Summary of Managing recordkeeping risk in business systems workshops March and April 2012 April 4, 2012

Photo source:

In March and April Janet Knight and I have run two sessions of State Records’ free half-day workshop, Managing recordkeeping risk in business systems. At both sessions we have had a full house of really engaged and interested participants. Thanks to their enthusiasm and willingness to share expertise and experience, Janet and I have learned as much as hopefully the participants did!

History of the workshop

This workshop has evolved a lot over the last year. When originally developed three years ago, the workshop was a means of explaining and working through the requirements of State Records’ Standard on digital recordkeeping. Now that most public offices are well aware of the standard and its requirements, the workshop has evolved into a series of case studies on information risk. It focusses on some of the risks that are likely to impact recordkeeping in business systems and looks at different ways to mitigate these risks.

Workshop content

In terms of content, the workshop starts by exploring the risks that can threaten digital information. We examine what these risks are – information won’t be maintained, will be incomplete, untrustworthy, meaningless, inaccessible, corrupted, non-existant etc- and discuss some of the real-world consequences that can result if these risks aren’t mitigated.

Next we  investigate some of the reasons why these information risks are proliferating.  As part of this we look at the differences between business systems and recordkeeping systems and discuss how the concepts of recordkeeping and  ‘data in context’ need to become a more native component of much business system design. We then move on to the case studies.

In the case studies we look at the key recordkeeping decisions that need to be made at:

  • system design and configuration
  • system integration
  • system migration
  • record format selection, and
  • when moving to cloud-based business or storage environments

in order to mitigate the information risks we have discussed.

In the case studies we use scenarios based on databases, social media applications, system integrations, system migration projects and online project management systems to look at examples of recordkeeping risks and then examine ways in which these risks can be minimised.

The key point we really focus on

The key point we emphasise through the workshop is that the Standard on digital recordkeeping was not developed to create a bureaucratic exercise in compliance assessment. The standard was developed to genuinely help agencies recognise the risks that exist in digital business environments and to identify ways that recordkeeping strategies can be deployed to help mitigate these risks.

We don’t deny that the workshop can get a little bit depressing. We discuss an awful lot of risks and identify an awful lot of real threats to government business information. But it’s also an excellent opportunity to vent, to workshop ideas and to talk about possible solutions that have and haven’t worked in different environments.

In the workshop we do emphasise pragmatism over perfection and try to flag simple, effective strategies that can be used to help resolve tricky digital recordkeeping issues. We are getting very positive feedback from participants who say that they are finding the content very helpful and that it’s giving them genuine assistance in dealing with the digital recordkeeping challenges back in their own organisations.

What has particularly interested participants so far

So far social media is a big topic of interest for participants. In terms of additional content, participants have suggested the inclusion of a SharePoint case study, a financial management or HR system case study and details on how to perform specific system evaluations to assess recordkeeping capacities. Digital disposal has also been flagged as an issue that people want more practical advice on. Participants also want as much time for discussion as possible, and strategies for communicating about information management risks to managers, business owners and system designers.

The workshop is a work in progress

We regard the workshop as always a work in progress. We tinker with it whenever we hear of new case studies, or problems or strategies. We want it to remain as current and as applicable as possible. If you have particular business system risk scenarios you think we should address, or particular issues you think we should discuss, or examples of ways in which you have combatted risks threatening your digital information, please don’t hesitate to suggest them to us. We love any feedback we can get!

Future workshop dates and registration details

At this stage we are planning on running the workshop four more times through 2012. The next session will be at our Western Sydney office on 19 June. After that it will run in the Sydney City area on 25 July, 12 September and 18 October.

To enable discussion, the workshops are limited to 20 participants. If you are interested in registering for a future workshop, please follow the advice on the course outline. If you have any questions about the course, please always feel free to contact us.

Leave a Reply

You must be logged in to post a comment.