Step one: Secure a senior sponsor
The audit process requires a lot of in-depth access to information and discussions with key staff so it’s important to have good senior backing. Make sure you also clearly explain the purpose behind the audit process to those involved, so everyone understands the aim of the exercise.
Step two: Identify key personnel
The information audit begins with the assumption that records are created for a particular purpose. Therefore, the ideal starting point is an organisational diagram or similar chart, showing the key functions. From this, we can identify the key staff to interview with regard to what information assets they manage. The IRMS suggests that the survey work could be via interview or questionnaires – from experience I would strongly recommend the face-to-face approach, as the quality and detail of feedback is invariably much better.
Step three: Map your document pathways
Once key people are identified, work with them to make a list of records being created. It often helps to think of the work being done as a chain of actions – often the document will go to other areas of the business and it is important to capture this journey.
Step four: Ask pertinent and insightful questions
The IRMS toolkit contains an excellent checklist of questions to ask about each record type to cover areas such as key points of access, security and retention/disposal. Look out for the next features in this series which will explore these points in more detail.
There are two additional key areas for consideration which can draw significant insight and additional benefit from the audit process, so it’s well worth making to effort to include them in your agenda when you are speaking to your information curators:
- Room for improvement: The audit is an opportunity to identify potential process improvements. Although it will need to be handled sensitively, a certain amount of “and why do you do it that way?” analysis can be undertaken.
- Continuity planning: Another good question to ask is “what if you lost all of the information of this type – maybe in a fire – how would this affect you and what would you have to do about it?” This will help to determine the importance of records (operationally, if not legislatively) and give a head-start for disaster and risk-reduction planning.
Step five: Review, update, repeat...
Finally, the audit should be considered a snapshot in time. Like any other audit, there should be a clear plan as to how the findings will be refreshed and kept current. Any process changes arising from the audit should also be subject to a ‘plan-do-check-act’ cycle of implementation and verification.
A complete and comprehensive information audit also puts the organisation in a state of readiness to update, or indeed create, a meaningful records management policy – covered in part one of this series.
The information audit is an important early step to implementation of an electronic document management (EDM) solution. It is difficult to see any organisation achieving a successful records management policy without a complete and regularly updated information audit.