On 6/8/06, [log in to unmask] <[log in to unmask]> wrote:
>
> As a dissenting vote and many years of involvement in RIM, I still feel
> the
> most effective location for RIM is in the administrative area of an
> organization's operations.


Sage wisdom from someone who knows of what he speaks.  The only dissenting
opinion I would offer with this is in the Federal Arena, where the mandates
of the Clinger-Cohen Act resulted in the establishment of a CIO for EVERY
Federal Agency, and the responsibilities for RM falls under the realm of
that position.  And if you're with a Federal Contractor, it makes sense that
a similar organizational alignment occurs.  In that way, your RM Program and
systems financial requirements are easier to justify.

There is no question but that a close working  relationship
> must exist with legal and IT, but the overall organizational  involvement
> that
> administration has is critical to RIM requirements.


This has always been true in the past paradigm, but with more of the
information being generated now stored and "managed" (and I truly use this
term loosely) in the IT structure, while administration may be where the
policy and practices are developed, it's up to the IT staff to ensure the
procedures exist to carry out those practices and adhere to that policy.  I
believe that verification, validation and enforcement of adherence to the
polices (through auditing) should remain with administration... but the
functional management practices need to be closer to the source of the
information.

It's not unlike the past (and in some organizations, present) practice of
the management of the "Central Files" in a paper-centric RIM scenario being
under the physical control of some administrative body.  In the current
(and in MOST organizations, future) practices, information is being
generated electronically and it will be managed in some electronic
repositories that become the new "Central Files"... and GASP... IT will have
to learn to manage this seemingly mundane administrative function as part of
their day-to-day operations.  Ironic, isn't it? =)

 True,  retention and
> compliance are the  key buzzwords today and involve important  legal
> concerns,but
> records storage, filing systems, conversion, and the like are  ongoing and
> continuing factors that are not legal-supportive operations.


Again, I fully agree with my astute colleague.  Retention, in order to
achieve and support compliance and to enhance business functionality and
competitive advantage is critical.  Compliance on it's own, however, should
come out of establishing policies and practices that are in accordance with
laws, regulations and statues and remaining ever vigilant to ensure you
"check the pulse" on these and adjust your policies and practices to remain
in compliance.  Compliance shouldn't be a "knee jerk" reaction... it should
be part of a business plan, just like disaster preparedness, vital records
protection, and other aspects of business continuity.

Where I tend to differ a bit is in my views on the issue of conversion and
migration to support (especially) long-term retention requirements.
However, I don't feel legal is any more qualified to lead this charge than
administration is.

IT is, however, in the drivers seat where it comes to deploying the new
technologies that will result in the need for conversion and migration, and
they know in advance when this will be occurring... they are also in the
position to best identify what will be our next "legacy systems" and to
determine what data is in these systems that may require conversion and
migration to retain access to it.  And this is where RM being in the CIO's
organization comes into play and positions RIM is a critical role of
assisting in identifying the needs for information and determining the
benefits of either continuing to support a legacy system, or developing a
plan for extraction of the information and converting and migrating it
forward.

This is  a long
> discussed topic going back many years when I first disagreed with
> my  colleague
> Don Skupsky and his strong pro-legal position.


And it's also where I made MY decision whose team I wanted to be on when
this debate took place.  I support the practice of Legal being a part of the
team developing the retention schedule, the organizational RM policy, even
in evaluating the practices developed to support those policies.  I'm not AT
ALL In support of the concept of Legal having an active role in the actual
management of the RIM function.

I know in the past we've had lengthy discussions of the issues related to
the commonality of risk management/mitigation and records management, and
how much of RM comes out of how an organization chooses to deal with it's
perceived risks, but in my thinking, this should all be reflected in the
policies an organization issues.  And that's where Legal's responsibility
for managing the RIM function should end.

No big debate issue and organizational setups could be a factor. I don't
> believe it is a hard and fast rule.


You're right...again =)  Depending on how heavily regulated an industry
you're in, there may be exceptions to this, but I think they would be few
and far between.  If you are facing a frequently changing regulatory
landscape, or if you're in an acquisition and/or merger situation, you may
need regular input from Legal to guide changing policies that impact your
operating environment.  But aside from those scenarios, I'd prefer to see
RIM organizationally aligned in the CIO and/or Administrative/Business
Operations environment.

Larry

-- 
> Larry Medina
> Danville, CA
> RIM Professional since 1972

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance