A changing landscape

A changing landscape

By David Moldrich

As national director of the RMAA, chair of the Australian Standards Committee for Records Management, and chair of the International Standards Organisation (ISO) Committee for Records Management, what David Moldrich doesn't know about records management in Australia probably isn't worth knowing.

Here, he talks about what impact regulatory compliance will have on the records management community.

Compliance has always been an important factor for records managers and there have long been regulations in place, such as the Evidence Act, the Trade Practices Act, and in the government arena, the Archives Act, to ensure the validity and reliability of certain records.

However compliance has recently come to the fore through the greatly increased focus on corporate governance in both the public and private sectors. The spectacular collapses of HIH, Enron and OneTel have irrevocably altered the roles and responsibilities of senior managers. The "I didn't know the gun was loaded" approach from directors regarding critical corporate information is a thing of the past.

In fact, senior managers, or any person employed by the government, can now be held responsible through fines or other penalties for loss of records, bad records practices, or misappropriation of records under the principles of good governance.

Governance and compliance with record-keeping standards are by their nature inextricably entwined. This is reflected by the Australian Standard for Good Governance Principles that references the Records Management Standard, and vice versa.

This interconnection will work to bring records managers out of the corporate back rooms and into the highly visible areas of corporate policy and procedures.

A new compliance standard

Most organisations in Australia are aware of the Records Management Standard, AS ISO15489. Standards Australia's Records Management Committee IT/21 is currently writing a new compliance standard to enforce it.

Why is this necessary? If we look back to the 1980s and the early Quality Systems, before the introduction of ISO standards, everything was couched in the terms 'should do this', 'should do that', as they were voluntary systems.

The current Records Management Standard is also full of 'shoulds'. For example, section 10 of the Standard on monitoring and auditing reads:

"Compliance monitoring should be regularly undertaken to ensure that the records systems procedures and processes are being implemented according to the organisational policies and requirements and meet the anticipated outcomes. Such reviews should examine organisational performance and user satisfaction with the system."

The new Compliance Standard for Records Management, on the other hand, will be full of 'musts' and 'shalls'.

The new standard provides an auditable set of criteria for measuring organisational compliance with AS ISO15489. It identifies requirements at the organisational, system and record level that can be used to determine organisational compliance with this best practice recordkeeping requirement.

In addition, the detailed specifications provided by the Standard also provide guidance to assist with the implementation of AS ISO 15489, as well as providing a means to assess compliance with it. The new standard can be applied to an organisation in three ways:

• Self-assessment
• Internal auditing
• Independent auditing (Third party auditor)

Organisations will be checked for recordkeeping compliance across the following areas: roles, responsibilities, policies, procedures practices and processes of recordkeeping. The new Compliance Standard will also outline the appropriate measurements needed to ensure that all the functions, processes and controls necessary for effective records management are in place.

The impact on records managers

Currently, most records managers spend the majority of their time doing very hands-on tasks and fire-fighting. By this I mean finding 'lost' information, tidying-up information left by exiting executives, managing the mail room functions of the organisation, capturing information as it enters the organisation and archiving.

Basically, they are in a reactive or catch-up mode for much of their working day in response to the needs of the organisation and its managers. The new focus on governance and, as a result, compliance will change the role of the records manager from a tactical one to a regulator and strategist.

Over the next few years, the hands-on capture and management of information will be further delegated to the end-user or delivered by technology. The role of information capture will be automated with users, or more likely the system, automatically entering information into the records management system upon creation. This will see the records management department take on a compliance role much like an 'information police force'.

Records managers will spend more time developing policies and ensuring the organisation has procedures in place to provide the level of compliance required by industry and government regulations. They will perform more random checks and internal audits of systems and users.

Records managers will also be charged with constantly reviewing the organisation for environmental changes, such as regulatory updates and alterations. When this happens, the records management department will be responsible for updating the organisation's policies to reflect the change as well as notifying and/or training end users so that the changes in policy are systematically enforced on an 'as it happens' basis.

The regulatory environment that records managers will need to monitor includes:
• Statute and case laws and regulations governing the sector-specific and general business environment
• Mandatory standards of practice
• Voluntary codes of best practice
• Voluntary codes of conduct and ethics, and
• The identifiable expectations of the community re acceptable behaviour for the specific sector or organisation1

For better or worse?

The new role of the records manager as 'police officer' will be to their benefit, but it will also be a challenge. How much of a challenge depends on the individual records manager.

Some records managers have come from a clerical or administrative background. With a new primary role as policy-setter and regulatory monitor, they will be more involved in the governance of the organisation. Many records managers are doing this already, however the new focus on governance will give them a greater visibility as recordkeeping is propelled into the limelight of corporate responsibility.

The changes in records management have been swift. Thirty years ago, the only qualification available in the area was a certificate course, which I did. Now, you can do a PhD in information management.

Records management education continues to evolve. In the next generation of recordkeepers, we will see great changes in how people understand and value the subject matter they study. Board members and senior managers will recognise that, next to human resources and business operations, accurate and timely information is one of their most valuable assets. People that manage, administer and 'add value' to information are key to good recordkeeping practices.

Training and education for records keeping

I strongly believe that records management awareness should be made available in the secondary school system. Students at this level should know that the industry exists-at the moment, they don't.

There is no recognition at high school level of what a records manager or archivist does. If you told the typical 14-year-old that you were a records manager, they might very well think that you worked in a recording studio.

Currently, students usually become aware of records management as a possible career only at graduate or post-graduate level. The usual educational path is to do an undergraduate degree followed by a post-graduate degree in information management. As records management moves into the governance areas of policy and procedures, it would be good to see records managers coming from the ranks of law, arts and IT graduates in addition to management graduates.

Future directions

In the future we can expect the labour pool for records management to become much tighter as the level of skill required increases. Likewise, records managers will find themselves interacting with areas of the organisation they've not previously had cause to.There's no doubt, records management will become a critical aspect of organisational operations and our industry needs to be preparing now.

Reference1. Based on Section 5, Regulatory environment,
of the Australian Standard for Records Management
(AS ISO 15489.-2002)

Related Article:

IIM warns of compliance concerns close to home

Business Solution: