Records & Information Management Best Practices for the 21st Century

Similar documents
Standards for Establishing

RECORDS MANAGEMENT POLICY

Audit Committee Charter for XL Group Ltd

COLGATE-PALMOLIVE COMPANY AUDIT COMMITTEE CHARTER

A. Independence/Composition. The Committee shall be comprised of not less than three members. The members of the Committee:

INTERNAL AUDIT DIVISION REPORT 2017/022. Audit of knowledge and records management at the United Nations Framework Convention on Climate Change

CHARTER OF THE AUDIT COMMITTEE NATIONWIDE MUTUAL INSURANCE COMPANY NATIONWIDE MUTUAL FIRE INSURANCE COMPANY NATIONWIDE CORPORATION

AUDIT COMMITTEE CHARTER. Specifically, the Audit Committee is responsible for overseeing that:

AUDIT COMMITTEE CHARTER (updated as of August 2016)

DePaul University Records Management Manual October 1, 2016

WELLS FARGO & COMPANY AUDIT AND EXAMINATION COMMITTEE CHARTER

RIM Program Audits: Value and Approaches MARK A. MACFARLANE, IGP DAVID FLEMING, CRM, IGP, CIP MARCH 9, 2017

EFFICIENT USE OF AUDIT COMMITTEES

BOARD GUIDELINES ON SIGNIFICANT CORPORATE GOVERNANCE ISSUES

Virginia Department of Environmental Quality EMS Manual

F5 NETWORKS, INC. CORPORATE GOVERNANCE GUIDELINES (as of July 10, 2015)

Pinellas County Business Technology Services

1. Each employee is responsible for managing college records in a responsible and professional manner.

Records Management Governance Getting it Right in 12 Steps

TG Therapeutics, Inc. Audit Committee Charter

Compliance Monitoring and Enforcement Program Implementation Plan. Version 1.7

Records Management Policy. EPA Classification No.: CIO CIO Approval Date: 02/10/2015. CIO Transmittal No.: Review Date: 02/10/2018

RECORDS AND INFORMATION MANAGEMENT

TRICARE Operations Manual M, February 1, 2008 Records Management. Chapter 2 Section 1

UNIVERSAL BUSINESS PAYMENT SOLUTIONS ACQUISITION CORPORATION CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

Internal Audit Charter

Session 7: Corporate Governance

The Audit and Compliance Committee of Novartis AG

Enterprise Risk Management

GOVERNANCE GUIDELINES OF THE NATIONAL ASSOCIATION OF CORPORATE DIRECTORS

Records Retention Workshop. Waukesha County June 2016

AUDIT COMMITTEE CHARTER

Standards for Excellence Program Organizational Self-Assessment Checklist

ADMINISTRATIVE INSTRUCTION 40 EMPLOYEE LEARNING AND DEVELOPMENT

Records have a Life-cycle.

Internal Audit Best Practices for Community Banks. A CSH White Paper

INFORMATION AND RECORDS MANAGEMENT POLICY

W. R. GRACE & CO. CORPORATE GOVERNANCE PRINCIPLES

GROUP 1 AUTOMOTIVE, INC. AUDIT COMMITTEE CHARTER

Reduced risk and costs when no longer retaining unnecessary information, that s what!

Prince William County, Virginia Internal Audit Report Records Retention and Public Requests

HCA ETHICS AND COMPLIANCE PROGRAM

SUNEDISON, INC. AUDIT COMMITTEE CHARTER (Adopted October 29, 2008)

irobot Corporation Audit Committee Charter I. General Statement of Purpose

Tactical Implementation of Enterprise Risk Management

AUDIT COMMITTEE CHARTER

Strengthening Control and integrity: A Checklist for government Managers

AUDIT COMMITTEE CHARTER

GUIDELINES FOR IMPLEMENTING A PRIVACY MANAGEMENT PROGRAM For Privacy Accountability in Manitoba s Public Sector

CDK GLOBAL, INC. AUDIT COMMITTEE CHARTER Effective January 20, 2016

Marketing Best Practice Records Management. Kemal Hasandedic MBII GDDM MRMA National President RMAA

CLAconnect.com/creditunions. Impact the Future of Credit Unions

NEWMARK GROUP, INC. AUDIT COMMITTEE CHARTER. (as of December 2017)

Audit Committee Charter Amended September 3, Tyco International plc

DISASTER PREPAREDNESS Guide & Template

DIRECTOR TRAINING AND QUALIFICATIONS: SAMPLE SELF-ASSESSMENT TOOL February 2015

MOHAWK INDUSTRIES, INC. BOARD OF DIRECTORS CORPORATE GOVERNANCE GUIDELINES THE MISSION OF THE MOHAWK BOARD OF DIRECTORS

GOVERNANCE AES 2012 INFORMATION TECHNOLOGY GENERAL COMPUTING CONTROLS (ITGC) CATALOG. Aut. / Man. Control ID # Key SOX Control. Prev. / Det.

INTERNAL AUDIT CHARTER

EXCITING CAREER OPPORTUNITIES

Records Management An Introduction

Open Government Committee Terms of Reference

Best Practices for Establishing a Cost-Effective Internal Audit Function. Article by Heidi Wier June 2016

1. Definition & Mission

Roles, Responsibilities, Accountabilities, and Authorities for the Columbia River Basin Chapter Board

The anglo american Safety way. Safety Management System Standards

Job Family Matrix. Core Duties Core Duties Core Duties

Government Services BUSINESS PLAN ACCOUNTABILITY STATEMENT THE MINISTRY

OCI Mitigation Plan SAMPLE for IDIQ contract

TOYOTA FINANCIAL SERVICES (SOUTH AFRICA) LIMITED

Changes in the IIA Standards: New Requirements for Internal Audit Functions

Executive Director: Annual Evaluation

Policy Outsourcing and Cloud-Based File Sharing

KING III COMPLIANCE ANALYSIS

Records management policy. Document author Assured by Review cycle. Audit and Risk Committee. 1. Introduction Purpose or aim Scope...

A Roadmap for Developing Effective Collaborations & Partnerships to Advance the Employment of Individuals with Disabilities in the Federal Sector

The ADT Corporation. Board Governance Principles. December 2013

ANNUAL CORPORATE GOVERNANCE STATEMENT 2015/16

ASSESSMENT AND EVALUATION OF THE CITY OF PHILADELPHIA S INFORMATION TECHNOLOGY GENERAL CONTROLS FISCAL 2016

MALIBU BOATS, INC. CORPORATE GOVERNANCE PRINCIPLES

Best Buy Political Activity &

2018 Spring Conference

AUDIT COMMITTEE CHARTER

Defense Logistics Agency Instruction. Information Technology (IT) Benchmarking

General Guidance for Developing, Documenting, Implementing, Maintaining, and Auditing an SQF Quality System. Quality Code. SQF Quality Code, Edition 8

Best Buy Political Activity & Government Relations Policy

NEW YORK LIFE INSURANCE COMPANY AUDIT COMMITTEE MISSION STATEMENT

In Control: Getting Familiar with the New COSO Guidelines. CSMFO Monterey, California February 18, 2015

DAVITA INC. AUDIT COMMITTEE CHARTER

Date: INFORMATION GOVERNANCE POLICY

ISO 14001:2015 Gap Analysis Check Sheet

Electronic Record Keeping Principles. October 25, 2011

Quality Assurance and Improvement Program (QAIP)

Contents. Primer Series: HIPAA Privacy, Security, and the Omnibus Final Rule

Leveraging Internal Audit and Corporate Compliance for Effective Risk Management

Practice Guide. Developing the Internal Audit Strategic Plan

Internal Oversight Division. Internal Audit Strategy

PSBA Standards Effective School Governance

EASTMAN CHEMICAL COMPANY. Corporate Governance Guidelines

Transcription:

ATL ARMA RIM 101/201 Spring Seminar Records & Information Management Best Practices for the 21st Century May 6, 2015

Martha W. Adcox, CRM Corporate Records Manager Delta Air Lines, Inc. Email martha.adcox@delta.com

What is Records Management? Records Management Field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use, and disposition of records, including processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records.

What is Records Management? Record Documents created by or on behalf of the company in the course of its business operations, regardless of media. It must meet the following: set policy establish guidelines or procedures certify a transaction become a receipt required to meet statutory/legal obligations to sustain administrative or operational functions

What is the Value? Providing legal defensibility by having a consistently followed corporate records retention schedule. Ensuring compliance with federal, state, and industry specific legal and regulatory records management requirements. Decreasing legal and brand image risks by appropriately managing records. Mitigating litigation exposure associated with the records discovery process. Reducing records storage and processing costs for hardcopy and electronic records. Improved productivity through efficient retrieval of hardcopy and electronic records.

Basic Program Components Core Components: Governance Process Policy Procedures Retention Schedule RM Training RIM House

Basic Program Components What becomes part of your program is based on your organization s needs. Examples of other components may be: Active File Rooms Imaging Centers Shred Program Archive Program Offsite Storage Program Vital Records Program Business Continuity or Disaster Recovery

How to Get Started Identify and Document the current RM processes. Examples: Determine volume and growth of electronic records Determine volume and growth of hardcopy records Determine problem areas and how to resolve. Decide what the key needs are.

How to Get Started Find an Executive Sponsor. Discuss value of the program Determine hot buttons Discuss where program should sit Successful RIM programs usually are formally established by authorizing boards as ongoing programs within an organization. Means it is not just a records management project or short term project Provides funding and staffing

How to Get Started Identify Program Advocates/Champions. They are strong advocates for the RIM Program to others in Senior Management, to management at all levels and to personnel throughout your organization. As an advocate they: Understand and communicate the importance of an effective RIM Program. Influence business areas to be compliant. Generate records management good will.

Governance Process Establish the governance process Look at your organization and determine best process. One way: Steering Committee Senior level committee which is responsible for providing vision, direction, accountability, decision making, and leadership for the RIM Program.

Governance Process Steps to establishing a Steering Committee ID business areas to be represented. Should be no more than 15 members. Scalable for both large and small organizations. Work with Executive Sponsor to request area representatives. Charter committee. Includes mission, organization, functions, responsibilities, qualification for members, and membership (areas and titles).

Governance Process Step to establishing a Steering Committee (Con t) Examples of responsibilities: Establish, sponsor, and charter subcommittees (standing and temporary) for specific RIM initiatives and programs. Raise awareness within their business area of responsibility of the Records and Information Management Policy. Inform RIM staff of any needed changes to the RRS, RIM policy/procedures/guidelines, or additional services required from the RIM program. Assist in implementing processes to appropriately manage electronic records. Assist with audit activities related to RIM within your business areas. Ensure that Records Liaisons are assigned.

Governance Process Step to establishing a Steering Committee (Con t) Establish and hold meetings with the Steering Committee. Initially frequent meetings (possibly monthly) Once established potentially less frequent (possibly quarterly) Stay out of the weeds.

Governance Process Records Liaisons or Coordinators Responsible for driving the implementation of the RIM Program activities across their area of responsibilities. Charter as a subcommittee to the Steering Committee Examples of responsibilities: Ensure employees within their business area take any mandatory RIM training. Assist in implementing processes to appropriately manage electronic records. Provide business approval for destruction of inactive records stored in off-site record center facilities. Lead area efforts around annual clean-up day activities.

Governance Process Train Liaisons. Establish and hold meetings. Get down in the weeds.

RIM Program Organization Determine RIM organization

RIM Program Organization Where should RIM be placed in the organization? Visible and high enough to accomplish goals throughout the organization. Potential locations: Legal Compliance IT

RIM Program Organization Who will lead it? Person trained/experienced in records management What are the staffing needs? Numbers Skill sets What are the budget needs?

RIM Mission Statement, Vision and 5 Year Plan Develop mission statement and vision for RIM program. You will never get anywhere unless you know where you re going. Establish 5 year plan, including short term and long term goals. Determine low hanging fruit. Go for it first!

Mission and Vision (Examples) Mission Statement To develop and maintain a comprehensive (electronic and paper) Records and Information Management Program through supporting business activities, meeting government and industry regulations and contributing to our competitive edge by maximizing the value of corporate information.

Mission and Vision (Examples) Vision 1)RIM provides leadership in information life cycle management through the maintenance of a comprehensive (electronic and paper) Records and information Management program. 2)Records Management will ensure compliance through a risk based approach for the management of internal and external records. RM will be fully integrated enterprise-wide with all global partners by providing: Flexible Solutions Easy access Seamless technology Education Consulting

RIM Transformation Map (Example) Governance/ Compliance Records Retention Schedule (RRS) Hardcopy Records 2015 2016 2017 2018 Establish Policy Establish mission and vision Established Exec Committee and Chartered US Legal Research- Baseline US Record Retention Schedule (RRS) RL/RC Established RM Assessments - Physical Consolidated Outsourced Vendors Shred Contract established RIM Software Destruction Process established Established Subcommittees and Chartered Established Compliance Audits SOP Development Develop/coordinate RRS Revisions Global Legal Research- Baseline Apply RRS to offsite records RIM Website- Developed Training RIM Software Training Develop/coordinate RRS Revisions Centralized RC Admin RL/RC Training CBT RIM Overview Course CBT RIM Overview Course Revise New Hire Training RL/RC CBT RM Assessments Electronic 2019 2020 Sponsorship/ Sponsorship/ Sponsorship/ Sponsorship/ Coordination Coordination Coordination Coordination Compliance Audits Compliance Audits Compliance Audits Compliance Audits Policy/SOP Policy/SOP Dev/Rev Dev/Rev Policy/SOP Dev/Rev RRS Revisions Offsite/Shred Managed Policy/SOP Development RRS Revisions RRS Revisions Consultation/Operational Support Offsite/Shred Managed Global RRS- Develop Destruction Process Implemented Offsite/Shred Managed Global RRS - Implement Consultation/Operational Support Consultation/Operational Support Offsite/Shred Managed Consultation/Operational Support System Decommissioning SOP erm Offsite/Shred Managed New Hire Training Revise Implement erm Strategy CBT RIM Overviews Course Revise Implement erm Strategy Develop erm Strategy RL/RC CBT Revised Implement erm Strategy Implement erm Strategy System Commissioning SOP earchiving SOP Other RIM Program Implement erm Strategy RM Consulting RM Consulting RM Marketing Plan RM Consulting Vital Records Program RM Consulting RM Consulting RM Marketing Plan Archive Program RM Consulting 23

Records and Information Policy Develop a RIM Policy. Based on your company s needs. Should include at a minimum: Purpose/scope. Authority and responsibilities. Components of the RIM program. Definition of a record (all information no matter what the format). Format should follow company guidelines (if any). Some organizations develop a high level umbrella policy and some have a detailed RIM policy manual. Approval process for Policy.

Records and Information Policy Example Objective Scope Definitions The objective of this policy is to establish requirements for managing the life cycle of company records. This policy applies globally to all company employees. Company Records - Documents created by or on behalf of the company in the course of its business operations, regardless of media. Documents are created by or on behalf of the company when they are created by company employees in the course of conducting company business, or for the company by contractors or other persons or companies with whom the company does business. Records Retention Schedule - A timetable, organized by business function, listing Records Series with associated Records Series Codes which designates the required length of time records must be retained before final disposition. The Records Retention Schedule is approved by the RIM Director, and representatives from the Legal Department and Finance Department.

Records and Information Policy Example Policy Statements The Company is committed to having accurate and complete records on which it can rely to effectively manage its operations and to complying with record-keeping and record retention requirements of laws and regulations by which it is governed. All company records are the exclusive property of the Company and its affiliates. Records & Information Management (RIM) is responsible and accountable for planning, developing, directing, and implementing a records management program. RIM will establish requirements and provide key services and guidance for managing company records throughout their life cycle, including a comprehensive Records Retention Schedule. The RIM Executive Steering Committee, a cross functional team, will provide oversight for vision, direction, accountability and decision making for the RIM Program.

Records and Information Policy Example Policy Statements Employees must strictly observe all record-keeping and record retention requirements stated in company policies and procedures and in laws and regulations that apply to their responsibilities. Each employee is responsible for the proper management, including retention and disposition, of company records under his or her control. Line management is responsible for compliance with this policy in their respective areas. Employees must retain records in accordance with the Records Retention Schedule. However, records relating to matters subject to ongoing or threatened litigation or any investigation must be retained and cannot be disposed of, even if the retention period has been met on the Records Retention Schedule, except as advised by the Legal Department.

Records and Information Procedures Develop needed procedures Since organizations have different needs there is no one size fits all where procedures are concerned. The key to procedures is to be consistent with processes, standardize actions, and ensure appropriate controls are in place.

Records and Information Procedures Develop needed procedures (Con t) Examples of procedures which might be of value: Abandoned Records One-Time Destruction Retention Schedule Revision Offsite Storage Vital Records Decommissioning Systems Commissioning Systems Electronic Archiving Backup Tapes Centralized Files Disaster Recovery

Records Retention Schedule Defined A timetable organized by business function listing Record Series with associated Record Series Codes which designates the required length of time records must be retained before final disposition. The next session will do a deep dive on developing this core component.

Records Management Training Mandatory records management training is essential to help ensure compliance with the Records Management Policy. Various ways to do this such as: Computer based training Town Halls Face to face Webcasts Other training efforts should also be established, such as: Records Liaisons New Employee

Establishing The Records & Information Management Program Questions?

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback