Principle of Accountability

    An organization shall assign a senior executive to oversee the information governance program, delegate program responsibility to appropriate individuals, adopt policies and processes to guide staff, and ensure program auditability.

    • A senior leader who is held accountable for the organization’s information governance;
    • Development and adoption of organization-wide policies and processes that deliver the organization’s required information governance maturity level.
    • Delegation of responsibility for information governance to the appropriate parties in line with the organization’s business strategy, and taking into account any risk factors related to the organization’s line of business;
    • Development / training of staff to enable them to comply with information governance policies / processes and deliver the required information governance maturity level within their work;
    • Review / auditing of information governance policies and processes to monitor success and failure and to improve and update them proactively.

    A basic premise to sound recordkeeping is that within each organization, someone is designated as responsible for the overall program. This does not have to be a full-time responsibility, but it does need to be formally designated to someone in a senior-level position who has access to other senior executives and can ensure program implementation across the organization. The accountable senior executive will oversee the overall recordkeeping program, although this executive often will assign or designate other personnel to roles and tasks involved in different parts of the recordkeeping program.

    A major responsibility for this executive is program development. As an on-going program, recordkeeping requires the program to be monitored for compliance and to identify any areas requiring improvement. The matters identified during the monitoring lead to program improvements, which the senior executive will oversee at the appropriate level.

    Governance should be established through the organization, assigning defined roles and responsibilities to different staff so it is clear where responsibilities reside and how the chain of command works to build, implement, and upgrade the recordkeeping program. For example, sub-committees can be designated to help build policies or to define and implement technology.

    For staff to know how to implement the recordkeeping program, it is essential to have program policies and procedures that are documented, formally approved, and communicated to personnel. Updates to the policy and procedures should be available to staff, as should recordkeeping training. All of this is designed to further standardize the program across the organization. This standardization enhances staff’s efforts to effectively implement the recordkeeping program.    

    Auditability is the process designed to prove the program is accomplishing its goals, while seeking areas for improvement to further protect the organization and its records.

    • Staff should be able to demonstrate program awareness.
    • Records should be retained for the right amount of time and disposed of when no longer required.
    • Policies should be kept up-to-date and cover all records media.
    • Auditing should verify the status of complying with these standards.

    An organization’s recordkeeping audits should be reported to the board of directors (or its audit committee) to show program adherence in accordance with documented policies and procedures, requirements (for retention, privacy, access to records, and access controls, for example), and the organization’s goals for its recordkeeping program.

     

    © 2017, ARMA International