Enron: A Wake-up Call for Records Management
Page 1 of 1
Much of the extensive media coverage encompassing the recent Enron debacle has centered on the notion of "shredded documents." It's even become the subject of snarky cartoons in such lauded publication's as The New Yorker, whose Feb. 4 issue features an illustration of a man walking by a storefront that has the words "Enron Recycled Paper Products" plastered across its window.
Funny? Yes, perhaps to the people who weren't affected. But while some may take comfort in the humor, there is a far more grim and salient reality; what of the electronic documents that may be harbored in laptops, servers, and myriad other silicon-freighted devices? That's the task at hand by investigators, or in this case, computer forensic experts, who have been charged with retrieving possible incriminating e-mails and such -- virtual traces of the vital information consumed by shredders.
Adam Schran, chief executive officer for Philadelphia software firm Ascentive, has developed monitoring applications that could have maintained the integrity of communications of these executives, including a tool that monitors e-mail and chat room sessions. He maintains federal marshals and computer forensic experts should be able to find potentially damning files thought to have been erased from the hardware of Enron and auditor Arthur Andersen employees. His thoughts on Enron?
"I have no doubt that there are a lot of e-mails and computer files with important information concerning the Enron case," Schran told InternetNews.com recently. "Chances are, the Enron officials aren't computer-savvy and many people think that deleting an e-mail or erasing a file loses the data for good. It doesn't. Anyone with the technical know-how, who has an idea of what they are looking to retrieve can get into the hard drive and find the files. It takes minutes."
Charlie Weeden heads a company called 17a-4 LLC, which, as those up on their governing bodies may recognize, is named for the Securities and Exchange Commission regulation that requires companies to retain copies of e-mails and documents.
He said that computer forensic experts could create a searchable archive, and program it to key on specific words or stock symbols. One can also scan the attachments for evidence. In actuality, Weeden agreed, people can shred all of the paper documents they want, but e-mail still resides on servers. And since it isn't cost-effective to spend hours combing through physical documents in warehouses, e-mail and file searches are the sensible way to go.
Another issue Weeden touched upon is the psychology inherent in using e-mail to communicate. People tend to be more cautious and formal than in e-mail, which he said people treat as "conversation-like." Therefore, people can speak much more off the cuff.
"People are less sensitive about what they say in e-mail," Weeden said. "They look at it as a conversational tool."
Weeden said the SEC is also concerned about instant messaging as a communications tool, in part because what goes across that is not able to be regulated at this time. Why? It pops up and it's gone. Weeden said the SEC is considering policies that would make instant messaging bound to the same archival requirements as e-mail.
"This is a situation that the SEC is very much aware of, but right now the technology is way ahead of the legality in terms of e-mail communications.
Outside help could have... helped
It's no secret the Enron debacle has been a saucerful of secrets thus far, but some document and content management experts say this may have been avoided through a couple of measures.
Carl Frappaolo, executive vice president of business advisory firm Delphi Group and a document practices advisor, said one approach that may nip some of the mysterious, disappearing document issues in the bud is the hiring of external consultants to serve as watchdogs over important information.
"The lapses in records retention on the part of Enron and its auditors along with the lack of a solid business strategy with regards to document and knowledge management at Enron have put new emphasis on the need for every enterprise to have in place well-articulated document retention policies," Frappaolo said in a recent research note.
Frappaolo pointed out an interesting dichotomy, noting that while most enterprise insiders know they should have a content management strategy (documents, e-mails, et al), that it's one of those important nuts and bolts of a business that may fall by the wayside.
"In this age of information, it is a message that has been repeated so often we risk becoming deaf to it. The Enron case is our wake up call," said Frappaolo. "Putting information, knowledge management and records management practices in the hands of a firm who advocates a retention policy of 'keep it if its important, else destroy it,' is clearly ludicrous."
Information technology (IT) can and should be used to help with such management practices and, as Frappaolo noted, electronic document management systems, e-mail, and portals have given enterprises new ways to create and store information.
Again, though, the document management advisor warned that outside, unbiased experts be tapped for such maintenance.
"This is best obtained by experts whose core competency is document strategies, and who do not align themselves with the client organization in any other capacity," Frappaolo said. "The many intricate legal battles that will shake out from the Enron chaos will take years to be resolved. But two lessons are clear today -- separate your accountants and tech/business consultants, and get those independent experts to establish and leverage sound records retention schedules for your knowledgebase."
Proper content management by the people, for the people, of the people
Susan Feldman, director for IDC's Document and Content Technologies program, said that while proper content and knowledge management would be useful in preserving information. But, she told InternetNews.com via e-mail, "the policies that surround archiving are set by people, and if the people are unwilling to preserve documents, then there won't be policies in place that will stop documents from being shredded, virtually or otherwise."
Whereas Delphi's Frappaolo recommended external auditors, Feldman suggested a legal solution.
"One solution would be to institute federally mandated regulations like those that have forced the pharmaceutical industry to be very strict about which documents are generated and for how long they are kept," Feldman said. "This area of content management is called regulatory compliance management. There are a number of content management companies that specialize in compliance management for various industries. If the accounting industry comes under this kind of regulation, it would create a very nice niche for content management vendors."
So there is some business to be done in the records and content management sectors, it seems. In October 2001, Feldman spearheaded a report on the state of affairs in the content management sector. Despite events of Sept. 11, which were thought to have slowed down both the economy and market cycles, the report concluded that government agencies would become vested in the arena.
"IDC expects heavy investment by government agencies in technologies that support intelligence work," the report said. "These include technologies for building and retrieving from large databases and repositories of information in multiple formats. They also include pattern matching, trend identification, and retrieval technologies that were already coming to market. This investment will spur development of the next generation of information systems that will be of interest to enterprises for competitive intelligence as well as for mining their own data."
With that, IDC sees content management realizing a compound annual growth rate (CAGR) of 47.2 percent, from $2 million in 2000 to over $14 million in 2005. This could increase, however. Just as the events of Sept. 11 spurred greater interest in network backups, it wouldn't be a stretch to assume that the Enron issue might do the same for content management architectures, and by extension, policy and regulation.