- What is an information audit?
- Why does SOAS need an information audit?
- What will it produce?
- What benefits will it bring?
- How is it being carried out?
- What will I have to do?
- Will I be criticised for what I'm doing?
- Where can I get further information?
Part of implementing a records management programme at SOAS involves conducting an information audit. This page explains what the information audit is, why it is necessary, what it will produce, how it is being carried out, and what it will mean for SOAS staff. The audit has been piloted in the SOAS Language Centre.
An information audit is a standard technique developed by records managers for improving the way in which an organisation manages its records. An audit combines data gathering and analysis to produce a series of tools which, when implemented, ensure that information is organised logically and consistently, and is not retained for longer than necessary.
An audit involves:
- Identifying what an organisation does - its business functions, processes, activities and transactions - and the record keeping requirements which they give rise to.
- Gathering data about existing record keeping systems.
- Assessing whether existing systems meet the requirements, and identifying any gaps.
- Designing new records management mechanisms, or improving existing ones, to ensure that the organisation's record keeping requirements are met.
Data gathering is usually done by a records survey, which gathers data about the organisation's business, its existing record systems, and how the two relate to each other. Analysis of the information gathered in the survey is used to produce the outputs of the audit, in the form of practical day-to-day tools to improve how records are managed. The most important of these are business classification schemes and record retention schedules (see What will it produce?).
An information audit applies to records in all formats, so electronic as well as paper material will be covered. Although it involves investigating records and systems, an information audit is not intended to criticise individuals for existing practices (see Will I be criticised for what I'm doing?). Its focus is on identifying record keeping problems, and helping staff to manage the information which they need in their day-to-day work.
Like other HE institutions, SOAS is under increasing pressure to improve the management of its records. The key drivers behind this include:
Business efficiency. Information is an important asset of the School, and is essential to the School's operations. The School can only function effectively, and provide consistent and equitable services to its students, staff and other stakeholders, if the information in its records can be located and accessed when it is needed for a particular task or activity. As the volume of the School's records increases, so does the need to set up standards to ensure that records are managed in a way that supports access to and re-use of information. Establishing standards will also free up staff time, by removing the need for staff to devise their own record keeping systems.
Space. An average filing cabinet requires about one square metre of space for the cabinet itself and to allow adequate room for opening. It has been estimated that office accommodation costs in urban universities can be in excess of £600 per square metre per year (JISC, Developing an Institutional Records Management Programme, 2004). The storage of active and inactive paper records represents a significant, and largely hidden, cost to the School. This makes it important to ensure (i) that information is only held in paper format when this is justified – most information is created digitally, and could be managed digitally; (ii) that paper format records are retained for no longer than necessary; and (iii) that alternatives to on-site storage are properly explored.
Regulatory requirements. The Data Protection Act and the Freedom of Information Act have created general rights of access to recorded information held by the School. The Data Protection Act also imposes obligations on how information about individuals should be managed. Effective management of the School's information is essential to ensure, firstly, that information requested under this legislation can be located; and secondly, to reduce the School's exposure to information requests, by ensuring that information is retained for no longer than is justified by business needs or historical value. We also have to manage our information to meet internal and external auditing requirements, such as the Research Assessment Exercise and teaching quality assurance.
Electronic records management. Although they may be printed out and filed on paper files, current administrative records and teaching materials are almost invariably "born digital", and are created in a wide variety of electronic formats. Managing and preserving this information electronically reduces the need for physical storage, and ensures that information created electronically can be re-used electronically. However, electronic records require earlier intervention and more pro-active management than paper format material: "benign neglect" cannot be relied upon to ensure the survival of information which is technologically dependent. Other institutions have addressed this problem by introducing systems to manage their electronic records, which ensure: (i) that key information is managed corporately rather than individually; (ii) that rules relating to file naming, classification, retention and access are applied to objects in the system; (iii) that metadata (such as creator, version, intellectual property rights, context) are captured to support the long-term use of information; and (iv) that pathways exist to allow the migration of data into new systems and software formats without the loss of information.
The information audit will not introduce an electronic records management system to SOAS, but it will support the effective implementation of one by developing standards which can be incorporated into a system. Introducing an electronic records management system without such standards creates the risk that defective practices are just transported into the new system.
Business continuity. Certain records are crucial for the School's continued functioning in the event of a disaster. These vital records need to identified and secured as part of business continuity planning.
Heritage. The School's historical archives not only have value as a scholarly resource; they also have a largely untapped potential to support marketing, fundraising and alumni relations. As the School's centenary approaches, interest in the School's history is likely to increase, making it more important that the School takes steps to identify and preserve records of historical value.
The School's Records Management Policy commits SOAS to conducting an initial information audit, and repeating audits from time to time. Guidelines issued by bodies like the JISC and the Records Management Society have emphasised the role that an information audit can play in helping an organisation to establish effective management of its records. An information audit for SOAS will address the issues outlined above, by gathering data about the School's record keeping requirements and existing record keeping systems. This will be used to produce standards and procedures for how the School's records should be organised and how long records should be retained (see What will it produce?). Implementing the outputs of the audit will ensure that information in all formats can be located more easily and effectively, and that records are managed in ways which support legal and regulatory requirements, business efficiency, contingency planning and historical value (see What benefits will it bring?).
For practical reasons (see How is it being carried out?), the audit will proceed in phases, department by department, or faculty by faculty in the case of academic departments. Records management tools will be produced for each department/faculty at the end of its phase, so that departments see the benefits of the audit at an early stage. These outputs will include:
(1) A report summarising the conclusions of the audit. This will look at the department's information in the context of its work, and will highlight any disparities between information needs and existing record keeping systems.
(2) A classification scheme which will break down the department's work into functions, activities and transactions arranged hierarchically. Like a traditional filing scheme, a classification scheme can be used to organise, describe and link a department's records: e.g. by grouping and assigning categories to files and electronic documents. Basing the classification scheme on what the department does rather than on its administrative structures will make the scheme less susceptible to change, and will support consistency with the classification schemes which are developed for similar business areas in other parts of the School.
(3) A retention schedule which will define retention periods and disposition actions for the department's records: how long they should be kept, and what action should be taken at the end of that period (e.g. destroy, transfer to the School's archives). A department's retention schedule will be arranged according to the functions, activities and transactions in its classification scheme. For an example of a retention schedule based on a business classification, see that of King's College London.
The classification scheme and retention schedule will be tools that a department can begin to use immediately to improve and standardise the management of its records. For example, developing the retention schedule may identify sequences of paper files which can be destroyed immediately as their retention period set down in the schedule has expired.
At the end of the information audit, the outputs produced for each department will be integrated to produce records management tools for the School as a whole. A School-wide classification scheme and retention schedule will synthesise those developed for individual departments. This will support consistency across the School by showing how the same classifications and retention periods apply to information produced by similar business functions and activities in different parts of SOAS. A register of vital information assets will identify records which are essential for the continued functioning of the School, and whose preservation needs to be built into business continuity planning.
The information audit is not a compliance checking exercise: its aim is to produce records management tools which staff can use to improve how their information is managed (see What will it produce?). The benefits of implementing these tools will include:
- Better access to information: the classification scheme will allow records to be organised in a way which supports retrieval, and hence operational efficiency.
- Improved knowledge of information resources: the audit will provide a top-down view of major record series and how they relate to business processes.
- Standard retention periods: records will be retained for periods which can be justified by legal/regulatory requirements or business needs, and these periods will be applied consistently across the School.
- Greater efficiency in the storage of records: the retention schedule will ensure that records are not retained in storage for longer than necessary, and will help to identify records that could be moved from office accommodation to offsite storage.
- Compliance with legal and regulatory requirements: improved access to information will make it easier to respond to statutory information requests, and to locate information which is needed for exercises like the RAE.
- Securing records of permanent value: the audit will identify records which should be transferred to the School's archives, and specify when that should take place.
- Identification of vital records: records which should be protected from destruction because they are vital to the School's functioning will be identified.
- Facilitation of electronic records management: the standards created by the audit will support the effective implementation of an electronic records management system, if the School chooses to adopt one.
The information audit is focussed on tracing how records relate to business functions and activities. These often cut across administrative boundaries: for example, the function of administering student records is carried out by staff in the Registry, the Faculty Offices, the Language Centre and other departments. However, because of the way the School is organised, it makes sense for the data gathering part of the audit to take place department by department, or faculty by faculty in the case of academic departments.
To keep the task manageable, the audit will concentrate on gathering data about those record series which appear to be important for the functioning of a department. Typically, these will be records which are shared and used by more than one person. These records are the ones which are most likely to require managing as corporate resources. Some information will also be gathered about the records of individual staff, but these will only be explored in detail if there are issues or problems that need to be clarified.
The audit is being carried out by the Information Compliance Manager (ICM). The ICM will initially contact those staff in the department who appear to be likely to know about the department's major record series. They will be asked to identify the record series which they think are important for the functioning of their department. These series will be investigated by the ICM in the next stage: the ICM will arrange to talk to the staff who appear to be responsible for the records (or most knowledgeable about them), and may ask to inspect or sample the records. At the same time, a short questionnaire may be sent to all staff in the department to gather information about the records which they hold individually. This data will also be analysed by the ICM, who may contact the staff concerned to gather more information if necessary.
Once the surveying phase has been completed, the ICM will analyse the data to produce the outputs of the audit for the department (see What will it produce?).
The audit's approach is designed to minimise the impact on the work of departments, by shifting most of the work of gathering data onto the Information Compliance Manager.
For most staff, involvement with the audit will be limited to possibly completing a brief questionnaire on the records which they hold individually, and responding to any follow-up questions from the ICM. If you are responsible for records which seem to be important for the work of your department (particularly records which are also used by other people), it is likely that you will be contacted by the ICM. The ICM will arrange to meet you to discuss the information, and may ask to sample the material. A few staff in each department will be approached by the ICM before the start of the audit, and will be asked to identify the series which they think are significant to the department's work (see How is it being carried out?).
The two main outputs from the audit - the department's classification scheme, and retention schedule - will be circulated to all staff for comments. Once the audit of the department has been completed, the ICM will arrange to brief staff on how these tools should be used.
Absolutely not. Although it is called an "audit", because that is the term which is currently preferred in the records management field, the information audit is not a financial audit or a regulatory exercise. You will not be judged in any way for your existing record keeping. The aim of the audit is to gather information about records and record keeping practices, and to use this information to produce standards which will help staff to manage their information better (see What will it produce?). Implementing these standards will help departments to work more effectively and efficiently, and will help the School to meet its legal obligations (see What benefits will it bring?).
9. Where can I get further information?
Further information about SOAS's information audit is available from the Information Compliance Manager, who can be contacted at the following address:
Information Compliance Manager
London WC1H 0XG
Telephone: +44 (0)20 7898 4150
Fax: +44 (0)20 7898 4019
Last updated March 2008