Companies Struggling to Adapt to New Compliance Environment

Legal, regulatory and business requirements driving most enterprises to make major changes in how they manage information

  1. Good policies and procedures: Internal and external pressures are causing organizations to address compliance concerns. Fully 80 percent have made, or are planning to make, changes to the way they manage information, with 82 percent creating or updating information management policies. Regulatory compliance is a major force behind these changes, with 37 percent making changes because of Sarbanes-Oxley and 26 percent because of HIPAA.

  2. Executive-level program responsibility: While senior executives and managers are getting more involved in the information management program (78 percent of business unit and IT executives participate in its development and administration), at many firms executives clearly need to take a more visible role. More than a third of responding organizations haven't received any guidance on information management issues from an executive in the last 18 months, and nearly half do not provide an executive statement of support for the information management program.

  3. Proper delegation of program roles and components: In some cases organizations are failing to bring the right people to the table to develop and administer the information management program. Only 35 percent involve lawyers when developing program elements. Organizations have done much more in the areas of information security and paper-based records management than they have in the area of electronic records management, a huge inconsistency given that most of the documentation of business and organizational processes is now conducted electronically.

  4. Program dissemination, communication and training: Gaps in communication and training threaten to undermine the effectiveness of many information management programs. Over 60 percent fail to provide regular employee training, and the training that is conducted often focuses on records and information managers rather than executives and IT staff. Over 52 percent of records and information managers report receiving training, but only 31 percent of general business executives and 30 percent of IT staff.

  5. Auditing and monitoring to measure program compliance: While only a minority of organizations involve auditors in the development and administration of the information management program (34 percent), internal auditing and monitoring programs seem to be somewhat successful, with 41 percent of organizations making changes as a result of problems found through such programs.

  6. Effective and consistent program enforcement: Even though employees acknowledge good intentions by their firms, they recognize that good intentions alone are not sufficient. Only 34 percent of those surveyed agreed with the statement, "my organization's records and information management directives are consistently enforced." IT executives (29 percent in agreement) are more skeptical about performance than either records managers or general business executives.

  7. Continuous program improvement: Less than one in six survey respondents are firmly convinced their firms would uncover records management failures, indicating that there is much room for improvement in records management procedures and programs.