Intelligent Enterprise featuring Transform
START NEWS & ANALYSIS OPINION CHANNELS PRODUCT GUIDES REVIEWS TECHWEBCASTS
CONTACTS ARCHIVES ADVANCED SEARCH
Rate & Review
Letter to the Editor
E-mail Article
Print Article
May 2003

Your CEO Wants to Know ... Will Your Records Strategy Pass the Test?

by Russell Letson

Nothing focuses a C-level executive's attention like the sight of a peer being led away in handcuffs — as happened in a number of high-profile corporate scandals last year. Thanks to the Sarbanes-Oxley Act of 2002 and related SEC and NASD regulations, corporate officers are now focusing on the details of records management and retention, lest they end up with big fines or even prison sentences.

The penalties for poor record keeping became clear in December 2002 when five large financial-services firms — Deutsche Bank Securities, Goldman Sachs, Morgan Stanley, Salomon Smith Barney and US Bancorp Piper Jaffray — were fined a total of $8.25 million for violating SEC, NASD and New York Stock Exchange rules governing the archiving of email. Since part of the settlement requires the companies to bring their email retention procedures into compliance within 90 days, the fines were perhaps intended to direct the attention of the financial industry to the importance of proper record keeping.

Despite high-profile stories such as these and the shivers that ran through the financial industry when Sarbanes-Oxley became law and the SEC proposed the new rules to implement the Act, there is a surprising lack of consternation among records management professionals when the new regulatory requirements are mentioned. It's not that they think the issues are unimportant or the challenges of assuring compliance with the regulations are trivial. It's that nearly all of the elements of the new laws — from the idea of securing and managing corporate records to the procedures and technologies needed to do so — are already thoroughly familiar to them. They've been recommending this kind of discipline for years.

"The reporting requirements are what companies have always had to meet," says Rae Cogar, chair of the government relations committee of Lenexa, KS-based ARMA International. "They've been doing these reports for years as an SEC requirement. The only change is that now management has to certify that in fact their systems do certain things, that they know that they do certain things and when they don't do certain things, that they are made aware of it."

What is new, Cogar says, is that Sarbanes-Oxley has "put teeth and penalties into it . . . The SEC had a limited ability to assess any substantial fine. A multimillion-dollar company might get a $10,000 fine, but [compliance meant] they had to implement a system that cost a quarter million. [They would say] 'Okay, fine me, please.' Now it's not only an increased fine; you could go to jail, so it's much more of an eye-opener."

Eyes are being opened to the fact that for the financial sector (and for many mainstream businesses beyond it), records management is a crucial matter. It's not enough to have a working system. You must be able to demonstrate that you have a working system and document that it meets standards of performance and is being used properly.

Nuts and Bolts

While consultants and vendors see the requirements as clear and even obvious, most organizations are less certain of where they stand and what they need to do. "Many executives are like deer in the headlights when you start talking about Sarbanes-Oxley and what it means," says Peter Auditore, vice president of US marketing at Hummingbird, Toronto. Auditore says that most companies he has talked to do not have records management systems outside their legal departments, which means that most are still doing business on paper.

It's not just the legal or logistical issues that worry companies. "The integration costs right now are scaring a lot of IT and line-of-business executives to death," says Auditore.

Cogar thinks that some companies might believe that their current systems are "adequate or can be adequate without too much reworking. They just don't know if they're doing it [well enough] to meet the letter of this law."

A well-managed corporate IT system won't necessarily be in compliance with record-retention rules. Cogar distinguishes between the caretaking job of IT in storing information and the management job of making sure that records are treated properly. "Without a formalized records management policy or procedure, you don't have a program," she explains. " You have to have a mechanism in place to identify the records that might be materials for litigation or discovery or government investigation or audit. If you don't, then you'd better get it."

[ BACK | NEXT ]



Channels
Business Process Management
Content Storage
Content Management
Compliance
Enterprise Solutions
Document Scanning & Capture
Content Delivery & Publishing
Collaboration & Knowledge Management
Search and Classification
Locate an article from our print magazine. Just enter your Locator ID Number below.
ID#


NEWS FROM THE PIPELINE

OpenOffice.org 2.0 Closes On Final

New Study Finds Steep Growth For Smartphones

PalmSource Sale Cleared By Federal Agency

CTIA Panel Examines Enterprise Security Risks

[more]





HOME | ARCHIVE | REALWARE AWARDS

A Publication of the Network Computing Enterprise Architecture Group
Brought to you by CMP Media LLC, Copyright © 2005
Privacy Statement | Your California Privacy Rights | Terms Of Service