On successful completion of this section you will be able to:
- Define and describe confidential information.
- Explain the system and procedures used for dealing with confidential information.
- Ensure documents are secured in an appropriate manner and within an agreed time frame.
- Ensure utmost care is taken to avoid compromising any relevant stakeholders.
PART ONE
Dealing and controlling confidential information
- Defining confidential information.
- System and procedures for dealing with confidential records.
- Securing confidential information.
- Avoiding compromising stakeholders.
Purpose
At the end of this training session you will be able to manage administration records
On completion of this section you will be able to Control and deal with confidential information and documents.
CONTROL AND DEAL WITH CONFIDENTIAL INFORMATION AND DOCUMENTS
Introduction
The promotion of accountability, transparency and ensure sustainability has been identified as cornerstones to the viability of organisations in today’s robust economic climate.
Within these boundaries is also the importance of effective and efficient record management systems.
Within these boundaries is also the importance of effective and efficient record management systems.
The record management systems need to protect information required to prove physical property, intellectual property and copyrights rights.
Record keeping systems must be able to provide evidence of consistent and routine procedures that may protect a party in a negligence claim, by showing the procedures that were followed throughout any particular process. It may be legal for an organisation to destroy records that have expired their statutory retention periods, but a good record keeping system will ensure that evidence is retained as required to prove the organisation has acted appropriately.
Record keeping systems must be able to provide evidence of consistent and routine procedures that may protect a party in a negligence claim, by showing the procedures that were followed throughout any particular process. It may be legal for an organisation to destroy records that have expired their statutory retention periods, but a good record keeping system will ensure that evidence is retained as required to prove the organisation has acted appropriately.
NOTE: Records are not created for the sole purpose of being used in potential legal proceedings. Nevertheless, the reliability and authenticity of records generated from business processes support and are supported by the requirements for admissibility of information in a court of law.
Definitions of Key Terms
Records Keeping
Record keeping is a process of managing the creation, amendment, distribution, filing, retention, storage and disposal of records, which is administratively and legally sound.
Records Management
Records management involves the storage, retrieval and use of information.
In records management, the guiding principle is that information must be readily available at the prerequisite time and in the form it is required. In order to effectively utilise the information in the system, the data must be accurate, reliable and informative.
In records management, the guiding principle is that information must be readily available at the prerequisite time and in the form it is required. In order to effectively utilise the information in the system, the data must be accurate, reliable and informative.
Records
A record is any document, book, paper, photograph, map, sound recording or other material, regardless of physical form or characteristics, made or received pursuant to law or in connection with the transaction of official business.
Confidential Information
Within the records kept by an organisation, some of them are considered confidential information and others distributable records.
A record that contains confidential information is considered a confidential record.
Confidentiality is determined by the following factors:
- The existence of a statement or agreement of confidentiality.
- Evidence of an understanding of confidentiality.
- Past practices of the organisation in regard to keeping this type of information and records confidential.
- The type of personal information being supplied.
The following are the different kinds of information that can be considered confidential:
(a) Information relating to the business of a third party which is
- A trade secret or scientific, technical, commercial, financial or labour relations information, and
- Supplied in confidence, implicitly or explicitly, and
- Result in harm:
- to competitive or negotiating position;
- result in information no longer being supplied;
- result in undue loss or gain, or
- Reveal information supplied to or the report of a conciliation officer, mediator, labour relations officer or other person appointed to resolve a labour relations dispute.
(b) Personal Information
Personal information (information about an identifiable individual) should be treated as confidential unless it is public information or unless there is consent for disclosure from the individual.
(c) Lawyer-client privilege
Information that is subject to solicitor-client privilege or that is prepared by legal counsel for use in giving legal advice or in contemplation of or for use in litigation.
(d) Other types of confidential records
Other types of records might need to be treated as confidential, depending on the content and circumstances.
These include but are not limited to:
- Law enforcement information/proceedings (may include administrative tribunals, disciplinary proceedings, etc.)
- Government relations’ information
- Information related to economic interests
- Organisational plans
- Closed meetings
Examples of confidential information :
- Reference letters
- Student Records
- Personnel Records
- Library Patron Records
- Evaluations of performance
- Counselors Client Files
- Student Advisor's Client Files
- Grievance Files
- Appeal Files
- Payroll Record
Systems and procedures for treating confidential information
Identifying and labeling confidential records
It is important to treat confidential records differently from those which are more broadly distributed. Confidential records should be labeled so that they are easily identifiable.
- Ensure that records for which circulation should be limited are clearly marked CONFIDENTIAL.
- Determine who should have access to a confidential record. Normally an employee who needs the information in performance of his/her duties would have access. For example, the payroll administrator must have access to the payroll inorder to make salary payments.
- Note on the record itself or in associated notes the persons or groups who should have access to this information, e.g. Confidential – circulate to committee members only.
- Use the “confidential” designation thoughtfully. Don’t mark most or all of your records as CONFIDENTIAL. Doing so will undermine the argument for treating selected records as confidential.
And, while a confidential marking does not mean that a record will not be disclosed as the result of an access request, it may help to explain if the organisation makes a decision not to release a record in response to a request for access to it.
Working with confidential records
The following must be considered when working with confidential records:
- Ensure that confidential information is not inadvertently disclosed.
- Position your computer screen so that no unauthorised persons can read it.
- Close down the programme or use password protection on your computer when you leave your desk.
- Turn off your computer when leaving your desk for a long period of time.
- Place paper copies of drafts and final versions in locked file cabinets when you are not working on the.
- Shred drafts when they are no longer useful, and delete drafts from your computer.
- If you have confidential records on a notebook or laptop computer, ensure that the documents themselves or the system is password protected. Don’t leave your laptop in an easily accessible area where it could be stolen.
- When travelling with confidential records, don’t leave them unattended in vehicles, hotel or meeting rooms. Don’t work with confidential records where others can see them.
- When faxing confidential records, include a fax transmittal page with a confidentiality statement. Verify that the number on the screen is accurate before proceeding with the transmission, and confirm receipt of the documents.
Securing documents
Information being supplied in confidence should be stamped, marked, or include a statement that it is confidential or being in confidence.
It is not sufficient to stamp information confidential and then treat it as any other general information. Confidential records must be consistently treated in a confidential manner. Sufficient evidence must exist to support the assertion of confidentiality.
Storing confidential records
Remember the following when dealing with confidential records:
- Ensure that confidential information is protected against unauthorised access. Store confidential records in a secure location such as a locked file cabinet, locked record room or on a secure server.
- Don’t store confidential records in storage space which is shared with other units.
- Dispose of confidential information securely, and ensure that any personal information to be destroyed has been authorized for disposal. The following can be done to destroy confidential records
- Shred documents in an office paper shredder. Cross-cut shredders are preferred over strip shredders.
- Place documents in a locked confidential disposal bin .
- For electronic media such as floppy disks, CDs, USB keys, personal digital assistants (PDAs) and hard drives, destroy electronic records by overwrite software or physical destruction of disk, drive or other digital storage media. Note that overwriting may not irreversibly erase every bit of data on a drive.
Guidelines for confidential records keeping:
|
When could records cease to be confidential?
Some confidential information is sensitive for specified periods, but may cease to be confidential after a certain period of time or change of circumstances.
Here are some examples :
Here are some examples :
- A press release would be considered confidential until the release date and time.
- Institutional plans, policies or projects would be considered confidential while in development. Once a decision has been made on them and they are disclosed broadly, they could cease to be confidential.
- Personal information is always treated as confidential unless it is about a person who has been dead for more than 30 years.
Activity Five
Identify the factors that must be taken into account to determine if a record is no longer confidential.
Ensuring utmost care to avoid compromising stakeholders
A duty of confidence is often confused with an employee's duty of fidelity. The two duties are related because confidential information is often disclosed in the workplace but they are distinct.
An employee must serve his or her employer faithfully for so long as he remains on the payroll. That means that he or she may not disclose any information about his work that might benefit a competitor. That does not mean that the information is confidential and the employee is usually free to use skills and knowledge that he or she gained with another employer.
The law finds obligations of confidence in the following relationships:
- Fiduciary relationships: A fiduciary is someone on whom the law imposes a duty to act in the best interest of another person. This includes a director of a company, a lawyer to client or an agent to a principal. The obligation of confidence over information disclosed to a fiduciary continues even after the fiduciary relationship ends.
- Employment: An employee owes a fiduciary duty to the employer. An employment contract may expand on this duty so as to specify what information is confidential and to impose restrictions on the use of information (including after the employment ends).
- Company officers and employees: A person who obtains information because they are, or have been, an officer or employee of a company must not improperly use the information to gain advantage for themselves or someone else or cause detriment to the company.
Activity Six
Thabo is the Financial Manager for PUMPKIN PRE-SCHOOL in Cape Town, which is being sued for fraud and tax evasion by the government. Thabo has been asked by the government prosecutor to submit a list of financial records of the pre-school. Among the records requested are a number of confidential records. Give advice to Thabo as to whether he must surrender these documents to the prosecutor given his duty of utmost faith to pre-school.
An obligation of confidence does not override other legal obligations. This means that a court, for example, can order a person under an obligation to disclose the information.
Benefits of a confidentiality agreement
Most organisations have gone a step further to protect their organisational records by signing written confidentiality agreements with employees.
Having a clear, concise, written agreement can be very helpful.
It removes any doubt that the information is disclosed under circumstances of confidence.
Other advantages include each of the following:
- The information and the limited purpose for which it can be used can be clearly defined.
- Rights and obligations are clearly set out, so the parties are aware of, understand and better appreciate them.
- A notification process can be agreed if one party receives a subpoena or other legal process that may compel disclosure.
- The parties can agree that threatened disclosure without proof of damage entitles the disclosing party to seek an injunction restraining any breach (otherwise you need to prove damage, which can be difficult).
Agreements can also seek to restrict use or disclosure of information that is not confidential.
These types of agreements will only be valid or enforceable if the restraint that is imposed, and its duration, is “reasonable”.
Activity Seven
Discuss the usefulness of Confidentiality Agreements.
PART 2
CONTROL AND EVALUATE ORDERING AND DISTRIBUTION OF OFFICE STATIONERY
On completion of this section you will be able to :
- Control and evaluate ordering and distribution of office stationery.
Introduction
Offices consume an enormous amount of office stationery on a daily basis. They require endless supplies of sticky notes, writing pads, pens, pencils, calculators, correction aids, and many more.
Since each of these items is critical to carry out the day-to- day work, maintaining a ready-to-use stock is always advisable. This is possible when an effective replenishment system is put in place. The most important department that costs you quite a bit is the office stationery.
Here is where one needs to have a check so as to cut down on the total expenditure figures.
An organisation must have a plan; policies and procedures for controlling stationery.
The plans and policies must :
- Always encourage your employees to reduce the paper work. Some people have the weird habit of printing out the stuff just to check them out. Ask them to do it directly from the computers.
- Lay strict rules of not taking home the office stuff even if it is not for personal use. By doing so, it is possible to control the misuse of the office stationery.
- Recycle stuff - Always look in for notepads, pens, files and other stuff that were disposed off even before half of its utility was done. By doing so, you can cut the costs incurred by buying new ones for it.
- Have a close check on the stationery inventory and always keep track of all the inward and outward movements. This will in turn reduce the unwanted usage of stationery in issues of very less priority.
- Always order stationery in bulk. This will help out in saving a considerable amount of money as well. On the downside, you might end up spending more than required up-front, yet, it's a saving in long-term.
These steps may seem simple but they definitely yield good results.
Policy on controlling stationery
An organisation must lay out a policy to control the use of stationery in the organisation.
This policy must cover:
- Authorisation- i.e. who must authorise the request of stationery by personnel in the organisation for example the direct manager to the staff member can be responsible for authorisation.
- Guidance - provide guidance on the use of stationery;
- Exemptions- provide for exemptions when there may be deviations from the approved procedures; and
- Procedures-outline the steps to be taken when deviations unauthorised are reported or identified.
- Non- Observance - Dealing with non-observance of the Stationery Procedure.
- Timing- defines the time period within which individuals or divisions can make requests for stationery from the stock controller or administrator.
- Emergency requisitions- defines the procedure and circumstances in which stationery can be requested in the case of emergency. That is, without following the normal procedure.
Activity Eight
Explain your organisation's policy on stationary.
| |||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||
Activity Nine Monitor, maintain and improve stock levels | |||||||||||||||||||||||||||||||||||||||||||||||||
Maintaining too much stock or too little stock, wrong type or size can lead to financial problems in the organisation. Setting up inventory control system is a way of monitoring, maintaining stock levels. The inventory system must: · Outline the organisations’ stationery inventory level. · Establish inventory purchasing policies. · Inform the organisation of the stationery inventory status. Establishing the stationery inventory level. This is determined by:
Establishing inventory purchasing policies After understanding the type and inventory stock levels, a good purchasing plan should outline the kind of methods to acquire the stationery. The most common approach will be to buy from suppliers. But, if the organisation does not have enough money to buy direct from suppliers it can join a buying group. Developing a record keeping system is one of the ways of knowing the status of stationery inventory in the warehouse. A record keeping system assists in keeping wanted items in stock; dispose off unwanted items and to see that items are not lost through theft, shrinkage or error.
The above diagram is a system used by the stock controller to know at what level to buy new stock for the organisation.
The stock controller can use a stationery inventory control sheet to represent the above diagramme. Stationery Inventory Control Sheet SAMPLE
| |||||||||||||||||||||||||||||||||||||||||||||||||
Managing shrinkage The difference between the perpetual book inventory and the physical stationery inventory count is called shrinkage. NOTE : The book inventory is a record of what should be on hand in view of what has been received, what has been sold and price changed Physical inventory is the count of volume and value of the goods actually on hand. Inventory shrinkage, a combination of employee theft, shoplifting, vendor fraud and administrative error.
|
Causes of shrinkage
Shortages can and will occur at every point where merchandise changes hands or paperwork is created or processed. Proper systems with built-in controls must be put in place to eliminate or reduce these shortages.
While there is not enough room to list all the specific causes of shrinkage, we will give several examples of each of the three general causes: paperwork errors, internal theft and shoplifting.
1. Paperwork errors
Paperwork errors can happen almost anywhere in the merchandising cycle.
For example:
For example:
- Marking goods at a price lower than the retail price recorded on the receiving record.
- Failure to record all markdowns.
- Miscounting physical inventory.
- Clerical errors causing the book inventory to be higher than it should be.
- Timing is of particular importance.
NOTE : When comparing the actual physical inventory count to the perpetual book inventory, care must be taken to ensure that every invoice representing goods that have been received before physical inventory count is included in the calculation of the book inventory.
2. Internal theft
While internal theft can be anything from taking merchandise to taking cash or store supplies, we will focus on those instances of internal theft that pertain to merchandise.
Some examples are:
Some examples are:
· Recording a false requisition.
· Taking merchandise without recording it.
· Extending unauthorised stationery requisitions for friends.
3. Warehouse lifting
Warehouse lifting can occur at any time. It can occur when a staff member enters the stationery warehouse or room for normal requisition and steals stationery.
4. Overages
Overages are due largely to errors in record keeping, although they may be due to an employee trying to cover up the theft of merchandise.
Some examples are:
- Overstating the physical inventory.
- Including in the physical inventory count merchandise that has not yet been recorded in the book inventory.
Activity Ten
Identify the main sources of stationery shrinkage in you organisation and suggest what can be done to control it.
Controlling shrinkage
- Whether or not you have a stated shrinkage goal to work towards.
- Top management's commitment to reduce shrinkage. If top management gives shrinkage control top priority, it will invariably be reduced.
- Whether or not proper procedures that contain built-in internal controls have been set up for each transaction or event in the flow of stationery from the time it is ordered until it is requested by a staff member.
- The record keeping system being used. The Retail Inventory Method can help keep losses down. The fact is that shrinkage declines when it is measured, and the Retail Inventory Method generally provides the best measurement of shrinkage.
Prevention of paperwork errors
Paperwork errors can be controlled by use of a good, well-documented system containing built-in checks and balances. All employees (receiving clerk, salespeople, buyers, office personnel) must be properly trained. They must be told the importance of following the proper procedures. And, of course, management must follow up to see that the proper procedures are being followed.
Prevention of internal theft
The warehouse or company store room by its very nature presents many day to day temptations to employees who handle the stationery of the company. It is the responsibility of managers to remove as many temptations as possible thereby helping to keep employees honest.
This is done by setting up procedures containing good internal controls and by seeing that these procedures are followed without exception.
For example:
- Know your employees. When hiring new employees make an effort to hire honest employees. This can be done through interviewing techniques, by carefully checking references and by the use of carefully developed written honesty tests.
- Strict supervision of the store room and limiting unnecessary access by responsible personnel.
- All requisitions should be checked and authorised by manager or designated person.
Warehouse lifting
Keep small, expensive items behind a counter.
Keep your store neat and uncluttered.
Neat displays make it easier for alert salespeople to spot missing merchandise.
Do not have blind spots on the floor. Try to avoid counters that are exceptionally high.
While the above can act as a deterrent to shoplifting, well-trained and attentive stores personnel are your best defense. Alert, courteous stores personnel can deter many would-be lifters by their presence. Make sure they are properly trained so they can spot suspicious behaviour and know what to do if they see someone taking merchandise.
Control of the administration system and procedures for stationery
It is important for the organisation to have a control system to ensure that the procedures and administration of stationery is being done accordingly. To ensure procedures are followed the following can be done:
- Auditing - this can be done on a regular basis to check whether personnel in the organisation where following procedures in past requisitions. The auditing will independently check the whole process from filling the requisition form up to ordering.
- Peer review - this can involve one division or individuals in the same/different divisions checking each other in terms of compliance to administration and procedures for stationery management .
- Verification - documentations must be used when administering stationery. These documents must be verified before stationery is dispatched to the requester. For example, the stock controller must verify the stationery request form and check if all necessary signatories are appearing.
- Supervision - the management must use constant supervision as a way of checking adherence to procedures for stationery administration.
- Communication - it is important for the organisation to constantly remind its employees on the procedures to be followed in stationery administration.
- Disciplinary- the organisation through the policy must have a way of disciplining those who do not follow the laid out when administering stationery.
Evaluation of effective stationery control procedures
Auditing
Advantages | Disadvantage |
Potential to discover fraud, theft and errors in the control procedure. | Takes time. |
Independent of the organisation meaning the likelihood of collision is limited. | Expensive if external auditors are used. |
Authorisation
Advantages | Disadvantages |
Ensures that there is accountability when stationery requisitions are made. | If the responsible person is not available the requisitions will not be done. |
Prevents fraudulent requisitions by divisions and individuals. | If signatures are used forgery can be evident. |
Peer Review
Advantages | Disadvantages |
Irregularities can also be discovered. | Collusion is bound to be evident between different divisional personnel. |
Allows different divisions to learn from each other in terms of the best ways of controlling stationery usage. | Requires time. |
Verification
Advantages | Disadvantages |
Errors can also be discovered through cross checking documents. | If personnel are conniving verification will not assist. |
Fraud can be discovered in documentation filling. | Requires time. |
Requires personnel who do verification. Recruitment of these individuals means salary cost to the organisation. |
IMPLEMENT CONTROL MEASURES WITH INDIVIDUALS
Introduction
On completion of this section you will be able to :
Implement control measures with individuals.
Implement control measures with individuals.
Introduction
It is important for organisations to have control measures to ensure that records are kept in a proper way and that the administration of stationery is in line with set procedures. Non-conformance to procedures can be identified through reports, observation, interviews, and investigation. The main challenge to any organisation is to implement the control measures across the organisation.
Implementation is the action phase which involves put control measures into force to manage irregularities.
The implementation phase must follow steps defined below:
- Developing control measure and work procedures;
- Communicating control measures;
- Providing training and instruction; and
- Supervision.
Communicating control measures
Once the control measures have been approved by the responsible personnel, the control measures must be communicated to the whole organisation.
The communication message must centre on :
- Why the measures are being implemented.
- When they shall take effect.
- Defining responsibilities and duties of personnel.
- The consequences of not adhering to the measures set.
Activity Eleven
Identify the different methods that can be used to communicate control measures to the whole organisation.
Providing training and instruction.
Communication alone is not enough to introduce some control measures. Instead, communication must be supported by appropriate training and instructions.
Personnel must be trained on the new way of doing their jobs so as to respect the control measures.
Activity Twelve
Identify training and instruction sessions that are normally carried out by your organisation in order to support new control measures (Records management & stationery management).
Explain the effectiveness of these sessions.
Supervision
Apart from training and communication, personnel also need supervision to ensure that the control measures are being adhered to.
That is responsible personnel (managers; supervisors; team leaders etc) must be tasked to stay close to their team members so as to ensure implementation and adherence.
That is responsible personnel (managers; supervisors; team leaders etc) must be tasked to stay close to their team members so as to ensure implementation and adherence.
Activity Thirteen
Daniel is a team leader for GH Life Assurance based in Johannesburg. GH Training company has been sued previously because some of its employees divulged confidential health information on one of its clients to a local newspaper.
Facts about GH Life assurance records management system:
- All confidential information is available to all employees.
- No secure filing system for confidential records.
- To reduce backlog employees are allowed to take home client files so as to capture information on to GH computer system.
Questions
- What control measures can this company take to protect confidential information.
- How can Daniel supervise these control measures that you identified above.
Recording non-conformance and negotiation of corrective actions negotiated according to organisational requirements
All non-conformances to record keeping and stationery administration must be recorded.
Corrective actions negotiated with the wrong-doer.
A non-conformance sheet below can be used :
Name and Surname (wrong-doer) | |
Department/Directorate/Division | |
Employee number | |
Description of the non-conformance discovered | |
Date | |
Reasons for non-conformance (if applicable) | |
Previous non-conformance practices (include dates) | |
Agreed negotiated settlement | |
Signature of the wrong-doer | Signature of the manager Name |
Handling non-conformance in accordance with
organisational policies & procedures.
The handling of non-conformance must be addressed in line with the disciplinary policy of the organisation. The aim is to ensure consistent and fair treatment for all in the organisation.
The following principles of handling non-conformance must be respected:
- No disciplinary action will be taken against the accused wrong-doer has been fully investigated. Investigations must take place minimum time possible to allow a full investigation.
- At every stage of the investigation process the accused wrong-doer must be advised and given a chance to state their own case.
- The employer must follow principles of progressive discipline however offences may be serious that they warrant summary dismissal on first offence.
- The accused must be allowed to appeal against a dismissal sanction imposed.
- Existing disciplinary warnings of a similar nature may be taken into account when considering what level of disciplinary action to take for a similar offence.
The following warnings and dismissal procedure must be followed:
- Misconduct/lack of capacity.
- Verbal warning - these apply to minor non-conformances in which informal counseling session and verbal warnings can be levied.
- Written warning - in the event of a repetition of the same offence (non-conformance), a more serious disciplinary offence, or if required improvement or change in behaviour is not achieved within the stated timescale, written warning may be issued.
- Final written warning - in the event of a repetition of a similar non conformance or serious misconduct, a final warning will be confirmed.
- Dismissal - in the event of first offence, or following a previous warning where there is repetition of same or similar offence, or if, following a previous warning the required improvement or change in performance is not achieved within the stated timescale, the wrong doer can be dismissed.
- Other sanctions - whenever possible, alternative sanctions can be considered prior to any decision to dismiss. Sanctions can be imposed in conjunction with a final written warning. Sanctions include compulsory transfer of duties; demotion; change work location; suspension from duty.
Activity Fourteen
Identify and explain the policies and procedures used by your organisation to handle non-conformance to records and stationary controls.