If you’ve got an audit problem, you’ve got a records problem.

“Regulatory audits are enjoyable experiences.”

That’s what organisations say when they have good records.

The audit process is smooth, efficient, and low stress, because they’re permanently ready.

Mostly though, regulatory audits aren’t enjoyable experiences. They are high stress, and there’s a huge rush of last minute work to try and be ready.

The last minute rush is record assembly.

It’s trying to create complete records out of all the pieces of information collected and created by your process.

When you have a complete record, you can hand it to the auditor knowing that it’s everything you have.

And the audit is, for lack of a better word – enjoyable.

Why “it doesn’t work” is dangerous

“It doesn’t work” is a dangerous phrase.

It’s almost always untrue.

People use it as code for any number of other ideas.

A couple of types of “doesn’t work” –

  1. Results didn’t occur quickly enough (so we stopped before they appeared).
  2. We don’t really understand the task (so we didn’t get results)
  3. It’s inefficient (it works, but costs more than we get out of it)
  4. No one else has got it to work (yet)
  5. Defies physics (can’t work under any circumstances)

History is littered with people who were unsuccessful because they mis-read the “doesn’t work” they were dealing with.

Recognising which “doesn’t work” you’re dealing with gives you options – but only if you recognise which one it is.

Four ways to get people in the habit of using Content Manager (or any Content Management System)

The largest issue facing records and managers now and forever, is adoption.

It’s the one thing we don’t seem to be able to get away from, and before the miraculous paper to digital paper transition can take place effectively, it needs to happen, becuase I don’t ever see a lot of government work starting anywhere but a word processor.

I regularly ask agencies that I work with how they’ve improved adoption, like them, I think I’m always looking for a magic bullet. The most common answer is always education – what an officer’s obligations are, how they need to fulfil them, how the system works. The list of 4 below are others that have come out of conversations with the agencies I’ve spoken to:

  1. Process Integration via TRIM based actions.
  2. Workflow with Performance Reporting.
  3. Make Content Manager part of your performance management framework.
  4. Make it a compliance step enforced by another system

Process integration via TRIM based actions.

Simply, this means making parts of the process TRIM based actions. Many systems available for various processes can be triggered in TRIM and if most of a person’s job can be triggered in TRIM – they’ll come back there often. A simple example is the DA process in local government, three common tools – Pathway, Trapeze and Connect can be integrated to Content Manager, meaning that for people working in that process, Content Manager becomes the natural place to start and finish.

Workflow with Performance Reporting.

No real surprise that workflows get people using the system. What often gets missed though, is the inclusion of Performance Reporting. Workflow implemented without Performance Reporting is useful, but largely invisible to managers, and if all management reporting is a spreadsheet – it doesn’t matter how the work is getting done.

If Content Manager or a third party integrated workflow system is managing and reporting on how someone does their job, and that’s being fed automatically to management via a dashboard, they’ll go there frequently. It takes time and effort to set up, but once it’s done well, people will never go anywhere else and managers will get used to understanding what is going on with their process.

Make Content Manager part of your performance management framework. 

One agency I have worked with assesses employee performance based on what is in their CM system. Their policy is that if it’s not in there, it doesn’t exist, so when it comes time to assess performance, work product needs to be there. People who aren’t producing work don’t get promoted, so record keeping is a routine part of everyone’s job.

Make it a compliance step enforced by another system

Many workflow management systems aren’t integrated into Content Manager but can still be used to enforce Content Manager usage. Mandating the includsion of a link to the Content Manager document supporting the completion of a process or process stage can ensure that people are filing supporting documentation and that it’s findable from the process management system later.

Ultimately there’s no magic bullet.

There are lots of ways to move the needle – a little at a time. These methods have worked for other people

I’d love to hear what’s worked for you.

Least capture is the new security principle you need to work to.

We are in a world where privacy regulations are giving control back to people, and imposing significant penalties on organisations that don’t adequately secure personally identifiable information.

There are only really two possible things your organisation can focus on to navigate this new landscape.

The first is to spend more on securing your data than you ever have before. This is the easy route – because greater magnitude of harm means greater risk mitigation expenditure. The maths is simple, the board will get it.

The second way is to reduce data data capture to the bare minimum, and delete or anonymise what you’ve captured as soon as you can.

This isn’t easy, it requires your whole organisation to take a disciplined approach to data capture that recognises the new risks.

It requires questions like “why do we need that data to deliver our service, and for how long” to be asked and acted on as a matter of routine. If you’re doing really well, you’ll have a business case for every bit of data you capture that will also have a time value.

Innovative solutions will be required to gain the advantage of broad and long term data capture, without incurring the liability, and without becoming target.

The hardest part will be getting people to hit the delete button, because we’re used to hoarding, not minimalism. We’re convinced that data is the new oil, when it’s actually the new Plutonium, and needs to be handled like it.

There will be two types of organisations in the future – those who overspend on security, get nothing back on their investment and still get fined, and those who capture only what they have to, and innovate. The second way is better.

How to raise the quality of your corporate information, and make search easy.

Stop making copies.

Creation of original content is difficult and time-consuming.

Creation of a copy takes seconds.

When we went digital, copies got cheap. So we make more.

When you stop making copies search gets easier, and quality goes up.

If you want to raise your information quality, and make search easy, stop making copies.

The download report button is carcinogenic

How comfortable are you having a conversation that starts “the spreadsheet you emailed is going to cost us four million dollars”? Probably not very comfortable – but it’s where current data handling practices will lead us. Privacy laws are penalising loss of control of data – not actual harm to subjects of the data. This is why controlled handling needs to be an operational capability for any organisation handling personal data.

The CRM system is a great example of the problem – it generally has the crown jewels of personal data, and easy download capability. The standard response to “joe needs a list of customers for x” is to cut a spreadsheet full of personal information, and email it.

Then what?

Every system the data touches after that makes a couple of uncontrolled copies – backups, replications, shares, edits. It’s like cancerous cells – a few here and there multiply to become a much larger problem. Under GDPR, it’s a 4% of revenue sized problem when the data is emailed to the wrong person.

The key to removing the problem is providing capability to handle data without downloading it. Simply, your employees need to be able to run their business process end-to-end without downloading and emailing a spreadsheet. If they can’t, you’ve got a carcinogenic problem within your organisation.

Trust theory.

Trust is the foundation of everything that we do.

When we cannot trust, we experience anxiety – and most people will make significant changes in their lives to get trust back. Simple examples include the impact on your daily life of being unable to trust the opening hours of a store, or changes you make to your route choice when you know one means of transport is not trustworthy. In economics, all specialization and trade depend on trust, and all risk management is fundamentally about how we can create trust in circumstances where we wouldn’t naturally find it.

Trust is ultimately about vulnerability. Vulnerability occurs when there is a potential for loss that is greater than the potential for gain. When we trust, we become vulnerable to whatever or whoever we have trusted. If we are not vulnerable, there is no need for trust.

The most useful definition of trust that I can find comes from the work of Aneil K Mishra who defines it as “one party’s willingness to be vulnerable to another party based on the belief that the latter party is 1) competent, 2) open 3) concerned, and 4) reliable.”

Competence

You have to be good at what you’re doing for people to trust you. This means that you need to demonstrate expertise – and is also one reason why people from professions that require significant learning (doctors, engineers etc.) have high trust scores – people trust that the significant learning ensures they are competent. An interesting side point to this though is that you can gain the perception of competence by association, surrounding yourself with competent people can give an aura of competence in areas where you may not have it – and obviously, advice from experts is always of value.

Openness

Openness is all about people understanding how you are thinking, and why you are doing what you are doing – and knowing that it has some level of truth about it. In tough situations, people are more likely to trust people who help them understand how they are thinking about the situation, and how they are thinking about making decisions about the situation. This helps people understand a likely path and gives them some understanding of what the future will look like.

Concern

Concern is the belief that the person you are trusting wants you to be successful in your endeavor, and that they do not want to take unfair advantage of you. Concern is a balancing problem – concern will always balance between the interests of yourself and whoever you represent and require performance from.

Reliability

Reliability, while last in the order, is contributed to by each of the previous factors and it is simply that people do what they say they are going to do. That’s not a difficult concept for anyone to master – but it does run deeper. Reliability doesn’t mean that you can’t change your mind – the perception of reliability is built up over time and can have many levels. The idea that you were unreliable on something that you said does not necessarily mean that you were unreliable on having real concern for someone, and acting in it – quite the opposite in some situations.

Conceptually, trust is simple. Why is it useful to understand Trust under this framework? Most truly disruptive organizational breakdowns, failures of brands and failures of people to find needed support are failures of trust. The research though is in this case, quite clear – demonstrate that you are competent, open, concerned for the outcome, and reliable – and people will trust you, your brand and your product.

* Aneil K Mishra’s paper “Organizational responses to Crisis: the role of mutual trust and top management teams” can be found here –  https://www.researchgate.net/publication/35508350_Organizational_responses_to_crisis_The_role_of_mutual_trust_and_top_management_teams

*Sam Crosby’s book “The Trust Deficit” is also a good read and covers much of this subject material in a political context – https://www.amazon.com.au/Trust-Deficit-Sam-Crosby-ebook/dp/B01DYDFNRO