Furthermore, it is often impossible to prove that processes have been correctly applied, the right version of a contract used, or accurate complaint information recorded. This is owing to a continued reliance on an unmanaged mix of paper and electronic information. Without formal processes or a Document Management System, there is no audit trail, no version control, and no way of ensuring staff capture the correct information in the event of an incident or complaint. The business may be operating honestly and effectively, but can it prove it?
Stuart Evans, Chief Technology Officer, Invu, outlines the best way to prepare for the worst.
Governance, Risk and Compliance
Unforeseen business events can have a devastating impact on reputation and revenue. The recent horse-meat scandal has prompted a number of organisations to revisit governance, risk and compliance (GRC) strategies – a key component of which, particularly in a difficult trading environment, includes the way the organisation responds to litigation.
As the UK economy has declined there has been an increase in litigation – from a rise in commercial cases launched in the High Court, to higher numbers of contract claims, primarily driven by breach of contract and debt, and the personal injury claims fuelled by the growing compensation culture.
Cost of litigation can be crippling – from legal fees to the Health and Safety Executive’s (HSE) Fee for Intervention cost recovery scheme, introduced in 2012. Any disputed contract, complaint or health and safety incident will incur significant fees. Furthermore, organisations will also have to dedicate a significant internal team to retrieving relevant information – information that can be recorded in multiple locations, from paper archives to emails.
Searching for Proof
To be realistic, if an organisation cannot rapidly access the relevant documents, provide a clear audit trail or prove who had access to what information, when, the chances of successfully fighting a legal case are slim.
In the event of an accident, how can the construction site manager prove that a contractor provided the right documents before going on site if that information is all paper based and there is no audit process? How can a retailer demonstrate that all the correct health and safety procedures were followed in the face of a customer making a claim or complaint – many of which are far from valid? Or how can any business confidently respond to contractual disputes when version control is poor and there are multiple, inconsistent versions of a contract in existence?
Even those businesses that have invested heavily in good processes and excellent staff training will often have to settle out of court because it is quicker, easier and less expensive than attempting to prove a case with poor information.
Imposing Control
Anything an organisation can do to streamline the production of information, provide a clear audit trail and minimise the time taken to undertake the legal assessment, will reduce costs and minimise the risk of a fine or prosecution for breach of regulation.
A good Document Management System (DMS), combined with a robust approach to information retention, will minimise the risk in two ways:
Firstly, with fast, easy – even mobile – retrieval of information. Every member of staff should have immediate access to the right documents, from HSE guidance, to the latest version of a contract or a contractor’s required proof of expertise. With this insight, individuals are less likely to make mistakes, hence reducing the risk of legal action.
Secondly, should a claim or complaint be made, or contract dispute arise, the organisation’s information recording, retention and retrieval processes will make the process of assessing the case far quicker – and less costly. Good processes should ensure that the right information has been recorded at the right time to demonstrate HSE compliance. As an example, the ability to demonstrate a complete audit trail and time-stamped information will immediately deter any ‘try it on’ legal cases.
Key to achieving this must be a robust approach to recording and storing information. Ensuring the system is compliant with the BIP 0008 Code of Practice on Legal Admissibility and Evidential Weight of Information Stored Electronically will ensure electronic documentation can be presented in court. A single searchable repository of information will transform the time taken to retrieve documents.
However, it is also important to look beyond the proven scanning and database technologies to streamline information recording and retrieval; never captured will mean never found. Organisations need to understand the information taxonomy and put in place effective processes for recording the right information at the right time.
Take health and safety as an example. The DMS should help individuals to quickly record the right information, by helping them answer a few questions to ensure that site managers accurately capture all the correct information from contractors or that staff complete complaint/incident forms in full, fulfilling both internal and external requirements.
Conclusion
GRC strategies are aimed at reducing the risk of a business damaging event and mitigating that risk should an event occur. For the vast majority of organisations there is no need to create complex, dedicated systems to manage every aspect of the business, from HSE compliance to complaints, contracts to employment records.
It is, however, becoming essential for businesses of every size to have a simple, usable way of recording, storing and retrieving essential corporate documents. Transforming information management will support effective day to day processes, minimise the risk of mistakes, and critically, guarantee that any potential legal cases can be rapidly addressed and managed. Costs will be reduced and the risk of business damage allayed. Critically, if the business is operating effectively, it can prove it.