Meta-IRM

Share this post

Meta-IRM
What to do if your records regulator (or any other) won't take enforcement actions.
Copy link
Facebook
Email
Notes
More

What to do if your records regulator (or any other) won't take enforcement actions.

Karl Melrose
Jul 23, 2022

Share this post

Meta-IRM
What to do if your records regulator (or any other) won't take enforcement actions.
Copy link
Facebook
Email
Notes
More
Share

Work out the magnitude and likelihood of a risk event.

Add it to your risk register.

Stack rank it.

Take action according to the priority of that risk against all of the others you face.

Unless your organisation is at a really advanced stage of maturity, your risk register should tell you that the most serious risks to your organisation don't come from regulators and standards (with some exceptions - don’t mess with AUSTRAC).

The most serious risks to every organisation are failures of record keeping that have nothing to do with standards, and everything to do with specific aspects of the quality of record keeping practice.

I think that at the heart, records regulators want to see a consistent improvement in the quality of the records being produced by the organisations they regulate.

I don't think they'd ever want you to ignore the most significant risks posed by record keeping.

Be pragmatic.

Risk assess.

Stack rank.

Take action accordingly.

Thanks for reading Meta-IRM! Subscribe for free to receive new posts and support my work.

Share this post

Meta-IRM
What to do if your records regulator (or any other) won't take enforcement actions.
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

No posts

Ready for more?

© 2024 Karl Melrose
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More