But if the question “Compliance to what?” comes to mind, then you might have what my coworker likes to call “a situation”.

Information governance starts with an information policy charging employees with the responsibility to manage information assets relevant to their job assignment. This policy is the cornerstone for an information governance program that typically includes processes, procedures, an organizational structure and an explicit management effort that brings it all to life.

Gain insight into your information governance situation by answering these important questions:

• Do you have a records or information management policy?
• Is there clear accountability for the management of records and information?
• Do you have a retention schedule that’s been updated in accordance to changes in your industry?
• Is your IT department a partner in implementing your information governance strategy?
• Do your legal, compliance or risk management teams play an active role in ensuring information is managed throughout its lifecycle?

These questions are important because they address key, foundational elements of an information governance plan and implementation.  Answering “No” to “What is your plan?” is cause for concern! Remember, you can’t afford to “get what you get” unless, perhaps, your intention is to accept all the associated risk, cost and inefficiency.

Additional resources

http://www.edrm.net/resources/guides/igrm

http://en.wikipedia.org/wiki/Information_governance

Effective decision making is critical with such teams. In the past 20 years, consensus driven decision making was very popular, but often poorly executed. Teams endured long sequestered sessions that strived for 100% agreement. These agreements were often reversed or not supported by even those who participated in the process. It is not surprising that decisions by consensus are now rarely tolerated.

Work groups are frequently charged with evaluating a process or related data to understand and develop a recommendation to address an issue. There are countless tools that can be utilized in the decision making process such as the Fishbone Diagram (determines the root causes of a problem), Pugh Matrix (evaluates possible alternative solutions measured against a list of identified criteria), Force Field Analysis (evaluates positive vs. negative forces of a possible solution) and the list goes on. Regardless of which tool your team uses, consider the following elements when engaged in decision making:

• Understand the goal and purpose in which the team has been charged
• Determine the underlying issues causing the problem
• Determine the requirements and or criteria for crafting the solution
• Determine possible solutions
• Determine how well the solution meets the requirements and goals of the organization
• Evaluate the resources and abilities required for the solution
• Determine the impact on the organization if the proposed change is implemented

Teams that provide evidence of data driven decisions, demonstrate that opinion and speculation carries no weight over factual, careful analysis. This enables leaders to be confident in the team’s results.

If this sounds familiar, have you considered the possibility that Group Think(1) in the organization has created the familiar “nothing serious happened in the last four years so our RIM program is ok” situation? While this reaction from budget managers is not uncommon, remove the emotion (yours) from the situation by creating a meaningful business case. Start with the premise that challenges the status quo with the positive question, “How do we know our RIM Program as good as we think it is?”

One way to bring some solid answers is by considering an external, neutral audit of the Program which will identify not only flaws in the processes but will give some indications of which areas of the current environment present the greatest risk. Develop questions to be answered unique to your organization’s information needs and use them as the basis for your business case such as:

• Do your current compliance checks give you the information you need to verify risk and cost are being managed throughout your records management program?
• Have you considered an independent assessment of the whole or key areas which would utilize ARMA’s 5 recordskeeping principles, ISO 15489 and other leading practices?
• How should we use the information collected from the assessment to go forward with a targeted approach to updating our RIM program and protecting our future information needs?

The business case for an independent audit can be directed at known areas of high risk or cover the entire Program. Once the results are obtained, expanded awareness puts planning a budget for enhancements to the current RIM environment on a statistical foundation.

(1)The familiar business term “Group Think” first used by William H. Whyte which refers to loyalty within a group; “concurrence seeking becomes so dominant in a cohesive ingroup that it tends to override realistic appraisal of alternative courses of action.” Groupthink by William H. Whyte, Jr. in Fortune magazine, March 1952

For more research on Groupthink principles, see Irving L. Janis, “Victims of Groupthink,” 1972; Houghton Mifflin Company; ISBN: 0-395-14044-7

What if IT departments and records managers were to think like entrepreneurs? To be entrepreneurial would require experimenting and thinking about the governance of content within systems in new ways. What can we learn from how people use and work with content that will allow us to govern content in a way that battles people’s pack-rat habits?

Historically, information is created, stored where an employee believes it should be kept and then distributed to one or many. Freely creating and sharing information has become a double-edged sword; it has allowed us to become more informed, but it has also caused the amount of information within our systems to increase exponentially. For example, to combat the proliferation of content, collaboration sites, such as SharePoint were implemented to enable the creation of one file which could be shared and viewed by many versus having to distribute copies to multiple people. While this sounds promising, reality has shown people still like to have their own copy or place copies in their own defined locations, thus proliferation continues. How can entrepreneurs break this familiar cycle?

Experiment: If we apply entrepreneurial thought, then we know that entrepreneurs use experimentation to find break-out solutions. Knowing that all experiments will not be successful, lessons are gleaned from the failures which can guide us to the right answers. For IT departments and Records Managers, this includes investigating and testing new strategies or technological advances. We’re seeing new technologies being introduced that apply information governance by pushing out policy rules to content where it resides. Experimenting with these new technologies is one example of how IT and Records Managers can try applying governance to content in new and innovative ways.

Apply the theory: Diffusion of Innovations (innovators -> Early Adopters -> Early Majority -> Late Majority -> Laggards) which may allow us to realize a successful breakthrough to the management of electronically stored information. If more IT and Records Managers don an entrepreneurial mindset by becoming innovators and early adopters, could we break the pack-rat cycle of behavior? Could you envision that mind set in your position and that of your company?

Luckily there’s a process to address dirty data!  It’s common for data to require cleaning or “scrubbing” where the data is examined for erroneous or extraneous values.  For example, removing duplicate values or data irrelevant to the analysis you want to perform is critical. I got to work with the CEO’s team and addressed some fundamental issues with the data set.

My first look at the “scrubbed” data was enlightening.  There were four variables across four years.  The frequency distributions looked less than normally distributed and near-zero correlation among the variables.  No wonder the analysis team had trouble!

We sharpened the analysis approach to focus on the portion of the data set that mattered most to the CEO.  Along the way we learned a lot about how the Company’s product is used (and misused) by his clients.  Documenting assumptions and comparing them to analysis outcomes facilitated team learning and allowed the team to think at a higher level about the data and its implications.

The information gleaned from the analysis has subsequently been used in webinars, marketing and product development efforts. The CEO is pleased that he and his team now have statistics to quantify important aspects of their product’s use.

A year from now, when we look at that data set again, it will be from a whole new perspective.

For more on data analysis approaches, see Data Rich, Information Poor

• How are decisions made?
• How does communication occur?
• How have employees dealt with change in the past?
• Are their standard work processes the employees are expected to follow?
• Are employees self-directed?
• What have been the successes and failures of the departments involved?

There are pros and cons in both a work-place that manages with a control focus as well as one that offers less structure and more freedom. Recognize that to be effective, you must work within the existing environment. Take advantage of its strengths, and conduct research to understand the historical challenges of your company.

If you are working in a control and command (rigid) organization, work with the highest level of management possible to set direction and utilize the chain of command to help carry out communications. In this type of organization, the idea of “team buy-in” will bring opposition. You may hear phrases such as “this project is not an ask, it’s a tell”. However, you can still utilize teams early in the process. Leadership will recognize that it is important to get the troops to find ways to effectively support the direction of the initiative.

I have worked with organizations that are at the opposite end of the spectrum than our first example. Companies that are free-spirited, don’t typically buy into the constraint of standards, or documented processes. Decision may be consensus driven. People are highly appreciated, but may be frustrated with the lack of organizational learning and planning. To help the organization progress in change management, focus on how the teams can be involved in tactical planning and ways that individuals will benefit from the initiative. To keep the team moving forward it is essential to facilitate sessions with clear agendas and defined project goals.

Determine how decisions are typically made and how communications are administered within your organization; utilize the channels that are available. Look for ways to involve employees early in the process, clearly plan, communicate and celebrate successes. Each organization’s culture is as unique as the individuals that make it up. Change initiatives add burden and stress to both the employee and the company, so be thoughtful of the approach used and the environment in which you work.

Educating yourself keeps your eye on the ball and assists in understanding questions sure to be raised within your business unit and from upper management. Although you won’t become an expert in the new financial policy changes, you will be better positioned to take an appropriate RIM role in determining an internal strategy to respond to new directions.

To help keep your eye on the ball, set a Google alert to receive the latest press releases and publications on one or more of the following acts or terms and get familiar with the big picture. This writer recognizes the recent election provided conflicting politically-charged information. BUT, the RIM professional needs to acquire a general, impartial education to follow new dialogue heating up on the proposed bi-partisan solution in the next few weeks. You will need to get up to speed on some background high level definitions.

Dodd-Frank Act: The Dodd-Frank Wall Street Reform and Consumer Protection Act began as an 848-page document, and the rules and regulations stemming from the initial framework now fill nearly 9,000 pages. It is intended to address problems associated with “too big to fail” and to prohibit tax payer dollars to be used as a bail out. While it may have many arguable tenants, millions have already been spent by financial institutions preparing for compliance to Dodd-Frank.

SIFIs: (Systemically Important Financial Institutions): Find out who these large organizations are and why they are important.

Volcker Rule: A part of the Dodd-Frank Act, it is intended to protect both the bank and its depositors from speculative trading and heavy losses. A number of exceptions to this ban were included in the Dodd-Frank law. Although not yet enacted, a recent request has been made to delay it for two years after the final version is completed.

Glass-Steagall: A depression-era financial law separating the commercial banking activities from the investment activities was intended to prevent financial institutions from growing so large they could cause other institutions to collapse. The rule established a wall between risky investments and deposit accounts was overturned in 1999 during the Clinton era. It was replaced by CFMA.

Commodity Futures Modernization Act (CFMA): Enacted under former president Bill Clinton, the CFMA rids the derivatives industry of regulatory supervision and eliminated the separation between investment and commercial banking, allowing large financial institutions to merge operations.

Federal Deposit Insurance Corporation (FDIC): Enacted in 1933, it insures deposits at the nation’s banks and savings associations promote their soundness by identifying, monitoring and addressing risks to which they are exposed.

The Consumer Financial Protection Bureau (CFPB): The federal agency that has primary responsibility for regulating consumer protection with regards to financial products and services in the US.

Educating yourself a few minutes each day will provide you a foundation for understanding the latest events and help you participate in strategy sessions.

IT departments are experiencing first-hand the cost of trying to store exponential growth as data centers run out of physical, electrical and cooling capacity. The increased cost associated with storing large volumes of content is one of the driving forces behind the movement to cloud storage providers.

The impact of on-going storage growth also includes the risk of not being able to access and retrieve information in a timely manner along with the inability to extract value from the content. Moving content to the cloud does not reduce risk or improve access, it simply delays action.

Now more than ever, companies must actively reduce the amount of content being stored. One way to achieve this is by controlling the amount of content being over retained in relation to retention schedule requirements and by reducing the amount of content being retained in duplicate.

How does one achieve this? By evaluating the information environment against prescribed retention policies!

1. Define opportunities to control and potentially reduce storage and back-up volumes by focusing on content contained within the system

2. Focus on critical systems first. A critical system is one creating the greatest impact on the organization

3. Identify what content can be purged, what must be retained

Once information has been evaluated and acted upon, a process and mechanism must be applied to manage the governance of content in a sustainable manner. Taking the first step toward slaying the content dragon is the hardest, but once the first battle has been waged, the lessons learned can be carried forward to conquer new areas.

Records Managers will play a key role is enabling success by putting more emphasis on retention and disposition controls. We must all look to Records Managers to have a seat at the table so they can help architect solutions that will have lasting results in minimizing the impact of the content dragon.

Over time, legal requirements change. New laws appear and others fail to be enacted.  For example, do you know which records are exempt from the Privacy Act?  What record format is currently required? Is the current requirement to obtain approval before disposition still in place?  There are many recordkeeping requirements that are modified every year within the over 25,000 laws and regulations on the books today.

And while legal requirements weigh heavily on the determination of retention periods, other factors such as record usage patterns, departmental needs, and historic value also drive retention decisions.

Is your Record Retention Schedule out of date the day it’s published?  The answer would be no if the supporting legal research is current.  What about in 6, 12 or 18 months?   It could be depending on the changes in the legal landscape of your industry and changes within your company.

Here are some questions to ask when thinking about the validity of your RRS:

When was your Record Retention Schedule last updated?

If you are in the 12 to 18 month range, then start making plans to do a refresh within the next 6 months.

To what degree have laws changed in your industry?

Understand the changes and their impact to your records management program.

Do you have mergers, acquisitions or major improvement initiatives?

As business processes change, so can the records that support them.

Do you have access to the recordkeeping changes within laws and regulations? 

If not, work with a reputable firm that can provide you with the necessary legal research.

Determining the value of updating your company’s record retention schedule may seem a daunting task, but it is the best way to reduce and manage the risk inherent in one of your company’s most valuable assets, its information.

Some tips to involve leaders in your RIM program:

• Prepare email communications for leadership distribution.
• Use company wide or divisional meetings to announce new programs or changes to the existing RIM program.
• Post articles to the company website that includes interviews with key leaders. Cover risks and benefits.
• Enlist a leader kick-off RIM training and records clean-up days.
• Create short videos of leaders that communicate the expectation of employee compliance.
• Utilize the organization’s internal social networking to comment and remind employees to sign up for training or participate in a records clean-up day.
• Encourage leaders to publicly recognize early adopter groups and individuals who are supporting and implementing the RIM program.

Leadership involvement must be part of a comprehensive communication plan. Include the leaders at the top of the organization such as the Chief Executive Officer, Chief Compliance Officer and General Council. But don’t stop there. The message should be delivered by leaders at all levels of the organization and should continue through the life of the RIM program.