Abstract

The transition from physical records management practices to electronic media has introduced various risks. Managing these risks, which, if left unchecked, can cause significant harm to organizations, including legal penalties, financial hardship, and loss of prestige, has become a crucial issue.This study was conducted to identify the risk factors encountered in Electronic Records Management Systems (ERMS) and their processes in institutions and organizations in Türkiye. It is anticipated that the research will help identify potential risk factors in ERMS and manage them more effectively. To this end, relevant literature studies, particularly standards and guidelines, were reviewed. Then, using a semi-structured interview technique, interviews were conducted with ERMS personnel responsible from 13 institutions and organizations, eight experts/academics in the field of records management, and three companies that developed ERMS software, and the risks encountered in practice were determined. Data obtained from the interviews were analyzed using MAXQDA software. The analyzes revealed that ERMS and processes face significant risks, including user errors, regulatory uncertainty/inadequacy, unpreparedness for unexpected events, technological change, organizational change, lack of institutional analysis, company dependency, security, and technical inadequacy. The findings demonstrate that the risks faced by institutions and organizations in our country related to ERMS and its processes are not solely software-related, but are multifaceted, with human, institutional, and national dimensions. The study offers recommendations for strengthening institutional awareness and interest in risk management to ensure the smooth operation of ERMS and processes.

Keywords: ERMS, electronic records management, electronic records management system, risk, risk management, risk in electronic records management

References

  1. Australian/New Zealand Standard [AS/NZS]. (2004). Risk management (AS/NZS 4360:200https://mkidn.gov.pl/media/docs/pol_obronna/20150309_3-NZ-AUST-2004.pdf
  2. Barnawi, A. O. (2013). Risk management of electronic health record system in hospitals [Yayımlanmamış doktora tezi]. De Montfort Üniversitesi.
  3. Binici, K. (2019). Makine öğrenmesi yaklaşımıyla e-belgelere standart dosya plan numaralarının otomatik olarak atanması üzerine bir çalışma. Bilgi Yönetimi, 2(2), 116-126. https://doi.org/10.33721/by.654464
  4. Çiçek, N. (2021). Türkiye’de elektronik belgelerin geleceği için ulusal strateji ihtiyacı: Literatür ışığında bir inceleme. Bilgi ve Belge Araştırmaları Dergisi, (15), 33-57. https://doi.org/10.26650/bba.2021.15.02
  5. Dişli, M. ve Külcü, Ö. (2020). Üniversitelerde elektronik belge yönetim sistemlerinin birlikte çalışabilirlik açısından değerlendirilmesi. Bilgi Dünyası, 21(1), 35-63. https://doi.org/10.15612/BD.2020.781
  6. e-Yazışma Projesi (2017, 14 Ekim). T.C. Resmî Gazete (No: 30210). https://www.resmigazete.gov.tr/eskiler/2017/10/20171014-11.pdf
  7. Gibson, N. (2011). Risk and records management: Investigating risk and risk management in the context of records and information management in the electronic environment [Yayımlanmamış doktora tezi]. University of Northumbria at Newcastle.
  8. Güler, C. ve Furat, F. (2022). Belge yönetimi ve arşiv uygulamalarının bilgi güvenliği ilkelerine katkısı: Kavramsal bir değerlendirme. Türk Kütüphaneciliği, 36(1), 74-89. https://doi.org/10.24146/tk.1012325
  9. Hazine ve Maliye Bakanlığı. (2024). Kamu kurumsal risk yönetimi rehberi. https://ms.hmb.gov.tr/uploads/2024/04/Kamu-Kurumsal-Risk-Yonetimi-Rehberi-2024.pdf
  10. International Council on Archives [ICA]. (2008). Principles and functional requirements for records in electronic office environments: Module 1-Overview and statement of principles. https://www.naa.gov.au/sites/default/files/2019-09/m1-ica-overview-principle-and-functional-requirements_tcm16-95418.pdf
  11. International Organization for Standardization [ISO]. (2014). Information and documentation - Risk assessment for records processes and systems technical report (ISO Standard No. 18128:2014).
  12. International Organization for Standardization [ISO]. (2016). Information and documentation —Records management — Part 1: Concepts and principles (ISO Standard No. 15489-1:2016).
  13. International Organization for Standardization [ISO]. (2018). Risk management guidelines (ISO Standard No. 31000:2018).
  14. International Organization for Standardization [ISO]. (2020). Information and documentation - Processes and functional requirements for software for managing records (ISO Standard No. 16175-1:2020).
  15. Kiedrowicz, M. ve Stanik, J. (2015). Selected aspects of risk management in respect of security of the document lifecycle management system with multiple levels of sensitivity. B. F. Kubiak ve J. Maślankowski (Ed.) Information management in practice içinde (ss. 231-249).
  16. Laine, V., Goerlandt, F., Banda, O. V., Baldauf, M., Koldenhof, Y. ve Rytkönen, J. (2021). A risk management framework for maritime pollution preparedness and response: Concepts, processes and tools. Marine Pollution Bulletin, 171, 2-22. https://doi.org/10.1016/j.marpolbul.2021.112724
  17. Lin, C. M. (2020). Establishing the risk assessment indicators of electronic records and empirical analysis of an institution. Journal of Library and Information Studies, 18(1), 69-96. https://doi.org/10.6182/jlis.202006_18(1).069
  18. Marutha, N. (2022). Rethinking the movement to get moving: Archives and records in the era of disruptions. Mousaion: South African Journal of Information Studies, 40(3). https://doi.org/10.25159/2663-659X/13490
  19. Miles, M. B., Huberman, A. M. ve Saldaña, J. (2014). Qualitative data analysis: A methods sourcebook (3. bs.). SAGE Publications. https://www.metodos.work/wp-content/uploads/2024/01/Qualitative-Data-Analysis.pdf
  20. Mooradian, N., Franks, P.C. and Srivastav, A. (2025), The impact of artificial intelligence on data privacy: A risk management perspective. Records Management Journal, 35(2), 147-159. https://doi.org/10.1108/RMJ-06-2024-0013
  21. Odabaş, H. (2005). Belge yönetimi ve Türkiye’de belge yönetimi gereksinimi. Bilgi Dünyası, 6(1), 36-57. https://doi.org/10.15612/BD.2005.446
  22. Oxford University Press. (2023). Risk. Oxford Learner’s Dictionaries. https://www.oxfordlearnersdictionaries.com/definition/english/risk_1?q=risk
  23. Özdemirci, F. (2019). Kurumlar için EBYS ve e-arşiv sistemi idari yapılanma ve yönetim süreci: Bileşenler ve entegrasyonlar. B. Yalçınkaya, M.A. Ünal, B. Yılmaz ve F. Özdemirci (Ed.) Bilgi yönetimi ve bilgi güvenliği: ebelge-earşiv-edevlet-bulut bilişim-büyük veri-yapay zekâ içinde (ss. 3-9). Ankara Üniversitesi Bilgi Yönetim Sistemleri Belgelendirme ve Bilgi Güvenliği Merkezi.
  24. Renn, O. (1998). Three decades of risk research: Accomplishments and new challenges. Journal of Risk Research, 1(1), 49-71. https://doi.org/10.1080/136698798377321
  25. Sağlık, Ö. (2021). Elektronik belge yönetimi uygulamalarındaki koşullar ışığında e-imzalı belgelerin delil değerinin arşivsel güvenilirlik açısından incelenmesi [Yayımlanmamış doktora tezi]. İstanbul Üniversitesi.
  26. Salgotra, P., Nirupama, E., L. B., M, Srivastava, A., Lourens, M. ve Sable, A. (2025, Ağustos 22-23). Machine learning for risk management: Identifying and mitigating business risks. [Tam Metin]. World Skills Conference on Universal Data Analytics and Sciences (WorldSUAS), Indore, India, 1-6, https://doi.org/10.1109/WorldSUAS66815.2025.11199089
  27. Srinivas, K. (2018). Process of risk management. A. G. Hessami (Ed.), Perspectives on risk, assessment and management paradigms içinde. IntechOpen. https://doi.org/10.5772/intechopen.80804
  28. Tumuhairwe, R. ve Ahimbisibwe, A. (2016). Procurement records compliance, effective risk management and records management performance: Evidence from Ugandan public procuring and disposing entities. Records Management Journal, 26(1), 83-101. https://doi.org/10.1108/RMJ-06-2015-0024
  29. Türk Dil Kurumu. (2024). Risk. Güncel Türkçe Sözlük. https://sozluk.gov.tr/
  30. Usman, Ö. ve Kaygusuz, S. Y. (2019). Kurumsal risk yönetiminde uygulanması gereken adımlar. Muhasebe ve Denetime Bakış, (56),109-128. https://dergipark.org.tr/tr/pub/mdbakis/issue/63889/967151
  31. Yalçınkaya, B. (2015). Elektronik belge yönetimi (EBY) uygulamalarında başarıyı olumsuz etkileyen risk unsurları. Bilgi ve Belge Araştırmaları Dergisi, (4), 20-40. https://dergipark.org.tr/tr/pub/bel/issue/25183/413405
  32. Yalçınkaya, B. (2016). Elektronik belge yönetim sistemi (EBYS) uygulamalarında başarı faktörü ve fayda analizi. AJIT-e: Online Academic Journal of Information Technology, (7), 23. https://doi.org/10.5824/1309-1581.2016.2.006.x
  33. Yıldırım, A. ve Şimşek, H. (2018). Sosyal bilimlerde nitel araştırma yöntemleri. Seçkin Yayıncılık.
  34. Yıldız, Ö. R. (2010). Elektronik belge yönetim sistemleri ve denetim. Sayıştay Dergisi, (78), 3-29. https://dergipark.org.tr/tr/pub/sayistay/issue/61533/919015
  35. Yılmaz, B. ve Özdemirci, F. (2019). Bilgi güvenliği yönetim sistemi (BGYS) sürecinde bilgi güvenliği temelli EBYS yönetimi. B. Yalçınkaya, M. A. Ünal, B. Yılmaz, F. Özdemirci (Ed.), Bilgi yönetimi ve bilgi güvenliği: ebelge-earşiv-edevlet-bulut bilişim-büyük veri-yapay zekâ içinde (ss. 45-59). Ankara Üniversitesi Bilgi Yönetim Sistemleri Belgelendirme ve Bilgi Güvenliği Merkezi.

License

Copyright (c) 2025 The author(s). This is an open access article distributed under the Creative Commons Attribution License (CC BY), which permits unrestricted use, distribution, and reproduction in any medium or format, provided the original work is properly cited.

How to Cite

Eroğlu, N. G., & Polat, C. (2025). Risks Elements of Electronic Records Management Systems in Institutions and Organizations: A Qualitative Review Based on Stakeholder Views. Information World, 26(2), 485-518. https://doi.org/10.15612/BD.2025.862