Month: November 2019

The two types of Records Management project

Karl MelroseLeave a comment

Yes, there are only two.

  1. Projects to achieve compliance.
  2. Projects to reduce the costs of compliance.

I think projects with any other goals come from an incorrectly broad definition of Records.

I think overly broad definitions of records are why we’re seeing organisations fail repeatedly at audit, and get in trouble with their regulators. They don’t really know what records is.

I also think this is why we’re starting to see organisations fined for not destroying records. They’re managing information, and not records.

The only reason to destroy information is that the storage cost exceeds the use value. If it is destroyed and you need it, you’re only up for the cost of recreating it, the regulator won’t care.

There are lots of reasons to destroy records, they’re generally codified in legislation.

There are also lots of reasons to retain records well past the point at which their storage costs exceed their use value, these are also codified in legislation.

There are only two types of Records Management projects, I think that once we’re outside of these what we are doing is valuable, but it isn’t records.

I think that distinction is important, and that many, many organisations are failing when they get to audit because they don’t know and understand what Records are, and just how important Records Management is to their organisation.

Records Managers – is your WICM worth it?

Karl Melrose

One of the most basic principles in getting adoption is remembering the WIFM – What’s In it For Me.

What we don’t talk about often enough though, is the other side of the equation.

The WICM – What’s It Costing Me.

Records fails when these two are out of proportion to each other.

The right proportion isn’t straight forward though.

The WIFM is generally organisational or far away.

The WICM is right now and borne by an individual.

This is why we tie ourselves in knots trying to automate, integrate and capture by stealth. Because we know that to work, one of two things needs to happen –

  1. Perception of the WIFM needs to be very high.
  2. The WICM needs to be almost zero.

How we square that circle largely determines how successful records programs are.

So the question you have to ask – is your WICM worth it?

Autoclassification – where it works, and where it doesn’t (seem to yet).

Karl Melrose2 Comments

I’ve been digging into auto classification lately.

It’s one of a number of very promising technologies that will help Records Managers clean up after users who don’t do what they should, and further reduce the burden of users operating in really complex situations.

It’s very promising. The technology works.

The main bar it had to jump for me is beating human accuracy.

The numbers I’ve seen show that people are around 65% accurate when classifying. The numbers I saw at a recent demonstration showed that the Auto-Classification algorithms confidence level on recommendations was at about 80%. This demonstration was from an Australian government agency of a system in active use – so this is real world accuracy.

While it’s an excellent tool. What I haven’t seen yet is its application to the problem of organising content in ways that are useful for people – making content “findable” rather than just well classified.

What I mean by this, is that it is excellent at applying a classification. “This is a development application”. 

Where there doesn’t seem to be an answer yet is in the area of understanding context, and relating one object to another. It seems to be good at saying “this is a development application”, but not at saying “this is the development application for 30 Reed Street Bristol, and these are all of the documents related to that development application” – which means that it can classify, and be useful for sentencing, but not file. 

It seems for the moment that we’re stuck with filing as the simplest way of showing the relationship between content.

While I think auto-classification is still a meaningful and useful improvement that can reduce compliance risk, I don’t think that reduction is as meaningful as it seems. 

My current read on the technology is that the best use is in manage in place scenarios, where we can tag the content with a classification and leave it the way a creator/user organised it to provide context. Without that context, I think we’re creating a problem for ourselves later. We’ll have better sentencing from a subject standpoint, but complying with instruments that require us to understand more context will be difficult. I think it has the potential to make it harder to comply with subpoenas and open government style requests (FOI, GIPAA, RTI, SAR etc.). 

On balance, I’m an advocate. I think that for lots of organisations it will take them from a place of poor compliance, to a place of meaningful compliance, and enable better lifecycle management. Until we have tools that can assess and understand context however, it should be adopted in addition to really good, usable file plans, not as a replacement of them.

The simple end user trade off in records management systems that users need to be reminded to appreciate

Karl MelroseLeave a comment

Lots of people (who haven’t had their records moment) would breathe a sigh of relief if we took away a records management system.

I think that’s because they don’t understand what a records management system does.

Records management systems ask one simple thing of users – put your record here, and we’ll take care of the rest.

I think we’ve forgotten to remind people of just how complex “the rest” is, and I think that’s one of the reasons that people don’t appreciate just how good the systems are (even when they’re not so friendly).

I think it’s also one of the reasons Records Managers are under constant pressure to use commodity systems that don’t have anywhere near the capability required to do the job properly.

Records management systems ask for a very simple trade off – put your stuff in a greatly simplified “right spot”, and then you won’t have to learn just how complex records is.

I think that’s a point worth reinforcing regularly.

The economics of Information Management and Records Management are different – so we should treat them differently.

Karl MelroseLeave a comment

The value of what we do in people’s hearts and minds is totally dependent on how they understand it.

Records management is about evidence of compliance.

Information management is about driving organisational performance by using information.

That sounds simple, and it is, but they have very different future values, and very different investment constraints.

Getting records management wrong can put you out of business quickly. It can also tie you up in audits, and get you on the wrong side of regulators that can make doing business hard.

The future value of getting records right is being able to stay in business (or retain the trust of the public). When we do Records projects, we’re either bringing ourselves into compliance, or reducing the costs associated with compliance.

Getting information management wrong can also put you out of business – but it’s going to do it slowly.

Poor information management puts you out of business slowly because you lose to competitors who are achieving superior value from their information.

Too often we put them together like they’re the same, and they’re not. 

The economics are totally different. 

We stop doing Records Management projects when we’re compliant, and we can’t meaningfully reduce the costs of compliance. The constraints are the risks of non-compliance, and costs of being compliant.

We stop doing Information management projects (and knowledge management projects) when the organisational performance gain will no longer be sufficient to pay for the project. The constraints are the available market, the availability of capital, and the ability of the organisation to absorb change.

Too often I think we put the disciplines together. There are large skill overlaps, and obviously every record is comprised of information, but they are different. If we don’t think about them differently, talk about them differently, and have a shared understanding with our executive and staff about the difference, we can’t expect that they’ll be valued differently.

So it’s either all compliance – and to be avoided, or all value delivering – and the average of both, so neither gets their full value in people’s hearts and minds.

Does your organisation have a measure of “records debt?”

Karl MelroseLeave a comment

There’s a commonly used concept in software development called “technical debt”.

It describes all the bad and dodgy (or maybe just sub-optimal) coding that was done in the past, that will need to be cleaned up later.

I think it’s a concept that we can usefully apply to Records management.

In record keeping, we need to measure two things –

  1. Direct costs – Cleanup costs and the costs of holding until clean up.
  2. Indirect costs incurred because records are no longer reliable.

Cleanup is the cleanest measure. Projects for cleanup work can be estimated with relative certainty as long as you know the information exists.

Indirect costs are obviously harder.

They include the costs of contract renewals missed or poorly enforced because their records are not managed. The generally higher costs of subpoena and information access responses, and generally reduced productivity due to increased search costs for specific records.

Records debt is a useful concept that we can take from software engineering, and a useful barometer that could be presented to executives on a regular basis.

Why customers get attention and record keeping doesn’t – and what you can learn about compliance from deterrence theory

Karl MelroseLeave a comment

“Too busy to keep records” isn’t an uncommon statement from process workers who aren’t doing what they should be doing (ie. keeping records).

“Too busy to serve customers” though isn’t generally the same problem.

Why is that?

Are officers all so amazingly fired up to complete their health inspection, or approve a development application that they just can’t take the additional minutes to keep records?

Unlikely.

They’re responding to incentives based on what is more likely to cause them a problem.

Simply, customers get served because they complain when they don’t. In government, it’s particularly likely, because there’s no other provider.

This makes getting caught very likely for whoever should have been serving them, and so they get served first.

What we’re seeing in action is what Deterrence theory refers to as the “Certainty” principle.

Deterrence theory is (in essence) the study of how to deter people from committing crimes.

There are three basic components:

  1. Certainty – the likelihood of getting caught.
  2. Celerity – the speed of the consequences.
  3. Severity – how severe a punishment might be.

For a long time, focus was on severity as highest deterrent, and that where many of us instinctively go. Research however has shown that this isn’t the case. In many cases, research has shown that a higher severity punishment actually has the effect of increasing the rate of offence.

Research has instead shown that the perception of certainty of punishment is the clearest deterrent, and this is what our customer service rep is reacting to.

They know they should be keeping records, they know there are fines and penalties. They also likely know that almost no one has ever had to face them, they also probably know that the Records team doesn’t have a budget allocation for anything like the number of compliance audits that they should.

They know with a high level of certainty, that they’re unlikely to be caught – and so penalties don’t matter.

Priority number one for an effective compliance regime should be creating certainty that people who are not keeping records will be caught.

Why it’s important to have a shared definition of Records with your executive if you want to get funded.

Karl MelroseLeave a comment

I think we have a problem in Records and Information Management. Simply, it’s that we don’t separate them clearly.

When we don’t separate them clearly, they’re seen as the same.

I think this is one reason we struggle for project funding.

Records projects are fundamentally going to produce a low return on investment, they’re also generally not avoidable – at least if the organisation wants to remain compliant.

An executive continually brought “Information” projects that are actually records projects pretty soon values neither, and is also then surprised when the organisation fails compliance audits.

When a clear shared definition of records management is in place, conversations get simpler.

Records projects are about bringing the organisation into compliance, or reducing the cost of compliance.

Information projects are about improving organisational performance and delivery.

When we don’t tightly differentiate the two of them, Records projects don’t get done, and Information projects are under-valued. No one wins.

One reason records ends up “the dumping ground” – and how we can avoid it.

Karl MelroseLeave a comment

Most people can’t define what a record is in the context of what they do.

If they can’t define it, they don’t know what it is.

What they’re left with, is the certain knowledge that there are penalties if they destroy a record, but little idea about what one is.

So they default to safe behaviour.

They keep everything.

And records becomes a dumping ground.

Great records starts with an organisational definition of what records are, that everyone in the organisation can understand and apply, and goes from there.

What happens when Record Keeping and Management is under funded.

Karl MelroseLeave a comment

Simply, the expense is only ever deferred, the work still has to be done, and doing it badly can be expensive at best, and catastrophic at worst.

The problem for funding record keeping is that the volume of records is directly related to the volume of work that your organisation engages in.

This means that as the volume goes up, the resources required by your records team to deal with the volume will also rise in direct proportion.

When a team is under-funded, the only option is to stop doing work. We can call it “reducing quality”, or use any number of other misnomers, but what we really mean is that we stop doing parts of it.

Parts that are often critical later.

Many of the runaway cost problems that we have with Freedom of Information, and discovery come from under-funding records and information management.

Case in point.

An organisation I work with is required to capture a statutory inspection form once a quarter, and undertake compliance actions if there is a problem noted on it. They receive about twenty five thousand per quarter.

A good quality process here means that the forms are all scanned, and filed with the records of the asset they relate to. This makes specific forms easy to find, and means that costs stay low when there is a problem that should have been picked up, an FOI request is raised, or a subpoena is issued.

The work the records team are expected to do though, has been rising faster than their headcount and funding.

The basic work of ensuring compliance in problem cases is still being done, but the records of inspection aren’t being scanned and associated with the asset anymore. They’re going in a box and being sent off to storage, because the time to do the extra work isn’t available, and something had to go.

The organisation still knows where the forms are are, but any future need for them will require that they’re all brought back from storage. Then it’s a case of searching for four specific, barely legible carbon copied forms among the hundred thousand that make up a year of forms.

That’s expensive.

And it’s likely to happen more than once.

That’s really expensive.

And then there are the Royal Commissions.

“Inadequate records and recordkeeping have contributed to delays in or failures to identify and respond to risks and incidents”

We should all be thinking twice before we under-fund records, or don’t fight to have it adequately funded.