Business executives have been inundated with news and warnings about new compliance legislation that has been passed or is being developed the world over. Directors and senior executives have had to accept they can now be held liable if they do not exert the appropriate control over their companies` activities and finances. The group most under the gun in compliance regulations, however, are financial service providers, such as accountants and auditors, who are responsible for their own businesses and also aspects of their clients` businesses.
When considering new laws, the burden on financial service providers has become more intense as they are now being held accountable for their own and their clients` actions. These service providers are also expected to advise their clients on the latest legislation, their responsibilities in relation to it and make sure they comply in their reporting processes. Moreover, problems arising with their clients will automatically rebound onto accountants and auditors.
Although financial work is mostly done on computers, accountants are still tied to paper in many cases and therefore they need to ensure their business processes are efficient and effective when it comes to their own and their clients` document management. There are no prescribed internal control processes that must be implemented to address records management in companies, although some are said to be in the pipeline. Nevertheless, to comply with regulations and corporate governance best practices, records management is a practical necessity. Financial service providers are already preparing to include the auditing of records management controls as part of their clients` annual reports.
To comply with regulations and corporate governance best practices, records management is a practical necessity.
Paul Mullon, information governance executive at Metrofile
Sarbanes-Oxley in the US, for example, requires all auditing firms to retain all information related to any reports they have produced for seven years. As happens in the process of refining legislation, the Act provides a broad definition of what information it regards as important, implying that all paper and electronic records that are created in connection with an audit, containing any conclusions, opinions, analyses or financial information be retained.
Although, as noted, regulations in different companies vary according to the environment firms operate in, there are certain records management best practices that can be applied in all situations to assure compliance.
* Consistency: Without a consistent approach to records management, it will be difficult to make the case for a legally credible policy if the need arises. Consistency is non-negotiable and organisations must ensure traditionally fragmented programmes conform to a global corporate policy relating to the design and implementation of records retention and destruction. This applies to both digital and physical records. Financial service providers need to lay down the law here to ensure their business processes regarding records management are above reproach.
* Accountability: Accountability is the essential ingredient in every company`s records management programme. Records management is usually treated as a non-strategic support function relegated to an administrator or librarian, an unacceptable practice if executives are to rely on the information. Accountability is determined by the commitment of the company to effective records management, using the appropriate metrics and monitoring of all processes.
*Adoption: Naturally, if the policies are not adopted and enforced, the process is useless. A records management policy must be 'operationalised` and employees forced to comply. From the highest-level executive to clerical staff, everybody needs to know their part in ensuring efficient records management. If every employee in the company is to know their obligations when it comes to both digital and physical records, they need to be informed and trained. If a section of the company does business as usual and does not conform, the whole company is weakened.
Also, regular reviews of record management policies and their effectiveness must be undertaken, producing comprehensive reports that can be audited. Any weaknesses or failings can then be resolved and integrated into the policy.
* Accessibility: If a company is to respond to requests for records during audits or legal proceedings, it must ensure its physical and digital records are archived in a manner that makes it easy to retrieve them. This means consolidating records management systems and implementing standard conventions for the identification of records. The optimal solution would be to have one repository for all records, but this can be a complex and expensive task - other solutions such as in- or outsourcing should also be considered.
Compliance regulations are forcing financial services suppliers to take a closer look at their business processes, with a focus on their and their customers` records management policies. Taking note of the best practices above will provide everyone with a foundation for effective records management processes that will support new regulations as well as give companies the ability to lower costs, reduce risk and better manage their information assets.
Share