Records Governance Audit

Organisations cannot govern all information. There is simply too much. They should be selective and focus on important “information assets”: those that critical to the business strategy, required by law or justified based on a cost–benefit analysis. King III™ says that “information records are the most important information assets as they are evidence of business activities”. This audit focuses on compliance with the requirements for the creation, capture, management, access, retention and destruction of records originating from regulatory and best practice requirements.

This necessitates a review of the company’s current practices in respect of each of the following areas:

• Record Keeping Function (Processes & Control)
• Record Keeping Policy Statements
• Roles and Responsibilities
• Record Creation and Record Keeping (Active and Inactive Records)
• Record Maintenance (Safe Keeping)
• Record Disposal
• Record Access (Security, privacy, confidentiality and legal liability)
• Monitoring and Reporting (Implementation and evaluation)
• Scanned images of paper documents

Each of these areas comprise one of the building blocks (modules) of our records governance audit.

Our Approach to Records Governance Audits

Our approach entails undertaking a high level (broad but shallow) audit of the existing state of records governance . We  utilise our Record Keeping Compliance Framework which assesses the company’s  record keeping practices against South African legal requirements, standards and best practice while taking into account organisational strategies and objectives. The audit will further highlight the risks posed in terms of non-compliance.

There is a specific focus on “records”. There are several statutes in South Africa which require organisations to keep “records”.  The ability to separate business records (both electronic and paper), from non-essential records is at the heart of the matter.  It is critical that organisations be able to separate the “wheat” from the “chaff” and identify their records as this allows organisations to amongst others maintain control over their storage requirements, storage costs and speed up the compliance process in the event that a record is required to satisfy a statutory or legal requirement (e.g. discovery of documents in legal proceedings) at some future date.