Evidentiary risk: The case for high EDRMS adoption rates

Achieving good adoption rates for an Electronic Document and Records Management System (EDRMS) implementation–and by ‘good’ I mean ‘more than 80% adoption’–along with the accompanying good recordkeeping practices, requires a change in behaviour. Unlike a payroll system, for example, where if people want to be paid, they have to enter their hours into the electronic timesheet which comes with it, an EDRMS in almost all cases has no such personal motivator for its exclusive use. People can and do still use shared drives, personal drives and devices such as thumb drives, and leave email records in systems such as MS Outlook.

Much of the focus of government and their agencies in the implementation of an EDRMS since the early 2000’s has been on compliance with legislation. State governments and the Commonwealth Government have all introduced legislation and regulations covering the requirements of recordkeeping, and many have set compliance dates for their agencies.

Obtaining the behavioural changes required to achieve high EDRMS adoption rates requires that at some point during the life of the change programme that accompanies the EDRMS implementation, senior management must visibly and consistently support the change programme itself. However, from a change management point of view, compliance is a weak argument to use with senior management to get their support, unless the consequences are real and relatively immediate.

Despite the plethora of Acts of State and Commonwealth Governments regulating the keeping of records, there is no consequence for poor recordkeeping beyond embarrassment and in some extreme cases, career limitation.

Senior managers, when faced with the postulation by a records and information manager that there are dire consequences for non-compliance will often ask how many people have faced legal sanction, and the answer is invariably, “Nil”.

The results of our research with Linked Training (Dwyer & Linton) in what it takes to make an EDRMS project successful or unsuccessful reinforce this view. The research revealed that when sponsors of an EDRMS disbelieve that the benefits of its implementation are productivity improvements and risk reduction, the failure rate rises from 25% to 100%.

So, at one end of the continuum of proving the return on investment for implementing an EDRMS and good recordkeeping practices is compliance, which is weak, and at the other end is productivity, which is always strong.

In the middle is risk.

Productivity is relatively easy to demonstrate if the people making the justification have, or can gain, a good understanding of business processes and how to use the functionality of an EDRMS to automate the processes as well as providing a single source of truth. Automating the process provides real benefits in elapsed time and in the amount of productive time used for a unit of output.

Unfortunately, too often we see that people justifying an EDRMS do not have the understanding or capability to map business processes and instead concentrate on the relatively meaningless, unrealisable gains of saving seconds and minutes searching for an individual record multiplied by the annual number of records searched for.

Risk is more difficult to quantify in a manner that forces senior managers to take notice unless it immediately follows a catastrophic risk event resulting in a death, severe loss of reputation or assets, or severe damage to the environment. This is because risk is evaluated by its likelihood and consequence and too many people, including senior managers, can easily see the likelihood of risk, but forget the consequence unless they have had experience with a recent occurrence that makes it fresh in their mind.

When it comes to risk, it is difficult to be categorical and say that an event will occur that has a negative consequence in a specific timeframe, which to be relevant to senior managers needs to reflect a planning cycle timeline.

That landscape is changing, however. Increasingly, regulations governing evidence are making it imperative that an organisation has a robust system of managing electronic records if they expect to be in court, or having a case dealt with by any other office, which has rules of evidence as a prominent element in the manner in which a case is managed.

Evidence laws passed in many states and the Commonwealth since 2008 have changed the landscape of acceptable evidence away from hard copy originals only, now to include electronic records.

In order to form good evidence, records must be:

  • Authentic: able to be demonstrated to be what they purport to be
  • Reliable: able to be shown to have been unaltered / not tampered with
  • Accessible: capable of being found, read or interpreted easily whenever they are needed

Legal firms are realising the necessity of good records management amongst their clients. “Process integrity is more important than ever. Although under the Evidence Act there is a presumption that a copy of an original is admissible, there is no presumption that the evidence is reliable. Therefore, it is very important that proof of the system/record integrity of records are consciously generated and kept.” (Argy , Gunning, & Lim)

It is now evident that large organisations that regularly find themselves involved in activities where the rules of evidence are applied and that do not have good recordkeeping systems are exposing themselves risk of not having their evidence accepted. Those activities are not limited to court appearances. They include but are not limited to:

  • Ombudsman investigations
  • Coronial enquiries
  • Investigations regarding applications to:
    • local councils
    • building authorities
    • financial authorities
    • health and safety authorities
    • workers compensation authorities

The return on investment continuum for implementing an EDRMS and achieving high (>80%) levels of adoption is now firmly swinging away from compliance to risk, as well as productivity, as rules of evidence applying in these activities change in practice as well as in regulations. Senior executives who can safely ignore the compliance argument will find it much more difficult to ignore the evidentiary risk argument.


Argy , P., Gunning, P., & Lim, C. (n.d.). Electronic Evidence, Document Retention and Privacy. Retrieved October 20th, 2013, from King & Wood Mallesons

Dwyer, K., & Linton, M. (n.d.). EDRMS Success. Retrieved October 20th, 2013, from Change Factory

Comments are closed.