Records Management: What C.E.O’s Should Know- Part 1
In an increasingly complex business world which we have inadvertently been ushered into by Information Revolution, it is compelling for organisations to be managed in a way that guarantees their survival in the heavily regulated environment.
Not long ago, it was possible for a bunch of auditors to visit an organisation and carry out their audit task and in no time make light of events that transpired within the year regarding the finances, physical and Human Assets. It was a simple world with no much data and information to sift through to establish the “facts-of-the- matter” and generate necessary information for their final report.
Today, data and information cycle is so high and the environment is very complex.
Days when record keeping and information management used to be confined in the backrooms are along gone. Business transactions are nowadays carried out using methods that do not allow time to have the traditional generation of certain records by the certain departments and the sluggish waiting period that used to be the norm is a business curse.
Technically, every person within the organisation is a potential business initiator and a probable business closure agent. The platform that this is happening range from use of Online PC’s to organisation’s own mobile devices to the recently trending fashion of BYOD (Bring Your Own Devices) where organisation staff are allowed to use their own devices (smartphones) for business transactions of their employer after signing an agreement to submit such devices at any one time for auditing purposes.
With so much going, it would be foolhardy for today’s C.E.O’s to be blind as to the role information plays in the survival of the organization
Governance – Definition
It is frequently defined as the systems by which organisations are run – and this includes the laws and regulations with which they must comply. When a board has good governance practices in place it impacts on the performance of the entire organisation.
Good Governance means that:
• Everyone understands the part they play in achieving success for the organisation
• There is a strong collective understanding of purpose, direction and priorities
• Resources are well targeted
• Risks are assessed and where undertaken are calculated
• Information flow enables decision-making
• There are good relationships with external stakeholders
• There is a focus on long-term impact not simply short-term outputs
The practice of good governance is, therefore, seen as critical for ensuring that:
• the organisation meets legal and ethical compliance
• decisions are made in the interests of all stakeholders
• the organisation behaves as a good corporate citizen should.
From the above definition and the ensuing description, it is apparent that Governance is about leveraging information to conduct business.
Information Governance Description
IG can be defined in so many ways by different organisations. However, there are certain basic elements that must be captured in the definition for it to be as encompassing as it should. At the heart, it is about effectively using and managing an organization’s information assets to derive maximum value, while minimizing information-related risks. It covers all corporate information regardless of form, function or location. This includes structured and unstructured information and ranges on content on file systems and email to information within productivity and line-of-business systems, on web, social and mobile environments.
Regulatory Compliance as a Driver
Today’s corporate administration is driven by a number of regulatory and legislative mandates in as far as managing the business content generated and received by the organisation in the course of its business.
Some of these regulatory apparatus include but are not exclusive to:
- protection and preservation of content for a given period of time (Retention rules). In Kenya, the rule applies to a myriad of records and it is imperative that organisation executive abide by the rules.
- Defensible deletion of records, especially Personnel data
- Privacy legislation and rules
- Electronically generated content
- Records and Document Management regulations, etc.
If an organisation that is expected to abide by these rules fails to do so and ends up being on the spot for such reasons, then, as the person
responsible for ensuring compliance, the C.E.O may find himself faced with a heavy fine or even imprisonment. If the organisation is forced to pay the fine, then this may end up costing the C.E.O his / her job as it is regarded as an act of professional negligence by the the Board of Directors.