Autumn Audit: Expert Strategies to Strengthen IG & Compliance Programs
Fall brings more than changing leaves and cooler weather, it’s also a natural time for organizations to pause, reflect, and set the stage for the year ahead.
To help records managers and information governance professionals prepare their programs for 2026, Access and ARMA gathered a panel of industry leaders to share actionable strategies and critical insights. The webinar, Autumn Audit, Preparing Your Programs for the Year Ahead, featured advice from:
Continue reading for a summary of their most valuable advice, distilled into six core themes that you can apply immediately to refine your records compliance and information governance (IG) programs.
Budgeting, planning, and goal setting are in full swing, so this time of year feels like a natural checkpoint for reevaluating programs. Rachael Heade emphasized this point by stating, “This is a really great time to sit back and just plan. Is what I’ve got set in front of me for the next six months actually what I want in front of me?”
She also highlighted the importance of keeping consistent stakeholders at the table throughout the year, such as HR, finance, privacy, security, and litigation teams, while adjusting focus as priorities shift. This way, you can jump right into strategic planning, like inviting your friends over to jump into the massive leaf pile in your backyard.
The key takeaway: Treat fall as your reset button. Use it to align strategic initiatives with both fiscal calendars and organizational risk cycles.
Too often, IG programs become reactive, and organizations scramble when litigation arises or an audit hits. Proactive programs, by contrast, anticipate needs, integrate with enterprise risk, and embed themselves into broader governance. As you pause to evaluate your programs during this natural checkpoint, think about the steps you need to take to move your program from reactive to proactive.
Susan Gogley went into detail on this during the webinar:
She recommended scheduling internal audits and policy reviews, updating legal holds, regular staff training, partnering with legal to anticipate regulatory changes, and embedding records management into enterprise risk conversations.
Additionally, Susan provided an invaluable piece of advice to those advocating for additional budget: lean on metrics that demonstrate program success. “Show where you were able to remediate records and how you saved money. You’re going to want to share those dashboards and numbers with your enterprise risk management committee, with your executive committee, whoever would give you money,” she said.
Take these proactive steps to set your program up for success, and you’ll be less likely to find yourself hastily reacting to problems that pop up.
Every program has shortcomings. The challenge is converting them into progress.
Samantha Poindexter advised to start with an honest assessment of your program and its shortcomings by looking back before moving forward. “The first quick win you can do is build your team and be honest in that assessment so you can plan to go forward.”
On the flip side, Rachael Heade encouraged the audience not to put too much effort into chasing the easy fixes because addressing the “hard stuff” results in a larger impact. Break them into smaller steps and own the momentum.
At the same time, Susan Gogley pointed out that champions matter, whether they’re from HR, IT, manufacturing, R&D, or another department. “It’s really about finding who’s interested, who understands the problem if we hold data too long, who can you leverage as a champion within these groups,” she explained.
The key takeaway: Assess your program honestly and confront major issues directly, but don’t do it alone. Secure champions in high-influence positions and build cross-functional momentum.
Audience polling during the webinar revealed data minimization as the top organizational priority heading into 2026. It’s no surprise—reducing redundant, obsolete, or trivial (ROT) data is both a compliance requirement and a security safeguard.
Susan Gogley captured it best: “Destruction has always been my favorite ‘D word’ when it comes to records retention because as long as you have a defensible program, you’re in a good place.” However, defensible destruction requires more than policy alignment, it demands consistent execution, documentation, and audit trails.
Of course, the word “destruction” always causes people to cling onto their outdated records like stubborn leaves refusing to fall from the tree, even when winter is just around the corner. Samantha Poindexter encouraged the audience to start where it’s easier, such as paper archives or a department eager to pilot change.
Try framing data minimization not as “loss,” but as risk reduction, cost savings, and efficiency. Pair defensible policies with consistent action and start where momentum is easiest to build.
Even the best-designed program fails without executive support. The key is speaking the right language, which is the language of risk and value.
Susan Gogley suggested pairing risk reduction with cost savings and using metrics and case studies to support.
Metrics, such as cost savings per terabyte destroyed, and case studies showing competitors’ compliance failures, resonate with leadership. Aligning initiatives with corporate priorities like cybersecurity, ESG commitments, or AI governance can help further strengthen your case.
When you approach executives for buy-in, you need to have your elevator pitch prepared. As Samantha pointed out during the webinar, you may only get one shot, so it’s important to “figure out what those different priorities are for your different stakeholders, so that you can come ready with the right technique for the right person… if you use your opportunity to talk about something in the wrong way, it might fall flat, and that might be the one time that you get in front of that person.”
In the end, securing executive support is all about the right preparation, ensuring the message is well received.
Just as a wardrobe shifts from light jackets to heavy coats, information governance frameworks must adapt to the changing climate of privacy laws, security risks, and emerging technology.
“Part of success is building a program flexible enough to adapt to AI and changing laws,” Samantha noted. Be sure to prioritize resilience and flexibility as you move forward. Quarterly or annual risk reviews, especially for legal holds and records retention, ensure program endurance.
Additionally, the relationships you cultivate year-round are key to future success. Rachael urged the audience to maintain multiple champions to avoid gaps when someone leaves, and when turnover occurs, introducing yourself to the new person and offering your assistance is the best first step.
Autumn is both an ending and a beginning—the harvest of what’s grown and the preparation for what’s next. Records programs benefit from the same cycle of reflection and planning. As you build habits of rumination, assessment, and action, take inspiration from the insights shared during the webinar, and don’t miss the chance to revisit the full conversation with Rachael, Susan, and Samantha for even more practical guidance.
Share