Study Shows Compliance Still A Struggle

An Industry Watch study conducted by AIIM and Kahn Consulting finds that compliance is still plagues with difficulties.
Many companies are struggling to address new legal, regulatory, and business requirements, and continue to face internal and external barriers in carrying out their information management compliance programs, according to an Industry Watch study conducted by AIIM and Kahn Consulting, titled "The Emperor's New Clothes: The Current State of Information Management Compliance."

More than 400 end users completed the online survey, representing a mix of public-sector large, medium, and small companies, and includes industry sectors such as financial services (16%); government-local, state, federal (23%); professional practices (12%); manufacturing (10%); utilities, oil, and gas (8%); and others. Of the respondents, 23 percent were senior-level management (CXO, vice president, director), 35 percent were in information/records management, and 17 percent were from IT/IS departments and other functions.

Key Findings

Eighty percent of respondents said they have made or are planning to make changes to the way they manage information and 82 percent said they are creating or updating information management policies. Regulatory compliance is a major force behind these changes, with 37 percent making changes because of Sarbanes-Oxley and 26 percent because of HIPAA.

While senior executives and managers are getting more involved in the information management program (78% of business unit and IT executives participate in its development and administration), more than a third of responding organizations haven't received any guidance on information management issues from an executive in the last 18 months, and nearly half do not provide an executive statement of support for the information management program.

In some cases, organizations are failing to bring the right people to the table to develop and administer the information management program. Only 35 percent of respondents said they involve lawyers when developing program elements.

Organizations have done much more in the areas of information security and paper-based records management than they have in the area of electronic records management-a huge inconsistency given that most of the documentation of business and organizational processes is now conducted electronically. Only half the respondents said they have formal programs that address electronic records management, while 74 percent indicated programs for paper-based records.

Gaps in communication and training threaten to undermine the effectiveness of many information management programs. More than 60 percent of respondents fail to give regular employee training, and the training that is conducted often focuses on records and information managers rather than executives and IT staff. More than 52 percent of records and information managers report receiving training, but only 31 percent of general business executives and 30 percent of IT staff got the training they needed.

While only 34 percent of organizations involve auditors in the development and administration of the information management program, internal auditing and monitoring programs seem to be somewhat successful, with 41 percent of organizations making changes as a result of problems found through such programs.

Policy enforcement was a problem spot with only 34 percent of those surveyed agreeing with the statement, "my organization's records and information management directives are consistently enforced." IT executives are more skeptical about performance than either records managers or general business executives, with only 29 percent agreeing with the statement.

Less than one in six survey respondents are firmly convinced their firms would uncover records management failures, indicating that there is much room for improvement in records management procedures and programs.

Editor's Choice
Samuel Greengard, Contributing Reporter
Cynthia Harvey, Freelance Journalist, InformationWeek
Carrie Pallardy, Contributing Reporter
John Edwards, Technology Journalist & Author
Astrid Gobardhan, Data Privacy Officer, VFS Global
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing