U.S. companies are projected to spend $5 billion this year to comply with the Sarbanes-Oxley Act and other federal mandates, yet their efforts to managing electronic records are falling short.
U.S. corporations will spend an estimated $5 billion this year trying to comply with the Sarbanes-Oxley Act and other federal rules that require clearer documentation and disclosure of their financial practices.
Yet, U.S. companies appear to be getting worse at managing electronic records and e-mail that regulators often demand to see.
This trend is highlighted in a recent study by research firm Cohasset Associates, which polled more than 2,000 members of ARMA International, a trade organization for records management specialists. The study shows that 46% of U.S. corporations have no formal process to make sure important electronic records-such as negotiations conducted by e-mail, financial data kept in spreadsheets and documentation stored in word processing files-are properly archived, then deleted when they should be.
Worse, according to the study, 59% of the companies surveyed don't have a policy about saving e-mail or electronic documents, up from 55% in 1999. Many respondents say there is little corporate will to improve either paper or electronic records management.
These companies are at risk of fines and contempt-of-court citations, says Lori Ashley, senior consultant at Cohasset.
Arthur Andersen was, in effect, put out of business for destroying records pertinent to the Enron financial scandal, a key impetus for the passage of Sarbanes-Oxley. In March, the Securities and Exchange Commission fined Banc of America Securities, a division of Bank of America, $10 million for failing to produce e-mails that might have shed light on charges of improper trading.
Even if they're trying to comply, companies can waste time and money looking for records before a court case even starts. "There's a lot of pain when you look for something and find it's been destroyed, or admit in court you haven't been keeping records," Ashley says. "You open the door to someone who wants access to your e-mail, and [then] you have to have attorneys and paralegals go through 300 gigs of it."
Often, information technologists are responsible for electronic records though they lack records management experience.
Find yourself in a similar mess? See the four-step plan below for a potential solution.
Four Rules For the Electronic Records Road
According to L. Reynolds Cahoon, chief information officer at the National Archives and Records Administration, there are four steps to good electronic records management. Cahoon should know: He manages 2.9 million cubic feet of paper and four billion electronic records that document every action of the federal government.
1. Build records management requirements into your capital planning. Before you approve a project, determine whether the system will create records and, if so, allocate funds to make sure they are funneled automatically into your records management systems. Applications that provide only access to information, such as data mining software, are rare. Even Web sites generate records if they run transactions.
2. Make sure your new applications require employees to document each transaction. If you can't include documentation in the workflow, change the workflow.
3. Add a records management phase to your systems development process, including initial design, coding, bug testing and acceptance testing. Allowing the company's records management chief to veto a system that doesn't measure up is a way to ensure that the important applications make the grade.
4. Build records management functions, like security parameters, into your company's information architecture so they're integrated with every application. As Cahoon points out, "Records management crosses all business functions."
Projects: Management 
