GAR vs GAAP
sravz
Chapter3ppt.pptxITS 833 – INFORMATION GOVERNANCE
Chapter 3 – Information Governance Principles
Dr. Sandra J. Reeves
Copyright@Sandra J. Reeves 2018
1
1
CHAPTER GOALS AND OBJECTIVES
Know the 10 key principles of IG
What are the Generally Accepted Recordkeeping Principles®
What is the difference between disposition and destruction
Who should be involved in the information governance development process
Know the 8 GAR principles
Know the 5 GAR Principle Levels
Know which of the four area(s) of improvement each of the 8 GAR principles map to
Copyright@Sandra J. Reeves 2018
2
What are the 10 key principles for the IG approach?
Executive Sponsorship
Information Policy Development and Communication
Information Integrity
Information Organization and Classification
Information Security
Copyright@Sandra J. Reeves 2018
3
Information Accessibility
Information Control
Information Governance Monitoring and Auditing
Stakeholder Consultation
Continuous Improvement
3
What is the Key to Information Governance?
Accountability
Copyright@Sandra J. Reeves 2018
4
You must acknowledge that often the root of many problems is that no one is held accountable
GENERALLY ACCEPTED RECORDING KEEPING PRINCIPLES®
Formal Business records account for about 9% of all information in an organization
Formal record keeping allows the organization to demonstrate legal compliance, and applicable standards
Generally Accepted Recordkeeping Principles® were developed in 2009 by ARMA International to foster awareness of good recordkeeping practices
Copyright@Sandra J. Reeves 2018
5
5
Generally Accepted Recordkeeping Principles®
Accountability
Transparency
Integrity
Protection
Copyright@Sandra J. Reeves 2018
6
Compliance
Availability
Retention
Disposition
6
GAP PRINCIPLES LEVELS
Used to define the characteristics of evolving and maturing Records Management Programs
1. Standard – whether recordkeeping concerns are being addressed
2. In Development – developing recognition that recordkeeping has an impact and benefit from more defined IG program
3. Essential – where defined policies and procedures exist that address minimum legal and regulatory requirements but more action is required to improve recordkeeping
4. Proactive – where information governance issues are integrated into business decisions with organization consistently meeting its legal and regulatory obligations
5. Transformational – Integrated IG into corporate infrastructure and business processes to such an extent that compliance is routine
Copyright@Sandra J. Reeves 2018
7
7
RM responsibility at the senior level of executive authority
Understanding of regulatory and legal framework
Responsibility for ensuring that processes, procedures and governance structures and documentation are developed
Development of organization wide audit process for all aspects of RM
Reinforce compliance and require accountability
GAR
PRINCIPLE 1: ACCOUNTABILITY
Copyright@Sandra J. Reeves 2018
8
Practices that document processes and promote an understanding of the roles and responsibilities of the stakeholders
Policies are formalized and integrated into business processes
Must be recognized by senior management
Employees must have access to the policies and procedures of RM
Employee training
Documentation in the form of policies, procedures, guidelines, instructions, diagrams, flowcharts, system documentation, user manuals, etc.
GAR
PRINCIPLE 2: TRANSPARENCY
Copyright@Sandra J. Reeves 2018
9
“Record Integrity”: The records are complete and protected from being altered
Record generating systems and repositories are required to be assessed to determine record keeping capabilities.
Here a formalized process is required to be in place for acquiring or developing new systems, required for lifecycle management of records.
Record integrity is confirmed by ensuring that records are created by competent authority based upon established principles
GAR
PRINCIPLE 3:
INTEGRITY
Copyright@Sandra J. Reeves 2018
10
This is where organizations ensure that the records are unaltered through loss, tampering or corruption
Applies to both physical and electronic records
GAR
PRINCIPLE 4:
PROTECTION
Copyright@Sandra J. Reeves 2018
11
There should be a process for development and training of the fundamentals of compliance monitoring
Compliance monitoring involves reviewing and inspecting different facets or records management
Compliance monitoring is carried out by audits, whether that be internal audits, external organizations or by records management and must be performed routinely
GAR
PRINCIPLE 5:
COMPLIANCE
Copyright@Sandra J. Reeves 2018
12
Process of evaluating how effectively and efficiently records and information are stored and retrieved using existing equipment, networks and software of the organization
Intended to identify current and future requirements and recommendations for new systems where appropriate
GAR
PRINCIPLE 6:
AVAILABILITY
Copyright@Sandra J. Reeves 2018
13
This is the function of preserving and maintaining records for continuing use
A retention schedule is created to identify actions needed to fulfill requirements for retention and disposal of records and to identify and establish authority for employees who will be responsible for retention, destruction and transfer of records
Must identify the scope of the different jurisdictions that impose control over record in each location where the company does business
Includes “records appraisal” – process of assessing the value and risk of records to determine their retention and destruction requirements-part of records retention schedule
Record retention period – length of time that records should be retained and actions taken for them to be destroyed or preserved
Document research performed to identify jurisdictional and legal requirements for record retention
GAR
PRINCIPLE 7:
RETENTION
Copyright@Sandra J. Reeves 2018
14
Disposition is the last stage in the life cycle of records
When records are required to be retained permanently or on a long term basis they should be “archived” for preservation
Should be part of record retention schedule
When destroyed, destruction must be in a controlled and secure manner in accordance with disposal instructions
Document destruction of record
Maintain an audit trail of the destruction of records
Must have someone designated to oversee destruction of records
GAR
PRINCIPLE 8:
DISPOSITION
Copyright@Sandra J. Reeves 2018
15
DISPOSITION V DESTUCTION
Disposition of records is not the same as destruction of recods.
Destruction may be one of the disposal options
Methods of Disposition
Discard-Standard for non-confidential records
Shred – Confidential and sensitive records
Archive – For records retained permanently or for long-term periods
Imaging – Conversion from a physical record to digital images prior to destruction of paper records
Purge – This involves the removal of material based upon specific criteria. Generally applicable to structured database records and applications
Copyright@Sandra J. Reeves 2018
16
16
ASSESSMENT AND IMPROVEMENT
Generally Accepted Recordkeeping Principles® maturity model is used to identify a company’s areas in need of improvement.
Principles are mapped to four (4) improvement areas:
Roles and responsibilities
Policies and Procedure
Communication and Training
Systems and automation
Copyright@Sandra J. Reeves 2018
17
17
MAPPING OF IMPROVEMENT AREAS FOR GENERALLY ACCEPTED RECORDKEEPING PRINCIPELS®
Copyright@Sandra J. Reeves 2018
18
| Improvement Area | Accountability | Transparency | Integrity | Protection | Compliance | Availability | Retention | Disposition |
| Roles and Responsibilities | | | | |||||
| Policies and Procedure | | | | | | | | |
| Communication and Training | | | | | | |||
| Systems and Automation | | | | | | |
18
WHO SHOULD DETERMINE THE IG POLICIES?
Steering Committee or Board
Headed by executive sponsor
Include cross-functional groups
Key business units
IT
Finance
Risk
Compliance
Records Management
Legal
Training is essential
Review the Sample Assessment Report and Road Map in Table 3.3, Page 36 and 37 of text book
Copyright@Sandra J. Reeves 2018
19
The End
Copyright@Sandra J. Reeves 2018
20
20
