Government agencies face unique transaction and records risks and benefits as they shed traditional paper processes for new electronic ones. Identifying these risks and benefits is an important step in the design of any new information system, whether it is designed to better serve citizens or improve efficiency within the organization. This section discusses how to determine those risks and benefits as the new system is being designed and developed.
Each record that is created is subject to administrative and legal rules. These rules govern the entire life cycle of the record, from creation to retention and disposal. As a general rule, many of the administrative and legal requirements that apply to paper records also apply to electronic records. A legal analysis can help agencies identify the original legal requirements associated with the business process they want to automate. A business process analysis can help agencies understand where the system fits in the larger picture of work for the organization. Together these analyses might also reveal aspects of the current paper process that have evolved over time but are no longer necessary from a legal or business perspective.
The question "What constitutes a record?" is no longer that simple when you are talking about an electronic record. Electronic records can be created from paper records and stored in electronic record keeping systems by scanning or by transcription. However, they can also be created and stored for varying periods of time in the application systems that host the transactions that create these records. Therefore, risks associated with the development and maintenance of that system also pose risks to the electronic records. These risks must be managed from the beginning of system development process so that they can be mitigated throughout the entire life cycle of the system.
To mitigate risks to electronic records there needs to be a focus on ensuring the authenticity, integrity, security and accessibility of those records. When considering the automation of paper processes and the creation of electronic records these issues defined below have to be considered in the context of the desired business goals.
Authenticity – the quality of being an original (or a true and faithful copy) that can be proven to be what it purports to be; that internal claims (e.g., date, author, content) can be verified; genuine, not false, counterfeit, or altered.
Integrity – the quality of being complete and unaltered through tampering or corruption.
Security – measures taken to protect from unauthorized access, change, or destruction, whether from malicious act or from degradation over time.
Accessibility – the ability to locate and retrieve information for use (consultation) within legally established restrictions of privacy, confidentiality, and security clearance.
To identify the levels of risk associated with various processes being automated, the Federal Office of Management and Budget (OMB) has developed Government Paperwork Elimination Act (GPEA) implementation guidance for federal agencies2. The legal environment for federal agencies is different from the legal environment for state agencies. Therefore, parts of these guidelines may not be applicable for state agencies, but they provide a good framework for conducting risk assessments and cost/benefits analyses. Portions of these guidelines are extracted or summarized below.
2 Appendix II to OMB Circular No. A-130, Implementation of the Government Paperwork Elimination Act, Office of Management and Budget, Executive Office of the President, http://www.whitehouse.gov/omb/circulars/a130/a130appendix_ii.html
| Next >