In today's environment, the specter of Enron and other corporate scandals has brought new meaning to the words "oversight" and "corporate governance." Corporate officers are in the crosshairs of new, personal accountability and mounting outside scrutiny from regulators and shareholders. The threat of a plaintiff's or government attorney searching for something potentially damaging or misleading within their organization's documents and records is keeping many senior executives awake at night.

Clearly, complying with applicable laws and regulations is a priority for senior management and being able to demonstrate an ethically-run business is critical for continued shareholder and Wall Street support. Many executives fear the misinterpretation of normal and necessary business discussions located within paper and electronic documents might tarnish their company's image. This fear comes not necessarily because of any improprieties, but more from the potential impact of incomplete or missing records.

Conversely, non-compliance brings a potentially large downside, including loss of corporate and personal reputation and even jail time for corporate officers. Growing costs related to penalties for non-compliance or due to activities associated with discovery can have a major effect on the bottom line - as high as 40 percent of after-tax profits by media estimates in some cases for Sarbanes-Oxley alone. For many companies, compliance means fiscal as well as legal security.

The proliferation of documents, both paper and electronic, is growing at an astounding pace, and often in ways unimagined not so long ago. Networked work-groups, telecommuting, PDAs and web-enabled cell phones facilitate the circulation of documents far beyond the confines of a single department or office building. Add to this proliferation, the impact of instant, worldwide electronic distribution, and you have a huge challenge in being able to effectively manage your information resources.

Consider that in today's business environment, there are over 2000 separate federal laws and regulations relating to document filing and retention, all adopted before Sarbanes-Oxley. Add to that number wide ranging state and local requirements, and the number becomes staggering. This environment of growing regulatory requirements has increased the importance of implementing effective programs to meet these challenges.

The Sarbanes-Oxley has caused most affected organizations to take a closer look at their document and record management activities. The result is a variety of approaches and models that balance cost with risk.

The most common is the "save everything" model: simple-sounding, but not without its pitfalls. This model leads to increasing investments in server farms, system maintenance costs, software licensing, as well as the complexity of database indexing. In addition, the warehousing of paper documents increases costs through storage of unnecessary documents and further complicates accessibility. By adopting a comprehensive document and record management solution, Entium Technology Partners estimates that organizations with little or no outstanding litigation can save 30% to 50% in annual storage costs.

Another solution is the "throw technology at it" model. Many software vendors are developing and offering software solutions. Most provide solutions for a subset of documents, like newly created files, but don't adequately address existing documents already in storage facilities, hidden in file cabinets, or stored on desktop computers throughout the organization. By simply adopting new software without the critically important process and policy underpinnings, organizations run similar risks of increasing costs, and perhaps worse, inaccurate reporting.

What both of these models miss is a clear understanding of the overall document and record management challenges that organizations face. Unfortunately there is no simple solution, and there is much opportunity to compound the problem. Implementing a cost-effective solution means recognizing the inherent challenges, taking an enterprise view of the organization, and working with a partner who not only understands technology, but your business objectives, requirements and existing resources as well.

Where to start
There are three major components of a cost-effective document and record management solution. They are:

I. Data Collection - discovering what documents are being created, where they are stored, how they are classified, and the process in which documents are handled.

II. Standards Development - determining classifications and retention schedules -i.e. what documents must be retained and for how long - and integrating these standards with the regulatory research.

III. Implementation - managing the process to apply the standards across the entire organization, including technology selection, employee education, and auditing procedures to ensure compliance.

Data Collection
Often, many organizations that embark on the data collection phase are surprised by the number of document types that are currently in use. Only through a comprehensive review, can you really know what information you have and how it's being used.

Another aspect of data collection is discovering where documents and records are located. Employee desktop systems, file servers, file cabinets, office lateral files, and on-site and off-site record storage facilities are all places important information may be housed. It's also important to determine the media format of the information (electronic and/or paper).

Standards Development
Once you've completed discovery of your information environment, the next step is to adopt document and record management policies, standards and procedures. Included here are tasks for determining how your records are classified, how long to keep your documents (retention standards) and how documents will be processed and accessed internally. Potentially, this is an important cost-savings area - don't pay for more storage and retrieval resources than you really need.

Another important aspect of standards development is the research and review of all laws and regulations that pertain to document and record retention throughout your organization. There may be literally hundreds of applicable legal document requirements. They range from government regulatory compliance forms and tax documents, to employee time records, correspondence, spreadsheets, and meeting logs. Document types that must be retained will vary from organization to organization and may even differ between departments and divisions. It is very important to involve your legal resources in this process as many of these rules and regulations are subject to some interpretation (Sarbanes-Oxley included).

Reporting requirements are also taken into consideration during the standards development phase. How retained documents will be retrieved, by whom, and in what form those documents will take, are important considerations. Certainly there will be some documents used more often than others, such as tax records and those used for financial reporting. Others may require less day-to-day access, but need to be found quickly when required. Consideration is also given for working copies of documents, which are printed and annotated by personnel. This is also the point where decisions should be made on how documents will be indexed and tracked.

The third element of standards development is process development. Here you should consider how documents will be created, disseminated, handled, retained and disposed of, within your organization.

Implementation
There are three major elements to implementation. They are technology selection, employee education, and audit.

Technology selection means choosing what IT resources (hardware and software) will be deployed based upon the functional requirements, technical merits and associated costs. Like any other IT project, consideration is given to issues such as security, access, and back-up.

Employee education is often minimized due to cost considerations, but can have enormous negative impact if not given the proper attention. Organizational culture, employee empowerment and the proper application of staff training methodologies across the organization reinforce the successful implementation of the records and document management policy.

Audit is the third element of the implementation phase - making sure the policies are being properly followed while looking for areas where improvements can be made. Without the audit process you are never really sure that your records are available, accurate and meet your regulatory requirements.

With corporate governance in the crosshairs of growing outside scrutiny, adopting a cost-effective document and records management system is crucial to protecting your organization's integrity and increasing operational efficiencies and regulatory compliance. Performing a thorough document inventory, the necessary regulatory research and developing the proper standards are no small tasks. Proper employee training and auditing your procedures may change your corporate culture. However, the payoff is reduced costs, more effective handling of regulatory and legal requirements, and peace of mind.

This article was written by Fred V. Diers, CRM, FAI. For more information, contact Entium Technology Partners at (888) 757-2045.