Tuesday, March 25, 2008

ATR: The Once and Future Records Manager

Mimi Dionne (who I think hates it when I write about her blog), asks the following question: "Do RIMgrs REALLY see the Organization?" Her question is really about real time vision of an organization and what is going on.

My perspective to that question is much broader and less real-time. In the past, I have always said that the best thing about this job is getting to understand how the business works -- how things tie together, what the company does and what makes up all the elements of the company. This has been a great job, being able to look into the nooks and crannies of a wide variety of companies and organizations. I have always felt that after a couple years with a company (or one very thorough records inventory), you probably know more about how a company really works than most executives in the company. We may not know the numbers, but we should know how information flows.

The real-time will tend to be situational. As my job evolves and I get more involved in litigation, investigations and information security, I tend to see the less pleasant aspects of what goes on in a company. And many of those things are real time and involve very real and significant events. And many of these events never get to the C-suite, but an awful lot do. Underlying most of those events are records in one form or another -- and our ability to deliver the right records, to the right people, at the right time.

The profession of records management is at a significant inflection point. For a long time, records managers have been looking for opportunities to break through the cardboard ceiling. I believe that the opportunity is now, but only the very best will have that opportunity.

The opportunity is to identify where you can most add value to your organization. Where is the need and exposure in your organization most critical? Where are there gaps in your records management program? Where is the company spending money on records needlessly? For my organization, the driving force for good records management is litigation. Getting electronic records under control and getting the discovery process standardized means not only better results in court, but far less cost on the way to the courtroom. For other organizations, basic compliance is the hot button. Still others have the opportunity to drive better business practices by using technology to deliver records electronically.

I have always been an advocate that it is a far better job to feed the elephant than to sweep up after the elephant. Records management has been a "sweeping up" job for a long time, and while that job is important, it is seldom valued until the stuff we sweep up begins to pile up. And the visibility from that end of the elephant isn't very good. What you want is the opportunity to really manage the records of your organization, through the entire lifecycle, with a particular focus on managing records far better when they have the most value to the organization.

A number of years ago, I bristled at the records managers who used terminology that talked about "Information Risk Management" as if a mere records manager could possibly influence that across an enterprise. In many respects, I'd like to say that I was wrong and that I didn't take the opportunity to run with that ball for fear of running across the well-manicured lawns of other folks in the organization. The reality is that, today, my job is truly about information risks and the management of those risks. This is a cooperative effort, working with information security, lawyers, and investigators. It is about working with IT and finding ways to reduce the volume of information that is being created and maintained. It is about ensuring that we can find all that stuff when it is needed and getting rid of the stuff that we don't need. What we bring to the table is the ability to translate the legal and regulatory requirements into IT-speak and translate the limitations of technology into lawyer-speak. It is about creating record-keeping requirements that make sense for the users, the lawyers, and the IT folks. And it is doing that consistently and within the bounds of the risk profile that the organization wants to accept.

So my answer to Mimi would be that we have the opportunity to see how the entire organization works. We have the opportunity to help people make real-time decisions about what to keep and what to throw away. We have the opportunity to add real value to an organization by applying our competencies where they can do the most good. Identifying those opportunities comes from our vision of how the organization really works and where our skills can have an impact.

No comments: