Great Records Management is largely about composition.

When your auditors turn up, they will ask you for your records, because your records are evidence of compliance.

Records are almost always many pieces of information, proving compliance means that you need to show all of them.

This makes records management as much a composition challenge, as it is a capture challenge.

Mostly, organisations don’t fail audit because the information isn’t present somewhere in their organisation. They fail audit because they can’t find and compose that information into a complete record under time pressure.

Great records programs solve this challenge ahead of time, and present a complete record.

Then audit is easy.

Why are we ignoring the cheapest and most powerful tool in the record keeping by stealth arsenal?

This post is really about asking for help resolving a conundrum that I’ve been wrestling with recently.

I have significant belief in workflow.

Simply put, I think it’s the simplest, cheapest (because almost everyone owns it already) and most powerful tool for record keeping by stealth.

I believe this because I think that the route to failure in record keeping is to try and get everyone to come to a records management system.

To me, the real challenge of records is “how to put record keeping in the critical path”.

This is something that workflow does amazingly well.

Create a workflow, make it the “how” work gets delivered and done, and people will come to it because it’s now in the critical path and “how we do things here”.

I’ve come to the conclusion that my reasoning here must be flawed. I’d estimate that about 1 in 10 organisations that I talk to who own workflow actually use it.

So what am I missing? Why isn’t it being used?

If you are one of the rare organisations using it, if you’re adding more workflows all the time, and you’ve got great penetration and buy in, I’d love to know how you got there, and understand what you learned along the way. I’m sure everyone else would love to know too.

”Record keeping by stealth”, and the two approaches to making it work.

Record keeping by stealth is an approach that attempts to move the burden of record keeping from people to software, or impose it in a way that is not noticeable to the user.

The concept recognises that there is an inverse relationship between the level of record keeping compliance, and the amount of effort that compliance imposes on the user.

Simply, if it’s high effort, people will do less of it.

This makes it logical to try and drive the required effort to zero – because theoretically that would get you have 100% compliance.

There are generally two approaches –

  1. Process based capture – embed record capture into a workflow or process management tool.
  2. Use tools that scan unstructured data stores for content before machine classifying them and providing a policy implementation engine.

Generally speaking, process based capture is well proven. It generally involves users adding information to the system that they do the bulk of their work so the burden feels very low.

There are only two real problems with this approach –

  1. It’s impractical to implement a process management tool for every process.
  2. Most process management tools aren’t compliant with record keeping standards – although this is generally dealt with through integration to a system that is.

The second approach (tools that scan unstructured data stores for content and machine classify them) has less volume of usage, but has advanced significantly over the last ten years and is in active use.

Almost all problems encountered in this approach come down to the use of machine classification. While it has advanced, and has in many cases been proven more accurate than human classification (exceptions definitely exist – blurry images is a common one), it does require careful set-up and tuning. The general approach now is to use machine learning approaches that are trained using pre-classified documents.

Record keeping by stealth is a useful concept for anyone engaged in trying to get a large complex organisation to keep records, particularly if it doesn’t have an embedded information governance culture. Whether its techniques are used or not, everyone can benefit from remembering the relationship between effort and compliance, and working actively to adopt approaches that minimise effort involved.

The actual problem that record keeping has to solve.

Is that the driver for the completion of work isn’t record keeping.

The driver for the completion of work is either customers, or co-workers, or managers.

Record keeping, when left to be done manually, is always a deviation from the critical path to getting stuff done.

So the problem that record keeping has to solve isn’t “how do we make everyone great record keepers”, it’s “how do we put record keeping in the critical path”.

When it’s in the critical path, it gets done – because it’s the only option.

Crazy idea to get 100% record adoption.

Take away outlook.

That sounds crazy, but wherever I go, email is the number one way to ignore records management and information governance, because it’s totally uncontrolled by design.

People ignore record systems because they can, and they can because of email.

All workers really need is a way to move the information they’re working with to the next person in the process. Email is the simplest, lowest friction way of doing that.

For most people, email is how they do their work. It gets emailed to them, they do their work, and then they email it to the next person. Hard copies fulfil the same basic idea. At no point in that process do they need to put anything in a record keeping system.

If you take away the ability to email and print, how do people move their work around?

They have to put it in a system that moves it around.

If the system is a records system, you’ve got it.

(Incidentally, this is a lot of what digital looks like when done well)

The problem for the image of the Records Management profession is Information Management (and the internet).

I think Records Management has an image problem.

I think this is because the average employee of a major organisation doesn’t understand it, so they don’t respect it, or know to ask for it even when the desperately need it.

In most cases I think they confuse Records with Information, and in most organisations have very little idea what each is fundamentally designed to do.

I think this is causing two problems for Records Management as a profession –

  1. Poor perception of records management and the value it provides in organisations that have made an investment in it.
  2. Failure to understand what Records Management can deliver in organisations that haven’t made an investment in it.

I think the source of the problem is easy to understand. From a non-technical outsiders view, Records and Information Management largely look the same.

They both have heavy investments in technology and they are both responsible for large volumes of information.

These same outsiders have also been convinced that it’s all the new oil. When they go to records, they expect that they’ll have a new oil information commodity experience. This causes a gap between what someone gets when they go to records, and what they expect to get, and I think that does an immense amount of harm to the Records Management brand.

I think the perception problem is caused by a lack of clear identity for Records Management in the broader community. I also think it has been exacerbated by the tendency to put Records and Information together when they have different aims and skill sets (which isn’t to say people can’t have and do both).

The longer Records Management continues without a clear brand and understanding, the longer I believe that the Records Management profession will be under-appreciated, and relatively unknown in some industries that desperately need it (Banking, Aged Care and Mental Health Care spring to mind).

One clear sign that your records program isn’t working.

Is no destruction.

Comfort with destroying records is a symbol of trust.

Trust that the records program is good, that it was implemented well, and that people are doing what they are supposed to do – so the records are correct.

When trust is high, destruction is easy, and it gets done.

When destruction is hard, it’s because trust is low.

So people don’t do it.

The two ways to fail an audit, and how to avoid one of them.

There are only actually two reasons to fail an audit:

  1. You’re not doing the right things.
  2. You can’t prove you did the right things.

Doing the right things is obvious.

What is less obvious, is proving that the right things were done.

If you work in a regulated organisation, at some point the auditors are going to show up. When they do, they’re going to ask you for your records. Records are your evidence that you did the right things.

If you don’t have a records management program, chances are, you’re failing at capturing the right evidence, or you’re handling the audit process with a massive overcommitment of resources.

A records management program starts with a great records manager. A great records manager will review your regulations, work out what needs to be captured to provide evidence, and then execute a program to ensure that it is.

Then all you need to do is make sure your organisation does the right things.

New research paper examining some considerations for switching official communication from paper to digital.

A new paper has been published in the Government Information Quarterly titled “Paper beats ping: On the effect of an increasing separation of notification and content due to digitization of government communication“.

The paper examines a number of factors that influence how likely a recipient is to immediately access a message on receipt of a notification. This is important for anyone considering taking a process digital, because there are assumptions about how people consume paper messages that we don’t notice until we change them.

Simply, when we get a letter, we generally open it, and read it.

This behavioural assumption is built into every piece of legislative communication that goes in the mail.

Email also fulfils the same basic function.

When government agencies digitise however, the need to ensure secure and confidential communications makes email unusable as a messaging method. The general trend in government agencies has been to notify using an unsecured channel, and then direct the user to an official portal to collect their message.

Under this architecture, the act of consuming the notification, and consuming the message are separate. There’s also friction in the form of the need to switch applications and remember logins and passwords. So we can’t assume that the notification and the consumption of the message will happen simultaneously as they do with mail.

This becomes a problem when official communication requires time based actions that are built on paper world assumptions.

This paper examines a number of factors to understand what happens when we make this shift, and how message delivery method impacts the likelihood that a recipient will consume a message quickly on receipt of notification.

The paper considers:

  • Message delivery channel
  • Operational skill level – skills to operate technology.
  • Informational skill level – skills used to search and find with accuracy.
  • Expectation that the message content is negative or positive.

The paper reaches a number of findings:

  • Paper messages have the shortest gap between notification and consumption, and people receiving digital notifications consume messages significantly more slowly.
  • People with poorer operational skills are more likely to access a message immediately.
  • People with better informational skills are more likely to access a message quickly.
  • Expectation has no impact on the speed with which messages were accessed.

It is important to note that this research used a vignette survey methodology. Which is to say that it asked people what they WOULD do in certain scenarios, it didn’t measure what they did do. That said, the Dutch government did provide that more than 1/3 of messages on their myGovernment service remain unread three weeks after notification. While this is anecdotally satisfying, it is not possible to say whether the same is true for paper.

The general conclusion that we need to think differently about communication that happens digitally vs on paper is well made.

My take away from the paper is that agencies that are considering moving to digital should consider that the economics of attention, and of notification and delivery change substantially. A letter costs $1 or more to send, and the best we can do is assume consumption of the message. This means that a certain percentage of enforcement actions will always fail because of routine administrative errors, or missed communications that are unknown until enforcement actions have escalated.

With digital channels, we can notify many times, and gain certainty that consumption of the message has occurred for a fraction of the direct cost. When messages have not been consumed, agencies could put escalation paths in place to higher cost methods of communication that provide similar levels of certainty. Ultimately, this could lead to faster and more certain outcomes.

You can find the paper at the link below:

Paper beats ping: On the effect of an increasing separation of notification and content due to digitization of government communication

The relationship between records and compliance, and the risks of doing records badly.

Records are evidence of compliance.

To destroy information which is evidence of compliance, is to destroy a record.

The risks of doing Records Management poorly are that information proving compliance – 

  • Won’t be available when you need it because it has been deleted or lost.
  • Will be difficult (ie. expensive and time consuming) to find.
  • Will be incomplete, and will require significant time and effort to assemble into a comprehensive record.

The consequences of failing at Records starts with failing audit. Depending on your industry, there can also be other consequences that range from inconvenience and fines, to quite literally killing people.

I’ve simplified greatly here because I’ve discovered that Records have different meanings in different contexts. I think that’s part of the reason why record keeping isn’t held in much higher regard as a discipline, and why certain industries are doing it so badly (and failing audits left, right and centre).

What I’ve found by industry – 

  • Government agencies know what records are, but generally under-fund it.
  • Health organisations think that they’re about patients (all patients have records, but not all records are about patients).
  • The greater private sector thinks they’re in accounting, but have people in risk actually performing records management duties.

Records are evidence of compliance. If you have legislation, regulation or standards to comply with, records are the evidence that you can give an auditor that’s going to get them out of the building quickly. The longer the auditors are with you, the higher your risk is.