The management of government records plays an integral role in Australian Government performance, integrity, accountability and transparency. A ‘record’ is information that is created, sent or received in the course of work done for the Australian Government (essentially, information with business value). 

Effective records management is required by law and helps entities retain critical sources of evidence for robust public administration, responsive service delivery, and accountability to the Parliament and public.

Records management requirements

Records management frameworks

Public Governance, Performance and Accountability Act 2013

The Public Governance, Performance and Accountability Act 2013 (PGPA Act) establishes a system of governance, performance and accountability for resources managed by Commonwealth entities. It requires entities to exercise the proper use and management of public resources — with ‘proper’ meaning efficient, effective, economical and ethical.

Records management in the PGPA Act

Other Australian Government frameworks that address specific aspects of records management include the Data Availability and Transparency Act 2022, Australian Government Investigations Standard, the Commonwealth Grants Rules and Principles 2024, and the Commonwealth Procurement Rules.

Archives Act 1983

Paragraph 5(2)(c) of the Archives Act 1983 outlines obligations relating to the management of Commonwealth records and establishes the National Archives of Australia (National Archives).

National Archives is the lead agency within the Australian Government for guidance and advice on information management. As part of this function, National Archives:

• determines information management standards for Australian Government agencies;
• issues whole-of-government information management policies (National Archives’ current policy is Building trust in the public record: managing information and data for government and community);
• ensures the Australian Government creates and keeps records of its decisions and actions to demonstrate accountability to the community and evidence of the integrity of the operations of the Australian Public Service (APS);
• authorises destruction of records with no ongoing value to government or community ; and
• selects and preserves the most significant records of the Australian Government and makes them available to government and community.

National Archives developed the Information Management Standard for Australian Government to assist Australian Government entities to create and manage information effectively. The standard presents eight principles for good information management and National Archives’ expectations for the management of business information.

Principles of the Information Management Standard for Australian Government

Public Service Act 1999

Good records management is aligned to the APS values, including the values of stewardship and being accountable, as set out in the Public Service Act 1999.

• Accountable: The APS is open and accountable to the Australian community under the law and within the framework of Ministerial responsibility.
• Stewardship: The APS builds its capability and institutional knowledge, and supports the public interest now and into the future, by understanding the long-term impacts of what it does.

Records management in the APSC’s Values and Code of Conduct in Practice

Under the APSC’s Stewardship Guidance, employees are responsible for: ‘ensuring complete, accurate, and appropriately accessible recordkeeping of key actions and decisions’. Information stewardship sustains public trust and confidence in the integrity of the APS.

Senate Procedural Order of Continuing Effect 12: Orders for documents

As a transparency measure, entities are required to table file lists every six months. The list should be indexed and comprise titles of all files relating to policy-advising functions of the agency, including any relating to the development of legislation and other matters of public administration. The list should be accessible on the entity’s Internet home page. 

ANAO findings on records management

Performance audit

In the past five years, the majority of ANAO performance audit reports, including all 45 performance audit reports presented for tabling in the Parliament in 2023–24, included findings on deficiencies in records management.

Mentions of records management in performance audit reports, 2019–20 to 2023–24

Note: Audits without mentions of records management in overall conclusions or recommendations had comments on records management in the audit findings, key messages, and/or opportunities for improvement.

When the 41 records management recommendations are mapped against the National Archives’ Information Management Standard principles, the majority of recommendations relate to Principles 1 (governance of information) and 2 (creating necessary information that is fit-for-purpose).

Percentage of 2023–24 ANAO records management recommendations by Information Management Standard principles

The majority of performance audit reports presenting for tabling in 2023–24 examined governance or procurement (51 per cent). Procurement audits were the most likely to include records management recommendations, with seven (88 per cent) of eight procurement audits including recommendations on records management in 2023–24.

Government activities examined in 2023–24 ANAO performance audit reports

Performance statements audit

The ANAO audits annual performance statements to provide assurance to the Parliament that the information contained in the statements can be relied on and is supported by accurate records. By requiring entities to provide records to support their performance statements, the audits strengthen the ability of entities to produce high quality performance information.

In February 2025, the ANAO’s report on the 2023–24 performance statements audits of 14 entities was presented for tabling in the Parliament. Entities’ progress and capacity to produce meaningful performance information were examined against a maturity model for performance frameworks. The model comprises five categories including ‘reporting and records’, which considers whether performance statements are clear, meaningful and tailored to user needs, and whether records are accurate, complete, reliable, and easily retrievable. Across the 14 audited entities, the average maturity rating for ‘reporting and records’ was 2.8 (on a scale of 0 to 5), with three entities assessed at 4 or higher — Attorney-General’s Department; the Department of Industry, Science and Resources; and the Treasury.

Financial statements audit

The ANAO provides independent assurance on the financial statements and financial administration of all Australian Government entities.

Entities tend to have well-established systems configured to produce easily reconcilable financial statements. However, occasionally the ANAO has findings related to records management and financial statements (see Case study 2).

Analysis of recent ANAO audits highlights eight lessons on improving records management practices in Australian Government entities.

• Lesson 1: Promote a culture where records management is valued
• Lesson 2: Establish an information governance framework
• Lesson 3: Make records available for use and reuse
• Lesson 4: Use compliant records management systems
• Lesson 5: Ensure that official business communications are appropriately recorded
• Lesson 6: Integrate records management into business processes
• Lesson 7: Prioritise records management during machinery of government changes
• Lesson 8: Ensure records are complete and accurate

The further reading section provides links to: relevant ANAO and National Archives resources, and additional Insights products.

Lesson 1: Promote a culture where records management is valued

Actions entities could take to promote a culture where records management is valued include:

• in accordance with Principle 1 of the Information Management Standard, establishing an information management framework, including an information management policy, that supports information governance and the management of records;
• requiring that the role of the entity’s chief information governance officer includes advocating for, and setting the culture for, effective records management;
• advising staff of their responsibilities through induction and training;
• making good records management a component of individual performance agreements;
• informing staff of how to keep proper records through internal guidance, standard operating procedures and protocols;
• integrating specific records management actions into work procedures and processes;
• promoting the individual and organisational benefits of good records management;
• making the use of records management systems mandatory and addressing non-compliance when it occurs;
• prioritising records management systems when allocating business improvement resources;
• consulting users when designing and implementing records management tools and systems to ensure they support business processes and user needs;
• conducting regular compliance checks or internal audits of records management systems and practices;
• analysing annual information management maturity check-up survey scores to identify areas for improvement; and
• considering the implications of change management processes on records management. 

Lesson 2: Establish an information governance framework

Commitment to regular review and update of the information governance framework and information management strategy ensures that information management practice remains current and relevant.

Alignment of an information governance framework’s strategy, policy and practice

Source: Adapted from National Archives of Australia, Establishing an information governance framework, National Archives, Canberra, available from https://www.naa.gov.au/information-management/information-governance/establishing-information-governance-framework [accessed 19 June 2025].

Lesson 3: Make records available for use and reuse

To maintain the ongoing usability of its records, entities could regularly review:

• how information can be more easily shared with internal and external stakeholders;
• what information must be restricted (for example, for security or privacy reasons) ;
• whether business systems and governance structures should be integrated with system functionality that enables and disables information sharing as needed; and
• whether tools and systems should be updated to enable consistent entry of standardised descriptive data that supports sharing of information, with automated capability if possible.

By making records discoverable and reusable, entities build public trust in government information and operations. Records that are shared externally should:

• enable public discovery and reuse;
• meet open government objectives, including open access to information as a default position;
• comply with the public’s right of access, under the Archives Act 1983, Freedom of Information Act 1982 and Privacy Act 1988;
• maximise government, industry and public benefit from Australian Government information and data ; and
• position entities well for the audit process.

Lesson 4: Use compliant records management systems

An electronic document and records management system (EDRMS) is a software application used to manage:

• digital information, for example: word-processed documents, spreadsheets, images and datasets;
• digitised or scanned documents; and
• physical information, for example: paper records and physical objects. 

Other applications such as enterprise content management systems can also be used to manage information and data. These types of systems can help with information classification, management, use and search, storage and disposal. 

The selected system should:

• meet key standards such as ISO 16175, which provides internationally agreed principles and functional requirements for software applications used to create and manage digital information in office environments ;
• integrate with other key business systems; and
• be fit for the entity’s purposes.

Entities may manage electronic records via other means, such as through network drives or cloud-based file storage and collaboration systems. The suitability of these alternatives should be carefully considered for each entity. Managing electronic records in an EDRMS (instead of, for example, a network drive) reduces records management risk. Network drives are not intended for information management and are unlikely to meet Australian Government or international standards. The evolving nature of cloud-based file storage and collaboration systems requires entities to monitor their configuration to meet business needs and information requirements over time. While these systems usually have some information management functionality, some local configuration or governance may be needed to ensure it continues to be fit-for-purpose. It may need to be integrated with an EDRMS to be suitable and meet requirements. 

Entities may benefit from referring to the Business System Assessment Framework to assess the information management functionality of its systems. This enables entities to identify opportunities for improvement to the management of its business information.

Lesson 5: Ensure that official business communications are appropriately recorded

National Archives provides guidance that emails containing information with business value must be saved and managed appropriately. This includes emails:

• sent or received in the course of work;
• relating to work projects;
• approving actions; and
• providing business advice, giving a direction or recording a decision. 

Guidance for managing email can also be applied to instant messaging records. Emails or messages with little or no business value can be deleted according to the entity’s normal administrative practice. 

All digital information created from 1 January 2016 must be managed digitally (action 9 of the Building trust in the public record policy). Emails and messages should be stored in only digital format (not printed and stored on paper). Meetings with business value should be recorded and appropriately saved and managed. For meetings held with third parties, entities should consider developing meeting protocols that contain guidelines regarding risks associated with holding meetings in informal venues and properly recorded minutes.

Lesson 6: Integrate records management into business processes

Embedded records management practices can be achieved by setting up business rules in systems that require proper collection, filing and storage of records before enabling the user to advance in a business workflow.

• A case management system is recommended for entities looking to embed decision-making workflows for the management of contracts, investigations, services, human resources, complaints, compliance and claims. The system may be configured so that, before a file can be closed and/or another stakeholder can view and edit content, certain mandatory actions must be completed (for example, attaching key documents or signing off on procedural milestones). 
• In processes such as the development of annual performance statements, ‘signing packs’ containing key documents may also be implemented to help staff understand key record-keeping requirements.

Lesson 7: Prioritise records management during machinery of government changes

Record-related issues encountered during implementation of machinery of government changes include:

• insufficient planning and timeframes for system integration;
• difficulty migrating records due to differing system infrastructure;
• differences in system security classification levels between transferring and receiving entities;
• entities receiving inaccurate information about the physical records assets of transferred entities;
• difficulty verifying relevant records to transfer; and
• organisational and whole-of-government requirements being overlooked.

The Machinery of Government Changes Guide helps Australian Government entities navigate the practicalities of machinery of government changes. The guide states that records management is integral to due diligence entities are expected to exercise. Suggestions include:

• governance mechanisms and protocols for recording key decisions and tracking progress should be established by a steering committee overseeing the implementation of the machinery of government change;
• the steering committee should assign a sole responsible owner of records policy and management; and
• sole ownership of records policy and management should continue beyond the completion of the machinery of government change.

Entities should also ensure that when they are absorbing additional functions, the records on the implementation of parliamentary committee or ANAO recommendations made to the former holder of those functions are transferred and become the responsibility of the receiving entity.

Records management advice and support related to machinery of government changes, including transfer of records, can be sought from National Archives and the Department of Finance’s guidance on Information Assets.

Lesson 8: Ensure records are complete and accurate

Principle 3 of the Information Management Standard lays out three recommended actions to help facilitate complete and accurate record keeping.

• Analyse and describe what needs to be known about business information so that all needed information can be easily found, understood and used.
• Determine what level of description is adequate.
• Design or provide tools and systems that:
  • where possible, automate the collection and management of descriptive information;
  • enable staff to enter descriptive information in a consistent manner; and
  • where required, standardise description to support sharing and interchange of quality data between internal and external systems.

With the rapid growth in technology, entities increasingly have opportunities to adopt tools and systems to support complete and accurate record keeping. For example, voice-to-text technologies can be used to generate transcripts of panel meetings on grants or procurement assessments, to ensure comprehensive records on the selection process.

ANAO links

• 2023–24 Performance Audit Outcomes | Australian National Audit Office (ANAO)
• ANAO Annual Report 2023–24 | Australian National Audit Office (ANAO)
• Audit Matters 1 — September 2024 | Australian National Audit Office (ANAO)
• Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2024 | Australian National Audit Office (ANAO)
• Performance Statements Auditing in the Commonwealth — Outcomes from the 2023–24 Audit Program | Australian National Audit Office (ANAO)
• Public sector accountability – the ANAO’s role | Australian National Audit Office (ANAO)
• Reporting Meaningful Performance Information | Australian National Audit Office (ANAO)

External links

National Archives of Australia

• Agency Service Centre | naa.gov.au
• Building trust in the public record | naa.gov.au
• Getting started with information management | naa.gov.au
• Government Agencies Information Network (GAIN) Australia | naa.gov.au
• Information management for records created using Artificial Intelligence (AI) technologies | naa.gov.au
• Information management legislation | naa.gov.au
• Information Management Standard for Australian Government | naa.gov.au
• Integrity and Information Management: guidance for Australian Government agencies | naa.gov.au
• Managing social media and instant messaging (IM) | naa.gov.au
• Your social media policy – what about records? | naa.gov.au

Legislation

• Archives Act 1983
• Public Governance, Performance and Accountability Act 2013
• Public Service Act 1999

Other

• APS Values and Code of Conduct in practice | Australian Public Service Commission
• Australian Government Investigations Standards | Attorney-General’s Department
• Case Management Standard | Australian Government Architecture (DTA)
• Commonwealth Procurement Rules | Department of Finance
• Information management | Department of Finance
• Machinery of Government (MoG) | Australian Public Service Commission
• Machinery of Government Changes Guide | Department of Finance