Introduction
Information technology has increasing changed the management of businesses in the world. Record retention has been practiced where files were kept, archived, and retrieved physically. In this technological age, large amounts of data are produced and stored for various reasons.
Information storage requires an effective system of managing the information. Sarbanes-Oxley Act of 2002 came up with strict regulation on record management. This case study discusses effective record retention system in line with ethics.
It will also discuss issues in record retention, information security roadblocks, solution to security dilemmas, and record management as relevant to the entire organization.
How an effective record retention system helps an organization act ethically
The Sarbanes-Oxley Act of 2002 is an act that criminalized destruction, concealing, alteration, and falsification of records. This was adopted in the wake of scandals following WorldCom and Enron financial systems in America.
The act was very strict and challenged other states to consider such regulations. In Australia, the regulations are not equally strict.
They require the following for record management: That record related to income tax together with tax on payment of goods and services must be retained for five years.
Financial statements, cheques, receipts and orders in electronic form should be kept, availed for inspection, guarded from falsification, protected from destruction or damage within seven years.
Companies to declare privacy give updated and accurate information (West 2002). People can be allowed to get personal data upon request.
A record retention system allows people retain important information for a period of time that will allow processing of the information. Within that period the records can be considered active and relevant for use.
The information may be useful and therefore, will become easily accessible upon request. After the records period of processing, the information is disposed or sent to the archives.
When it is believed that the information cannot become useful in future, the information is disposed off. When the information may be considered relevant for specific reasons of reference in future, the information is sent to the archives.
Record retention helps the company to act ethically, if it has the record required in a legal process. When there are court cases, parties are expected to provide proof of information. Relevant information can be retrieved and used in the court by parties.
This process of retrieving information for legal matters is referred to as discovery. Discovery is an expensive process when it is ordered by the court. Therefore, business owners prefer to settle maters outside the court, and disclose this information before it is ordered by the court.
Read and Ginn (2010) say that a record retention system is associated with categorizing, classifying, and grouping of data according to its importance. The systematic organization of data facilitates easy retrieval and storage of information to enable the company function efficiently.
Additionally, the record retention system provides a criterion for information to be stored, and a criterion for destruction of documents. The criteria are based on the Australian guidelines for the company to be ethical.
Retention of record facilitates monitoring of ethics in the workplace such as relations, commerce, and sexual harassment. This is because effective retention system allows inspection of the emails.
Proof provided from the email can be use in the court to protect the employer or employee from liabilities. Availability of the emails can be used as proof.
An effective retention system can permit the company create control for the space available and facilitates cost effective business plans. This is because the retained records are disposed after their relevance, creating space for new business records.
Organizing the information adds value of the records in their electronic format. Printable or physical records may be costly and require space in the organization.
After implementation of the record retention system, work load is reduced with organized and accessible data; hence, costs in administration as well as clerical duties are drastically reduced.
Additionally, legal interests are protected and the company confidently conducts business in faith because they have followed regulations.
Issues and organization must consider when implementing a record retention system
According to Herold (2003, p. 1), the information technology (IT) department performs the task of implementing record retention system in departments in the company. The IT department works together with the legal office to decide on the records that are relevant for record keeping.
The legal office interprets the laws for the company. The period the records should remain active is stipulated. Depending on the nature of data and scope of work, the company is mandated the appropriate software to use.
Volumes of data are created in communication via emails and messages and the system implemented should be capable of capturing such data. The information should be accessible easily. The information should be in line with regulations.
As the regulations stipulates, measures to ensure that the documents are protected from destruction, damage, and falsification, whether in hard or soft copy, should be enforced. The company should ensure that information is accessible easily and retrieved without delays.
The IT department shall assess and review the system to ensure it complies with regulations. The employees of the company should be trained to implement the system according to the set standards and regulations of the state.
Issues in implementing emanate from the financial system, which should support the record retention system. It should competently support quick access to records (Sutton 1996).
Herold (2003, p. 1) mentions that, a company should ensure that the system meets all the requirements as given by regulatory authorities and the law, and implement them in the system. This requires a wide knowledge of the information to be retained.
When using software, the challenge becomes bigger because the process not only requires one who is knowledgeable, but also someone acquainted with the content to be used. This takes a lot of time to implement. The requirement may be challenging to implement if they are complicated.
This may result from detailed records. Moreover, retention may be complicated because of large number of classifications implemented in the company. Therefore, the people developing the system should allow others to test it before being in use.
Inadequate resources to implement the retention system may be a challenge to some organizations. The exercise requires skilled employees to work on the records in sorting data. The work is time consuming and may need additional employees to work on the records.
Those who are not knowledgeable on the records may require training. If the resources are inadequate, the owner may overlook the work since they may not have direct benefits and choose to work shoddily.
Implementing will require coding or developing a detailed index for quick access of the records. Without a way to access records, the systems would take long to trace information and to get queries answered.
Some systems have added information to the system to facilitate answers on common queries and methods of use. It is possible to avoid the challenge that comes with destruction of records.
The company must ensure that records are authorized and a certificate granted before records are destroyed. The certificate is kept as proof.
To successfully implement the record retention system, companies start to enquire about the legal requirements before they begin.
This entails getting legal assistant to assess the legal citation and functional requirements, setting the length of time that applies to different classification of data, and developing a system of accessing the records (Adam 2007).
The roadblock affecting the implementation of record retention system within an organization
Security of the retained records is a major concern for organizations. The information should be protected so that it serves the intended purpose. The company is required to have data security.
The regulations are very strict on the use of data and therefore, companies have the duty of adjusting their record system so that only the necessary data is accessible. Companies have to adhere to regulations on the data that should be made accessible (Adam, 2007).
Security roadblock is concerned with the ability of the company to secure all information for intended or internal use only. The security concern is preventing unauthorized people from accessing the records.
Organizations document must meet statutory requirements that are adequate to support business. It is the duty of the company to ensure that the information is protected, even after installing different software. Those who need access to the information should be defined and granted access.
Technology keeps changing and the company should have measures of ensuring that they keep up to date equipment that are in compliance with the regulations. Information is should be secure when in use and when in the storage until disposals.
When being disposed, the records should not be exposed, but should be destroyed in a manner that provides security for such information.
The security roadblock is concerned with expenses incurred in updating the system and retaining the documents. The employees as well as the executive and the owner of the company should be willing to adhere to the regulations set by Sarbanes-Oxley Act of 2002.
Record retention is a system that will require the use of experts. Experts are aware of the security measures required to protect the information from unauthorized people, and from penetration into the system by hackers.
The complex task of programming requires the use of the skilled persons to be implemented. Ordinary employees may not be capable of creating security walls.
The company has a responsibility of keeping own data from others unless required by authorities. The company keeps personal data of employees, which should be kept confidential.
Training the employees to use the record retention system can be costly to the company. Every new employee should be trained for them to be resourceful to the company.
The training requires the different departments in the organization to liaise and implement record retention and enhance security. The legal department is actively involved in ensuring that people comply with Sarbanes-Oxley Act of 2002.
It provides guidelines and notifies the IT department when certain measures have to be implemented. Every person must adhere to the Sarbanes-Oxley Act of 2002, which can be a daunting task for some people.
Some employees may be tempted to default or interfere with the records. This may be intentional or out of carelessness. The challenges are to educate and explain to those involved the importance and make them aware of the Sarbanes-Oxley Act of 2002.
Information security dilemmas that are solved by implementing a record retention system
Sarbanes-Oxley Act of 2002 gives specifications that tempering with information is unlawful. It talks about alteration of information, destruction of information, or falsification of information as unlawful. Those who engage in such unlawful acts will be eligible for imprisonment or fine.
This means that people should not alter any information in the company. The documents should not be destroyed without authorization.
Documents that should be retained are clearly stipulated and retained for the correct time. The information will be relevant for use when it is retained (Read and Ginn 2010).
Upon expiry, the bulk information is taken to the archives or destroyed depending on the use. Before documents are destroyed, they should have been retained for the required period and authorized for destruction. There should be proof of authorization to destroy the records.
It is unlawful to conceal information that could be used in business or in court process, as Sarbanes-Oxley Act of 2002 notes. It is also wrongful to mutilate, destroy, and falsify documents. People who manipulate the information in the record retention system perform illegal actions.
Sarbanes-Oxley Act of 2002 will prevent hackers and crackers as well as people working within the company refrain from tempering with the records.
A record retention system prevents people from using information for the wrong purpose. This involves luring people to accept deals without prior knowledge that the information provided is wanting.
A record retention system solves accountability problems concerned with security within and outside the organization.
Since there are specified people with authorization to access the information, it is their responsibility to ensure that the information is not tempered with, altered, or destroyed. When such events occur, they are held accountable and questionable.
Security dilemmas are solved because information is protection from people. When all the employees are aware of the Sarbanes -Oxley Act of 2002, employees will ensure that they guard the records for the intended use.
The company will enjoy the benefit of employees, who are aware the relevance of the information generated every day in the company and how to use it effectively. Retention of records is, therefore, a benefit from the company in securing itself from possible data loss.
The company makes plan not to lose significant information that could be useful by securing information in the record retention system. Sarbanes -Oxley Act of 2002 will enable the company to retain relevant records.
Reasons why record management is an area of concern for the entire organization and not just the IT department
Organizations are increasing changing their management system to embrace technology in all operations. Since the company uses technology, it will be required to follow the regulations stipulated by the Sarbanes -Oxley Act of 2002.
Furthermore, the company will have to adopt the Sarbanes -Oxley Act of 2002 in all departments to meet all the requirements of the act. The departments will be electronic and the records can be accesses electronically.
Therefore, all the departments will be required to conform to the records management. The IT department will not be the only department involved; it will facilitate other departments to adhere to the Sarbanes -Oxley Act of 2002 regulations.
All departments in the company have a role to play in generation of data. Employees will require the information in different stages of operation, depending on their tasks given. All the departments may require evidence of document in case they are involved in a legal process.
They also play part in ensuring the security of the records is maintained. Business departments are interrelated and require to integrate with other departments at different levels to get the work done (Robitaille 2005, p. 33).
Since the company uses electronic system, all employees in all departments will be trained on how to use the record retention system effectively with the assistance of the IT department.
Different departments in the company determine the importance and the value of the records and are involved in the decision making on the records to be kept.
The Sarbanes-Oxley Act of 2002 requires information on tax, corporate, and private records, which involve all departments in the company. The IT department integrates management of records in all departments to implement specialized administration of the records.
The departments play part in classification and grouping of information. They get information on coding so that they can access relevant data (Herold 2003, p. 1).
Robitaille (2005) adds that record management is part of effective management and its implementation in the entire organization will contribute to success in management.
When all departments are in compliance with Sarbanes -Oxley Act of 2002, the effectiveness and efficiency is achieved making the organization attain its goals.
Conclusion
Many companies have embraced technology in the management of their documents in companies. The Sarbanes -Oxley Act of 2002 requires people to follow certain standards of retention of records systems.
This includes keeping records for a specific period and disposing or archiving them after that time. The records are only disposed with authorization and when a certificate of authorization is given.
A system of record retention ensures that information related to tax, company and private data are kept (Read & Ginn, 2010). The records are protected from alteration, destruction, falsification or any form misrepresentation. Those who fail to comply can be fined heavily or face imprisonment.
A record retention system enables organizations to obtain information when needed in a court process as proof. The record can act as protection for employees.
Organizations must consider the cost of implementation, the volume of data involved, and ability to comply with Sarbanes-Oxley Act of 2002 regulations as they implement the record retention system.
The security roadblock for companies implementing a record retention system is the use of the records for intended use. The records should be given to people with authorization, and the records should meet the required standards.
The security dilemmas solved include the protection of the records from hackers and crackers (McLeod, 2003). Actions that lead to destruction, alterations, and falsification of documents are reduced since the offenders can be accused in a court of law.
Record management is not entirely a duty of the IT department, all the departments are involved. The departments have to cooperate in the actualization of Sarbanes -Oxley Act of 2002 by observing all regulations as they use the electronic system.
Reference List
Adam, A 2007, Implementing Electronic Document and Record Management Systems, Auerbach Publications.
Herold, R 2003, Records Retention and Security Regulation. Web.
McLeod, J 2003, Effective Records Management: Part 2: Practical Implementation of BS ISO 15489-1, BSI British Standards Institution, UK.
Read, J & Ginn, L 2010, Records management, South-west Educational publication,New York.
Robitaille, E 2005, Document Control, Paton Press, New York.
Sutton, D 1996, Document Management for the Enterprise: Principles, Techniques, and Applications, Wiley, New York.
West, D 2002, Records Management, Emc Pub, UK.