
At Abraxas, risk is part of our business. We understand it, we plan for it and we know how to mitigate it. We provide clients with tailored records and information management solutions, delivering the business intelligence that matters most — and we do it more efficiently and reliably than anyone else, particularly in highly regulated industries. To learn more, email email@example.com or call us: 866.535.0016 (toll-free) or 269.226.0016.