Na#onalArchivesandRecordsAdministra#onSeptember26,2017

FederalAuditExecu9veCouncil

AnnualConference

LaurenceBrewer–ChiefRecordsOfficerfortheU.S.GovernmentDonaldRosen–Director,RecordsManagementOversightand

Repor#ng

ModernizingRecordsManagement

• Presiden9alMemorandum

• ManagingGovernmentRecordsDirec9ve

• NARADraGStrategicPlan

Moderniza#onGoals

Requireelectronicrecordkeepingtoensuretransparency,efficiency,andaccountability

DemonstratecompliancewithFederalrecordsmanagementstatutesandregula9ons

Transforma#onalTargets

4

By2016,agenciesmanageallemailinanaccessible,electronicformat

By2019,agenciesmanageallpermanentelectronicrecordsinelectronicformats

TheDirec9verequiredNARAtotakeac9onon18othertargets,mostcompletedby2016

DraGStrategicPlan•  FourStrategicGoals

–  MakeAccessHappen–  ConnectwithCustomers–  MaximizeNARA’sValuetotheNa9on–  BuildOurFutureThroughOurPeople

•  ByFY2020,NARAwillhavepoliciesandprocessesinplacetosupportFederalagencies’transi9ontofullyelectronicrecordkeeping.

•  ByDecember31,2022,NARAwill,tothefullestextentpossible,nolongeraccepttransfersofpermanentortemporaryrecordsinanalogformatsandwillacceptrecordsonlyinelectronicformatandwithappropriatemetadata.

•  ByFY2019,NARAwillconductinspec2onsofrecordsmanagementprac2cesat10percentofFederalagenciesperyear,toensurethatFederalemailandotherpermanentelectronicrecordsarebeingmanagedinanelectronicformat.

5

CurrentandFuturePriori#es•  2019SuccessCriteria

•  ERMRequirements,FIBFandUseCases,GSASchedule36

• WebGuidanceRefresh

•  Digi9za9onandMetadataGuidance

•  Advocacy,Outreach,andSAORMEngagement

SAORMEngagement•  LeadershipofSAORMsiscri9caltosuccess

•  SAORMpost-transi9onemailsandmee9ngs

• NARABulle9ndefinesroles,responsibili9es,andexpecta9ons

Na#onalArchivesandRecordsAdministra#onSeptember26,2017

FederalAuditExecu9veCouncil

AnnualConference

DonaldRosen–Director,RecordsManagementOversightandRepor#ng

RecordsManagementOversight

h`p://www.archives.gov/records-mgmt/resources/inspec9ons.html

h`ps://www.archives.gov/records-mgmt/resources/rm-inspec9ons

AgencyInspec9ons•  Purpose

–  Basedon36CFR1239,PartofNARA’sregulatoryoversightrole–  Iden9fychallengesandrecommendsolu9ons–  Monitorimprovementsandprogress

•  Doagencieshave–  Policies,direc9ves,SOPs,trainingprograms,evalua9onofrecordsprograms,–  Recordsmanagementawarenessandoutreach

•  RecordsProgramandScheduleimplementa9on–  Accessandretrieval,Storageareasandissueswithrecordscenters–  Retainedrecords,Dounscheduledrecordsexist

•  Rela9onshipwithIT–  Informa9onResourcesManagementPlans–isrecordsmanagementincluded?–  SystemsDevelopmentLifeCycle–howwellis(orif)recordsmanagement

embeddedintheprocess•  ElectronicRecordsManagement(includingemail),M-12-18goalsstatus

Authori9es•  44UnitedStatesCode(U.S.C.)2904(c)(7)and2906toinspectrecordsmanagementprogramsandprac9cesofFederalagencies

–  2904(c)(7)…theArchivistshallhavetheresponsibility…toconductinspec9onsorsurveysoftherecordsandtherecordsmanagementprogramsandprac9ceswithinandbetweenFederalagencies…

–  2906(a)(1)…theArchivist(ordesignee)mayinspecttherecordsortherecordsmanagementprac9cesandprogramsofanyFederalagencysolelyforthepurposeofrenderingrecommenda9onsfortheimprovementofrecordsmanagementprac9cesandprograms…

Inspec9onProcesses

Inspec9onPrepara9on

Communica9onswithTargetAgency

ReviewdocumentsfromTargetAgency

ConductSiteVisitsandTelecons

Report

PlansofCorrec9veAc9on

Agenciesarerequiredtocreateaplaninresponsetoinspec9onfindingsandrecommenda9ons

Wetrackprogressthroughsemi-annualreportsandfollowupsitevisitsastravelallows

ComplianceAchievementRepor9ngSystem(CARS)

UnauthorizedDisposi9on•  Whatisunauthorizeddisposi9on?

–  Unlawfuloraccidentalremoval,defacing,altera9on,ordestruc9onofrecords

•  WhyarewerequiredtoreportthistoNARA–  CFR:Title36,ChapterXII,SubchapterB,Part1230

•  HowtoNo9fyNARAofAllega9ons

–  Verballyandinwri9ng

•  Whereshouldcorrespondencebesent?OfficeoftheChiefRecordsOfficerNa9onalArchivesandRecordsAdministra9on8601AdelphiRoad,Suite2100CollegePark,Maryland20740

AgencyRepor#ngAgencyrecordsofficersprovideanevalua9onoftheirindividualagency’scompliancewithFederalrecordsmanagementstatutes,regula9onsandprogramfunc9ons.Oldestofourrepor9ngtools,requiredsince2010.

Agencyrecordsofficersassessedtheirindividualagency’semailmanagementusingamaturitymodeltemplate.Thisisthenewestofourrepor9ngtools,firstused2016.

Responsesfromhigh-levelofficialsaboutprogresstowardsMGRDtargetsandrequirementsandotherstrategictopics.Firstrequiredin2013.

UsingResults

NARA

•  Gatherinforma9on•  Iden9fytrends•  Providefeedback

Agencies•  Determineweaknesses•  Managelimitedresources•  Measureeffec9veness

18

AgencyIndividualReportsfor2016

79%66%

98%

82%93%

21%34%

2%

18%7%

Q2EmailManagement

Q3RecordsScheduling

Q4PermanentE-Records

Q5Digi9za9on Q6Informa9onResource

Management

SeniorAgencyOfficialReports2016

Yes No

h`p://www.archives.gov/records-mgmt/resources/self-assessment.html

36%

28%

20%17%

12%

44% 43%47% 47%

43%

20% 29%

34% 36%

45%

2012 2013 2014 2015 2016

RMSARISKLEVELCOMPARISON2012-2016

HighRisk ModerateRisk LowRisk

48%

42%

34%

41%

EmailPolicies-Level3

EmailSystems-Level3

EmailAccess-Level3

EmailDispositon-Level2

MaturityModelDomainsandLevelsAchievedMostOUen

23

Statement 2-3:RiskManagement

Level0 (a)Little/noriskanalysis;reactiveandmanualprocesses(b)Highlevelofexposuretoriskduringlitigationand/orinteractionswithregulatorybodies

Level1 (a)SomeRIMfunctionshavebeeninformallydevelopedtoidentify,address,andmanagerisk(b)Little/noRIMriskanalysisinfrastructure(c)Riskmitigationprocessesaremostlymanual(d)Limitedstandardizationofriskmanagementacrosstheagency/component(e)Highlevelofexposuretoriskduringlitigationand/orinteractionswithregulatorybodies

Level2 (a)RIMfunctionsaredefinedtoidentifyandaddressriskmitigationneeds(b)RIMriskanalysisisconductedattheagency/componentlevel(c)Initialeffortsatstandardizedmeasurementandreporting(d)Disparateautomationwithlimitedstandardizationofprocesses(e)Moreunifiedandactiveapproachtomitigatingexposuretorisk

Level3 (a)RIMfunctionsarefullyimplementedtoidentify,address,manage,measure,andreducerisks(b)RIMriskanalysisisconductedattheagency/componentlevel(c)Consolidatedsystemswithhigherlevelofstandardizationofprocessesfacilitateaproactiveapproachthatfurtherreducesexposuretorisk

Level4 (a)RIMfunctionsareintegratedintoagency/componentstrategyandbusiness/missionpracticestoincreasecompliancelevelsmaximizingresourcesforincreasedefficiencies(b)Agency/componentRIMsystemswithembeddedmanagementfunctionsfacilitateoptimalmanagementofexposuretorisk

Notes:Assessment: Level1-Developing 1

(a)Agency/componentidentifiesandanalyzesinternalandexternalrisktoagency/componentrecordsandinformation.(b)Agency/componentdetermineswhoisbesttomanageormitigatetheriskandwhatspecificactionsshouldbetaken.(c)Agency/componentmonitorstheimplementationofactionstomanagementormitigaterisk.

RIMMaturityModel–choosethelevelthatfitsbest

24

SummaryResults

Statement Level Score1-1:StrategicPlanning Level3-Engaged 3.01-2:LeadershipandManagement Level2-Functioning 2.01-3:Resources Level2-Functioning 2.01-4:Awareness Level1-Developing 1.0

Domain1MaturityScore: 2.0

Statement Level Score2-1:Policy,Standards,andGovernanceFramework Level2-Functioning 2.02-2:ComplianceMonitoring Level0-Absent 0.02-3:RiskManagement Level1-Developing 1.02-4:Communications Level2-Functioning 2.02-5:InternalControls Level1-Developing 1.0

Domain2MaturityScore: 1.2

Statement Level Score3-1:LifecycleManagement Level3-Engaged 3.03-2:RetrievalandAccessibility Level4-Embedded 4.03-3:Integration Level2-Functioning 2.03-4:SecurityandProtection Level3-Engaged 3.03-5:Training Level0-Absent 0.0

Domain3MaturityScore: 2.4

1.9

MaturitySummary

CompositeMaturityScore:

Domain1:ManagementSupportandOrganizationalStructure

Domain2:Policy,Standards,andGovernance

Domain3:RIMProgramOperations

25

MoreInforma#onFollowRecordsExpressath`p://records-express.blogs.archives.gov/NARARecordsManagementwebpageh`p://www.archives.gov/records-mgmt/Laurence.Brewer@nara.govDonal.Rosen@nara.gov