Recordkeeping in Large Commonwealth Organisations
The audit reviewed the recordkeeping frameworks of four large Commonwealth organisations. The objective of the audit was to assess whether recordkeeping policies, systems and procedures were in accordance with relevant Government policies, legislation, accepted standards and recordkeeping principles, and applicable organisational controls.
Recordkeeping is a key component of any organisation's corporate governance and critical to its accountability and performance. A sound appreciation of recordkeeping assists an organisation to satisfy its clients' needs and also helps it to deal positively with legal and other risks. When linked with information management more broadly, sound recordkeeping can assist organisations' business performance by: better informing decisions; appropriately exploiting corporate knowledge; supporting collaborative approaches; and not wasting resources, for example by unnecessary searches for information and/or re-doing work.
In addition to it being good business practice for organisations to have sound recordkeeping practices, the statutory support for accountability within the Commonwealth, places significant responsibility for recordkeeping practices on the heads of organisations.
Modern electronic records and knowledge management techniques have allowed many organisations to identify opportunities for better performance. Some organisations are beginning to move to new approaches to recordkeeping. This transition is being assisted by recent developments in the recordkeeping profession in Australia and internationally. In this respect, the National Archives of Australia (National Archives) has developed, for example, e-permanence recordkeeping standards for Commonwealth organisations.
The audit objective was, for selected organisations, to:
- assess whether recordkeeping policies, systems and procedures were in accordance with relevant Government policies, legislation, accepted standards and recordkeeping principles, and applicable organisational controls; and
- identify better practices and recommend any improvements.
Audit focus and scope
The audit focused on both electronic and traditional records, using audit criteria that reflected key recordkeeping developments. The assessment was undertaken against recordkeeping aspects of each organisation's internal control framework.
The audit scope covered the records continuum from system design, record creation, maintenance and use, to disposal and archiving, as well as consideration of particular issues associated with electronic formats.
The audit also included the recordkeeping requirements of outsourced activities and functions of organisations. For the purposes of this audit, the term outsourcing covered any arrangement where a person or organisation, external to the participating Commonwealth organisation, performed tasks or provided services that could have been done by Commonwealth employees, regardless as to whether the external provider had undertaken the whole of the function or part thereof.
This audit is the second in a series of audits on recordkeeping1. The audit was conducted in four large and devolved Commonwealth organisations, namely:
- Department of Agriculture, Fisheries and Forestry;
- Department of Family and Community Services; and
- Department of Health and Ageing.
The ANAO concluded that the audited organisations met Government policies, legislation, accepted standards and principles to varying degrees. Although all organisations had taken active steps to improve their recordkeeping frameworks and practices, their recordkeeping policies, systems and procedures were at different stages of development.
The ANAO also concluded that there was a significant risk of the non-capture and unauthorised disposal of records because:
- organisations had not placed sufficient attention on the risks associated with recordkeeping, including those related to outsourced functions;
- formal recordkeeping systems, which are intended to provide for the appropriate maintenance of records, were not being used to their full potential as not all records were being entered into the recordkeeping system;
- limited controls were in place over electronic records, especially for those saved to shared network drives or personal workspaces;
- formal, long-term sentencing programs for the disposal of records were not in place, and instances of non-compliances with existing Records Disposal Authorities were identified;
- physical records were not being stored in compliance with National Archives' standards;
- contracts with outsourced providers did not include all of the recordkeeping elements recommended by National Archives, and minimal monitoring and review activities were being conducted to determine whether outsourced providers were meeting the recordkeeping requirements; and
- Business Continuity Plans did not identify organisations' vital records.
Sound and better practices
The audit identified examples of sound and better practices in organisations' recordkeeping frameworks. Good practices observed in at least one of the organisations were as follows:
- the records needed to be retained on-file for transactional services were specified in organisation policies;
- Chief Executive Officers provided visible support to, and endorsement of, better recordkeeping practices;
- the central records management unit reported to the Chief Information Officer, who was responsible for both recordkeeping and related information technology functions;
- references to better practice recordkeeping were included in performance agreements for senior and middle management;
- a ‘file note sheet' was used to record telephone conversations;
- regional areas provided on-the-job induction training, which included the organisational-wide recordkeeping requirements;
- bulletins on recordkeeping issues were circulated to appropriate staff;
- reviews of recordkeeping projects were reported to senior management; and
- half yearly reviews of files for compliance purposes were conducted.
All the audited organisations agreed to the recommendations. The comments provided by each of the audited organisations in response to the audit report are shown at Appendix 5.
1 The first audit was reported in ANAO Audit Report No.45 2001–02, Assurance and Control Assessment Audit, Recordkeeping, Canberra.