AUDITING THE RECORDS MANAGEMENT PROGRAM

Similar documents
Sydney Opera House Policy

The RIM Professional s Bookshelf

TRICARE Operations Manual M, February 1, 2008 Records Management. Chapter 2 Section 1

Standards for Establishing

TRICARE OPERATIONS MANUAL M, AUGUST 1, 2002 RECORDS MANAGEMENT CHAPTER 2 SECTION 1

SAFFADY LIS 520: Records Management Spring 2013 COURSE OBJECTIVES: WHAT YOUR WILL LEARN

Creating a Record Retention Schedule

ELECTRONIC RECORDS SURVEYING & SCHEDULING

Records Management Governance Getting it Right in 12 Steps

SECTION 18. INFORMATION TECHNOLOGY AND COMMUNICATION SYSTEMS RECORDS

1. Each employee is responsible for managing college records in a responsible and professional manner.

STATE OFFICE OF RISK MANAGEMENT Austin, Texas. Annual Internal Audit Report Fiscal Year 2015 TABLE OF CONTENTS. Internal Auditor s Report...

VITAL RECORDS: AN OVERVIEW

NIRMA Glossary of Terms and Definitions NIRMA Technical Guidelines

Contents. Primer Series: HIPAA Privacy, Security, and the Omnibus Final Rule

Simplify Governance, Risk, and Compliance with Enterprise Content Management

Sarbanes-Oxley Compliance Kit

Table of Contents. Introduction to the ASTR Accreditation Program 1 Definitions 5

University Employee Guide to: Creating a University Vital Records Plan. UW-Madison Archives and Records Management

ISO/TR TECHNICAL REPORT. Information and documentation Records management Part 2: Guidelines

Guidance for Industry - Computerized Systems Used in Clinical Trials

Habit 4 of a RIM Program:

INSERT COMPANY NAME/LOGO HERE

Digitization Project Guidance

RECORDS MANAGEMENT /4/2016 Susan McKinney, CRM University of Minnesota 1

A tool for assessing your agency s information and records management

INFORMATION MANAGEMENT SYSTEMS (IMS)

TABLE OF CONTENTS ABBREVIATIONS 1.0 DEFINITIONS PURPOSE AND SCOPE GUIDELINES FOR PRACTICE REFERENCES AND RELATED DOCUMENTS 10

CPOtracker Template Package

CITY OF VANCOUVER POLICY REPORT INFORMATION

What is ISO 30300? Who, when, where, why and how to implement

SI Securities, LLC Business Continuity Plan

Statewide POLICY P700 Rev 2.0

First Steps to Electronic Document Management: An ROI Calculator

Chapter 2 Accountants as Business Analysts. Changing Roles of Accountants in Business

Labgroup corporate presentation

Records regarding digitization and availability of Federal Reserve Board (FRB) historical records,

Compliance: Law and Society

Just the Basics for Townships. Elizabeth Schultz Government Records Archivist Ohio Historical Society Local Government Records Program

Certified Information Professional 2016 Update Outline

PROCEDURE FOR CONDUCTING A RECORDS INVENTORY Idaho State University Records Management

(will include interviews, documents review, physical inspection) Written By-laws. Incorporation papers. Minute Book. Insurance policy/ coverage

Recordkeeping for Good Governance Toolkit. GUIDELINE 13: Digital Recordkeeping Readiness Self-assessment Checklist for Organisations

Implementation Practices for the Archiving and Compliance Infrastructure

Written Questions and Answers

Roche Group Records Management Directive V2.0

Chapter 1 GALP Overview

Chapter 6 Management Information Systems Reports and Records Sixth Edition

RECORDS MANAGEMENT GOVERNANCE IN 12 EASY STEPS A GUIDE CREATED BY

CHAPTER 5 INFORMATION TECHNOLOGY SERVICES CONTROLS

General Guidance for Developing, Documenting, Implementing, Maintaining, and Auditing an SQF Quality System. Quality Code. SQF Quality Code, Edition 8

ELECTRONIC RECORDS DISPOSITION, STORAGE, AND TRANSFER

Document Management System Software Application

Gunnin Architecture Library Disaster Recovery Plan

Records Management Policy

ISO 9001:2015 Internal Audit Checklist 7.0 Support

Downloadable Course Contents If you d like a copy of the course audio, click to download a PDF version of it.

Virginia Department of Environmental Quality EMS Manual

Procedure: Work health and safety documentation management

ECM tools and strategies allow the management of an organization's unstructured information, wherever that information exists.

Table of Contents 1. What s New... 1

Records & Information Management Best Practices for the 21st Century

Just for the Record. Records Storage. Backup Storage. Image Processing. Software. Consultancy PAGE 1

Why CIP? AIIM International's Certified Information Professional designation was designed to allow information professionals to:

Electronic Record Keeping Principles. October 25, 2011

State of Oklahoma 2010 NASCIO Recognition Awards Nomination

Introduction. This page should be removed prior to finalizing your Business Continuity Plan. Page 1 of 33

VDA-Recommendation 4958 Part 1 Edition 1, June 2005 Page 1 of 11

Policy Outsourcing and Cloud-Based File Sharing

SEED WAREHOUSE & DISTRIBUTION CENTER AUDIT

LEVERAGING YOUR VENDORS TO SUPPORT DATA INTEGRITY:

~ Scope of Work ~ Cooperative Services Feasibility

INFORMATION ACCESS: REQUESTS FOR INFORMATION GBAA (EXHIBIT)

bulletin By-laws and Regulations By-law 17.19, Business Continuity Planning

Managing Electronic Records: Methods, Best Practices, and Technologies


Long-Term Surveillance and Maintenance Records: Challenges Inherent to Managing Electronic Records 15165

REQUEST FOR EXPRESSIONS OF INTEREST FOR AN INDVIDUAL CONSULTANT AFRICAN DEVELOPMENT BANK

Records Retention Workshop. Waukesha County June 2016

Managing Electronic Records

Responsible Care - chemical industry s global initiative

RIM Program Audits: Value and Approaches MARK A. MACFARLANE, IGP DAVID FLEMING, CRM, IGP, CIP MARCH 9, 2017

Disaster Planning Checklist for Chief Financial Officers of Healthcare Organizations

CAPRA National Accreditation Standards

Brink's Modern Internal Auditing

DOD MANUAL , VOLUME 2 DOD MANAGEMENT OF ENERGY COMMODITIES: RECORDS RETENTION AND FORMS MANAGEMENT

Gap Analysis Checklist & Transition Guide. OHSAS 18001:2007 to ISO 45001:2018

Patrick Malloy Communities Quality Assurance System

The driver for all services should be consumer demand, unless inconsistent with Program values

Humantech Environmental Management System Manual

Policy and Procedures Date: November 5, 2017

Efficiency First Program

Aligning Records Management with ICT/ e-government and Freedom of Information in East Africa

Records Management Plan

RECORDS MANAGEMENT POLICY

ANCHOR ISO9001:2008 RPR-004 MARINE SERVICES REQUIRED PROCEDURE NON-CONFORMING PRODUCTS

Infolinx Physical Records Management Final Presentation. Broward County. Tim Butler Managing Director, Infolinx January 16, 2018

Protecting your Vital Records from Natural and Man-Made Disasters

CLICNET TELECOMMUNICATIONS INC. Business Continuity Plan

Enwon (Australia) Pty Ltd

Transcription:

AUDITING THE RECORDS MANAGEMENT PROGRAM Virginia Association of Government Archives & Records Administrators November 10, 2016 Patricia F. Noble P. F. Noble & Associates

What is a Records Audit A process to insure your organization follows: Internal Practices and Procedures Meets Regulatory Criteria Legal Defensible Recordkeeping

What can require an Audit? Sampling of present day laws Government Entities-State & Federal Laws The Virginia Public Records Act: 42.1-90.1. Auditing Not for Profit Organizations-State & Federal Law Statute and Description: Va. Code Ann. 58.1-609.11(C)(4) Corporate Organizations- State & Federal Law Sarbanes Oxley Act of 2002 (Pub.L. 107 204, 116 Stat. 745, enacted July 30, 2002), also known as the "Public Company Accounting Reform and Investor Protection Act"

Who can require an Audit? Government Entities in the State of Virginia The Virginia Public Records Act: 42.1-90.1. Auditing. The Librarian may, in his discretion, conduct an audit of the records management practices of any agency. Any agency subject to the audit shall cooperate and provide the Library with any records or assistance that it requests. The Librarian shall compile a written summary of the findings of the audit and any actions necessary to bring the agency into compliance with this chapter. The summary shall be a public record, and shall be made available to the agency subject to the audit, the Governor, and the chairmen of the House and Senate Committees on General Laws and the House Appropriations and Senate Finance Committees of the General Assembly.

Types of Audit Internal Audit Internal auditors work within an organization and report to its audit committee and/or directors. External Audit External auditors are independent of the organization they are auditing. They report to organizational management, stockholders or clients who require the audit.

An Audit can encompass An Area or an Entire Entity SYSTEMS - Policies & Procedures; Records (hardcopy, microfilm Microfiche, etc.) TECHNOLOGIES Records (Information Systems (IS); Imaging; Geographical Information Systems (GIS); Industrial Related FACILITIES Internal and Offsite

Sample Cycle of an Audit Identification of areas(s) to review Standards & Criteria are set for the Audit * Identification of systems that process data for the program * Determination of Compliance Requirements * For each Compliance, Determine control objectives Measurement of the Current Practice Comparison of Results to the present standards Communication of the Final Results Plan Changes and Future Implementation Sustaining Improvements

What does the Records Manager need for an Audit? Management support & compliance Review & understand the organizations policies & procedures Understand the types of audit the organization can face Review of Records Management Policies, Procedures & Personnel Training Knowledge of Legal Issues and Compliance Resources for the Audit are available, efficient and effective A check list of what may be covered to review the area(s)

Basic Records Audit Checklist Organizational structure chart Documentation of staff job descriptions Mission statements of the organization & records management Records Management Policies & Procedures Retention Schedules Access Authorizations Specifications for records storage facilities, shelving, etc. Digital Records specifications for records management Disaster Recovery Inventory of Vital Records Audit Trail Business continuity Plan Agreements with outside contractors Documentation for microfilm, fiche, imaging, etc. Destruction Lists Information regarding any outside storage facility that maintains the organizations information (hard copy, microform(s), digital, cloud, etc.)

Auditing Electronic Records Sample Listing of Good Practice Measures Documented procedures and instructions Staff awareness & Training Data Capture & Indexing Authentication of records and copies Data file transmission Date & time stamps Information retention & destruction Input & checking of data by additional individuals Self modifying files Workflow Version Control Maintenance of Documentation System Maintenance, Security & Protection Voice, audio, video data, etc. Templates, overlays, presentations, etc. Use of contracted services

Sample Audit Checklist Sample Page ISO 9001 and Gap Analysis Checklist (ISO Express Example) https://www.isoxp.com/10products/chklist90pkg.aspx

HELPFUL TOOLS ISO 15489 International Standard on Records Management Standard started in 2001 at the ARMA International Conference, Montreal, developed by an international committee Purpose was to establish generic recordkeeping standards for government and non-government entities ISO 15489 Part 1 - General (Framework for records keeping) ISO 15489 Part 2 Guidelines (Development of good Records Management policies, procedures, processes, controls, etc.)

HELPFUL TOOLS The principles of information governance, known as the Generally Accepted Recordkeeping Principles (the Principles), are grounded in practical experience and based on extensive consideration and analysis of legal doctrine and information theory, form the basis upon which every effective information governance program is built, measured, and regardless of whether or not an organization or its personnel are aware of them will one day be judged.arma International developed and published the Principles to foster general awareness of information governance standards and principles and to assist organizations in developing information management systems that comply with them. If you are interested in learning more, listed below are The Principles in their entirety and education to get you started: The Principles (PDF) French translation (PDF) Maturity Model (PDF) The Principles Education Other resources: Next Level (Product that uses The Principles) The Principles Citation and Copyright Information If you have questions regarding The Principles, please contact Diane Carlisle. http://www.arma.org/r2/generally-accepted-br-recordkeeping-principles

Why Audit Outside Storage Organizational Risks Cost Compliance Legal Issues Disaster Recovery

Audit of Outside Storage Facilities Facility Construction & Location Is it in a non-hazardous area, well constructed to standards? Facility Security Alarms; Personnel Checks; Doors & Locks; Indexing & Tracking system of Records; Anti-intrusion plans? Environmental Controls Temperature; Humidity; Cleanliness; Records exposure? Shelving & Racking (hardcopy/tapes, etc.) OSHA Standards; Non-combustionable shelving; floor braced for heavy loads?

Fire Protection Audit of Outside Storage Facilities Fire alarm system; Firewalls;Sprinkler system; Fire Extinguishers; No hazardous materials in Records Storage areas. Disaster Recovery Emergency Plan? Salvage Priorities? Emergency Recovery Service Companies? In the case of Microforms or Digital Media are they backed up? Facility Storage, Cost & Destruction of Records Cost effective storage; Meeting your organization agreement regarding audit trail of storage/retrieval & destruction?

Outcomes from an Audit Your organization is reintroduced to its goals, responsibilities and services It shows unknown inefficiencies that may exist Allows the organization to review what has worked and what has not It allows for new strategy and direction If you can t measure it-you can t manage it Peter Drucker

In God we trust; all others must bring data. W. Edwards Demming The Elements of Statistical Learning (Preface to the 2 nd Edition) (Trevor Hastie, Robert Tibshirani, & Jerome Friedman)

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback