1 / 24

THE PRINCIPLES:

THE PRINCIPLES:. Compliance. Presented by: Marty McNulty, ARMA Board Member. One Reason to use The Principles.

huslu
Télécharger la présentation

THE PRINCIPLES:

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. THE PRINCIPLES: Compliance Presented by: Marty McNulty, ARMA Board Member

  2. One Reason to use The Principles • New regulation of Dodd-Frank mandate new enforcement for financial, credit, investment and other organizations such as Energy Companies, Electric and Gas utilities, Chemical, Mining and Mineral, Airlines, Agribusiness, and Consumer Products. • Information Management, Pulzello, Fred and Bhavsar, Sonali, November 2011.

  3. Dodd-Frank Act • Focus on Information Governance • ECM Capabilities • Management Tools “Dodd-Frank’s “Title VII-Wall Street Transparency and Accountability” emphasizes the principles of accountability and transparency for recordkeeping”. • Information Management, Pulzello, Fred and Bhavsar, Sonali, November 2011.

  4. The Principles • ARMA International’s Governance Maturity Model • Purpose: Provide a solid foundation for an Information Governance Structure • Objective: Ensure companies are meeting their operating needs, legal and regulatory obligations.

  5. The Principles • 1. Accountability • 2. Integrity • 3. Protection • 4. Compliance • 5. Availability • 6. Retention • 7. Disposition • 8. Transparency

  6. How can adopting GARP principles help an organization in Legal matters? • Adherence to the PRINCIPLES indicate how an organization is on top of its statutory and regulatory recordkeeping requirements. Overarching all this is the Principle of Compliance, which means that organizations must be sure that they are complying with recordkeeping and overall information governance requirements. In terms of “Legal matters,” compliance with The Principles should mean that the organization has a RIM program that is legally defensible, including the all-important Legal Holds policy and procedures to avoid sanctions for spoliation (i.e., the wrongful destruction of documents or evidence). • John Isaza is a California-based attorney and founding partner of the HowettIsaza Law Group, a law firm that specializes in electronic information governance, records management and overall corporate compliance.

  7. Compliance: The recordkeeping program shall be constructed to comply with applicable laws and other binding authorities, as well as, the organization’s policies.

  8. Compliance • It is the duty of every organization to comply with applicable laws, including those maintaining records. An organization’s credibility and legal standing rest upon its ability to demonstrate that it conducts its activities in a lawful manner. • The absence of and/or the poor quality of records may impair or jeopardize a business’s right to conduct business.

  9. Compliance Duty: • 1. The recordkeeping system must contain information documenting that the organization’s activities are conducted in a lawful manner. • 2. The recordkeeping system is subject to legal requirements (i.e. tax, environmental, engineering, etc.).

  10. Steps to Achieve Compliance • Step One: Identify the Key Stakeholders • Compliance – Legal and regulatory agencies and their associated staff members. • Legal – understand the firm’s litigation profile • Information Technology – understand technology infrastructure of the firm. • Risk Management • Business Unit Line Managers

  11. Steps to Achieve Compliance • Step Two: Gather Existing Information • Policies and Procedures • Data Maps • Functional Workflows

  12. Steps to Achieve Compliance • Step Three: Define Desired Compliance Outcome and Criteria • Use five level grading criteria • Substandard • Indevelopment • Essential • Proactive • Transformational

  13. Steps to Achieve Compliance • Step Four: Identify Gaps between Current and Desired Compliance Criteria-Practices • Use the Principles Assessment Tool • Conduct a Gap Analysis • Establish Benchmarks and/or Set Criteria

  14. Steps to Achieve Compliance • Step Five: Prioritize Gaps to be addressed • List Gaps and set priorities • Make them simple and clear

  15. Steps to Achieve Compliance • Step Six: Develop a Roadmap to the Desired Compliance Criteria/Practices • Determine the actions to take along a timeline to reach the desired Compliance State with the new Criteria/Practices • Identify/assign resources to deliver action items.

  16. Steps to Achieve Compliance • Step Seven: Develop a Roadmap to the Desired Compliance Criteria/Practices • Determine the actions to take along a timeline to reach the desired Compliance State with the new Criteria/Practices • Identify/assign resources to deliver action items.

  17. Steps to Achieve Compliance • Step Eight: Deliver New Criteria and Audit Reporting • Setup a Compliance auditing tool with the new criteria • Schedule an audit annually and measure against previous year’s compliance. • Report Compliance Grade and Findings • Submit Recommendations to close gaps and address findings.

  18. Maturity Model for Information Governance • Level 1 – Substandard • Level 2 – In Development • Level 3 – Essential • Level 4 – Proactive • Level 5 - Transformational • Maturity Model can be found on ARMA website at: http://www.arma.org/r2/generally-accepted-br-recordkeeping-principles/metrics/metrics-compliance

  19. Maturity Model • Level 1 (Sub-standard): This level describes an environment where recordkeeping concerns are either not addressed at all, or are addressed in a very ad hoc manner. Organizations that identify primarily with these descriptions should be concerned that their programs will not meet legal or regulatory scrutiny.

  20. Maturity Model • Level 2 (In Development): This level describes an environment where there is a developing recognition that recordkeeping has an impact on the organization, and that the organization may benefit from a more defined information governance program. However, in Level 2, the organization is still vulnerable to legal or regulatory scrutiny since practices are ill-defined and still largely ad hoc in nature.

  21. Maturity Model • Level 3 (Essential): This level describes the essential or minimum requirements that must be addressed in order to meet the organization's legal and regulatory requirements. Level 3 is characterized by defined policies and procedures, and more specific decisions taken to improve recordkeeping. However, organizations that identify primarily with Level 3 descriptions may still be missing significant opportunities for streamlining business and controlling costs.

  22. Maturity Model • Level 4 (Proactive): This level describes an organization that is initiating information governance program improvements throughout its business operations. Information governance issues and considerations are integrated into business decisions on a routine basis, and the organization easily meets its legal and regulatory requirements. Organizations that identify primarily with these descriptions should begin to consider the business benefits of information availability in transforming their organizations globally.

  23. Maturity Model • Level 5 (Transformational): This level describes an organization that has integrated information governance into its overall corporate infrastructure and business processes to such an extent that compliance with the program requirements is routine. These organizations have recognized that effective information governance plays a critical role in cost containment, competitive advantage, and client service.

  24. In Summary Compliance is the umbrella of all of The Principles. All firms are legally responsible to perform recordkeeping practices that are legally defensible and responsible. This level of compliance can be achieved by using The Principles.

More Related