Reconstructing the Past for Organizational Accountability Geert-Jan van Bussel HvA Amsterdam University of Applied Sciences, Amsterdam, The Netherlands g.j.van.bussel@hva.nl
Abstract: Many organizations have undergone substantial reorganization in the last decade. They re-engineered their business processes and exchanged proprietary, not integrated applications for more standard solutions. Integration of structured data in relational databases has improved documentation of business transactions and increased data quality. But almost 90% of the information that organizations manage is unstructured, cannot easily be integrated into a traditional database. When used for organizational actions and transactions, structured and unstructured information are records. They are meant and used as evidence. Governments, courts and other stakeholders are making increasing demands for the trustworthiness of records. An analysis of literature of the information, organization and archival sciences illustrates that accountability needs the reconstruction of the past. Hypothesis of this paper is that for the reconstruction of the past each organization needs a combination of three mechanisms: enterprise records management, organizational memory and records auditing. Enterprise records management ensures that records meet the quality requirements needed for accountability: integrity, authenticity, controllability and historicity. They ensure records that can be trusted and enhance the possibilities for the reconstruction of the past. The organizational memory ensures that trusted records are preserved for as long as is necessary to comply with accountability regulations. It provides an ICT infrastructure to (indefinitely) store those records and to keep them accessible. Records auditing researches the first two mentioned mechanisms to assess the possibility to reconstruct past organizational actions and transactions. These mechanisms ensure that organizations have a documented understanding of the processing of actions and transactions within business processes; the dissemination of trusted records; the way the organization accounts for the actions and transactions within its business processes; and the reconstruction of actions and transactions from business processes over time. This understanding is crucial for the reconstruction of the past and for organizational accountability. Keywords: accountability, enterprise records management, organizational memory, records auditing
1. Introduction Organizations have undergone substantial reorganization in the last decade. They re-engineered their business processes and exchanged proprietary, not integrated applications for more standard ones. The integration of structured data in relational databases has improved documentation of business transactions and increased data quality. But almost 90% of the information that organizations manage is unstructured and cannot easily be integrated into a traditional database. Knowledge workers, who create networks of expertise and engage in peer-to-peer knowledge sharing across organizational boundaries, create this unstructured information. Knowledge work has to do with organization-wide and inter-organizational communication and collaboration. The storage, dissemination and processing of unstructured information require complex and evolving ICT systems. In this changing organizational environment, accountability became a hot item, especially because ICT systems present unique security and durability challenges that pose a threat for information quality (Boudrez, Dekeyser and Dumortier, 2005; Bearman, 2006). When used for organizational actions and transactions, structured and unstructured information are records. They consist out of text, (moving) images, sound or database records, or combinations thereof. They are critical for business process performance, for without them production almost becomes impossible (Toebak, 2007). They are meant and used as evidence for organizational policies, decisions, products, actions and transactions. Governments, courts and other stakeholders are making increasing demands for the trustworthiness of records. This is part of a long-term trend toward defining what accountability means in a digital era. The attention for accountability was strengthened when ICT couldn't solve the accountability problems organizations experienced. Concepts as corporate governance and information governance became closely related to organizational accountability. These concepts are synonymously used, but they do not mean the same. Organizational accountability is an objective and has (mostly) an external orientation. Both corporate and information governance are means for reaching that objective and have (mostly) an internal orientation (Porter, 2009).
ISSN 1566-6379 127 ŠAcademic Publishing International Ltd Reference this paper as: van Bussel, G. “Reconstructing the Past for Organizational Accountability� The Electronic Journal Information Systems Evaluation Volume 15 Issue 1 2012, (pp127 -137), available online at www.ejise.com
Electronic Journal Information Systems Evaluation Volume 15 Issue 1 2012
2. Accountability, ICT and the past That accountability is a complex concept is a commonplace in literature of organization science. A word that was used rarely a few decades ago has been discussed substantively in the passed decade (Dubnick, 1998; Meijer, 2000). In the process, the concept's scope and its meaning have been extended in many directions (Mulgan, 2000). Historically, accountability is related to accounting and to administrative procedures. Dubnick (2002) asserts that the concept can be traced to the reign of William I the Conqueror. That may be true for the concept's name, but it is incorrect for the concept itself. The concept was already there in old Mesopotamia before spreading to Egypt, Mycenae, and the Persian Empire, continuing through the Hellenistic, Seleucid and Roman periods (Brosius, 2003). Accountability is the acknowledgement of [1] responsibility for policies, decisions, products, actions, and transactions, and [2] the obligation to report and be answerable for resulting consequences. It concerns the responsibilities actors have under the existing checks and balances. It is an evaluative concept to qualify a state of affairs or the performance of an organization in the (recent) past. Bovens (2006: 9) considers accountability to be a social relation between an actor and a forum, 'in which the actor has an obligation to explain and to justify his or her conduct'. An actor can be either an individual or an organization. When it is an organization, we mostly talk about organizational (or corporate) accountability. The forum is a designated legitimate or accountability forum. Such fora may be shareholders, citizens, professional committees, courts, review bodies, ombudsmen and the like. It even may be a virtual entity, such as 'the general public' or 'society'. A forum will ask an actor to provide insight in the effectiveness of its business processes and the lawfulness or unlawfulness of the transactions within those processes and within its environment. It asks to explain deficiencies in its financial and fiscal situation. Ultimately, the forum may pass judgement on the conduct of the actor. It approves or disapproves an account, denounces a policy, condemns the behaviour and imposes sanctions of some kind. Sanctions can be formalized, like official authorizations, financial rewards, fines, disciplinary measures, civil remedies or penal sanctions, but can also be based on unwritten rules, as in the case of 'political accountability'. They can also be implicit or informal, such as having to render account in front of television cameras. They can even be the blocking, or amending of decisions by the actor (Strøm, 2003). All this depends on reconstructing the (recent) past. Mechanisms of accountability are important ways of controlling the conduct of actors. Most actors are part of a coherent complex of arrangements and relationships, mostly with more than one forum. Bovens (2006) considers at least five different types of accountability: political (with fora as elected representatives, political parties, voters and media), legal (with courts), administrative, corporate or organizational (with stakeholders, auditors, and controllers), professional (with professional peers) and social accountability (with interest groups, charities and other stakeholders). Barata and Cain (2001) prove that accountability without trusted information as evidence of (past) organizational policies, decisions, products, actions and transactions is impossible. The different 'accountability types' need an organizational accountability function to safeguard that evidence. Within that function, corporate governance is an accountability agent. It is the system by which organizations are directed and controlled. It operates systems of control designed to ensure that organizational objectives (e.g., accountability) are met (Porter, 2009). Within corporate governance, information governance establishes opportunities, rules and authorizations for information management (Kooper, Maes and Lindgreen, 2011). Both types of governance are means for reaching the objective of organizational accountability (Porter, 2009). In order to improve accountability, new ICT systems, concepts and methods have been implemented to structure, organize, process and retain [1] the information that is used within organizational processes (records), as well as [2] all the information that is used to document how policies have been designed, decisions made, products manufactured and actions and transactions performed within an organization (meta data). Ensuring the quality of this information is a very important managerial concern of corporate and information governance. It is also a daunting task. Redman (2004: 22) states convincingly that information quality is an ‘unfolding quality disaster’ and that ‘bad’ information is ‘the norm’ in industry. Records and their corresponding meta data are inaccessible, unavailable, incomplete, irrelevant, untimely, inaccurate, and / or not understandable. Their provenance and contextual environment are (mostly) unknown (Epler, 2006; Groth, 2007). In addition, ICT creates the problem of technological obsolescence, because records and their meta data have a longer lifespan than the configurations in which they are created or managed (Boudrez, Dekeyser and Dumortier, 2005). www.ejise.com
128
©Academic Publishing International Ltd
Geert-Jan van Bussel
Toebak (2007, 2010) states that trusted records and their meta data are indispensable as evidence. They are necessary for making reconstructions of (past) organizational policies, decisions, products, actions and transactions. Those reconstructions depend on the captured, retained and accessible trusted records and meta data of an organization as evidence. Without them, reconstruction of the past becomes problematic. Corrupt records cannot be used as evidence of past happenings. Inaccessible, unavailable, irrelevant, untimely, inaccurate, and / or not understandable records are influencing organizational accountability negatively.
3. Status quo and research subject Literature on archival, organization, and information science suggests that there are organizational mechanisms that aim at realization of trusted records: enterprise records management (ERM), organizational memory (OM) and records auditing (RA). Most of this literature is concerned with other aspects than the detailed reconstruction of policies, decisions, products, actions and transactions in the organizational past. Archival science is concerned with the reconstruction of images of organizations in the past. It uses records and meta data of those organizations as evidence for their historical and societal importance. It emphasizes the provenance and the preservation of selected records and their meta data for (re-) use in the future. It is concerned with methods and techniques to appraise and select organizational records for long-term (or indefinite) preservation. Some work has been done on [1] the relationship between records and accountability, and [2] records as evidence of actions and transactions, but its emphasis is not on the reconstruction of the past but on the necessity of trusted records for historical, cultural and democratic accountability. It suggests ERM and RA as mechanisms to realize trusted records; ERM is usually referred to as a ‘record keeping system’ (Bearman, 1993, 1994a, 1994b; Bearman and Sochats, 1996; McKemmish, 1999; Barata and Cain, 2001; Shepherd and Yeo, 2003; Toebak, 2010). In organization science much work has been done on accountability, governance, organizational quality systems, knowledge management, and organizational learning. Most literature emphasizes [1] organizational systems for managing and controlling organizations, [2] assuring process quality and performance, [3] auditing of quality systems and business processes, [4] role and function of knowledge and innovation in organizations, and [5] the way organizations learn from their (past) experiences. It suggests OM as a mechanism to bring to bear on present decisions the 'stored information from an organization’s history’ (Walsh and Ungson, 1991: 61). There is very little or no attention for [1] the detailed reconstruction of past happenings, [2] the importance of trusted records in this reconstruction (with an exception in Meijer (2000, 2001a, 2001b)), and [3] the auditing of trusted records and their meta data (Walsh and Ungson, 1991; Stein, 1995; Bannon and Kuutti, 1996; Dubnick, 1998, 2002; Nonaka and Konno, 1998; Bovens, 2006; Choo, 2006; Porter, 2009). Information science is concerned with the analysis, collection, classification, manipulation, storage, retrieval and dissemination of information. It studies the [1] application and usage of information, [2] interaction between people, organizations and ICT, [3] designing, implementing, and improving of information systems, [4] creating, improving and maintaining of information infrastructures, and [5] auditing of information systems. There has been much attention for the quality of information and information systems, human-computer interaction, semantic web, IT auditing, information retrieval, and trusted computing. No attention is paid to [1] the detailed reconstruction of the past, and [2] trusted records. It suggests OM and RA as mechanisms. RA is not mentioned as a mechanism, but it can be derived from the business process application of IT audits and information audits (Weick, 1979; Croasdell, 2001; Hanseth, 2002; Holsapple and Jones, 2004; Epler, 2006; Groth, 2007; Wang, Funk, Lee and Pipino, 2001; Bussel and Ector, 2009). In this paper, I want to analyse if, and how ERM, OM and RA contribute to the realization of trusted records and to the reconstruction of the past, especially to find out whether the hypothesis that organizational accountability can be improved with a combination of these mechanisms, is correct. An approach in which these possible mechanisms are combined has never been considered, probably because they have been developed in different scientific and professional disciplines.
www.ejise.com
129
ISSN 1566-6379
Electronic Journal Information Systems Evaluation Volume 15 Issue 1 2012
4. Organizational mechanisms for reconstructing the past 4.1 Enterprise records management 4.1.1 Records and ‘records value chain’ Records are sets of related data with a set boundary and with standardized form and structure, meant to be or to be used as evidence for policies, decisions, products, actions and transactions (for they are being processed in business processes) (ISO DIS 15489, 2001). They can be text, (moving) images, sound, database records, technical drawings, or combinations thereof. They are critical for business process performance, for without them production is almost impossible (Toebak, 2010). Meta data linked to records demonstrate and document how those policies, decisions, products, actions and transactions have been performed. Records and their attached meta data make up for almost 90 % of the information in an organization. Widely supported within literature (Toebak, 2007, 2010; Shepherd and Yeo, 2003) is the definition of ERM in clause 3.16 of ISO / DIS 15489 (2001): ‘the field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use and disposition of records, including the processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records’. According to Bussel and Ector (2009), ERM organizes the 'records value chain', the chain that ensures that the 'value' of records is used in business processes to improve performance. This chain directly affects the performance of business processes, because records are crucial for production. The ‘records value chain’ includes all records processes, from creation or receipt to capture, storage, processing, distribution, structuring, publication, use, appraisal, selection, disposal, retention, security, auditing and preservation. In literature, this chain is also referred to as the 'information value chain' (Davenport, 1993), or as the 'knowledge chain' (Holsapple and Jones, 2004). ERM is oriented on records processes, the effects of those processes on business processes, the reconstruction of past policies, products, actions and transactions, and the dimensions and quality requirements of records. 4.1.2 The dimensions of records Records have two special extra dimensions above the seven dimensions normally associated with information. Those seven dimensions are meticulously analysed in literature, e.g., Päivärinta (2000), Liu (2004) and Francke (2005). Those dimensions are increasing density, decreasing longevity, disappearing uniqueness, easy duplicability, exploding mobility, increasing fluidity and problematic connectivity. For this paper, the two extra dimensions for records are important. The first extra dimension for records is 'contextuality'. Records only have meaning within a context. That concept has been defined as ‘the whole of the relationships that the record has with the activity in which it participates, its creator, and the socio-juridical system in which the creator acts’ (Duranti (1997: 60). The concept suggests that knowledge of the context of the action or transaction itself is connected to the records, generated within that action or transaction. Without that knowledge, it is impossible to extract meaning out of records. It is knowledge about the juridical system, in which the organization operates, the structure of the organization and its functions, the procedures by which records are generated and the records collection to which records belong and its internal structure. Groth (2007) suggests that context has three characteristics: (1) it needs accurate documentation, (2) it is in the past, and (3) it is necessary for the tracking and the reconstruction of business processes. The context of records captures a complex social situation in meta data to allow a reconstruction of the past. It is impossible to capture that social situation into definable and distinct objects. It can only be captured in the 'simplified' way of meta data. The second extra dimension is 'fixity'. Brown and Duguid (1996) argue that reading the same text creates a sense of community that is threatened by dimensions as fluidity and connectivity. Latour (1990) impresses the necessity of 'immutable mobiles', which express the combination of immutability and mobility. Levy (2001) and Lynch (1994) emphasize that 'fixity' of records is necessary for stability and repeatability of communication. This 'permanence' is essential for records. It must be possible to reproduce or reconstruct a record repeatedly, independent of time, with the same data, with the same presentation (layout) and in the same composition as at the time of creation. Records need to be 'fixed', for they are recorded for later consultation and used for the reconstructing of past happenings. Those are the reasons why their users need to trust them. www.ejise.com
130
©Academic Publishing International Ltd
Geert-Jan van Bussel
4.1.3 The quality requirements of records In this age of organizational chains, e-commerce, inter-organizational data warehouses, computer mediated exchange, cloud computing, and authentic registrations, it is crucial that policies, decisions, products, actions and transactions can be reliably reconstructed in context. Trusted records and trusted meta data are therefore necessary. In information science, there is much work done on the quality of information. Much of that work is focused on aspects as system and software development, software systems, systems development organization and ICT infrastructure (e.g., Wang, Funk, Lee and Pipino, 2009). It is focused on structured information, and more concerned with ICT and its implementation than with records and records quality (Ragowski, Licker and Gefen, 2008). No attention is paid to the extra dimensions of records. That may be one of the reasons for the problems with information quality Redman (2004) mentioned. The focus in ERM is exclusively on the quality requirements of records, their meta data and the 'records value chain'. For records and their meta data, four quality requirements are recognized in ERM: integrity (it must be impossible to wrongly add or delete data), authenticity (they must have the right presentation and data), controllability (they can be tested on reliability) and historicity (they can be reconstructed as an 'immutable mobile'). These requirements realize the fixity of records and enable users to trust them and to use them as evidence. The 'records value chain' ensures that records are correct and complete in spite of all handling that may be necessary (e.g., conversion, compression). The requirements for this chain are identical to those for business processes. They are well-known, namely reliable time of delivery, effectiveness, efficiency, product quality, alignment of needs, product management, and compliant. This overview of quality features differs from the features mentioned in ISO / DIS 15489 (2001). Within this standard the quality of records and the quality of the 'records value chain' are intermingled. The standard distinguishes features as 'authenticity', 'reliability', 'integrity' and 'usability'. 'Integrity' corresponds to the mentioned concept of integrity, but also exhibits characteristics of historicity. 'Authenticity' corresponds partly with the authenticity concept above, but it refers also partly to the 'records value chain'. 'Reliability' emphasizes controllability, but also the quality of the 'records value chain'. 'Usability' refers to the quality of the 'records value chain'. This intermingling of concepts is the reason why I am not using the features of this standard in this paper. The quality requirements above do realize the features of this standard, but in a more balanced way. 4.1.4 Reconstructing the past and ERM The deficiencies in records and in ERM that existed before ICT was introduced are still there (Redman, 2004). One of the reasons may be the focus on structured information in information science. In ERM the point is made that the failure to realize the quality requirements of records, the 'records value chain' and their meta data, is a threat to the possibilities to reliably reconstruct the past. Because of that failure, the organizational accountability function cannot be successful. ERM, managing the ‘records value chain’, ensures that records meet the quality requirements necessary for accountability: integrity, authenticity, controllability and historicity. These requirements ensure records that can be trusted and can be used as evidence. Trusted records improve the possibility of reconstructing past policies, decisions, products, actions and transactions. ERM is process-oriented and has only a limited interest in system development, software systems, and ICT infrastructure. That can be a bottle-neck in protecting the quality requirements of records in digitized environments, for defining preconditions for system development, software systems and ICT infrastructures may not be enough to definitely ensure the quality requirements of records.
4.2 Organizational memory 4.2.1 What is the OM? Organizations have frames of references, shared beliefs, values, norms, routines, structures, and other physical artefacts that reflect the way they have handled their past experiences. OM (or institutional or corporate memory) may be defined as 'organization's DNA' (Spear and Bowen, 1999). It is a metaphorical concept that describes storage, representation and sharing of knowledge, culture, power, practices and policy. Kim (1993: 43) views OM pragmatically as: '(it) includes everything that is contained in an organization that is somehow retrievable. Thus storage files of old invoices are part of that memory. So are copies of letters, spreadsheet data stored in computers, and the latest strategic www.ejise.com
131
ISSN 1566-6379
Electronic Journal Information Systems Evaluation Volume 15 Issue 1 2012
plan, as well as what is in the minds of all organizational members'. Its purpose is to reduce the costs of transactions, to enlarge the speed of access to past practices and solutions, to help in decisionmaking, to share knowledge and to reduce the dependency of individuals. OM is connected with 'organizational learning', the metaphorical ability of organizations to learn from past and current experiences. Crucial for 'learning' are, according to Weick (1979), the use and dissemination of the OM, the accuracy of the memory, and the circumstances in which it was created. To learn, in short, reliable reconstruction of the past is necessary. 4.2.2 Contents, repositories and processes Four separate types of memory contents are distinguished: information, knowledge, paradigms and skills. Information includes all structured and unstructured information in an organization. Knowledge is made out of mental templates 'that individuals impose on an information environment to give it form and meaning' (Walsh, 1995: 281). Paradigms are organizational beliefs, values and norms and represent the rules about what one should or should not do. Skills are capabilities of people and have a personal quality, rooted in action, commitment, and involvement in a specific context (Stein, 1995). Repositories imply memory contents. Walsh and Ungson (1991) modelled the OM as a transcendent infrastructure with five 'retention bins' around which the acquisition and preservation of knowledge takes place: people, culture, processes, structure, and workplace. Moorman and Miner (1997) also consider other physical organizational artefacts, like machines, as 'retention bins', because they embody prior learning. In addition, Wijnhoven (1996) recognized ICT systems and their contents as a repository. These repositories have different limitations and opportunities for storing and retaining memory, and differ in speed, reliability, susceptibility to physical degeneration and availability. They are influencing the possibilities to reconstruct the past, for they concern the OM's temporal aspects. These temporal aspects are essential for the reconstruction of the past. Memories are, for lack of a better word, time-functions (Stein, 1995). A durable and reliable infrastructure for the OM will help an organization to seek competitive advantages, develop the organization learning concept, increase autonomy or be accountable (Croasdell, 2001). Holsapple and Jones (2004) state that knowledge processes of acquisition, selection, generation, assimilation and emission bring past knowledge to bear on present activities. Acquisition is defined as acquiring knowledge from external sources and making it suitable for subsequent use. Selection refers to the activity of identifying needed knowledge within an organization’s resources and providing it in an appropriate representation to an activity that needs it. Generation is defined as producing knowledge by either discovery or derivation from existing knowledge. It includes monitoring the external environment and the organization’s knowledge resources by invoking selection and / or acquisition as needed, evaluating knowledge in terms of its usability, producing knowledge from existing knowledge, and transferring that for emission and / or assimilation. Assimilation refers to the activities that alter the state of an organization’s knowledge by internally distributing and storing acquired, selected, or generated knowledge. Emission refers to the embedding of knowledge into organizational output for release into the environment. It is never stated, but these processes are closely related to the 'records value chain', for knowledge is largely stored within records. 4.2.3 ICT infrastructure and OM In OM research, there are two main research directions. The first direction stresses the importance of a reliable ICT infrastructure for the development of an OM to enable the continuous storage and manipulation of knowledge of ‘good’ quality. Much work has been done on ‘organization memory information systems’, knowledge management systems, hard- and software architectures and software development (Wijnhoven, 1996; Abecker, Decker, Matta and Maurer, 1998). The second direction focuses on the human aspects of the OM as a tool to stimulate 'organizational learning'. This research tries to make the relationship between human knowledge creation and OM more explicit (Nonaka and Konno, 1998). Even in this research direction there is attention for a reliable and durable ICT infrastructure (Croasdell, 2001). An OM is based on 'the will to preserve, in order to reuse [it] later or the most rapidly' (Ribière and Matta, 1998: 130). The ICT infrastructure of the OM continuously captures and analyses knowledge assets of an organization. It is a collaborative ICT environment where people can query structured and unstructured information in context to retrieve and preserve ‘organizational knowledge’. Although within OM-literature records and their meta data are not mentioned, it is clear that they belong to the www.ejise.com
132
©Academic Publishing International Ltd
Geert-Jan van Bussel
knowledge assets of an organization, and that they are recorded, stored, secured and maintained within the ICT infrastructure of the OM. This ICT infrastructure safeguards the quality requirements of information over time. Besides reconstructions of the past, the retained records and their meta data illustrate also, as Bannon and Kuutti (1996) and Ketelaar (1999) stated, how an organization did choose to act and which experiences it really wanted to remember. 4.2.4 Fragility of the OM The features of the OM are fragile. They are easily influenced by the restructuring of organizations (Boudrez, Dekeyser and Dumortier, 2005). There are many unique security and durability challenges (Bearman, 2006). The many security threats to the OM, like viruses, trojan horses, worms, password cracking, denial-of-service attacks, e-mail hacking, impersonation, eavesdropping, packet replay, packet modification, social engineering, intrusion attacks, network spoofing, etc. are very important (Hasan, Myagmar, Lee and Yurcik, 2005), but the durability challenges are the most crucial here. They endanger the trust in a reliable OM. First, hard- and software configurations are needed for accessing, retrieving and viewing records. As much information will have a longer lifespan than the configurations in which it was created, a solution for technological obsolescence should be available. Secondly, the large influx of information that confronts the infrastructure of the OM requires automated archiving and retrieving functionalities. The large increase of records needs this infrastructure to be 'shared, evolving, open, standardized, and heterogeneous' (Hanseth, 2002). The ICT infrastructure needs to continuously adapt, transform, renew and grow. Thirdly, information is of a highly diverse nature. There is a diversity of object types, operating systems and applications. The handling of this diversity is not self-evident, while at the same time information can be continuously modified. Fourthly, information can only be reliably used, when users can interpret it in its original organizational context. Context and information need to be forever linked to realize access, retrieval and preservation over time and (thus) to allow reconstruction of the past. 4.2.5 Reconstructing the past and OM ICT infrastructures are the core of OM research. In OM-literature, durable and reliable infrastructures are almost considered to be self-evident. This may be incorrect. The temporal dimension of the OM operates 'memories', time-functions that are used to reconstruct past policies, decisions, products, actions and transactions. Records and their meta data are never mentioned, but they are part of the knowledge assets of an organization. A very important contribution of OM is that all organizational knowledge assets are used for reconstruction of the past. Although organizational accountability is not mentioned as an aim of OM, it can be the result of using knowledge to reconstruct past happenings. OM is especially concerned with ‘organizational learning’ when reconstructing past experiences. OM ensures that information is preserved as long as is necessary. It provides an ICT infrastructure to (indefinitely) store information and to keep it accessible.
4.3 Records auditing 4.3.1 What is RA? There is little work done on RA. It may be considered as a specialized part of internal (or operational) auditing. It is independent and is designed to improve an organization's operations. This mechanism helps organizations accomplish their objectives by bringing a systematic approach to evaluate and improve the effectiveness and efficiency of business processes (Porter, 2009). It is a systematic process of planned, logical and purposeful steps and procedures to assess [1] the management and the quality requirements of records and 'records value chain', [2] the functioning of ERM, and [3] the ICT infrastructure that realizes the OM. RA focuses on both technological as non-technological systems. A records auditor assesses if the records in the OM are accessible, understandable and documented, for only than fact finding and reconstruction of past happenings are possible. RA researches:
The processing of actions and transactions within business processes;
The dissemination of trusted records;
www.ejise.com
133
ISSN 1566-6379
Electronic Journal Information Systems Evaluation Volume 15 Issue 1 2012
The way the organization accounts for the actions and transactions within its business processes; and
The reconstruction of actions and transactions from business processes over time.
RA checks for deviations in records, their meta data and the 'records value chain' that result from abnormalities in the execution of the business processes and / or the information systems used. The importance of RA increases as the complexity of the records, their meta data en their organizational environment grows. In RA the 'records value chain', combined with the required ICT infrastructure for the OM, is considered to be a critical success factor for the performance of business processes (Bussel and Ector, 2009). 4.3.2 RA and knowledge work Knowledge workers are individuals valued for their ability to act and communicate with knowledge. They solve problems to influence decisions, priorities and strategies, within business processes as well as within the organization in general. Knowledge workers engage in peer-to-peer knowledge sharing across organizational boundaries, forming networks of expertise. Organizations engage in collaboration activities to survive, with on-going alliances of public and private organizational teams to solve problems. Due to the expansion of actions and transactions via the Internet, there has been an increasing demand for knowledge workers. They are continuously confronted with shortcomings in the OM (Coulson-Thomas, 1991), which focus on the relationship between records and performance of business processes (Strong, Lee and Wang, 1997). From an ICT perspective, knowledge work has to do with high information complexity and a focus on organization-wide and inter-organizational communication in its business processes. The storage, dissemination and processing of records require complex systems for ERM. Knowledge work requires the definition of meta data and the provision of ontologies, user profiles, communication diagrams, knowledge maps and diagrams that show what objects, persons, instruments, roles, communities, rules and outcomes are involved in the main knowledge-related activities. This perspective calls for (1) a systematic, flexible handling of context, (2) intelligent functions to handle the OM, and (3) extended functionality for collaboration. Knowledge work needs RA to safeguard ERM, which is one of the most essential features for knowledge work, and to assess the OM and its infrastructure. 4.3.3 RA’s area’s Several areas of RA can be defined (Epler, 2006; Bussel and Ector, 2009). First, the input and output factors of a business process are problematic. Knowledge workers have difficulties with the excessive amount of records. Records are also often processed in structures, versions and file formats that cast doubt on their quality requirements. This creates difficulties in the assessment of the reliability of the OM. Secondly, the 'records value chain', as implemented in organizational practice. RA concentrates on the use of records and checks if that is in accordance with established agreements. The design of business processes often does not match the handling of work, leading to problems in accountability. As a solution, organizations can choose to structure records within the OM according to business processes or to the activities in which knowledge workers perform. Thirdly, the used ICT infrastructure affects shape, characteristics and quality of the OM. ICT aspects are complex interfaces, the 'unfriendliness' of ICT systems, inadequate system performance, few possibilities to control, lack of interactivity, etc.. ICT is hardly tailored to a user’s context. Knowledge workers are due to make mistakes, which affect the quality of the records. The potential of ICT to improve the reliability and the durability of records should be used. Fourthly, the workplace of knowledge workers. This is a focus because distractions from colleagues, the administrative processing to be performed, the planning of the work, the overall organizational context, and ergonomics, have an impact on a reliable processing and capture of records in ICT systems. Knowledge workers with a stressful workplace make more 'mistakes' and are more likely to ignore procedures of the 'records value chain'. 4.3.4 Reconstructing the past and RA In RA ERM and OM are audited to assess the possibility to reliably reconstruct past organizational actions and transactions and to offer consultations on adaptations and alterations for improving ERM and OM. RA assesses the processing of policies, decisions, products, actions and transactions within business processes and the transformation from input to output, the dissemination of trusted records, the way organizations account for the handling of their business processes, and the reconstruction of www.ejise.com
134
©Academic Publishing International Ltd
Geert-Jan van Bussel
policies, decisions, products, actions and transactions over time. RA is a mechanism for organizations to use to ascertain themselves that the available means for reconstructions are in excellent order and ready to be used.
5. Conclusion In this paper, I analysed the contribution of ERM, OM and RA in realizing trusted records and in reconstructing the past. It is my conclusion that: [1] ERM safeguards the 'records value chain' and ensures that records and their meta data meet the quality requirements of integrity, authenticity, controllability and historicity and (therefore) can be reliably used in business processes as source of trusted information; [2] The OM ensures that records and their meta data (as a knowledge asset) are preserved. It provides an ICT infrastructure to (indefinitely) store records and keep them accessible; [3] RA audits ERM and OM periodically to assess the possibility to reliably reconstruct past actions and transactions. ERM and OM have a direct contribution to the realization of trusted records and their meta data. RA checks them to verify if it is possible to use them to reconstruct past policies, decisions, products, actions and transactions. Its contribution is indirect. All three mechanisms assist organizations in reconstructing the past and can be used for improving accountability. Theoretically, combining these three mechanisms will certainly improve accountability more than implementing only one of them. ERM and OM are complementary. Combining the process-oriented emphasis of ERM with the infrastructure-oriented emphasis of OM will have positive effects on maintaining trusted records and on reconstructing the past over time. RA will ensure that both mechanisms keep doing what they have to do: creating and maintaining trusted records, against all odds. My hypothesis seems theoretically viable, but still has to be validated in practical case studies.
6. Future work Governments, courts and other stakeholders are making increasing demands for the trustworthiness, accuracy, and reliability of records. Those demands are creating a need to more clearly define the 'records value chain'. Research is needed to see if recognition of this 'chain' will be a solution for the problems mentioned in this paper. The preservation of records in the OM is critical. There is as yet no preservation strategy that guarantees the preservation of records and their contextual meta data in the long term. It is here that much of the future research should be focused, for the ICT infrastructure is extremely important for preserving records.
Acknowledgements My thanks to Eric Ketelaar, Peter Horsman, Theo Thomassen, Hans Henseler and Peter Toebak who made valuable suggestions.
References Abecker, A, Decker, S., Matta, N., Maurer, F., and Reimer, U. (1998) ‘Building, maintaining, and using organizational memories’, Proceedings of the workshop on Organizational Memories at the European Conference on Artificial Intelligence at ECAI-98, Brighton, pp. 109-128. Bannon, L.J., and Kuutti, K. (1996) ‘Shifting perspectives on Organizational Memory. From storage to active remembering’, Proceedings of the 1996 Hawaii International Conference on System Sciences (HICSS-29), Maui, pp. 156-168. Barata, K., and Cain, P. (2001) ‘Information, not technology, is essential to accountability: electronic records and public-sector financial management’, The Information Society Vol. 17, pp. 247-258. Bearman, D. (1993) ‘Record Keeping Systems’, Archivaria Vol. 36, pp. 16-36. Bearman, D. (1994a) ‘Towards a reference model for business acceptable communications’, [online], Archives and Museum Informatics, http://web.archive.org/web/19970707064048/http://www.lis.pitt.edu/~nhprc/prog65.html [12 Dec 2011] Bearman, D. (1994b) Electronic Evidence. Strategies for managing records in contemporary organizations, Pittsburgh: Archives and Museum Informatics. Bearman, D., and Sochats, K. (1996) ‘Metadata requirements for evidence’, Lysakowski, R., and Schmidt, S. (ed.) Automating 21st Century Science. The legal, regulatory, technical and social aspects of electronic laboratory notebooks and collaborative computing in R&D, Sudbury (MA): TeamScience Publishing. Online
www.ejise.com
135
ISSN 1566-6379
Electronic Journal Information Systems Evaluation Volume 15 Issue 1 2012
accessibility: http://web.archive.org/web/19970707063459/http://www.lis.pitt.edu/~nhprc/BACartic.html [12 Dec 2011]. Bearman, D. (2006) ‘Moments of risk. Identifying threats to electronic records’, Archivaria Vol. 62, fall, pp. 15-46. Boudrez, F., Dekeyser, H., and Dumortier, J. (2005) Digital Archiving. The new challenge, Mont Saint Guibert: IRIS, Bovens, M. (2006) ‘Analysing and assessing public accountability. A conceptual framework’, [online], European Governance Papers, No. C-06-01, http://www.connex-network.org/eurogov/pdf/egp-connex-C-06-01.pdf [12 Dec 2011] Brosius, M. (2003) 'Ancient Archives. An introduction', Brosius, M. (ed.), Ancient archives and archival traditions. Concepts of record-keeping in the Ancient World, Oxford: Oxford University Press, p. 1-16. Brown, J.S., and Duguid, P. (1996) ‘The social life of documents’ [online], First Monday, No. 1, http://firstmonday.org/htbin/cgiwrap/bin/ojs/index.php/fm/article/view/466/387 [12 Dec 2011] Bussel, G.J. van, and Ector, F.F.M. (2009) Op zoek naar de herinnering. Verantwoordingssystemen, contentintensieve organisaties en performance, Helmond: Van Bussel Document Services. Choo, C.W. (2006) The Knowing Organization. How organizations use information to construct meaning, create nd knowledge, and make decisions, New York: Oxford University Press, 2 edition. Coulson-Thomas, C. (1991) ‘IT and new forms of organization for knowledge workers’, Employee Relations Vol. 13, no. 4, pp. 22-32. Croasdell, D.T. (2001) ‘IT's role in Organizational Memory and Learning’, Information Systems Management Vol. 18, no. 1, pp. 8-11. Davenport, T.H. (1993) Process Innovation. Reengineering work through information technology, Boston: Harvard Business School Press. Dubnick, M.J. (1998) ‘Clarifying accountability. An ethical theory framework’, Samford, C., and Preston, N. (ed.) Public sector ethics. Finding and implementing values, Sidney: Routledge, pp. 68-81. Dubnick, M.J. (2002) 'Seeking salvation for accountability' [online], Annual Meeting of the American Political Science Association, http://mjdubnick.dubnick.net/papers/2002/salv2002.pdf [12 Dec 2011] Duranti, L. (1997) ‘The preservation of the integrity of electronic records’, Proceedings of the DLM-Forum on electronic records. Brussels, 18-20 December 1996, Luxemburg: Office for Official Publications of the European Communities, pp. 60-65. Epler, M.J. (2006) Managing information quality. Increasing the value of information in knowledge-intensive products and processes, Berlin-Heidelberg: Springer, 3rd edition. Francke, H. (2005) ‘What's in a name? Contextualizing the document concept’, Literary and Linguistic Computing Vol. 20, no. 1, pp. 61-69. Groth, P.T. (2007) The origin of data. Enabling the determination of provenance in multi-institutional scientific systems through the documentation of processes, Southampton: University of Southampton. Hanseth, O. (2002) ‘From systems and tools to networks and infrastructures. Towards a theory of ICT solutions [online], http://heim.ifi.uio.no/~oleha/Publications/ib_ISR_3rd_resubm2.html [12 Dec 2011] Hasan, R., Myagmar, S., Lee, A.J., and Yurcik, W. (2005) ‘Toward a threat model for storage systems', Storage SS '05. Proceedings of the 2005 ACM workshop on Storage security and survivability, New York: Association of Computing Machinery, pp. 94-102 Holsapple, C.W., and Jones, K. (2004) ‘Exploring primary activities of the knowledge chain’, Knowledge and Process Management Vol. 11, no. 3, pp. 155–174. ISO/DIS 15489 (2001) Information and documentation -- Records management: Terms and Definitions, Geneva, International Standards Organization. Ketelaar, F.C.J. (1999, 'Archivalisation and Archiving', Archives and Manuscripts Vol. 27, may, pp. 54-61. Kim, D.H. (1993) ‘The link between individual and organizational learning’, Sloan Management Review Vol. 35, no. 1, pp. 37-50. Kooper, M., Maes, R. and Lindgreen, E.R. (2011) ‘On the governance of information. Introducing a new concept of governance to support the management of information’, International Journal of Information Management Vol. 31, no. 3, June, pp. 195-200. Latour, B. (1990) ‘Postmodern? No, simply amodern! Steps towards an anthropology of science’, Studies In History and Philosophy of Science, Vol. 21, no. 1, pp. 145-171. Levy, D.M. (2001) Scrolling forward. Making sense of documents in the digital age, New York: Arcade Publishing. Liu, Z. (2004) ‘The evolution of documents and its impacts’, Journal of Documentation Vol. 60, no. 3, pp. 279288. Lynch, C.A. (1994) 'The integrity of digital information. Mechanics and definitional issues', Journal of the American Society for Information Science, Vol. 45, no. 10, pp. 737-744. McKemmish, S. (1999) ‘The smoking gun: recordkeeping and accountability’, Archifacts, April, pp. 1-15. Meijer, A. (2000) ‘Anticipating accountability processes’, Archives & Manuscripts Vol. 28, no. 1, pp. 52-63. Meijer, A. (2001a) ‘Accountability in an Information Age. Opportunities and risks for records management’, Archival Science, Vol. 1, no. 4, pp. 361 – 372. Meijer, A. (2001b) ‘Electronic records management and public accountability. Beyond an instrumental approach, The Information Society, Vol. 17. no. 4, pp. 259 – 270. Moorman, C., and Miner, A.S. (1997) ‘The impact of organizational memory on new product performance and creativity’, Journal of marketing research Vol. 34, no. 1, pp. 91-106. Mulgan, R. (2000) ‘Accountability': an ever-expanding concept ?', Public Administration Vol. 78, no. 3, pp. 555– 573. www.ejise.com
136
©Academic Publishing International Ltd
Geert-Jan van Bussel
Nonaka, I., and Konno, N. (1998) 'The concept of 'Ba'. Building foundation for knowledge creation', California Management Review Vol. 40, no. 3, pp. 40-54. Päivärinta, T. (2000) 'Documents in information management. Diverging connotations of 'a document' in the digital era', Päivärinta, T., Towards a genre-based, critical approach to Enterprise Document Management, Jyväskylä: University of Jyväskylä, pp. 52-73. Porter, B. (2009) ‘The audit trinity. The key to securing corporate accountability’, Managerial Auditing Journal Vol. 24, no. 2, pp. 156-182. Ragowski, A., Licker, P.S., and Gefen, D. (2008) 'Give me information, not technology', Communications of the ACM Vol. 51, no. 6, June, pp. 23-25. Redman, T.C. (2004) ‘Data: un unfolding quality disaster’, DM Review, no. 8, August, pp. 22-23, 57. Ribière, M., and Matta, N. (1998) ‘Virtual enterprise and corporate memory’, Proceedings of the workshop on Organizational Memories at the European Conference on Artificial Intelligence at ECAI-98, Brighton, pp. 129-147. Shepherd, E., and Yeo, G. Managing records. A handbook of principles and practice, London: Facet Publishing. Spear, S., and Bowen, H.K. (1999) ‘Decoding the DNA of the Toyota production system’, Harvard Business Review Vol. 77, no. 5, pp. 97-106. Stein, E. (1995) ‘Organizational memory: review of concepts and recommendations for management’, International Journal of Information Management Vol. 15, no. 1, pp. 17-32. Strøm, K. (2003), 'Parliamentary democracy and delegation', Delegation and accountability in parliamentary democracies Vol. 53, pp. 55-107. Strong, D.M., Lee, Y.W., and Wang, R.Y., 'Data quality in context', Communications of the ACM 40 (1997), nr. 5, pp. 103-110. Toebak, P.M. (2007) Records Management. Ein Handbuch, Baden: Hier + Jetzt. Toebak, P.M. (2010) Records Management. Gestaltung und Umsetzung, Baden: Hier + Jetzt. Walsh, J.P. (1995) 'Managerial and organizational cognition: notes from a trip down memory lane', Organization Science Vol. 6, no. 3, pp. 280-321. Walsh, J.P., and Ungson, G.R. (1991) ‘Organizational memory’, The Academy of Management Review Vol. 16, no. 1, pp. 57-91. Wang, R., Funk, J., Lee, Y., and Pipino, L. (2009) Journey to Data Quality, Cambridge (Ma.): MIT Press. nd Weick, K.E. (1979) The social psychology of organizing, New York: McGraw-Hill, 2 edition. Wijnhoven, F. (1996). ‘Organizational memory and information technology. The missing link’, Coelho, J.D., Jelassi, T., König, W., Krcmar, H., O'Callaghan, R., and Sääksjärvi, M. (ed.), Proceedings of the Fourth European Conference on Information Systems, Lisbon, pp. 571-584.
www.ejise.com
137
ISSN 1566-6379