Reading time: minutes
Manager, Information Governance
Business documentation, data and information are crucial to the success – and even the survival – of your organisation. They are the means by which you manage and control your business, develop products and services, identify risks and opportunities, and meet accounting and reporting requirements and other legal requirements relating to things like product warranties. With authentic, unimpaired information at your fingertips you can assert your position even in difficult situations such as legal proceedings. Last but not least, proper information can help you boost productivity, efficiency and flexibility. These days it is not just about archiving, but the way you handle information in general. You need to classify information. Information is a precious asset and the key driver of your success, so you have to safeguard and use it correctly, bundling the entire knowledge from across your value chain, including research, development and production activities, services, partners and customers.
The way the legal requirements with regard to handling information are put into practice still varies a great deal – and it is not always in compliance with the law. With increasing calls for transparency and a growing number of laws, your stakeholders are getting more and more demanding. Customers want to be able to buy tailor-made products and services while at the same time reaping the fruits of innovation. The authorities expect proof that you are complying with the relevant rules and regulations and society demands sustainable, trustworthy behaviour. For your part you want to improve the efficiency and effectiveness of your organisation, focus on the essentials, and create competitive advantage.
As a decision-maker and the person who ultimately bears responsibility, you have to take the business view: to move forward you have to make things quicker, more efficient and straightforward. With your business locations spread around sites in different geographic locations it becomes harder to collaborate efficiently, especially if your processes are time-consuming and paper-based. To make sure information is available in real time, you need to automate these processes and replace them with electronic processing, filing and storage systems – which also means digitising relevant information in paper form. That is the only way of remaining agile in the marketplace. To do this you have to see the handling of business information as an integral part of your business processes and define clearly how you deal with relevant information both inside and outside your organisation. If you can take a 360 degree view and establish it within your organisation, taking control of your documents and data, you will gain a key edge in the marketplace by way of greater efficiency, transparency and trust.
Successfully handling business information involves an interplay of technologies, front and back office business processes, and compliance (see Figure 1). Your business faces a whole series of challenges in these three areas. What they all have in common is that they require you to rethink the way you view and deal with information.
In recent years it is not only information that has been digitised; entire business processes, communications channels and the (automatic) exchange of information with external stakeholders have moved into the digital realm. For example you may now require suppliers to send invoices and receipts electronically (e-invoicing), and these days official documents (even notarised documents) are often delivered electronically.
Proof of compliance with regulatory and financial reporting requirements now also has to be provided in electronic form. The challenge for you is to validate, process, archive and delete this information. Since the validity of this proof can only be verified electronically, you can no longer store it in physical form. For example, electronic bills lose their validity once you print them out.
The pace of digitisation is reflected in the way new technologies, systems and services are developed and refined. At the same time there has been a radical change in the way information is used, meaning that technology now has to keep up with growing mobility and ensure perfect continuity between different media. At the same time you need to make sure all this is in compliance with the relevant legal requirements, for example the data privacy rules.
The information life cycle is not just determined by your core business; it is also influenced by associated processing and decision-making processes. For this reason you need to evaluate new technologies and systems such as the cloud and deploy them systematically. Often you will find your entire business and IT architecture is up for discussion. You have to replace old systems, applications and functions, and introduce new ones in line with the requirements of your business and the law.
The Swiss Accounts Ordinance (Verordnung über die Führung und Aufbewahrung der Geschäftsbücher, GeBüV) stipulates that you must be able to demonstrate the integrity, legibility and traceability of records and data that are subject to compulsory retention. You must make sure that your information remains in its original state, i.e. complete and accurate, for the entire statutory retention period. This is just one of the tasks facing your compliance department.
The digital revolution forces you to rethink the way you handle information. You have to ask yourself what information should be digitised and what business processes automated. This way you can free up your staff to focus on the essentials and prevent a disproportionate rise in the costs of administration, storage and searching. To an increasing extent, transactions are being settled electronically. This means that you must record the conclusion of the contract and the conditions applicable at the time electronically so that they can be reconstructed. To get on top of these challenges you should manage the information life cycle and recognise the interdependencies (see Figure 2). It is therefore imperative to formulate and implement a document management and archiving strategy for your organisation. This is the only way of making sure you can find relevant information and capitalise on it. Modern and efficient document and data management starts at the moment information is generated or captured.
One of the main challenges is to comply with the numerous rules and regulations and keep up with the changes – especially if you operate in countries with different legal requirements.
If information is relevant in legal or regulatory terms (accounting, VAT, customs, data privacy, etc.) you also have to make sure it is complete, intact, readable and trackable throughout the entire life cycle. Here there are often special procedures in place such as electronic signatures and encryption technology, especially if information is transmitted across borders.
If you fail to comply with legal or regulatory requirements you risk the following:
By managing your business documents and data in compliance with the relevant laws and regulations you will avoid the cost of having to implement requirements or conduct searches in response to official enquiries. In our experience, a failure to consistently store documents and data can result in heavy costs – for both internal and external personnel – in the event of enquiries from the authorities or internal reviews (e-discovery).
These days an appropriate approach to handling business information means actively managing documents and records with the help of systems, exploiting sources of data, and maintaining the relevant IT systems and processes to manage and bring together this information compliantly – from data capture and storage to deletion. Smart information management involves more than mere archiving, but is a lot more valuable as well.
You will find an overview of the relevant legal texts here. In Switzerland the management and archiving of business information is governed primarily by the provisions of the Swiss Code of Obligations on commercial accounting (Art. 957-963 CO) and the accounts ordinance (Verordnung über die Führung und Aufbewahrung der Geschäftsbücher, GeBüV). In addition to this basic framework there are diverse special provisions in other areas of the law. The Ordinance of the FDF on Electronic Data and Information (OElDI), for example, regulates the transmission of electronic invoices. The Federal Act on Data Protection (FADP) is particularly relevant when it comes to archiving data on servers outside Switzerland and working with outsourcing services. The Tax Act also contains rules on the retention of data. The Anti-Money Laundering Act and Gambling Act contain special rules governing the retention of industry-specific documents by financial intermediaries and casinos. Banks also have to take account of SwissBanking’s Guidelines on Dormant Assets.
Many organisations are put off by the expense and effort involved in implementing a coherent information governance system. But you do not necessarily need to implement a completely new model at all your sites and in all areas of your business. Merely by redesigning or streamlining individual processes or phases you can gradually create clear advantages. Figure 3 shows one possible approach.
It is true that implementing the technology and processes necessary for modern information governance is a complex and challenging undertaking. The desire to involve all areas of the business and tick all the boxes makes it even more complex. However, the most difficult task you will face is establishing a new cultural outlook within your organisation – a culture that views information governance as a rich opportunity rather than an onerous chore.
Handling information relevant to your business means taking a holistic view of information encompassing the entire value chain, all the relevant legal and regulatory requirements, and the various areas of your business. So it is much more than merely archiving documents and data. These documents and data are primarily digital and involve the entire information life cycle from data capture and generation to timely provision and storage and deletion. If you have the relevant business information in hand you will find yourself with more efficient and effective processes and IT systems, optimum compliance and risk management, lower costs, and a lasting advantage over your competitors.