Firms are investing heavily in digital document management, in the hope that they will receive a significant return on their investment. Some will be disappointed and frustrated, due to the fact that they did not do enough planning and thinking up front.Don't misunderstand: The investment is necessary and the benefits are huge - if your firm approaches the project properly. Electronic documents are growing exponentially in firms, and the main reason for this is that they can. The technology is affordable and easy to use.
Remember that automation does not fix bad processes and procedures. Therefore, firms should evaluate their objectives, as well as assess their risks, when implementing new systems. This cannot be viewed as a clerical function and delegated to a lower level within the firm. The vision should start at the top, as the responsibility (from a legal standpoint) stays with senior management.
First it was called paperless, and then document management, and now content management. Let's define content management as document, e-mail, records and knowledge management. Coupled with knowledge management are client portals or secure digital storage environments that clients can access via the Internet. The entire digital storage world has evolved significantly over the past 10 years, and e-mail is now one of the biggest issues when it comes to managing content.
There are issues and problems associated with any technology project, but the issues seem to grow with content management projects if you haven't spent time planning and thinking before purchasing the hardware and software.
Too important for IT
Many partners have been led to believe that this is a technology project and that IT people will take care of the issues. Wrong! This is a firm project that requires planning by a sophisticated team with expertise and influence. The team should be comprised of:
* Management - someone who has the authority and ability to allocate resources.
* Records management - someone who has knowledge of current processes and procedures, as well as the capability to develop written policies and procedures.
* Legal counsel - someone who specializes in records retention and the potential liability of capturing, storing and retrieving content. (This is particularly important with regard to assurance services and e-mail.)
* Information technology personnel - someone with knowledge of the systems, storage capabilities, retrieval and security of content.
This may sound like a high-level task force, and it needs to be. Too many firms have delegated content management projects to administration, information technology or departments, rather than to enterprise leaders and consultants.
You may feel immune to any of these issues, simply because you either don't do any auditing or don't audit public companies. I encourage you to think about your responsibilities regarding the content in e-mail, and whether you have the proper policies and procedures in place to protect the firm.
Has everyone in the firm been trained on those policies and procedures? Are they being adhered to by everyone? What about spoliation? Under the law, spoliation means the intentional alteration or destruction of a document. Do you have policies in place to prevent this from happening?
And, just in case I haven't gotten your attention, do you have a written policy on pornography? What happens if it is discovered that one of your employees has downloaded pornographic material at the office or at home using an Internet connection and computer supplied by the firm?
It is your responsibility to have a policy and to enforce that policy. Courts may interpret the law to hold the firm, as well as the employee, responsible, especially if the firm has been negligent in its policies and training.
Content management is a broad area, as mentioned earlier. The following list summarizes some of the requirements necessary to implement a successful digital content management system. It is more than a hardware/software or an IT project. Some of the most important considerations are:
1. Planning and thinking;
2. Written policies and procedures;
3. Compliance with those policies and procedures;
4. The commitment of senior management;
5. Flexibility;
6. Commitment of resources (dollars, time and people);
7. Education of all employees;
8. A team approach to planning and implementation;
9. Rapid response when issues arise (during and after implementation); and,
10. Centralization and standardization (policies and procedures must be administered consistently throughout the firm.)
In the near future, you will be faced with decisions regarding retention, version controls and security. Are you prepared? Do your policies and procedures address these issues? Why are they important? Can't we just save everything, since disk space is cheap? The answer is a qualified "maybe." There are several factors to consider:
1. Assurance services requirements.
2. Pending or potential litigation.
3. Security and management capabilities.
There are many opinions and multiple philosophies, but few firms have been tested unless they have been involved in litigation. Those that have been involved in litigation typically believe that "less is better" if your policies support the clean-up of audit files and e-mail. There are currently rules pertaining to public company audit files, and those rules are likely to "trickle down" in many or all states to private and not-for-profit companies.
There are also those firms that have taken the approach used in the broker/dealer business, and they save everything. The technology is available and affordable to do so. The catch is that, if you are faced with litigation, it will be expensive to defend yourself due to the pure volume of records that legal counsel will need to examine.
E-mail and PDFs
One strategy with e-mail is to give users 90 days to file important messages and documents. At the end of the 90-day period, the system automatically deletes any remaining documents. This rightfully places the responsibility on the end users. It also requires a written policy, and procedures for guidance and training. Bear in mind, however, that leaders are responsible for ensuring that their people comply with published policies and guidelines.
Another concern is the use of Portable Document Format, or PDF, files. They are similar in some ways to paper files, in that they do not contain all of the meta-data that is in a file produced by tax software or in an e-mail message. It is too early to know how courts will rule.
Also, firms should be concerned about the responsibilities assumed in acquisitions where the acquirer uses different applications than the acquired firm. You may be responsible for retaining the software in order to read and produce files that are obsolete. A strategy to convert e-mail files at the time of the merger to the firm standard is recommended.
By now, you should realize that the more you know, the more complicated and comprehensive content management becomes. It requires discipline and consistency in the enforcement of policies and procedures. The attorneys that I have spoken to state that it is of the utmost importance to adhere to and enforce policies. Not having any policies can be viewed as negligence.
These concerns are real, and point to the fact that firms should manage risk. Therefore, it is imperative to involve experienced legal counsel, records management expertise, technology personnel and high-level management in the planning and implementation of a content management system.
Deferring the decision-making process (ignoring the risk) is not a good decision. Thinking and planning will save a significant amount of time in the future, as well as reduce risk to the firm. You should consider the following steps to move to the next level, even if you currently have a document management project in progress.
1. Identify all the members of your Content Management Committee.
2. Review and confirm your objectives.
3. Develop a content management transition plan for communication and accountability.
These three critical steps should get you on track, reduce risk and assist you in reaching your goals.
L. Gary Boomer, CPA, is the president of Boomer Consulting, in Manhattan, Kan.
