Easy and Comprehensive? Aren’t these at opposite ends of the spectrum? They don’t need to be. Iron Mountain has an auditing process that is fully comprehensive, with minimum effort from the workforce, and the auditing team. Labor intensive interviews and investigations are only performed as warranted by the data. But before we get into more detail on this, let’s establish some parameters:
- Information Governance audits are performed at the pleasure of the company. These are internal audits with no legal or regulatory required processes to follow or even any requirement to perform the audit in the first place (one reason why many companies haven’t matured their program to this level yet).
- Information Governance audits are conducted against requirements. It is a good thing to check yourself against “Best Practice” (and Iron Mountain can help with that also), but checking against best practice is an assessment of the maturity of your program, not a measure of workforce compliance with your requirements.
- Requirements are found in policies and procedures with specific “requirements language” such as must, shall, and will. Using words like should, might, or could provides the opportunity for variation of activity, including no activity at all. It also invites time wasting non-productive discussions on definition and intent. Much better to preclude all of that with clear, non-negotiable requirements language. If you need assistance with developing or re-writing policies with “requirements language”, Iron Mountain can help with that also.
- Audits are a way of life; a regular, normal, ongoing business activity. Audits should be designed and conducted in a way that not only provides a snapshot in time of where you are, but are foundational for necessary corrective follow-up and the next audit.
Craig Grimestad is a Senior Consultant with Iron Mountain Consulting. His specialty is designing Records and Information Management core components with a sub-specialty for RIM auditing. He considers RIM implementations to be efficiency improvements. His passion is for the establishment of corporate Information Governance that extends from the Board Room to the desktop for all employees. Craig holds a Masters of Science degree in Engineering from The University of Illinois. Prior to joining the Iron Mountain Team in 2008, Craig was Records Manager for the Electro-Motive Division of General Motors where he participated in the development of the GM Corporate RIM program. He implemented and managed Electro-Motive Division’s RIM program. Craig is a recognized thought leader with a regular column and occasional feature articles in iQ magazine (the journal of RIM Professionals Australasia), featuring his blog series “The Psychology of Records Management”.
Are you a blogger?
Please visit our Submissions page to find out how to submit an original article, or if you would like us to repost one of your best.