A major indicator can be the act of deletion or pressure on staff to delete, remove or otherwise dump past records following a restructure, a new division launch, a JV or acquisition. An excuse of, “Oh, I’m sorry those files were destroyed” should be cause for alarm. It will be an even bigger problem where international operations are involved as it’s far harder to find or recreate evidence in a foreign territory.
ACTION: Take care to establish and log where paper documents are and when they should and should not be stored. Identify who is in control of the system processes and who is responsible for and has ownership of the records. They are not always the same person of course. Ensure that scanning, and indexing works properly and that no-one can intercept/edit documents. Also ensure that storage capacity is enough and controlled properly. Where acquisitions and mergers are concerned, ensure that all documents are available and stored appropriately and securely, especially those that relate to IP protection, IP development records, audit trails and staff contracts. In particular, if you are acquiring a business make sure that you have indemnities/penalty clauses built into the acquisition agreements that relate to the availability of data, logs, audit trails and so forth.