Who is Guarding the File Cabinet?

By Dan Elam posted 10-03-2011 13:39


As records managers gain unprecedented clout within organizations, it is inevitable that they also come under more scrutiny.  Which begs the question: “Who is guarding the file cabinet?”

Records managers aren’t saints, even if most have similar patience in order to deal with cantankerous uses.  A 15-year records manager  in the Martin County, FL Sheriff’s Office was arrest in December for drug charges.  Records Managers are people too.

For most organizations, the records manager is viewed with unequaled trust.  Even more so than the financial decision-makers who must report to auditors and others under fairly strict reporting requirements, records managers often are given similar levels of trust but without the same oversight.  Since records managers control vast amounts of information, key access, and sometimes valuable information, the temptations and risks can be very real.

For author and presidential historian Barry Landau, the temptation proved too much.  The FBI and Baltimore police department investigation found historical documents worth over $500,000 that he allegedly had stolen from the Maryland Historical Society.  Landau was especially respected by a number of organizations and his web site indicated he had worked the nine US Presidents for “planning historic events”.

Every records manager I know acts as the gatekeeper for their organization.  They  often have to sign off on the destruction of records, testify in court, have access to the most sensitive corporate data, and even control valuable “permanent documents” that can have value in their own right.  Records managers are relatively underpaid and some unscrupulous people almost certainly have tried to bribe records managers for information or even to destroy records.  Amazingly, I don’t know of a single instance where a records manager has been arrested for such activity.  As a profession, records management probably attracts people who are more trustworthy and less likely to take outrageous risks, but it still seems unlikely that every records manager has been perfect.  More likely organizations haven’t wanted the public to know when there have been problems and quietly deal with the lapse in trust quietly and with little fanfare.

It is inevitable that a high profile example finally makes it to the light of day.  Once it does, look for records managers to come under more scrutiny than ever before.  While Enron and other corporate fraud examples highlighted the failure to follow records management best practices, it is a pretty safe bet that records managers today enjoy more trust than lawyers, financial managers, etc.

The problem with records management is that a lot of decisions are subjective and – worse – end up being the exclusive decision of the records manager.  Think about how many policies in your own organization dictate that the records manager and only the records manager can make certain decisions like disposition.

Such a scenario means that records managers can be second-guessed.  Records managers thinking about the future would be wise to take a look at their corporate policies and identify those policies which consolidate the flow of information that goes just to them and develop new procedures to have multiple sign-offs for disposition, etc.  No records manager wants to defend their practices when the “witch hunts” begins.  Having policies and procedures modified to share the responsibility can protect some good people.  In most cases, records managers have been responsible for inspecting their own policies.

Outright fraud is harder to prevent, but new tools can help.  Most ECM tools have audit tools to see who is retrieving content.  A policy that has non-records managers (such as IT or internal audit) to occasionally turn on the audits can help look for potential fraud and raise the specter to law-breakers that their auctions might be caught.

Of course, records managers are not the weak link:  ordinary users are still most likely to be the culprits and they far outnumber records managers.  Still, the time to be proactive is before there are problems that lead to new scrutiny and regulations.

With increased responsibility comes increased scrutiny.

#Records-Management #ElectronicRecordsManagement #fraud #governance