We are sometimes asked by our clients to present an ROI for the establishment of a Records Management (RM) program. Questions arise such as, “I’ve never had issues before so why make unnecessary expenditures now?” An answer to these inquiries is that there are risks when a decision is made to do nothing about your records management program. Doing nothing may include having no records management policies in place and simply storing your information on-site or using an off-site records storage vendor. Doing nothing also includes having records retention policies and a records retention schedule, but not using or enforcing them properly.
A well-constructed, easy to use, and enforced records management program can minimize legal and regulatory risks. One way to comply with regulations is to ensure that auditors have access to and can easily locate required information about business activities. Not being able to locate a record for an auditor is a red flag and can never be construed as an excuse. An organization can be assessed financial penalties for failure to produce records requested by government auditors. Here are some examples:
- The IRS can impose civil and criminal penalties for failure to keep records information required by the IRS code.
- Employers who do not comply with record-keeping requirements for Employment Eligibility Verification Form I-9 are subject to fines up to $6,000 per violation.
- OSHA can impose civil penalties of $1,000 to $70,000 for record-keeping violations.
- Large fines can be levied against financial services firms for violations of record-keeping requirements of the SEC. For example, five investment banks were fined $8.25 million dollars for failure to properly preserve email communications.
- Failure to retain records for a required period can lead to criminal charges of obstructing a federal audit.
Proper consideration of ROI is certainly critical for making business decisions. However, investment in a records management program should be considered as a crucial part of an organization’s risk management profile to protect what you have and minimize future legal risks.
Pro tip: Our source and an outstanding resource for records managers and their managers is Records and Information Management: Fundamentals of Professional Practice, 3d ed., 2016 by William Saffady, Ph.D.
Related Posts
Data Breaches Are All Around Us It seems like every day we hear [...]
Can You Safeguard What You Don’t Directly Control? Navigating a work-from-anywhere (WFA) environment [...]
Information Governance Requires Defensible Destruction Part 1-Implementing Policies-The Hows and Whys Corporate workplaces [...]