The Government is looking to stimulate growth by making life easier for SMEs. Its Red Tape Challenge can only be good news, can’t it? But beware: reducing regulation doesn’t give a green light for poorer business practices generally. Record keeping is a key consideration: the adoption of poor practices for recording electronic information impacts essential governance and compliance whilst also increasing risk.
For example, raising the audit threshold is headline good news for smaller business, but compliance procedures have been developed for a reason. Organisations need to highlight fraud and combat bad practice/ information abuse to avoid litigation.
We see a trend with the onus shifting from government led requirements to corporate self-policing, backed up by regulatory bodies from HMRC to Companies House now imposing ever tougher penalties when irregularities are revealed. Organisations therefore need to ensure that information remains up to date, easily accessible and safe from misuse or abuse.
One of the main elements of this corporate information resource – and the key challenge to good information retention/management – is electronic information.
Today the information balance has shifted so that email is the primary delivery mechanism. Worryingly, email remains unmanaged within the majority of businesses. Its immediacy, while the key business benefit, also results in an attitude of email being disposable. This may lead to an anarchic approach to email retention, storage and control. Information is casually deleted, or stored on a user’s local hard drive where it is both vulnerable and no longer a true business asset; formal processes for version control or audit trail can be easily bypassed.
Furthermore, despite the fact that email has been a core component of corporate communication for well over a decade, organisations remain disturbingly unclear as to the legal status of electronic documents and the potential implications of poor document retention. (For example, according to the AIIM Industry Review 2009, 28% of organisations would take more than a month to produce documents for a legal discovery process, while organisations face a one in three chance of being required to produce such evidence.)
From a legal perspective, there are clear requirements for the presentation of any documentation. Email is often viewed by the unwary as more ephemeral, requiring less rigour. But the same legal status applies and version control and tamper-proofing remains just as important as with hard copy. Maintaining good email records should be regarded as a key part of day to day business – where compliance or governance fails then those critical electronic records could, in extremis, be the difference between the all clear or a failed defence and even a director’s jail sentence.
Indeed, one of the mitigating factors within any HMRC inquiry, for example, is the quality and accessibility of records – good record keeping can significantly reduce the value of penalties imposed.
Effective self policing requires greater understanding of the corporate obligations for information management; and it demands a far more robust model for audit trail, time stamping, and version control. Managing critical email records is increasingly at the heart of this.
Conclusion
Cutting down on red tape, from audits onwards, has real appeal. But SMEs need to understand up- and down-sides of compliance and adopt a self-policing approach to information management and control.
|