Records are evidence of compliance.
To destroy information which is evidence of compliance, is to destroy a record.
The risks of doing Records Management poorly are that information proving compliance –
- Won’t be available when you need it because it has been deleted or lost.
- Will be difficult (ie. expensive and time consuming) to find.
- Will be incomplete, and will require significant time and effort to assemble into a comprehensive record.
The consequences of failing at Records starts with failing audit. Depending on your industry, there can also be other consequences that range from inconvenience and fines, to quite literally killing people.
I’ve simplified greatly here because I’ve discovered that Records have different meanings in different contexts. I think that’s part of the reason why record keeping isn’t held in much higher regard as a discipline, and why certain industries are doing it so badly (and failing audits left, right and centre).
What I’ve found by industry –
- Government agencies know what records are, but generally under-fund it.
- Health organisations think that they’re about patients (all patients have records, but not all records are about patients).
- The greater private sector thinks they’re in accounting, but have people in risk actually performing records management duties.
Records are evidence of compliance. If you have legislation, regulation or standards to comply with, records are the evidence that you can give an auditor that’s going to get them out of the building quickly. The longer the auditors are with you, the higher your risk is.
Information Governance 