Business Matters: Exploring the Information Management Side of RIM

ARMA International: Information Management Magazine

Business Matters:
Exploring the Information Management Side of RIM

Recently, a government agency set out to create an electronic records management (ERM) system. The agency developed a formal records and information management (RIM) program, including detailed policies and procedures for managing electronic records.

When it came to acquiring the software system for ERM, though, the agency chose to acquire an electronic document management (EDM) system, which cannot perform two essential RIM functions: 1) protecting records against alteration or deletion; and 2) associating records with retention and disposition schedules.

J. Timothy Sprehe, Ph.D.

Several software vendors market integrated EDM/ERM products that leave the record physically in situ in the
integrated EDM system but flag the record in such a way that it cannot be altered or deleted and so that a retention/disposition schedule is associated with the record, but that was clearly not the case in this agency. The agency simply was not managing its electronic records by virtue of its choice of an EDM system – and it seemed unaware of this fact.

This leaves one to wonder what role, if any, the RIM professional played in this ill-fated choice.

Risk Management vs. Information Management

Professionals who work in records management refer to their field as records and information management. Records contain information, and in this sense, those who manage records manage information. Yet many RIM professionals
ignore or underemphasize critically important aspects of organizational information management affecting records.

Organizations keep records for two major purposes: for accountability and to use in conducting business. In the United States, RIM concentrates heavily on accountability, the fact that the organization can be called to account by laws, regulations, financial and contractual obligations, public reputation, and organizational integrity. Emphasis is on the dangers of failing to capture and retain records, whether the dangers arise from lawsuits or disasters and emergencies. RIM focuses on the risks associated with records, and risk management is the preoccupying
concern.

The use purpose is the information management side of RIM. Organizations use records when managing information in business operations because today’s actions rely and build on the actions of previous days, months, and years. Whether an insurance company processes property damage claims, a government agency processes health benefit claims, a marketing department plans new consumer product offerings, or executives devise new plans and policies, the organization operates by constantly using its records. The information managementmandate of RIM consists of providing the organization’s personnel and business processes with the records information they need at the right time, in the right place, and in a useful format.

To make the distinction between“risk management” and “information management” more apparent, Table 1 summarizes the benefits of RIM on these two dimensions.

The Benefits of Records Management

The RIM profession today concentrates heavily on the left side of Table 1. RIM literature has little to say regarding the table’s left side: how use of records improves decision making, makes business process performance more effective, streamlines service delivery, promotes knowledge sharing and management, and improves information retrieval.

Concentration on compliance and risk management to the virtual exclusion of information management has rendered
RIM lopsided. Yet it is vital to the overall welfare of the organization – as well as the RIM profession – that records management contributes to the information management side.

Records Management and the Uses of Records

Top management in any organization focuses primarily on productivity and efficiency in reaching organizational goals and objectives; it focuses on risk management only to the extent it perceives the organization to be in peril. Organizations are not always in peril, and when RIM concentrates exclusively on compliance and risk management, it does not manifestly increase the organization’s efficiency and productivity.

If RIM is to occupy its rightful place in the organization, records management must demonstrate not only how it protects against risk but also how it contributes to efficiency and productivity.

The records management success story at Procter & Gamble (P&G), which won the Iron Mountain/ARMA International Award for Excellence in Records Management for Overall Program Excellence in 2005, illustrates this point.

“Records management is important at P&G,” CEO A.G. Laffley said at the time of the award. “First and foremost, it’s part of P&G’s commitment to good governance. Second, it helps ensure we have the right information available at the right time in the right place to make smart business decisions. Third, it makes us more efficient and helps keep costs low – and lower costs ensure P&G brands provide superior consumer value.”

Doubtless P&G’s RIM program ensures legal and regulatory compliance and mitigates risks, but these are not the reasons the CEO gave for its importance.

Records Management and Enterprise Content Management

The trend in the information technology (IT) industry over the past decade has been toward integrating software systems that manage information content into the broad category of enterprise content management (ECM). AIIM defines ECMas “the technologies used to capture, manage, store, preserve, and deliver content and documents related to organizational processes.” Because of ECM’s prevalence, software companies now market ERM systems only as integrated components of ECM systems.

For RIM, the ECM trend is a development both healthy and challenging. The trend is healthy because it makes a reality of integrating RIM with other information management functions. It is challenging because ECM requires the records manager to work closely with IT professionals, subject matter experts, IT system owners, and business process owners.

“Owners” are the people in the organization charged with creating, operating, and maintaining systems or processes. Because of its interdependency with the content management systems that create records, an ERM system requires that the RIM professional understand and work extensively with other ECM role players. Today’s ECM-oriented organization harnesses RIM integrally with all organizational information management functions.

RIM professionals should be involved in these information management functions:

1. Helping key decision makers become conversant with RIM. Business managers, systems owners, and IT staff commonly are non-conversant with records management. They may operate with the best intentions yet be unaware that their systems contain information that requires control of record copies to be transferred to a records management system. The RIM professional participates in key design, development, and deployment processes to make the convincing case that the system processes records that will go unmanaged unless their control is transferred to an integrated ERM system.

The Federal Bureau of Investigation (FBI) provides one example of how this can work successfully. In the FBI, all IT systems must go through a mandatory electronic recordkeeping certification (ERKC) process to ensure that control of any records and their metadata processed by a system transfers to an approved ERM system. Records managers involve themselves through the ERKC process at the design, development, testing, and deployment stages for every FBI IT system.

2. Planning for sequential deployment of ECM components. Typically, organizations deploy the various components of ECM one or two at a time, taking first the applications that address the most pressing needs and often permitting several years to elapse before implementing others. When an organization acquires and deploys an EDM system as the first part of an eventual ECM system, the records manager must be involved in this deployment. This is because documents requiring retention as records will originate in the EDM system, and the manner in which the organization configures its EDM system directly affects RIM even though ERM system deployment may come much later.

For example, the owner of the EDM system may be unaware of the need to transfer to a records management system the control of documents that are vital records requiring special protection against alteration/deletion and longer retention and disposition. Unless the records manager negotiates directly with the EDM system owner, vital records may go uncaptured and unmanaged for years until the organization deploys the ERM component. These negotiations require development of mutual trust and respect between records managers and system owners.

3. Supporting quality assurance in the organizations. Assuming it is current, the information contained in an organization’s records is arguably the “best data” on any given topic because of the hallmark characteristics of records – authenticity, reliability, integrity, and usability. It follows that a RIM program should closely link itself to an organization’s quality assurance program. With RIM integrated into the quality assurance function, version control and quality assurance greatly improve because of the bedrock quality of record information. As the RIM professional becomes closely involved in the organization’s quality assurance, RIM makes a direct contribution to the efficiency and productivity of the entire organization.

Ensuring that records-creating information content management applications integrate with an ERM system guarantees that the organization is capturing and retaining all of its records – the risk management rationale – as well as making them accessible for use in business processes – the information management rationale.

Records Management and Knowledge Management

Knowledge management (KM) is a range of practices used by organizations to identify, create, represent, and distribute knowledge for reuse, awareness, and learning. Electronic records repositories are a fund of organizational knowledge, a positive asset contributing to organizational efficiency and productivity. Following are two examples of effective use of records for KM in a U.S. federal regulatory agency.

1. Public Information Resource. A U.S. federal regulatory agency implemented an integrated EDM/ERM system in 2000. The agency maintains an aggressive public information dissemination policy. The records repository in the EDM/ERM system is the primary source for web content on the agency’s public website, providing access to all image and text documents the agency has made public since 1999. The holdings are vast, and each day several hundred new documents appear. The agency did not initially plan the system for KM. KM evolved as the agency realized the valuable knowledge assets resident in its electronic records repository and applied those assets to web content management.

2. Legal Knowledge Base. The agency’s EDM/ERM system also functions as an indispensable knowledge base for agency attorneys when they are writing or revising regulations applicable to the agency’s regulated industry. Upon receipt of a regulation writing assignment, an attorney consults the electronic records in the EDM/ERM system. The system’s full-text search capability enables the attorney quickly to retrieve all materials relevant to the assignment, its regulatory history, key agency decisions pertinent to the task, and information on industry facilities where the problem the regulation is to address has arisen. Virtually all of the research resources needed to complete the assignment reside in the agency’s EDM/ERM system. Attorneys may know that the system performs records management, but they first think of it as a rich knowledge resource.

Relationships such as the foregoing between records management and KM deserve far greater attention from RIM professionals than they receive at present.

A Balanced Approach

When records management programs can demonstrate how the information management uses of records contribute to increasing the efficiency of business processes and to increases in organizational productivity, decision makers gain greater appreciation of RIM’s value to the enterprise as a whole. RIM positions itself much better within the organization when it can bring to bear both a compliance/risk management rationale and an information management rationale. What management then understands is that not only will RIM protect the organization from risks but that RIM is also essential in reaching the organization’s goals and realizing its objectives.

Adopting this concept of RIM entails a more activist role for the RIM professional in collaborating with other role players to provide information from records in a manner that makes users’ jobs easier and their productivity greater. This vision adds a concentration on increasing the efficiency and productivity of the organization through better use of records to the concentration onmanaging risks to the organization. What the records management field most needs today is to reduce its preoccupation with risk management to make room for a renewed emphasis on information management.

Sidebar: Lopsided Federal Records Management

The National Archives and Records Administration (NARA) bears only one-half of the statutory responsibilities for U.S. federal records management. The 1984 law establishing NARA divided records management responsibilities between NARA and the General Services Administration (GSA).

NARA is responsible for adequacy of documentation and records disposition. NARA’s mission is to preserve federal records and make them available for access and use. Focus on records preservation entails a concern with conditions that inhibit or prevent preservation. Hence, NARA concentrates on managing the risks associated with capture and preservation of records.

GSA is responsible for economy and efficiency in records management. However, since 1984, GSA has abdicated its responsibility for RIM, perhaps because Congress has not provided funds to fulfill the responsibility. Beyond Title 41 of the Code of Federal Regulations (CFR), Part 102-193, GSA has issued no regulations, guidance, memoranda, or best practices on records management.

Yet the GSA portion of the CFR remains in force and offers some useful guidance. The GSA regulations regarding the types of records management business process improvements agencies should try to achieve say, “Your agency should strive to provide agency personnel with the information needed in the right place, at the right time, and in a useful format.” (Title 41, Code of Federal Regulations, Part 102-193.25 (d))

According to this regulation, active involvement in the agency’s information management functions is an integral part of the records management program. Federal RIM programs generally ignore the GSA regulations, and their approach to RIM is almost exclusively that of risk management.

J. Timothy Sprehe, Ph.D., can be contacted at jtsprehe@jtsprehe.com.

From May - June 2008