Records And Information Management: Essential To Organizational Compliance And Litigation Risks

Wednesday, October 1, 2008 - 01:00

Editor: Would each of you tell our readers something about your professional experience?

Dunn: I have more than 20 years of experience in records and information management, consulting with corporations, law firms and government agencies. I am a certified records manager and hold a Master's degree in library science. Over the course of my career, I have touched a number of industries, including defense, intelligence, pharmaceuticals, financial services, energy, telecommunications and media.

Coan: I have 25 years of experience in records and information management. I am also a certified records manager, and I am a past president of ARMA International, which is the records and information management professional association. My principal consulting experience has been with professional service firms, manufacturing and a broad range of life sciences enterprises.

Workman: I have over 10 years of IT consulting experience, with a focus on records and information management consulting. Much of my focus has been on regulated and information intensive industries, such as utilities, pharmaceuticals, mortgage lenders and enterprises with stringent environmental requirements. Like Maura, I have worked in both the private sector and with the government.

Editor: Please give us an overview of the records and information management products and services that Duff & Phelps offers its clients.

Dunn: We offer a full portfolio of services from strategy through implementation. Our services break down into three major areas: program assessment, where we look at how the organization manages its information and consider where changes should be made; program strategy and roadmap development, where we analyze what is necessary for implementation, in detail; and actual implementation support.

One of our principal focuses is on heavily regulated industries. The need to file extensive reports with a government agency provides considerable motivation for organizing information. Likewise, a company which has a heavy litigation burden can benefit from a robust enterprise information management program.

Editor: Different organizations have different issues with managing records. Are these products and services differentiated by the type of customer?

Coan: A successful records and information management program depends on the organization's risks and priorities, industry and organizational culture. It is the people within the organization who determine whether the program works. Our goal is to help them set up a program that makes it easy for employees to do the right thing. Depending on the organization's strategic business drivers, we might focus on operational efficiency, organizational compliance or risk reduction.

Editor: What are the things that would be important for a publicly traded NYSE company? A private company?

Dunn: Once a company decides to commit to a disciplined information management program, there is not a great deal of difference between publicly traded and private concerns. One of the things we do for a diverse group of clients is the Enterprise Information Map . This tool permits the organization to really understand the information it has, which business processes are supported by which information systems, where the resulting and/or required information resides, and the form it takes. Certainly an organization that must report to the SEC needs to know these things, but so must a private company responding to litigation or an investigation. Any enterprise seeking to remain competitive must have a handle on the nature, extent and location of its information; at a time when a company's intellectual property may be its most important asset, this imperative is only going to increase in importance.

Editor: How about an accounting or a law firm?

Coan: Clearly, professional service firms face increasing exposure - e-discovery, investigations and litigation come to mind - and must manage their clients' information and records, as well as their own, in an efficient manner. In light of the Arthur Andersen debacle - and one of the principal factors there was Andersen's failure to keep its house in order - there is a significant trend for professional service firms to enhance their records and information management capability and be ready to respond in a crisis without having to scramble. Furthermore, in this environment of increased corporate transparency, companies are increasingly waiving privilege, which puts a professional services firm's client records front and center in potential discovery requests where they are called in as third parties to the litigation or investigation.

Editor: What are the challenges that an organization seeking to implement an enterprise-wide records and information management program faces?

Dunn: Challenges fall into several categories: technical, operational and organizational. The essential thing, we find, is for general counsel or the person responsible for addressing these challenges to gather up the resources at his or her disposal - the IT group; core operations people; and corporate services leaders from HR, internal audit and finance - at the beginning of the process. Each group has specific concerns and brings valid but different perspectives to the information management arena. A successful program addresses an organization's entire enterprise architecture and the systems that the organization employs to accomplish its mission. Getting people to use new systems and follow new rules is an enterprise-wide issue. At the same time, you do not want to negatively impact productivity.

A key element of our methodology is a "visioning" session with the organization's senior leadership. This session ensures that senior management understands the challenges; it begins the cross-disciplinary discussions that are essential to building a successful records and information management program. Equally important is the need at the highest levels to commit to making change happen. Changing policy is easy, but changing behavior and committing resources is another matter. Recently, we've had more and more clients asking us to help them develop a business case to quantify the benefits of a program to off-set the costs of new technology or training. The benefits we identify include cost savings (more efficient discovery, reduced storage needs, increased operational efficiency, etc.) on top of reduced compliance risk.

Workman: In any effort like this, coordination is the key. If communication works among the legal department, IT and the records management team, the organization is well on its way to addressing all of these challenges effectively. One crucial point to remember is that memos alone do not ensure clear communication - these groups often speak different languages or use the same words to mean different things. Face-to-face interactions - both one-on-one and in collaborative groups - are essential.

Editor: If coordination is the key, should there be a full-time person handling this function?

Coan: The role of coordinator is not necessarily full-time, but there is a vital reporting line from the records manager to, say, the legal department, HR, IT, the compliance group, and so on. If the program has been properly established, that line should be seamless, but everyone must understand his or her responsibilities.

Workman: That being said, yes, someone must own the coordination process. Given the authority and reach that general counsel possesses organizationally, it has been our experience that often this responsibility is best carried out by someone who works for the chief legal officer. This coordinator, whether full-time or not, must be able to communicate across the different groups.

Editor: Please share with us your thoughts about how getting this right contributes to the organization's ability to satisfy its compliance objectives.

Dunn: Strictly from a compliance standpoint, the ability to come up with an effective and swift response to a government agency request for information and documentation is itself a validation of the organization's compliance readiness. Half the battle is being perceived as equipped to meet compliance requirements.

Editor: And the consequences of failing to get a sound records and information management program in place?

Coan: The list is a mile long, but the inability to respond effectively and consistently to regulatory inquiries creates the impression that the organization is not in compliance or that they may have something to hide.

Given the volume of compliance requirements - and I am thinking of the Office of Foreign Assets Control, the Foreign Corrupt Practices Act, data privacy under HIPAA, and Sarbanes-Oxley as only starting points - the ability to meet compliance requirements effectively and efficiently has a direct impact on a company's ability to raise capital as well as its productivity. On the latter, knowledge workers spend as much as 35 percent of their day looking for information. If we can reduce that by just five percent, we make a significant contribution to the bottom line.

Editor: What about the future? What is in Duff & Phelps' pipeline of new offerings in this area?

Dunn: One of the most interesting things we are working on at present is helping our clients gain visibility into their information repositories and systems across the enterprise. This visibility gives the organization's leadership a huge boost in terms of understanding how the enterprise actually works and what is necessary for continuing success. Our Enterprise Information Map provides the foundation for a much tighter link between business processes and the information necessary to support them. By embedding record-keeping requirements directly into business applications, the system permits the power of information to drive - but not overwhelm - the process. That may sound pretty abstract, so let me give you a concrete example: what this means is that an attorney in a company can execute a new vendor contract with the whole transaction history at his or her fingertips, without that sense of drowning in information.

Editor: Is there anything you would like to add?

Dunn: We have not said much about the link between records and information management and e-discovery and the changes that the Federal Rules of Civil Procedure have brought to litigation. A company that manages its information well not only gains in positive visibility - with the regulators and in the litigation arena - but is able to dispose of its information in an appropriate and disciplined way, thereby reducing the potential volume of information to be searched - which can have an enormous impact on the ever increasing cost of discovery.

Coan: In working with our clients, we find that when general counsel is invested in making change in the organization, our ability to drive success is greatly enhanced. Where this is not the case - when general counsel is not engaged in the change process, unwilling to tackle the board of directors or the CEO, or otherwise disinterested in seeing these crucial interdepartmental relationships developed - our ability to influence enterprise-wide change is significantly reduced. It is crucial for general counsel to be an active participant and often the principal driving force in getting a major project such as the implementation of a sound records and information management program accomplished. General counsel not only advises the business units on a day-to-day basis, he or she is the one person in the organization who fully understands the gravity of the e-discovery and litigation challenges that the organization faces. It is critical for general counsel to not only endorse the kinds of changes we have been discussing but to actively champion their full implementation.

Please email the interviewees at maura.dunn@duffandphelps.com, terry.coan@duffandphelps.com or gordon.workman@duffandphelps.com with questions about this interview.