Records Management

SOX and Enterprise Record Management

Written by Robert McCoy

The Sarbanes-Oxley Act of 2002 has had a number of impacts on records management at corporations both major and minor, some of which are still have yet to be fully realized. Records management is essentially the creation, maintenance and retention of data by organizations. Records management is a key operation in any business or organization, and in some cases, is subject to legal and regulatory requirements. The Sarbanes-Oxley Act's main intent was to set better standards for U.S. public companies, as well as management and public accounting companies. Privately held companies are not subject to SOX. The act includes 11 titles which set regulations for a number of functions, including corporate board responsibilities and accounting practices.  While passed in 2002, it was not until 2005 that most of the components of the act were implemented. Proponents of the act say it has strengthened public accounting and increased investor confidence in the integrity of corporate accounting practices. The act was proposed in response to the Enron and Arthur Andersen accounting scandals of the early 2000's. Critics of the act argue that it has greatly increased the cost of doing business in America as a public company, pointing to a decrease in private companies going public in the years after SOX's passage. To these critics, SOX has put American companies at a major competitive disadvantage in relation to foreign firms who are not subject to the Sarbanes-Oxley Act. While the overall thrust of SOX is to better regulate corporate accounting, the act also has significant impact on records management. According to the act, all business records, including electronic records and messages must be preserved for at least five years. The act has some pretty sharp penalties for non-compliance, including fines and imprisonment. The act defines records as business records and communications, including electronic communication such as e-mail. The provisions of SOX relating to records management have created some big responsibilities -- and big costs -- for public companies. According to the law firm Foley and Lardner, SOX has increased the cost of being a public company by about 130 percent. For companies who deal primarily with electronic records, specialized systems for handing these records are necessary. Many companies have hired "compliance officers" just for this purpose alone. Enterprise Record Management Dealing efficiently and effectively with the electronic records management aspect of SOX can help companies mitigate the costs involved with complying with the act, and avoid possible penalties involved with non-compliance. One good solution is an Enterprise record management system. ERM is essentially the tools and technologies used in the storage and retention of records. When implementing an ERM program, companies must consider a number of key factors including size, storage media, security and longevity. Making the right choices with regard to these factors can help companies avoid big headaches and fines later. How large your ERM system needs to be depends on the size of your company and how many and what kind of transactions it makes. Nevertheless, your ERM needs are certain to require large amounts of data storage because of the lengthy periods SOX requires for records retention. When choosing an ERM system, it's important to make sure it has plenty of storage -- and then add some more. Picking the right media format is also important. Under SOX, audits of records are more likely, so having your records in a format that's well-organized and easily accessible is important. The media storage industry is undergoing frequent changes, so it's important to choose storage products that are likely to be easy to maintain and service well into the future. Your data must also be secure. Your organization must be able to not only provide the information to auditors or federal investigators, you must also be able to prove that the records are accurate and tamper-proof. WORM media is a good program that uses a secure index and audit log to protect the security of your records. There are also several other good products on the market for these puorposes. Complying with the retention requirement of SOX may be the most difficult aspect of the records management requirements of the act. Records stored in your system need to be organized and tagged with a specific retention period. SOX is here and it's highly unlikely that the act will be repealed any time in the near future. Dealing with the records management responsibilities enacted by SOX can be done in an efficient manner that reduces the cost of SOX compliance to your firm.

 

Next >