Central archive promotes internal control, deters corruption.Enterprises like businesses and government entities should generously retain the email of important employees in a central archive. A central archive is controlled by the IT department, not the employees whose email is in the archive. Such an archive ensures records are conveniently available and searchable for audit, e-discovery and internal investigations.
IRS investigation nightmare proves the need for a central archive.
The current poster child in favor of central archives is the Internal Revenue Service. IRS is currently enduring a nightmare owing to its failure to archive employee email centrally. This nightmare is not over. But it has transpired enough to teach painful, timeless lessons.
The nightmare in question is the investigation into the emails of an IRS executive named Lois Lerner. Lerner headed an IRS division handling sensitive tasks (evaluating the tax status of nonprofits).
The Inspector General at IRS recently opened a criminal investigation into whether one or more employees at IRS attempted to destroy or hide Lerner’s emails (that is, government records). If an employee did that, the employee could go to jail.
Scandals often hinge on electronic mail.Here’s the story. A political controversy erupted over Lerner’s work. Congress demanded her emails. (Logically, emails are a very relevant thing for an investigator or legal adversary to demand in today’s age. In modern enterprises, emails record most of the action by managers and executives.)
Astonishingly, IRS replied to Congress that all of Lerner’s emails had been destroyed because the hard drive on her single laptop had crashed. What?!
Furthermore the Commissioner of the IRS (its top executive) testified to Congress that Lerner’s emails were irretrievable . . . could not be recovered by any means. What?!
A manager’s emails need to be archived and segregated from the manager.
In effect IRS was saying that its IT systems were designed so that the retention of many important emails depended upon the function of a single PC hard drive. That’s nuts . . . for two reasons.
First, PC hard drives commonly fail; important records like management emails need to be copied some other place. Reliance on a single PC hard drive constitutes gross mismanagement.
|PC hard drives can fail.|
Second, if sensitive records are stockpiled in a single place under the control of a single employee, then that employee has the ability to destroy her records. She has the ability to cover up her own wrongdoing in the event of an investigation into her performance or malfeasance.
What’s more, it strains credulity for an enterprise to say that large numbers of emails of an executive are irretrievable, even after a hard drive has crashed. Copies of those emails are likely scattered far, wide and deep, especially in backups and on servers.
And in fact, when the IG investigated, that’s what IG discovered. Lots of Lerner’s emails are on backup tapes and (potentially) on server hard drives. Recovering all this is much work. But it can be done by patient, well-resourced investigators.
The emails were not "irretrievable" as the IRS Commissioner had testified to Congress. One can't expect the IRS Commissioner to be an expert on computers and records. Obviously he has to base his testimony on advice from other people. And obviously he got horrible advice, in good part because IRS had failed to archive Lerner's emails in a centralized, competent archive.
IRS could have avoided this embarrassment.
For IRS as an enterprise, this investigation is becoming a long, expensive and embarrassing saga. A protracted criminal investigation like this can be very damaging to the reputation of the enterprise and to overall employee morale, even if the investigation concludes that no crimes were committed.
An enterprise like IRS is wiser to archive email centrally, under the control of the IT department and outside the control of individual employees. If IRS had at the outset archived Lois Lerner’s emails in a centrally-controlled appliance, they would not have (seemingly) disappeared and the IRS would be spared from this debilitating forensic investigation.
By Benjamin Wright