1 / 15

The Impact of Auditing on Records Management Risk and Compliance

The Impact of Auditing on Records Management Risk and Compliance. Susan B. Whitmire, CRM, FAI Manager, Enterprise Records and Information Management BlueCross BlueShield of Tennessee. Agenda. Definitions Risks Compliance Auditing. Records Management. Definitions

jarvis
Download Presentation

The Impact of Auditing on Records Management Risk and Compliance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Impact of Auditing on Records Management Risk and Compliance Susan B. Whitmire, CRM, FAI Manager, Enterprise Records and Information Management BlueCross BlueShield of Tennessee

  2. Agenda • Definitions • Risks • Compliance • Auditing

  3. Records Management Definitions • Records and Information Management • Generally Accepted Recordkeeping Principles • ISO 15489 • Retention Schedule

  4. Definitions - RIM • Records and Information Management • Systematic control of all recorded information an organization needs to do business. • creation, maintenance, use, preservation, protection and disposition • information may reside on various forms of media • RIM is designed to support the records management requirements of business processes and to reduce risks associated with litigation, investigation or audit through the proper management, protection and retention of information.

  5. Definitions – ISO 15489 • This standard defines records management as "The field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and disposition of records, including the processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records".

  6. Definitions – Retention Schedule • An established timetable for maintaining an organization’s records • Establishes uniform retention practices and avoids duplication of effort • Application of retention • Context • Grouping of related documents = Record • Typically not a single email, word document or excel spreadsheet • Folders provide context • Event Based Retention • Closed + 5 years • Superseded + 10 years

  7. Why is it important? • Information is an asset; holds value for the organization • RIM ensures that needed information is retrievable, authentic and accurate, which requires: • Setting and following organizational policies and best practices • Identifying who is responsible and accountable for managing records • Integrating best practices and process flows for information management throughout the organization • Creating, communicating and executing procedures consistently

  8. Records Management Risks Risks • Too long or too short • Protection • Security • Privacy Where to look? • Email • Unstructured electronic information • Content in systems and applications • Back up and archive media

  9. Records Management Risks • Keeping information too long or too short • Consistent practices according to policy (and retention schedule) • Demonstration to regulatory authorities • Protection from accidental or intentional events • Restoration

  10. Records Management Risks • Security • Access to information beyond system access • Privacy • Destruction standards • Proper disposal of various forms of media with content

  11. Records Management Risks Classifying and ranking records and information management risks • Content • Policies and Controls • E-Discovery • Generally Accepted Recordkeeping Principles (GARP) Maturity Model

  12. GARP • Generally Accepted Recordkeeping Principles • Accountability • Integrity • Protection • Compliance • Availability • Retention • Disposition • Transparency http://www.arma.org/garp/garp.pdf

  13. Records Management Compliance • Everyone is responsible for managing records and information • Creating, using, retrieving, and disposing of records in accordance with the organization’s established policies and procedures

  14. Records Management Auditing • Mitigate records management risks • Compliance with policies and procedures • Compliance with the records retention schedule • ISO 15489

  15. Questions? • Susan_whitmire@bcbst.com • 423-535-3328

More Related