Records Management and Performance Appraisals

Is Records Management duties incorporated in your employee performance guides? If not, how are individuals held accountable/assessed in the execution of recordkeeping responsibilities? It appears that the “Somebody, Anybody, Nobody, Everybody” syndrome kicks in without it. It will be appreciated if you have a sample document that can be shared please.

4 Likes

Reviewing using the retention schedule annually is incorporated into our Business Conduct Manual. It is an expectation but not tied to performance which I believe is not necessary. Each employee does have to annually certify (attest) that they have reviewed the records under their control against the retention schedule (which is online). Computer applications have a different process.

We do not check, audit, etc. people’s laptops. First, for legal issues, there is no expectation of perfection in court. Errors happen. Second, the number of folks is staggering so it would be a nightmare. Third, is your Legal group ready to terminate an employee in say, Germany because they have old presentations? I don’t think it is necessary. A lot will come down to what your risk acceptance level is and history of what has taken place in litigation and investigations.

4 Likes

We also have an annual “compliance certification” that states that employees are adhering to the RM Policy and Retention Schedules but we do not have a mechanism in place to “monitor” or audit the individual employees to be sure they are actually taking care of Records Management. My company is in Pharmaceuticals, which is highly regulated, so we do need to to have something in place to be sure we, as a company, are “following the rules”. This is a hot topic for our Legal dept discussions in which we also are trying to address. There is thought around doing audits of departments on a random basis, just to see if the basic principles of RM are being adhered to. That is the only solution we have at the moment to check if employees aren’t "just checking of the box’ that they are complying. We, as a regulated company, are ready to terminate employees if they don’t adhere to the policy but that is left to interpretation as well. Of course, if there are minor discoveries that the person isn’t adhering to the the policy, retraining may be necessary and not termination, but if a person is clearly spoliating materials, that’s an entirely different matter, and we don’t have any mechanisms to check this other than audits - for now. I also would like to hear comments from the community for solutions to this question. Thank you

2 Likes

In a previous role, we approached RIM in a few ways.
NEO - During New Employee Orientation, our HR Recruiting Partners would show three slides, informing of our Records Team, that we have records policies, procedures and a retention schedule, and that employees are expected to follow. New employees were encouraged to find their department’s Records Coordinator within 30 days.
Annual Compliance Training - RIM had 4 slides in the company’s annual Ethics & Compliance training. ALL EMPLOYEES needed to certify taking this training, and would be tracked down through their VP is non-compliant. It is a big job (over 200,000 employees) but it can be done.
Records Coordinators - Business units were required to designate a Records Coordinator for their work groups, and if the group was large or a heavy records user/creator, they most often had 3 or more coordinators. All coordinators, and users sending records offsite or requesting access to off-site records, attended annual training. Training was also hosted on our RIM site. In the training, we dedicated two slides to show RC’s how to create an “records goal” on their Performance Plan to be acknowledged for work performed managing their group’s records. We encouraged RC"s to pat themselves on the back by documenting their efforts year round.
RIM team - sent annual “thank you for your records preservation efforts” to all RC’s and copied their managers. When warranted, additional ‘thank you’s’ were sent when RC’s supported extraordinary events or RIM needs, such as an audit, subpoena, client visit, etc. when users and/or Records Coordinators

3 Likes

Just a further comment, we also have records managers and records coordinators in our business (over 100 globally) and they are responsible for communicating with their teams about the RMP (Records Management Program). They are our liaisons for communicating information and updates about the RMP, especially around our Annual Compliance Certification.

2 Likes

Hi Roxanne,
At a prior job, we had drafted a RIM check list - 12 questions - around department and computer records handling. We were working with our Internal Audit manager to have this routinely used in all department audits. Of course, people needed to demonstrate/show examples of compliance to IA to get their check list completed. We figured IA would probably get more honest answers than if we asked them ourselves.

The tool was never implemented due to many management changes; however, I still feel it’s worth asking the question if the process could become an Internal Audit standard.

2 Likes

Thanks very much colleagues! Lots of possibilities for consideration re this issue

Hi Jawitbeck,

Is your checklist available for viewing. I would love to see it.

Thanks

1 Like

Thanks for this submission have really picked something to do with “compliance certification”, i believe its a crucial monitoring & control measure in Records & Information Management that i also need to adopt.

1 Like

Thanks. Without monitoring and control policies and procedures are overlooked and cannot be effectively enforced. Annual assessments result in unnecessary drama and pointing fingers. Either they did not know or its not their duty

4 Likes

Jawitbeck
Are your 4 slides for New Orientation available to share? What were the Ethics and Compliance training questions or sets?

I am also adding these into our programs ( New Employee and Ethics) and you are the first I have seen who also done this.

1 Like

I also have a New Hire training program. I actually train all new hires with slides and discussions via webex. I discuss what is RM, what does it mean for our company and then I go through slides and train them on what is expected of them with RM.
I’ve trained over 300 people in the last 18 months. I train everyone, even the president and CEO. We also have the Annual Re-Certifications in June and July but still trying to find a good solution for accountability. As I’ve said above, people can just check “yes” they are doing it but for us, without any solutions in place, it’s plain old auditing that we need to do to gauge the actual compliance. That, we are going to do this year.

2 Likes

Thanks jawitbeck. A checklist and showing examples sounds like a good auditing practice. You are opening up possibilities for myself so thank you for sharing.

As I noted earlier we do not audit employee laptops. Applications have a controlled self assessment that is done with SOX and higher risk apps annually but just about all apps will go through it. The CSA includes a number of controls on security, disaster recovery, review and disposal, etc. Internal Audit uses the same controls in their audits and will match answers with their findings. Where employees do come under a review is when IA does a sensing on organizational controls, issues and policy. Then folks are questioned on their knowledge of the records policy and retention schedule but no audit of their hard drive, etc.

Very good idea to initiate a pre-working training and orientation for new-hires…