AIIM: Setting Up an Information Governance Policy Isn’t Enough

3 min read

• Information Technology
• Information Governance

If you’re looking for justification for your decision to go to electronic records — or evidence that your organization needs to go there — look no further than the most recent AIIM report.

The report, Information Governance — records, risks and retention in the litigation age, is freely downloadable. It is based on a survey of 512 individual members of the AIIM community between January 18, and February 11, 2013. Invitations to take the survey were sent via e-mail to a selection of the 75,000 AIIM community members.

There’s way too much in the 35-page report to adequately summarize it here, but here’s some interesting points:

• Progress toward the “Paperless Office” is slow. In fact, for 42% of organizations, the volume of paper records is still increasing, though for 34% it is decreasing, leaving a gap of 8%. This gap is smaller in large organizations. In comparison, the organization’s 2011 report found a positive gap of 10% — that is, more organizations had a decrease than an increase, while in 2009, the gap was 34%. “We have no firm explanation for this apparent return to growth for paper records,” AIIM says.
• Effective information governance is crippled by poor training. Only 16% of organizations regularly train all staff. 31% do no training at all.
• Senior management is ignoring the risks. 31% of respondents report that poor electronic records-keeping is causing problems with regulators and auditors. 14% are incurring fines or bad publicity.
• The answer to the data problem is to let the computer do the filing. 14% are already doing autoclassification of electronic records, while 37% want to do it.
• Despite good intentions, the delete button isn’t being pressed. Electronic records aren’t being deleted even when retention periods are set. “Most organizations do have policies on retention periods, and that along with legal hold, these are the most likely to be aligned between electronic and paper,” AIIM writes. “However, when it comes to the implementation of deletion or destruction of records after the retention period, the number of organizations with alignment drops by nearly half, indicating that deletion of electronic records is not taking place as per the policies.”
• IT is losing its ability to transform business. For a third of organizations, 90% of IT spend adds no new value.
• Something has to be done about content accumulation. For 29% the response to the information deluge is “buy more storage.”
• 45% of organizations plan to increase their records management spend over the next two years. In particular, automated classification is set for strong growth, along with enterprise search, RM modules, E-discovery and email management.

What are the three biggest risks for a failure of information governance? Excess litigation costs or damages resulting from poor recordkeeping; loss of customer confidence or bad publicity from data loss; and loss of intellectual property or company confidential information, respondents say. In comparison, the three biggest rewards are reduced storage and infrastructure costs; the ability to exploit and share knowledge resources; and more agility due to faster response to events, accidents, press activities, FOI inquiries, etc.

The good news is that more organizations are trying. “Progress varies but 44% have some level of enterprise-wide policy in place, and 21% have multiple, non-integrated policies,” AIIM writes. “Results are fairly consistent across different sizes of organization although midsized organizations seem to struggle the most, with 25% reporting to be in-process but not there yet. 18% of smaller organizations have no policies or plans.”

The bad news is that organizations aren’t always following the policies they’re setting up. “Simply having a policy in place does not ensure that good information governance occurs,” AIIM warns. “Half of those with a policy admit that it is largely un-referenced and un-audited. At the bottom of the scale, 22% are not taking this seriously, relying on accepted practice or hiding behind their systems for protection. Overall, 48% could be considered to be working hard to achieve enterprise-wide conformance.”

If you’re looking for objective evidence, it’s a pretty useful report.