Records management: what does it entail?

Records management (RM) is the supervision and administration of digital or paper records, regardless of their format. It focuses on:

  • Reducing lost and misfiled documents
  • Helping to organize existing documents better
  • Enabling quicker search and retrieval of documents
  • Improving the general work processes as well as efficiency
  • Increasing office space by reducing the amount of space needed for documents e.g. filing cabinets.

As well as improving the daily storing, modifying and sharing of documents, records management also establishes policies and standards so various types of records can be maintained:

  • Identifying what records exist by maintaining a records inventory
  • Applying required retention periods to stored items
  • Disposing of documents
  • Applying legal holds to records when necessary
  • Identifying the owner of each records series
  • Determining that a chain of custody and a proper audit trail both exist
  • Developing and administering defined records policy and procedures, regardless of whether the records are paper or electronic
  • Maintaining records throughout their life cycle

As a company grows, it gets more difficult to keep an overview of where documents are stored, whether they’re up-to-date, or if you even still have them.

The aim of records management is, therefore, to help a company to make documents accessible for both business operations and audits. Spreadsheets are a great way to track where records are stored and many small or medium-sized businesses use this method, but for larger businesses, records management software suites are more suitable and often have accounting software included.

Complying with legal requirements

For many companies, it’s not simply a case of deciding whether to organize your documents correctly using records management; it’s actually a legal requirement. A company may find themselves faced with hefty fines and a disruption of business if they don’t comply with the regulations.

Sarbanes-Oxley Act

This act was passed by the U.S. Congress on July 30, 2002 and is one of the most important regulations in the United States. Also known as SOX, this act mandated strict reforms to existing securities regulations and imposed more severe penalties on anyone that didn’t comply. The act also aimed to help protect investors from fraudulent financial reporting by corporations.

The Sarbanes-Oxley Act achieves its aims by creating a new board, the Public Company Accounting Oversight Board, to oversee accounting as well as setting new standards for audit reports. It’s now compulsory for auditors of public companies to register with this board, which will then inspect and investigate these companies to make sure they’re complying with the legal requirements for records management.

The most important requirements of SOX:

  • CEOs and CFOs must acknowledge responsibility for the accuracy, documentation, and submission of all financial reports.
  • Internal Control Report is required, stating that management is responsible for structuring their financial records.
  • Formal data security policies are required, which also need to be communicated and enforced.
  • Companies require proof that they are SOX-compliant. This must be up-to-date.
Note

SOX has provisions for maintaining both physical and electronic records. It is important to bear email retention guidelines in mind when recordkeeping for a business: Emails can be (but are not required to be) considered business correspondence, and thus have to be retained for a minimum of seven years. Implementing a company-wide policy to ensure that all relevant email correspondence is being properly recorded and archived is key to ensuring your company is SOX compliant.

If these regulations aren’t adhered to, it could result in litigation, loss of credibility and damaged reputation, a fine from $1 to $5 million, and/or a prison sentence from 10 to 20 years.

Click here for important legal disclaimers.

1