The Importance of a Regular Records Management Policy Audit
Even the best records management processes need to be re-evaluated from time to time. Regular records management policy audits or "checkups" ensure that the records management methodology in place is still effective and meeting the needs of the company.
Creating a Records Management Policy Audit Schedule
If you only complete audits when issues arise or when an executive requests one, you lose the chance to proactively get ahead of problems. Some organizations perform audits every six months, while others perform them every year or even every two or three years. The decisions around audit frequency should be based on how critical your records management program is (financial or healthcare sector organizations, for example, should lean toward every six months) as well as staffing availability.
The purpose and results of all audits should be shared internally to drive accountability in the progress made from one audit to the next. Along with this, include updates after modifications to the records management program have been made based on audit results.
Developing an Audit Team
Your records policy audit team should include representatives from all stakeholders in your records management program. As needed, seek out the expertise of IT, legal, compliance, information management, privacy and security, as well as from the business divisions themselves.
There are two schools of thought on who should lead a records policy audit. One says that the records management department itself should run the audit, as they're the most knowledgeable about the processes and records being audited. The other says that in order to be neutral and fair, the audit should be performed by another department (such as an audit or compliance department) or an outside consulting firm. There is no "right" answer — your organization needs to make that decision based on its needs.
Starting With KPIs
All records management programs should have defined key performance indicators, or KPIs, that guide the records management program toward success. These KPIs exist to ensure that everyone within the records management department, whether it consists of a single records manager or a diverse team of records management specialists spread across the globe, knows where their efforts can be best focused to improve their programs. These KPIs often inform other areas in the organization, such as compliance, audit and even HR.
Any policy audit should flow from those defined KPIs, as they naturally align with the work that the records management department is conducting.
Records Management Policy Audit
Determining a process is one of the main challenges in executing a policy audit. Some common processes include spot-checking random records, observing random employees and interviewing or surveying employees. Your specific processes may already be determined by your organization's audit department. But no matter what your audit processes are, it's essential to apply processes consistently from one audit to the next so that the results can be accurately compared and progress can be measured over time.
Developing a Change Process
Most audits will inevitably turn up areas in need of improvement. Processes should be in place in advance of the records management policy audit to begin to enact immediate changes based on audit findings. Having processes and accountability in place for making post-audit modifications is key to ensuring that the records management policy audit is a useful tool to the organization.
Since records management policy audits exist to help your organization improve, you should always be honest and evaluate fairly. Transparent self-assessment is crucial to maintaining the best records management program possible.