MARA Competency G
Know the legal requirements and ethical principles involved in records management and the role the record keeper plays in institutional compliance and risk management.
“Well-governed information is critical to the success of any organization”
ARMA (2013). Generally accepted recordkeeping principles: Information governance maturity model. http://www.arma.org/GARP/ThePrinciplesMaturityModel.pdf
What do you understand this competency to mean?
In order for an organization’s business processes and activities to be transparent, its policies should be documented in a manner that all appropriate stakeholders can access and refer to when needed. A records management policy ensures that records that are evidence of business functions, policies, decisions, procedures, operations, or other activities are retained for a sufficient period of time to be in compliance with the local, state, and federal regulations. Many times, a records management program arises in response to a perceived threat/risk/regulatory need.
When adequate records and information [RIM] management policies have been enacted, the policy should be transparent to all business units. RIM needs to be taken seriously by all business units because of the realization that systematic management practices protects all stakeholders. Organizations with transparent RIM programs know where to locate information about different processes. Specific goals are well defined, and the stakeholders work together to keep information safe. If a request for information has been issued, the organization, and business units know how to respond, and where to find the requested information (ARMA, 2013).
What course assignments or other work products are you submitting as evidence of your mastery of this competency?
I have chosen three works that reveal my understanding of the legal requirements and ethical principles involved in records management and the role the record keeper plays in institutional compliance and risk management. Records Storage Assessment of E-Learning Organizations examines how three major federal laws governing recordkeeping requirements apply to virtual schools, these are the Family Education Rights and Privacy Law [FERPA]; the Individuals with Disabilities Education Improvement Act [IDEA]; and the General Education Provisions act [GEPA]. My second piece of evidence is a report, Real World Problem and Analysis: KTSU Public Radio, that looks at how weak records management policies can not only place an organization at risk but can damage its reputation. Finally, the third piece of evidence is an essay on the Sarbanes-Oxley Act in regards to a holistic approach to information governance, including organizational records and intellectual assets.
Why did you select these particular work products as evidence for your mastery of this competency?
From MARA 211
Records Storage Assessment: E-Learning Organizations
Distance education programs offering degree, certificate, and training have proliferated in the last decade. According to the National Center for Education Statistics (2011), the percentage of undergraduates enrolled in at least one distance education course rose from 16% in 2003-04, to 20% in 2007-08. This increase does not reflect the K-12 online learning, or available web-based training programs. As this industry grows, there is increasing need for records managers to ensure legal and regulatory compliance within the jurisdiction of the e-learning organization. An e-learning organization produces records that can be considered evidence of the “organization [of], functions, policies, decisions, procedures, operations, or other activities” (44 U.S. Code 3301). There are three federal laws that concern student records: the Family Education Rights and Privacy Law [FERPA]; the Individuals with Disabilities Education Improvement Act [IDEA]; and the General Education Provisions act [GEPA]. These federal regulations outline requirements for privacy, access to records and programs. FERPA and IDEA require records be retained until no longer needed, at which time the records are required to be destroyed. Records covered by GEPA must be retained for three years beyond the federally funded program/activity (PSEA, 2005). This critical essay demonstrates my understanding of “the legal requirements involved in records management and the role the record keeper plays in institutional compliance and risk management.”
From MARA 284
Real World Problem and Analysis: KTSU Public Radio
In January 2013, Southern University’s public radio station KTSU discovered that a volunteer had allegedly stolen credit card information collected during a pledge drive. It was only after the suspect was arrested that KTSU learned the volunteer had a history of financial crimes and identity theft. The volunteer is now facing up to 300 counts of credit card fraud for attempting to misuse the information on donor pledge sheets (George, 2013). This analysis examines how the disclosure took place, the significance to donors and the reputation of the organization. Then it evaluates the risk and security threat to similar cultural institutions. Finally, it makes recommendations for preventative actions that could reduce the threat of such an occurrence. This report demonstrates my understanding of “the legal requirements involved in records management and the role the record keeper plays in institutional compliance and risk management.”
Information Governance: Sarbanes-Oxley Act
Sarbanes-Oxley Act [SOX] is considered to be one of the triggers for the rise of information governance (Heroux & Fortin, 2011). The need to comply with SOX has had a cascading effect on corporate governance strategies. Information governance incorporates multiple disciplines (e.g., records and information management, risk management, knowledge management, and e-discovery protocols). Without collaboration and unified governance an organization leaves itself open for skyrocketing costs, and increased risk, as well as possibly losing potential return on investment. Information governance is a holistic approach to identifying the hidden value of information assets that may be overlooked if viewed only through the lens of records retention schedules. This is evidence of my understanding of the “the legal requirements and ethical principles involved in records management and the role the record keeper plays in institutional compliance and risk management.”
How do your selections show not simply learning but also application?
Records and information managers together with legal are tasked with managing risk for organizations. This can be done with an effective records management program that clearly identifies records series, retention, and disposition requirements (including long-term archival value). Information technology managers are responsible for maintaining the IT systems that store and maintains an organization’s information assets. IT duties include managing privacy and security requirements that are dictated by records and legal. It is the goal of IT to increase the efficiency of the system, which in turn will lower the costs to the organization. Records managers and legal can identify the value and purpose of information assets to an organization; IT uses their guidance to manage and maintain a system that meets the policies set in place. Without collaboration and unified governance an organization leaves itself open for skyrocketing costs, and increased risk, as well as possibly losing potential return on investments.
What have you learned?
Staff, both paid and unpaid, plays a part of records and information management for any organization. It is important that organizations are able to find suitable individuals to assist in meeting its strategic goals. It is important that organizations not only recruit individuals, but also provide them with training and support. Organizations need to be able to rely on financial stability. By adhering to good business practices, organizations can continue to gain the confidence of its stakeholders. Standard accounting practices, and sensible strategic planning should “demonstrate an ongoing commitment to a balance of risk, benefit, investment, and expenditure” (RLG, 2004, p. 14).
ARMA (2013). Generally accepted recordkeeping principles: Information governance maturity model. Retrieved from http://www.arma.org/GARP/ThePrinciplesMaturityModel.pdf
George, C. (2013, Jan. 9). KTSU volunteer accused of stealing credit card info from donors. Houston Chronicle. Retrieved from http://www.chron.com/news/houston-texas/houston/article/KTSU-volunteer-accused-of-stealing-credit-card-4181237.php
Heroux, S. & Fortin, A. (2011). Exploring information technology governance and control of web site content: A comparative case study. Journal of Management and Governance, 17(3), 673-721. DOI: 10.1007/s10997-011-9200-7
PSEA (2005). Student Records. Professional Learning Exchange: Advisory. Retrieved from http://www.psea.org (accessed July 7, 2012).
Research Libraries Group [RLG] (2002, May). Trusted digital repositories: Attributes and responsibilities. RLG, Inc. http://www.rlg.org