GUIDING PRINCIPLES

Demonstrate ownership and oversight

Your audit program and processes should allow you to demonstrate a “culture of compliance.” You want to be able to show that:

• Senior-level sponsorship and ongoing guidance exists, typically provided by a cross-functional Steering Committee with representatives from legal, IT, finance, tax, human resources, and risk management. This group should meet on a regular basis to provide strategic oversight for the program.
• A Corporate Records Manager is responsible for defining enterprise records management goals and metrics, managing the program on a day-to-day basis, and monitoring performance against compliance objectives.
• Business unit records managers are driving participation and compliance at the department or business unit level.
• Employees are given clear guidance in their duties and are measured on their performance. An acknowledgment program requires employees to confirm they have received training and verify that they understand policies and procedures.

Show that it’s routine - and then measure, measure, measure

Consistency and measurement are two of the pillars of compliance. Audit activities should confirm that:

• Policies and procedures are consistently applied throughout the organization, especially as they relate to retention and destruction of records
• Communication, training and awareness activities are in place to increase employees’ understanding of their duties
• Performance metrics heighten employee accountability and highlight areas needing improvement

Integrate records management as part of internal audit

To maximize the efficiency and value of your compliance investments, Iron Mountain recommends integrating your records management program within your organization’s internal audit process.