Kim,
Compliance audits are not being performed with any degree of regularity,
surprisingly. The study I just completed says, for instance, that the vast
majority of companies (of the 140 or so that answered the survey) do not
have auditable standards for e-discovery processes and controls. I am
familiar with the General Counsel Roundtable Study referenced in an earlier
post (Order from Chaos), and indeed was involved in the research with my
friends at GCR. Unfortunately, that study does not include as much helpful
guidance as one would hope.
It is easy to write a policy, but a whole other story with regard to
bringing it to life in a standardized manner and then engaging qualified
auditors to test and sample controls. One would think there should be a
trend toward more auditing, but that is not evident from my experience or
the results of the survey we completed two weeks ago.
I would be pleased to discuss this further offline and provide more
information on a few efficient audit processes you could institute, but
everything hinges on the quality or measurability of standards you have in
place one year following institution of your RIM policy.
Best regards,
Rick Wolf
347 Mt. Pleasant Avenue
Suite 204
West Orange, NJ 07052
(973) 324-0050 (direct)
(973) 324-0052 (fax)
(201) 602-9486 (cell)
www.lexakos.com
-----Original Message-----
From: Records Management Program [mailto:[log in to unmask]] On Behalf
Of Kim Mayberry
Sent: Tuesday, November 06, 2007 8:03 AM
To: [log in to unmask]
Subject: Records Policy Compliance Ausit
Our records retention policy is a year old. It is now time to create a
method for measuring compliance with the policy. (The policy at this point
only covers hard copy - E-Policy is due out in 2008.) We are a global
communications / entertainment company consisting of approximately 50,000
employees in various departments. Each department has a records
coordinator.
My question to the list is - how do we measure compliance? I have been
asked by our Litigation Group to come up with ideas or methods to measure
and ensure that compliance. My first thought was to charge each Dept.
Coordinator with the task and report back to Corporate Records. If we go
that route, do we have them do a physical audit (seams daunting) or have
questionnaires completed? If we do the questionnaires, what questions do
we ask that are meaningful? How many folks should be audited?
Any ideas or recommendations are greatly appreciated. Feel free to contact
me off list for further conversation.
Thanks to the entire list for the inspiration and knowledge base this field
needs!
Kim Mayberry
Legal Records Specialist
[log in to unmask]
Atlanta, GA
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present,
place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]
|