By James O’Connor
Have you ever looked at a work project gone wrong and wondered, how did this happen, who made this change, or how did this slip through the cracks? If you’re like most knowledge workers, the answer is a resounding “yes.”
These glaring questions have become so prevalent in organizations that headlines now pose them not only to businesses under fire, but also to consumers, who today—as never before—question whether organizations can be trusted with their information.
This occurs for only two reasons, both of which are deeply rooted in a lack of checks and balances, tracking, and using one central, secure repository to store information: each a byproduct of either paper-dependent business practices or arbitrary storing and classifying of digital information: Consider the following examples.
Document Management Case Studies
The Regional Radiology Center in Fort Myers, Fla. suffered a compromising of paper-based information on Feb. 12 this year, forcing the center to report the incident to the U.S. Department of Health and Human Services, including the individuals To maintain HIPAA compliance, the center also notified patients of the incident.
Although the amount of reputational damage incurred from the incident is yet to be quantified, one thing is certain: It was preventable. if the center retained its information strictly in not just a digital format, but a secure digital format while retaining paper information only as needed, the incident wouldn’t have happened. Although most paper-based breaches and leaks occurred prior to the advent of digital technology, events like this one still occur today.
However, although un-securely digitizing information technically makes an organization paperless, it leads to an array of different issues, which also make accountability, security, and compliance harder to reify. Most digital information is breach-susceptible and predominately unstructured, making it difficult to keep information an documents safe, findable, and leverageable for auditors’, enterprises’, and consumers’ benefit alike.
And the secret is out. Andrew McGill, recently featured in The Atlantic, built a fake web toaster just to see how long it took to get hacked: Compromised within the very hour it came into existence, McGill’s findings lent further credibility to consumer sentiment: They don’t trust businesses with their information.
Also consider the recent ignominy of Wells Fargo. Like most banks, credit unions, and financial institutions, Wells Fargo had digital systems in place, as most banks do, yet circumvented legal penalties for fraudulently creating millions of unauthorized bank and credit card accounts for over 5 years. Even Wells Fargo’s auditor is under fire for failing to detect the organization’s illicit activity sooner.
Looking at the course of information “management’s” evolution over the past twenty years, companies have, in general, evolved to predominately rely on and store information digitally, yet un-securely and through paper documents, too.
These competing mediums of information storage and sharing exist in most businesses today, increasing needless file duplication, re-creation, and difficulty in file retrieval. Couple this with the fact that 90% of the world’s data was created within the last 2 years, and the result is unchecked chaos, making information and process transparency a pipe dream without the right technology in place.
This means we’ve reached a divergent road in the history of information management—one which splits inevitably at the solutions organizations use to solve the problems that paper and unchecked digitization have caused.
A document management system, for instance, is a contender for solving this issue: its audit trail features would’ve rendered any omissions on Wells Fargo’s end too egregious for auditors to miss, perhaps saving consumers from the scandal or, at the very least, revealing auditor’s culpability.
Additionally, functioning as a central repository for all workflow and document usage and editing, these systems could have traced exactly who knew what within Wells Fargo’s walls, making the e-discovery and prosecution process far simpler, and, perhaps the entire incident itself, preventable.
If Fort Myers Regional Radiology Center had digitized its patients’ documents and uploaded them to a secure document management system, it would have neither compromised patient information nor had to report the incident to the government, or those whom were affected.
Without mass adoption of document management technology across compliance-centric industries such as finance, accounting, insurance, manufacturing, healthcare, and human resources (industries vital to the lifeblood of the economy) digital data breaches and the un-secureness of paper-dependent processes will persist.
Although some documents must be kept in paper format for compliance and consumer-accessibility purposes, there are very few businesses that couldn’t go 98% paperless and still be 100% compliant.
Fort Myers Regional Medical Center and Wells Fargo are only microcosms of a much larger issue: 61% of data breach reports involve paper documentation, fraud is on the rise, and the “fast food” mentality of managing digital information, which has made us too comfortable and “complacent” with our technology, continue facilitating in-transparency, breaches, and consumer fear.
Think your organization is too small to suffer a business injuring breach, fraud incident, or information compromise? Think again.
37.2% of US organizations are vulnerable to a data breach that’d require disclosure to customers, and the Association of Certified Fraud Examiners (ACFE), in its Report to the Nation on Occupational Fraud and Abuse, shows not only that organizations with fewer than 100 employees are most susceptible to fraudulent activity, but also that a lack of internal controls (which paper-dependent offices and unsecure digital information facilitate) comprised nearly one-third of fraud incidence this year.
The report also claims that 19.4% of internal control weaknesses are caused by a lack of management review, also conducive to fraud and information mismanagement. Again, document management’s audit logs, workflow, and role-based user permissions can resolve these issues, ensuring everything is kept in one place, the audit logs showing who’s done and viewed what, the workflow features tracing precisely where it occurs, and role-based user permissions preventing unauthorized users from viewing certain documents.
Document Management’s Purpose and Scope
Okay, great. But what exactly is a document management system, and are there any instances of organizations using these systems successfully?
In June 2015, Forbes contributor, Tom Taulli, described eFileCabinet document management software as a technology that “manages the lifecycle of a company’s files,” and with an emphasis on security and compliance.
One year later, eFileCabinet’s document management system, and many others, have outgrown the very name of their solutions, proving they are capable of much more than mere management of documents: Reducing the probability of data breaches, tracking employee behavior, secure and simple file sharing, helping offices go paperless, mobilizing workforces, dissuading fraudulent activity, and, built in security features to simplify compliance: all of which reduce the likelihood of watchdog wrist-slapping and consumer distrust alike.
Not only do document management systems simplify auditing for regulators, they create the efficiency businesses need to increase output for customers and better tend to their needs—an imperative given the era in which we live—one in which the customer is “always right,” and demands more than ever.
Carlene Patterson, an eFileCabinet customer and owner of Ascension Financial Group in Albuquerque, NM, claims her document management system saves her “over $4,000 a year.” A contract nurse claims it’s reduced roughly 20 steps from her daily workflow, and one accountant eliminated 17 filing cabinets from his office—drastically reducing operating expenses and potentiating room to save on commercial rent costs.
In fact, these systems can improve efficiency and bottom lines to such a great extent they may also deter organizations from engaging in illicit behavior to secure “profits,” like Wells Fargo.
Would you be as tempted to fly by night if your business saved thousands annually for reducing the number of steps in its workflow, its probability of noncompliance, and the number of dollars spent to ensure customer satisfaction?
If these systems are so important to ensuring profits, consumers’ trust, employee accountability, and reducing the number of data breaches, why haven’t legislators forced organizations to use them?
As ignoble as the answer may seem, it’s because it’s not their job—at least not yet.
It’s up to organizations to use technology that makes compliance as easy as possible. Whereas regulators, in large part, merely ask for desired information outcomes, not mandated use of certain technologies to fulfill these outcomes.
For instance, financial services companies have overhauled internal processes to simplify Dodd-Frank and Sarbanes-Oxley compliance, yet continue to rely on storage methods that predate many of these companies’ existences and the complexity of our time alike: physical filing cabinets.
However, this is subject to change. The persistence of large-scale paper-based data breaches and ramifications of unsecure digital information, if left unchecked, may eventually draw into question how regulators will consider compulsory use of document management technology and similar technologies across industries.
Document Management’s Role in Influencing Regulatory Authorities
Regulators are already chiming in with their opinions on the matter. Standardization and regulatory authorities (such as the International Organization for Standardization (ISO) and the Internal Revenue Service (IRS) presently have material on their websites encouraging use of such systems. However, it’s up to organizations to adopt and use the technology to their benefit, and, ultimately, to the benefit of consumers.
And the ball has been in businesses’ court for too long.
Although many business owners may be able to empathize with one another’s psychological dependence on merely digitizing information and relying on paper-based filing methods, which represent years of toil, hard work, and well intentioned attempts at organization, consumers aren’t as understanding—and await a widespread change within enterprises that can restore their trust, and hold organizations accountable for consumers’ information.
A Prospectus for Document Management Inaction
To facilitate this much-needed paradigm shift in information management, organizations must rely on new technologies to bridge corporate, consumer, and regulatory interests. Otherwise, as data and information continue to proliferate at a pace as rapid as it is unchecked, these parties’ competing interests will prove the ruin of the last and greatest of a free market’s purposes: to enrich, improve, and empower the lives of the individuals it serves.