The audit objective was to assess the effectiveness of the Department of Health’s records management arrangements, including Health’s progress in transitioning to digital records management.

Summary and recommendations

Background

1. Records management is the ‘efficient and systematic control of the creation, receipt, maintenance, use and disposition of records, including processes for capturing and maintaining evidence of, and information about, business activities and transactions in the form of records.’1 Proper records management is an essential foundation for sound public administration, where entities operate in an environment of high accountability. Records created by government entities document the information on which decisions are based and provide evidence of decision-making processes which can later be scrutinised.2

2. The Archives Act 1983 (Archives Act) sets out the basic legislative definitions and framework for managing Australian Government records. The Archives Act also outlines the requirements of entities in relation to the preservation, access and destruction of information which is created or received in the course of undertaking government business.

3. Advances in information technology have required government entities to reassess the systems and practices traditionally used to record and manage information arising from their day-to-day operations, with new standards for information management being progressively introduced into public administration practices. To guide entities in the move towards digital information and records management, the Australian Government released the Digital Transition Policy in 2011. The policy requires entities, amongst other things, to self-assess their progress towards the policy’s goals by way of an annual online questionnaire developed by the National Archives of Australia (Archives).

4. The Department of Health (Health) implemented its first digital records management referencing system, COReDOCS, in 1997. Following an eight year (2003 to 2011) internal assessment and approval process, Health commenced a project to upgrade the COReDOCS system in 2012 with a specialist electronic document records management system (known as TRIM EDRMS), at a cost of some $5.4m.3 The project objective was to expand the existing paper-based system into a full EDRMS solution to meet the department’s records and document management requirements.

Audit objective and criteria

5. The audit objective was to assess the effectiveness of the Department of Health’s records management arrangements, including Health’s progress in transitioning to digital records management.

6. To form a conclusion against the audit objective, the audit examined whether Health has:

  1. developed an appropriate information management strategy to provide a framework for an effective and efficient records management system which delivered identified business needs;
  2. an appropriate governance framework to assist in effectively managing its records; and
  3. effectively rolled-out the TRIM EDRMS to maximise system benefits, and implemented operational measures to maintain the ongoing integrity of data.

Overall conclusion

7. The Department of Health’s records management requirements are not consistently applied and the transition to a robust digital information and records management system remains incomplete.

Supporting findings

Health’s information management strategy and governance arrangements

8. Health does not currently have an overarching information management framework and has not articulated how its information as a whole is managed. Similarly, Health is yet to develop an information management strategy which describes the department’s current records management environment, its short, medium and long term goals, and outlines the basis for planning to meet organisational records management targets, such as the goals for paper-based records reduction.

Planning and governance of the TRIM EDRMS implementation

9. It took some eight years (2003 to 2011) for Health to assess the feasibility of a new EDRMS and secure internal approval for its implementation. Health advised that the delay was primarily due to budgetary constraints, a lack of experienced records management staff and limited executive support for the project.

10. The TRIM EDRMS project was included as part of the Departmental National Alignment (DNA) change program with oversight by the Better Business Tools Program Board. The project’s scope was limited to incorporating two business systems—COReDOCS4 and TRIM Context5—for replacement as recordkeeping6 systems by TRIM EDRMS.

11. A Risk Management Plan was developed for the EDRMS project in June 2011, and has remained in draft form. As at June 2015, the draft Risk Management Plan listed the status of treatments as being in progress and did not identify the controls in place to mitigate identified risks, notwithstanding statements in the plan that the controls are effective.

12. An EDRMS Quality Management Plan was developed in January 2012. While the plan sets out the quality assurance responsibilities and requirements for the EDRMS project, it was not formally approved and the department was unable to demonstrate that the plan had been referred to and used during the life of the project.

13. Prior to implementing TRIM EDRMS, Health did not undertake any analysis of which of its business systems potentially stored official records, and the department continues to use a number of other recordkeeping systems such as the common shared drive. This situation continues notwithstanding Health’s decision to make TRIM EDRMS the only recognised records management system within the department.

14. One risk of storing records outside TRIM EDRMS is that Health cannot provide assurance that it is compliant with Senate Procedural Order of Continuing Effect No. 12.

15. As at June 2015, the department had not conducted a post implementation review of the TRIM EDRMS project, which was closed in August 2013. During the course of the audit, Health acknowledged that its implementation of the TRIM EDRMS project was not fully effective, and advised the ANAO that it had initiated a remediation project. The application of key governance and risk management practices, such as the appointment of a senior responsible officer and use of a project oversight framework, would support the successful implementation of the remediation project.

16. The ANAO has made two recommendations aimed at strengthening the governance of Health’s records management and the department’s TRIM EDRMS remediation project.

Health’s progress in transitioning to digital records management

17. The Australian Government released the Digital Transition Policy in 2011. Among other things, the policy required entities to self-assess their progress towards the policy’s goals by way of annual online questionnaires (known as Check-up 2.0 and Check-up Digital).

18. Health did not develop a plan or strategy to monitor its status in complying with the Digital Transition Policy or the later Digital Continuity 2020 targets set by the Australian Government. The department advised the ANAO that its responses to Check-up 2.0 and the later Check-up Digital assessments were not considered by any of its executive or governance committees before they were provided to the Secretary for submission to Archives.

Health’s operation of the TRIM EDRMS

Staff training and support

19. Health provided both online and face-to face training to staff as part of the 2013 TRIM EDRMS roll-out, but it is not possible to determine with confidence how many staff participated. Staff were also advised that general records management training was a prerequisite to undertaking the TRIM EDRMS specific training. However, Health could not demonstrate that this requirement was monitored and followed up with staff.

20. The TRIM EDRMS training is now delivered online, with no face-to-face interaction. Training modules do not have an assessment component and are deemed to be completed once they have been run on the user’s desktop, without any monitoring to provide assurance that the staff member completed the training. Staff interviews undertaken by the ANAO indicated that approximately 30 per cent of interviewees had not undertaken the relevant training modules prior to using TRIM EDRMS, and many staff were not familiar with key departmental policies.

Creation, storage and destruction of records

21. The ANAO observed numerous instances of duplicated documents created and stored within the TRIM EDRMS, including drafts and different versions of the same document. Without any clear indicators or titling, this makes locating and identifying the final versions of documents difficult. Further, Health had not issued guidance to staff on the sentencing of digital records, to facilitate the authorised deletion of documents stored on TRIM EDRMS.

22. A core control within TRIM EDRMS to mitigate the risk of inadvertent or deliberate deletion of files/records is the ability to ‘finalise’ a document as an official record. This process effectively locks the document and prevents any further alteration or deletion. Whilst Health’s procedural guidance details how to finalise completed records, there is currently no requirement for staff to do so, and of the 6.3 million digital documents in the TRIM EDRMS, only 27 693 (0.4 per cent) had been finalised as records as at May 2015.

23. The ANAO observed a number of procedural shortcomings in relation to a recent destruction of Health records, and the documentation supporting the destruction process remains incomplete. Without complete documentation, the department would not be in a position to provide assurance that files/records were destroyed in accordance with the Australian Government Protective Security Policy Framework.

24. The ANAO has made two recommendations aimed at strengthening Health’s management of the disposal, deletion and destruction of departmental records.

Transfer of records following machinery of government changes

25. Health developed an entity-specific records authority for its core aged care business activities in 2011, and this authority was transferred to the Department of Social Services (DSS) as part of machinery of government changes in 2013. In practice, Health struggled to identify paper-based records relating to aged care for transfer to DSS.

26. There were also delays in transferring responsibility for electronic records from Health to DSS. Health identified the relevant aged care digital files through the TRIM EDRMS and an extract was provided to DSS to effect the transfer. The extraction and transfer of digital files from the TRIM EDRMS to DSS occurred in April 2015, some 16 months after the relevant Administrative Arrangements Order was made on 12 December 2013. The Archives benchmark for transfer is one month.7

Staff experiences using TRIM EDRMS and Health’s framework for assessing TRIM outcomes

The user experience

27. In considering user experiences with TRIM EDRMS, the ANAO interviewed 30 Health staff and also observed their ability to efficiently locate documents within the system.

28. Interviewed staff advised that following the implementation of TRIM EDRMS, they continued to hold records for use on a day-to-day basis in either the TRIM EDRMS or the shared drive, with some staff holding records on both systems. Only 23 per cent of the staff interviewed were aware of Health’s key policy document covering records management, Corporate Business Rule 2. Similarly, only 53 per cent of staff had an awareness of Health’s Business Classification System, which provides guidance to staff on standard naming conventions for the titling of all paper and digital files created in the department.

29. Only 18 per cent of documents previously identified by the ANAO as being filed within their work section were able to be located in TRIM by the interviewed staff. The ANAO observed that staff often needed to search a variety of potential title words or phrases before information or documents related to the target document were identified. The need to do so was due primarily to inconsistency in the titling of records.

Assessing the benefits of implementation

30. While expected outcomes and benefits were identified in the department’s Project Management Plan for TRIM EDRMS, the project checkpoints and outcomes were not formally monitored during implementation. As a consequence, Health was unable to assess or demonstrate whether the TRIM EDRMS project has realised its specified objectives.

Recommendations

Recommendation No.1

Para 2.9

To improve the governance of information and records management, the ANAO recommends that Health develops and implements an overarching information management framework which incorporates an information and records management strategy, against which performance can be measured.

Department of Health response: Agreed.

Recommendation No. 2

Para 2.30

To place the TRIM EDRMS remediation project on a sound footing, the ANAO recommends that Health:

  1. identifies a Senior Responsible Officer (SRO) with accountability for project implementation and delivery of outcomes;
  2. establishes a governance framework to oversee implementation of the project;
  3. implements a performance reporting framework to assess progress and outcomes; and
  4. develops a risk management plan for the project, including a strategy and timeframe for shared drives to become accessible as ‘read only’.

Department of Health response: Agreed.

Recommendation No. 3

Para 3.15

The ANAO recommends that Health prepares guidelines for sentencing digital records upon creation within TRIM EDRMS, and incorporates version control dates as part of its digital file titling protocols within the Business Classification System, to enable staff to more effectively sentence digital files.

Department of Health response: Agreed.

Recommendation No. 4

Para 3.40

To strengthen the management and control framework for the finalisation, deletion and destruction of records, the ANAO recommends that Health:

  1. develops criteria for the finalisation of records in TRIM EDRMS and requires staff to finalise records in accordance with the criteria; and
  2. documents files/records authorised for destruction and obtains confirmation that files/records are destroyed in accordance with the Australian Government Protective Security Policy Framework.

Department of Health response: Agreed.

Summary of entity response

The Department of Health summary response to the proposed report is provided below, while its full response is provided at Appendix 1.

The Department accepts the four recommendations and commits to addressing each of them. The findings will form a vital part of ensuring that Health implements an effective program of work to lift the digital information and records management capability of the organisation.

1. Background and context

Overview

1.1 Records management is the ‘efficient and systematic control of the creation, receipt, maintenance, use and disposition of records, including processes for capturing and maintaining evidence of, and information about, business activities and transactions in the form of records.’8

1.2 Departments of State, such as the Australian Government Department of Health, have an obligation to ensure that key decisions and events are recorded in a way that captures the important features of a discussion or decision.9 Effective records management facilitates informed decisions, enables government entities to discharge accountability and advisory obligations to government and the Parliament, and to contribute effectively to audit, Freedom of Information (FOI) and administrative review processes. It also enables departments to protect the Commonwealth’s interests in the event of disputes and legal action.

Australian Government records

1.3 The Archives Act 1983 (Archives Act) sets out the basic legislative definitions and framework for managing Australian Government records. The Archives Act also outlines the requirements of entities in relation to the preservation, access and destruction of information which is created or received in the course of undertaking government business.

1.4 Entities are responsible for applying appropriate records management practices to meet their responsibilities under the Archives Act. In recent years the National Archives of Australia (Archives) has released detailed guidance to assist entities develop and maintain appropriate records management practices. The guidance relates to: information governance and frameworks; the creation, capture and description of records; record storage and security; preservation of records; and which records are to be kept, destroyed or transferred to the Archives. 10

1.5 A key aspect of Archive’s responsibilities under the Archives Act is to authorise the disposal or destruction of records by Australian Government entities, as summarised below.

  1. Methods of Destruction

Entities are able to dispose of or destroy records under various authorities in accordance with the Archives Act as follows:

  • Normal Administrative Practice (NAP)—allowing entities to dispose of low-level records which have short term value;
  • general records authorities—allowing entities to dispose of records which form part of the common business activities undertaken by the entity;
  • entity-specific records authorities—covering individual business activities undertaken by entities and which are specifically agreed with Archives and published on its website; and
  • legislative authorities—entities may be permitted to destroy particular records under specific legislation governing their operations.

Entities may also be specifically precluded from disposing of, or destroying, records where Archives has issued a ‘disposal freeze’ or ‘records retention notice’.

Source: Section 24 of the Archives Act 1983.

Australian Government Digital Transition Policy

1.6 Advances in information technology have required government entities to reassess the systems and practices traditionally used to record and manage information arising from their day-to-day operations, with new standards for information management being progressively introduced into public administration practices.

1.7 The Australian Government’s Digital Transition Policy was released in July 2011.11 The purpose of the policy is to move all Australian Government entities to digital information and records management for efficiency purposes.

1.8 To assist entities to meet their responsibilities under the policy, Archives introduced the Check-up 2.0 online questionnaire in 2011. Entities were required to submit annual self-assessments of their records management status against the Check-up 2.0 ‘minimum requirements for basic information and records management’ to the Archives. In 2014 Archives replaced Check-up 2.0 with Check-up Digital, a questionnaire intended to encourage entities to focus on business benefits and adopt a risk-based approach to information management. The questionnaire also provided entities the opportunity to gauge the maturity of their digital information management, and set clear directions for improved digital practices.

Health’s record holdings and systems

1.9 Health introduced its first electronic records management system, TRIM Context, in 1985, and its first digital records management system, COReDOCS, in 1997. Before 1985, Health maintained all of its official records in paper-based files and has continued to create paper-based files in some circumstances. Paper files continued to be required in certain situations for security classification reasons, and in other instances continued to be created due to staff preferences.

1.10 Health advised the ANAO that it held more than 1.79 million physical paper-based files as at 28 February 2015.12 Apart from files held by staff on Health’s premises for current access, the majority of paper-based files are stored in standard sized cardboard boxes at specialist records management facilities.13 Health also advised the ANAO that the annual cost of storing its paper-based records is approximately $720 000.14

1.11 Between 1997 and 2013, records of Health’s official business activities were stored on a range of platforms, in addition to COReDOCS:

  1. TRIM Context: a commercial application used by the department for the management of paper files;
  2. File Request Database: a bespoke Lotus Notes application for electronic submission of paper file management requests by staff;
  3. shared computer drive locations for electronic files; and
  4. the Lotus Notes email system.

1.12 Health replaced the COReDOCS system in 2013 with an updated specialist electronic document records management system (EDRMS), referred to as TRIM EDRMS in this audit report.

1.13 Figure 1.1 provides a timeline of significant changes to Health’s recordkeeping arrangements since the first electronic records management system was introduced in 1985.

Figure 1.1: Timeline of key events impacting records management at Health since 1985

Source: ANAO.

Health’s TRIM Electronic Document Records Management System (EDRMS)

1.14 In 2003, Health commenced investigating a number of suitable EDRMS solutions to replace COReDOCS. In 2009, Health established the EDRMS Project to procure and implement an EDRMS solution to enable the department to manage its increasing volume of electronic records, and to meet the records management requirements of the Archives Act. In March 2009, the department’s executive committee approved the EDRMS Project and allocated capital funding of $5.4 million with operational requirements to be absorbed within the information technology divisional budget. The EDRMS project objective was to expand the existing paper-based TRIM Context (Records Management System) into an EDRMS solution to meet the department’s records and document management requirements.

1.15 Commencement of the agreed TRIM EDRMS project took a further two years (2010 to 2011), and following pilot roll-outs in South Australia and the Office of Health Protection in 2012, Health implemented TRIM EDRMS across the department in August 2013 to replace the existing COReDOCS digital recordkeeping system.

1.16 The TRIM EDRMS database is maintained on Windows Servers and an Oracle database (metadata) repository. A front end Graphical User Interface (GUI) provides the primary user interface for TRIM EDRMS. The GUI allows Health staff to add and manage records but does not allow them access to the underlying TRIM EDRMS databases.

1.17 At the time of the audit, access to oversight and management of the TRIM EDRMS database was provided through Health Administrators (located in the Records Management Unit and Information Technology Division) and outsourced providers.

1.18 The TRIM EDRMS is identified in Health’s internal corporate policies as the official ‘recordkeeping system’ capable of storing departmental records. As at 30 April 2015 Health had more than 205 other separate computer systems to assist staff in carrying out their duties to deliver its 10 business outcomes. Health has not assessed all of these systems to identify if they contain potential records.

1.19 Health has estimated that it has approximately 6.3 million digital documents ‘filed’ in the TRIM EDRMS, with some 52 920 new digital files created since 2013.15 Table 1.1 identifies the number of paper and digital files created each year since the implementation of the TRIM EDRMS. Health advised the ANAO that during Financial Year 2014–15 there was a number of records management projects that resulted in the increase to paper file creation.

Table 1.1: Files created in Health’s TRIM EDRMS

 

Financial Year 2012–13

Financial Year 2013–14

Financial Year 2014–15

Total

Paper files

24 049

10 772

14 062

48 883

Digital files

21 354

23 260

13 138

57 752

Source: Health TRIM EDRMS Extract.

1.20 Health also creates potential records through staff sending and receiving electronic emails. Health advised the ANAO that during the four week period from 30 March 2015 to 26 April 2015 a total of 1 323 236 emails were sent from, and 2 843 146 emails were received by, the department. Health further advised that these numbers are typical of the current volume of email traffic. The high volume of email traffic poses a significant ongoing challenge for Health’s records management, as staff need to identify which emails should be classified as an official record and ensure they are appropriately filed within TRIM EDRMS.16

Previous audit coverage

1.21 The ANAO has previously undertaken four performance audits which have considered the effectiveness of government entities in meeting their records management responsibilities.17 A key conclusion reached in the two most recent audits was that entities needed to make an ongoing commitment to meet their records management responsibilities, especially in an environment where, increasingly, records are created and stored electronically.

1.22 Previous ANAO performance audits have also identified recordkeeping and records management as an area requiring the department’s focus, particularly relating to incomplete, inaccurate, duplicated and inaccessible records of key decisions and actions.18

Audit objective, criteria and scope

1.23 The audit objective was to assess the effectiveness of the Department of Health’s records management arrangements, including Health’s progress in transitioning to digital records management.

1.24 To form a conclusion against the audit objective, the audit examined whether Health has:

  1. developed an appropriate information management strategy to provide a framework for an effective and efficient records management system which delivered identified business needs;
  2. an appropriate governance framework to assist in effectively managing its records; and
  3. effectively rolled-out the TRIM EDRMS to maximise system benefits, and implemented operational measures to maintain the ongoing integrity of data.

1.25 To assess the status of Health’s information and records management framework and governance arrangements, and its progress towards implementing the Australian Government’s Digital Transition Policy, the ANAO examined records management (and relevant information management) strategies, policies and guidelines, as well as systems and training materials relating to the creation, maintenance and destruction of records.

1.26 In considering Health’s selection and implementation of the TRIM EDRMS, and how the department assessed the realisation of benefits arising from its use, the ANAO reviewed governance and other documents which supported the TRIM EDRMS implementation project.

1.27 In conducting the audit, the ANAO met with the department’s Chief Operating Officer and Chief Information Officer, and interviewed key records management, business continuity, ICT, legal and freedom of information staff, including third party contract support staff. The ANAO also interviewed 30 staff representatives (at APS grades APS4 to EL2) across some 27 branches regarding recordkeeping arrangements and practices, and reviewed the ease with which those staff were able to access documents filed within the TRIM EDRMS.

1.28 Some Health portfolio entities and the Therapeutic Goods Administration (TGA)19 also use the TRIM EDRMS. The use of TRIM by the TGA and portfolio entities was outside the scope of this audit.

1.29 The audit was conducted in accordance with ANAO auditing standards at a cost to the ANAO of approximately $459 000.

2. Health’s information management strategy and governance arrangements

Areas examined

This chapter reviews the strategic framework and governance arrangements implemented by Health to support its records management, including the digitisation of historical records. It also examines Health’s assessment of its records management needs and risk analysis while planning the implementation of a new electronic document records management system, known as TRIM EDRMS.

Conclusion

While the implementation of TRIM EDRMS was formally completed in 2013, key elements of a robust digital and information records management framework remain incomplete, and the department did not conduct a post implementation review of the TRIM EDRMS project. Health has initiated a TRIM EDRMS remediation project to address shortcomings.

Areas for improvement

The ANAO has made two recommendations aimed at strengthening the governance of Health’s records management and the department’s TRIM EDRMS remediation project.

The ANAO has also suggested that Health consider incorporating an appropriate reference to recordkeeping in staff duty statements over time, and identify all systems used to maintain official records and assess the risks of holding records within them.

Introduction

2.1 With the increasing use of digital information to support government business, entities derive benefit from a strategic vision of how their information and records management requirements will be met in the present and future. A clear strategic vision can assist entities to implement information technology solutions that are best suited to their operational requirements. Once implemented, records management systems need to be supported by an effective governance framework and guidance that is well understood by staff and easy to apply. The ANAO examined the implementation of Health’s TRIM EDRMS and the governance arrangements in place to support the system.

Has Health developed an effective information and records management governance framework?

Health does not currently have an overarching information management framework and has not articulated how its information as a whole is managed. Similarly, Health is yet to develop an information management strategy which describes the department’s current records management environment, its short, medium and long term goals, and outlines the basis for planning to meet organisational records management targets, such as the goals for paper-based records reduction.

2.2 Information governance addresses how an organisation’s information assets are managed to support organisational outcomes. Any information created and captured as evidence of an entity’s business should be managed as a record, including emails, social media, databases, websites or content on mobile devices, business systems or other digital technologies.20 The National Archives of Australia (Archives) advises entities that three key documents lay the foundations for effective information governance:

  1. an information and records management framework;
  2. an information and records management strategy; and
  3. an information and records management policy.

2.3 Table 2.1 summarises Health’s progress in developing these documents.

Table 2.1: Health’s information governance documentation

Information Governance documentation

Health’s Status

Information and Records Management Framework

Information component not developed

Information and Records Management Strategy

Strategy not developed

Information and Records Management Policy

Information component not developed

Information and records management framework

2.4 Archives guidance advises that an information and records management framework should:

outline the legal, regulatory and business context within which information and records are created, used and managed.21

2.5 An overarching information management framework lays the foundation for how an entity manages the information being created and received through all aspects of its day-to-day activities. Specifically, an information management framework identifies and defines how all types of information (including data, documents, records or datasets) is managed to support organisational outcomes.22

2.6 Records management is a sub-component of information management. If a comprehensive records management framework is not in place, the completeness and integrity of the records base is brought into question.23

2.7 Health has developed a records management framework and associated guidance and policies, outlined within its Corporate Business Rule 2 – Records Management (CBR2).24 The department has not yet developed an overarching information management framework and has not articulated how its information as a whole is managed. In the context of its implementation of the Australian Government’s Digital Transition Policy, the department should develop an overarching information management framework.

Information and records management strategy

2.8 An information and records management strategy sets out the planned approach to information and records management to meet current and future organisational needs and regulatory requirements. It should describe the current status, short, medium and long term goals and provide the basis for planning to meet organisational targets.25 These considerations are particularly relevant in the context of working towards implementation of the Australian Government’s Digital Continuity 2020 Policy and Health’s TRIM EDRMS remediation project discussed in paragraph 2.29. Health did not have an information and records management strategy at the time of the audit, and could usefully develop a strategy to guide its future initiatives and approach to performance measurement.

Recommendation No.1

2.9 To improve the governance of information and records management, the ANAO recommends that Health develops and implements an overarching information management framework which incorporates an information and records management strategy, against which performance can be measured.

Entity response: Agreed.

Information and records management policy

2.10 An information and records management policy is a key guidance document for staff. Setting out the expectations, responsibilities, practices and benefits of good information and records management, the policy should build on, and reference, the framework and strategy documents discussed above. In particular:

records management responsibilities and authorities should be defined and assigned, and promulgated throughout the organisation, so that, where a specific need to create and capture records is identified, it should be clear who is responsible for taking the necessary action.26

2.11 Health has addressed the issue of roles and responsibilities in its Corporate Business Rule 2 – Records Management. Over time, variations in Health’s structural arrangements have resulted in changes to the policy owner responsible for the oversight of records management within Health, and the removal of roles that were assigned responsibilities within the document. These developments were not reflected in the policy reviewed by the ANAO. For instance, as at May 2015 the Information Technology Division roles and responsibilities documented within Corporate Business Rule 2 did not align with the documented responsibilities of identified positions within the Division. Health subsequently updated Corporate Business Rule 2 in June 2015 to address the issues outlined above.

2.12 To help create a robust and accountable records management environment within an organisation, the relevant standard indicates that responsibilities in relation to records management should be captured within the duty statements for all staff, not just record management professionals.27 For records management unit (RMU) staff, Health included relevant duties and obligations for records management in their duty statements. A sample of duty statements examined by the ANAO, for staff not working within the RMU28, indicated that the duty statements did not incorporate any responsibilities for recordkeeping. There would be merit in Health incorporating an appropriate reference to recordkeeping in staff duty statements over time.

Did Health’s project planning and governance facilitate the implementation of the TRIM EDRMS?

It took some eight years (2003 to 2011) for Health to assess the feasibility of a new EDRMS and secure internal approval for its implementation. Health advised that the delay was primarily due to budgetary constraints, a lack of experienced records management staff and limited executive support for the project.

The TRIM EDRMS project was included as part of the Departmental National Alignment (DNA) change program with oversight by the Better Business Tools Program Board. The project’s scope was limited to incorporating two business systems—COReDOCS and TRIM Context—for replacement as recordkeeping systems by TRIM EDRMS.

A Risk Management Plan was developed for the EDRMS project in June 2011, and has remained in draft form. As at June 2015, the draft Risk Management Plan listed the status of treatments as being in progress and did not identify the controls in place to mitigate identified risks, notwithstanding statements in the plan that the controls are effective.

An EDRMS Quality Management Plan was developed in January 2012. While the plan sets out the quality assurance responsibilities and requirements for the EDRMS project, it was not formally approved and the department was unable to demonstrate that the plan had been referred to and used during the life of the project.

2.13 Prior to 1997, Health’s official business activities were primarily recorded and maintained in paper-based files. In 1997 Health implemented a bespoke version of the Lotus Notes Document Management System for electronic records, known as COReDOCS, in response to the increasing volume of digital data.

2.14 By 2002 Health recognised that COReDOCS was no longer able to meet its business needs and began considering a replacement EDRMS. As an interim solution the department made shared computer drive locations accessible to staff to enable electronic files to be created, stored and accessed.

Implementation timeline

2.15 The TRIM EDRMS project commenced in 2009-10 and was rescheduled for the 2010–11 financial year to allow time to engage additional experienced resources either through staff recruitment or the use of contractors. Further delays were experienced during this time due to TRIM EDRMS version incompatibility with the department’s new desktop software. A revised project approach was developed and approved by Health’s Executive Committee in April 2011, with work commencing under the governance of the EDRMS Project Steering Committee. The implementation timeline for the revised project from 2011 is summarised at Table 2.2.

Table 2.2: TRIM EDRMS implementation timeline since 2011

Activities

Date

Project Plan for the TRIM EDRMS project (approved by the Better Business Tools Program Board in October 2011).

September 2011

Pilot roll-outs in South Australian State Office and Central Office (Office of Health Protection).

July & September 2012

Full production roll-out to all Health staff.

October 2012 to August 2013

Project closure approved by the Deputy Secretaries.

August 2013

Source: Department of Health documentation.

2.16 The roll-out phase for the EDRMS project commenced with two pilots, conducted in the South Australian State Office during July 2012 and in Central Office (the Office of Health Protection) during September 2012. Health advised the ANAO that system and training improvements were made as a result of the two pilots, but Health did not document the nature of these improvements.

2.17 The full production roll-out of the TRIM EDRMS occurred between October 2012 and August 2013.

Project planning and procurement strategy

2.18 A Risk Management Plan was initially developed for the TRIM EDRMS project in June 2011, and Health advised that the plan was updated and provided to key governance boards during the life of the project. The Risk Management Plan was not finalised and has remained in draft form. As at June 2015, the draft plan listed the status of treatments as being in progress and did not identify the controls in place to mitigate identified risks, notwithstanding statements in the plan that the controls are effective.

2.19 A TRIM EDRMS Quality Management Plan was developed in January 2012. While the plan sets out the quality assurance responsibilities and requirements for the TRIM EDRMS project, it was not formally approved and the department was unable to demonstrate that the plan had been referred to and used during the life of the project.

2.20 A procurement strategy for the TRIM EDRMS project, prepared with reference to the Commonwealth Procurement Guidelines29, was approved by the Chief Operating Officer in September 2011. The Procurement Strategy divided procurement related activities into five independent procurement modules and for each procurement process the department established a Tender Evaluation Committee and utilised advice from probity advisors. The ANAO did not review the procurement processes undertaken by the department for the TRIM EDRMS project as part of this audit.

Did Health analyse the location of potential records before transitioning to TRIM EDRMS?

Prior to implementing TRIM EDRMS, Health did not undertake any analysis of which of its business systems potentially stored official records, and the department continues to use a number of other recordkeeping systems such as the common shared drive. This situation continues notwithstanding Health’s decision to make TRIM EDRMS the only recognised records management system within the department.

2.21 While TRIM EDRMS is the only recognised records management system within the department, Health currently uses other recordkeeping systems including:

  1. the common shared drive used to file records prior to the introduction of TRIM EDRMS, which remains accessible as a ‘read-write’ system. This is despite Health’s intention that the shared drive would be primarily a read-only system following the roll-out of TRIM EDRMS; and
  2. the standalone computer and database supporting management of the national medical stockpile.30

2.22 Prior to implementing TRIM EDRMS, Health did not undertake any analysis of which of its business systems potentially stored official records. The Archives notes that a specialised EDRMS provides the security, access, version control and audit functionality required for better practice information management. There would be merit in Health identifying those systems used to maintain official records and assess the risks of holding records within them. This would assist in considering if such systems should be made compliant with the EDRMS characteristics noted above or if the information they contain should be transferred or cross-referenced into TRIM EDRMS.

What are the risks to the department of storing records outside TRIM EDRMS?

One risk of storing records outside TRIM EDRMS is that Health cannot provide assurance that it is compliant with Senate Procedural Order of Continuing Effect No. 12.

2.23 Senate Procedural Order of Continuing Effect No. 12: Indexed Lists of Departmental and Agency Files, requires Australian Government entities to create an indexed list of the titles of all relevant files, including new parts of existing files, created by them in the preceding six months (commencing on 1 January and on 1 July, respectively), and to place the listing on their website on the Internet.31

2.24 The Check-up 2.0 questionnaires (discussed further at paragraph 2.32) for each of the three years 2011—2013 asked entities:

‘To what extent does your agency meet the requirements of the Senate Procedural Order of Continuing Effect No. 10: Indexed Lists of Departmental and Agency Files?’

2.25 For each of the three years Health’s self-assessed rating for this question was:

‘6=Excellent’.

2.26 Health advised the ANAO that the compilation of the listing for the Senate Procedural Order does not include any files created on its shared drive. Health has continued to allow files to be created and stored on its shared drive even after the implementation of the TRIM EDRMS, despite the operating instruction that TRIM EDRMS is to be used as the only recordkeeping system.

2.27 As a result it is not possible for Health to provide assurance that the listing it creates complies with Senate Procedural Order of Continuing Effect No. 12.

Did Health conduct a post implementation review?

As at June 2015, the department had not conducted a post implementation review of the TRIM EDRMS project, which was closed in August 2013.

During the course of the audit, Health acknowledged that its implementation of the TRIM EDRMS project was not fully effective, and advised the ANAO that it had initiated a remediation project. The application of key governance and risk management practices, such as the appointment of a senior responsible officer and use of a project oversight framework, would support the successful implementation of the remediation project.

2.28 The Australian Standard on Records Management indicates that following the implementation of an EDRMS solution, entities should undertake a post implementation review. The purpose of the review is to assess if the original objectives and business needs for the project have been met and to identify key lessons learned to be applied to future systems implementations. As at June 2015, the department had not conducted a post implementation review of the TRIM EDRMS project which was closed in August 2013.

2.29 In September 2015, Health advised the ANAO that it had initiated a TRIM EDRMS remediation project in order to address the shortcomings identified in this performance audit. The project would benefit from the application of better practice relating to governance, risk management and performance measurement, including the appointment of a senior responsible officer accountable for the project’s implementation.32

Recommendation No.2

2.30 To place the TRIM EDRMS remediation project on a sound footing, the ANAO recommends that Health:

  1. identifies a Senior Responsible Officer (SRO) with accountability for project implementation and delivery of outcomes;
  1. establishes a governance framework to oversee implementation of the project;
  1. implements a performance reporting framework to assess progress and outcomes; and
  1. develops a risk management plan for the project, including a strategy and timeframe for shared drives to become accessible as ‘read only’.

Entity response: Agreed.

Does Health have governance arrangements to oversee the implementation of key government digital policies?

The Australian Government released the Digital Transition Policy in 2011. Among other things, the policy required entities to self-assess their progress towards the policy’s goals by way of annual online questionnaires (known as Check-up 2.0 and Check-up Digital).

Health did not develop a plan or strategy to monitor its status in complying with the Digital Transition Policy or the later Digital Continuity 2020 targets set by the Australian Government. The department advised the ANAO that its responses to Check-up 2.0 and the later Check-up Digital assessments were not considered by any of its executive or governance committees before they were provided to the Secretary for submission to Archives.

2.31 The purpose of the Digital Transition Policy33 is to move all Australian Government entities to digital information and records management for efficiency purposes. When introduced in 201134, the policy required all entities to:

  1. enlist senior management support to drive change;
  2. complete a self-assessment records management status questionnaire (Check-up 2.0);
  3. reduce paper stockpiles;
  4. manage digital information wherever it is held; and
  5. consider what resources are needed.

2.32 To assist entities to move towards the digital information and records management environment intended under the Digital Transition Policy, Archives introduced the Check-up 2.0 online questionnaire for government entities in July 2011. Check-up 2.0 required all entities to self-assess their information and records management capability for each of the three years from 2011 to 2013, and was followed by a Check-up digital assessment in 2014.

2.33 The department did not develop a plan or strategy to monitor its status in complying with the 2011 Digital Transition Policy and transitioning to the targets set out as part of the later Digital Continuity 2020 initiative.35 Going forward, there would be merit in Health establishing appropriate governance and oversight arrangements to monitor its implementation of these government policy initiatives.

2.34 Health advised the ANAO that its responses to both the Check-up 2.0 and Check-up Digital assessments were not considered by any of its executive or governance committees before they were provided to the Secretary for submission to Archives. In considering its governance arrangements, Health should also reflect on how best to progress and monitor unfinished business such as: decommissioning of the shared drive; the development of a policy to address the sentencing of digital records; and the identification of historical records to be digitised so as to reduce its holdings of paper-based records.

3. Health’s operation of the TRIM EDRMS

Areas examined

This chapter examines the training and support provided to staff using the TRIM EDRMS. It also reviews Health’s practices for creating, storing and destroying records. The transfer of aged care records from Health to the Department of Social Services (DSS), following a machinery of government change, is also examined.

Conclusion

While Health implemented staff training and support initiatives during and subsequent to the TRIM EDRMS rollout, there were some weaknesses in the overall approach.

Business records continue to be stored and managed outside Health’s mandated recordkeeping system, TRIM EDRMS. A lack of guidelines for sentencing digital records has affected Health’s ability to effectively create and efficiently retrieve documents in TRIM EDRMS. Controls over the deletion of digital files could be strengthened and the ANAO found procedural shortcomings in the destruction of paper-based records.

Health advised that significant difficulties were encountered in identifying paper-based records relating to aged care for transfer to DSS as part of a machinery of government change. The extraction and transfer of digital files from Health’s TRIM EDRMS to DSS occurred in April 2015, some 16 months after the relevant Administrative Arrangements Order was made. The Archive benchmark for transfer is one month.

Areas for improvement

The ANAO has made two recommendations aimed at strengthening Health’s management of the disposal, deletion and destruction of departmental records.

The ANAO has also suggested that the department consider incorporating relevant guidance, in Corporate Business Rule 2, on the use of mobile phones to potentially create records. There would also be benefit in considering training issues in the context of the new TRIM EDRMS remediation project.

Introduction

3.1 The effective roll-out and operation of an EDRMS relies heavily on the provision of: staff training and support; and the availability of up-to-date reference materials. The ANAO examined the guidance and training made available within Health at the time of the rollout and on an ongoing basis, as well as the practicalities for Health staff in managing records on TRIM.

Did Health provide appropriate support and training for users of the TRIM EDRMS?

Health provided both online and face-to face training to staff as part of the 2013 TRIM EDRMS roll-out, but it is not possible to determine with confidence how many staff participated. Staff were also advised that general records management training was a prerequisite to undertaking the TRIM EDRMS specific training. However, Health could not demonstrate that this requirement was monitored and followed up with staff.

The TRIM EDRMS training is now delivered online, with no face-to-face interaction. Training modules do not have an assessment component and are deemed to be completed once they have been run on the user’s desktop, without any monitoring to provide assurance that the staff member completed the training. Staff interviews undertaken by the ANAO indicated that approximately 30 per cent of interviewees had not undertaken the relevant training modules prior to using TRIM EDRMS, and many staff were not familiar with key departmental policies.

3.2 Health staff can currently access TRIM EDRMS guidance in three ways:

  1. reference material available on the intranet–outlining Health’s expectations of staff, procedural guidance and advice on good recordkeeping practices;
  2. a help desk–offering support during business hours can be contacted via email or telephone; and
  3. online training modules–completed by staff at their own pace.

Reference material and help desk

3.3 The provision of up-to-date guidance materials can help users to understand both their responsibilities and how to use the TRIM EDRMS system appropriately. Reference materials are documented on the intranet, and staff are directed to reference points for the system including initial training, policy, and procedural documentation relating to file titling, appropriate use, access controls and digital file structure. The TRIM EDRMS functionality is also addressed within a guidance document setting out key areas such as adding and editing documents, access controls and the search function.

3.4 Since December 2014, Health has provided graduated support to staff and improved oversight of technical issues to systems administrators. Depending on the nature of the problem, user support for the TRIM EDRMS is provided by either the Information Technology (IT) Help Desk, the Records Management Unit (RMU) or the IT Division (ITD) technical assistance. This model has evolved since the TRIM EDRMS system was first implemented. At that time, all calls were directly routed to RMU’s TRIM EDRMS Help Desk.

Training environment

3.5 The ANAO reviewed the training environment from the time leading up to the TRIM EDRMS rollout in 2013 through to May 2015. The content, method of delivery and take up of training were examined.

Pre-rollout training

3.6 The importance of appropriate training was highlighted in the 2005 business case for the TRIM EDRMS. The business case identified that unless users were provided with the appropriate level of hands-on training they would avoid storing documents in the system and would continue to use the shared drive or their personal drives.

3.7 In response Health developed an approach recommending mandatory face-to-face training for all staff in relation to the principles of records management36, in addition to the training required for the operation of the TRIM EDRMS (computer-based classroom training). The proposed approach was not approved by the executive, on the basis of cost, and a revised training approach was adopted. Staff were expected to complete either: an online questionnaire (10 questions); an e-learning module; or a one hour face-to-face training session. Staff were also expected to complete mandatory computer-based EDRMS training.

3.8 General records management training for staff was undertaken between May 2012 and August 2012. Health advised the ANAO that of the 5183 staff at Health at the time37, one hour face-to-face training was provided to 810 staff nationally (16%), with 754 recorded as receiving a pass. In addition, 1621 staff (31%) completed the online module and the remainder either undertook the online quiz to complete their training (2518 or 49%)38, or did not undertake any training (234 or 4%). Health did not follow up with staff in relation to attendance. Face-to-face training ended in August 2012, and has not been offered since. The online module and quiz remain available for use, and completing one of these options is a current prerequisite to obtaining full user access to the TRIM EDRMS.

3.9 The TRIM EDRMS training was delivered in the two months preceding the 2013 rollout. Staff were advised that general records management training was a prerequisite to undertaking the TRIM EDRMS specific training. However, Health could not demonstrate that this requirement was monitored and followed up with staff. Health’s records indicate that the TRIM EDRMS specific training had a higher attendance rate than the general records management training, with 84 per cent of staff undertaking the computer-based training module in a classroom setting (involving face-to-face interaction), in the lead up to the implementation of the system.

Post-rollout training

3.10 All TRIM EDRMS training is now delivered online, with no face-to-face interaction. In order to gain read/write access to TRIM EDRMS, users must undertake both an online general records management training course and the online module of the TRIM EDRMS specific training. Neither online course has an assessment component and is deemed to be complete once the modules have been run on the user’s desktop. There is no monitoring to provide assurance that the staff member actually completed the training.

3.11 Approximately one third of a sample of 30 Health staff interviewed by the ANAO indicated that they had not undertaken the relevant training modules prior to using TRIM EDRMS. Further, the ANAO’s staff interviews relating to knowledge of two of the key documents guiding recordkeeping policy (Corporate Business Rule 2 – Records Management (CBR2) and the Business Classification System (BCS)) suggest that the level of training, communication and engagement within Health requires review. Of the 30 staff interviewed by the ANAO, over 75 per cent were not familiar with Corporate Business Rule 2, and 45 per cent were not familiar with the Business Classification System. Training issues could usefully be considered as part of the new TRIM EDRMS remediation project.

3.12 Health advised the ANAO that due to internal resourcing priorities, it does not engage in active promotion of staff responsibilities for records management.

Does Health have appropriate arrangements in place for records creation, storage and retrieval?

The ANAO observed numerous instances of duplicated documents created and stored within the TRIM EDRMS, including drafts and different versions of the same document. Without any clear indicators or titling, this makes locating and identifying the final versions of documents difficult. Further, Health had not issued guidance to staff on the sentencing of digital records, to facilitate the authorised deletion of documents stored on TRIM EDRMS.

Records creation

File titles

3.13 Health has implemented processes to oversee quality assurance of file names relating to both paper and digital files created by Health staff within the TRIM EDRMS. A third party service provider39 assesses file names at the time of creation in accordance with a Business Classification System specified by Health. The use of a Business Classification System assists Health in managing and sentencing its records.40

3.14 As at June 2015 Health had not issued guidelines on the sentencing of digital files created within the EDRMS, which has affected the quality assurance process for file titling. Further, Health does not routinely create files that have a date included in the title to facilitate records management and sentencing, a practice which can impact on the efficiency and effectiveness of sentencing and record retrieval within the department.

Recommendation No.3

3.15 The ANAO recommends that Health prepares guidelines for sentencing digital records upon creation within TRIM EDRMS, and incorporates version control dates as part of its digital file titling protocols within the Business Classification System, to enable staff to more effectively sentence digital files.

Entity response: Agreed

Shared drives and emails

3.16 The departmental shared drive was intended to be accessible as primarily a read-only system following the roll-out of the EDRMS. At the time of the roll-out in August 2013, Health staff were encouraged to transfer existing shared drive documents onto EDRMS. However, the shared drive has remained fully accessible to all staff since the roll-out, resulting in inconsistent use of the TRIM EDRMS platform by staff. While some branches have effectively moved their operations onto the EDRMS platform, other areas continue to use the shared drive not only to access existing documents but to store newly created records.

3.17 ANAO interviews with Health staff indicated that a range of electronic systems, including shared drives and the email system (Outlook) are used by staff to store and manage business records, and these records are not consistently captured within the EDRMS. As shown in Figure 3.1, the space used by the shared drive has grown since the introduction of TRIM EDRMS in 2012, as staff continue to store documents outside the prescribed EDRMS platform.

Figure 3.1: Size of shared drives

Source: ANAO analysis of Health data.

Duplicate documents

3.18 The ANAO observed numerous instances of duplicated documents created within the EDRMS, including drafts and different versions of the same document without any clear indicators or titling to identify which version was the final one. The proliferation of documents can affect the ready identification and retrieval of official records. To help avoid the proliferation of documents, relevant strategies could be incorporated in departmental training and guidance.

Mobile phones

3.19 Health’s records management policy, Corporate Business Rule 2, does not address the potential for staff to communicate with the department, or the Minister’s office, via a mobile phone belonging to the individual or the department. It is possible that such communications, in the form of emails or short message service (SMS) transcripts41, could involve exchanges of information or commentary that potentially would be classified as a record from Health’s perspective.42 There would be benefit in the department incorporating relevant guidance in Corporate Business Rule 2.

Records storage and retrieval

3.20 To effectively support business activities, and satisfy legislative and accountability requirements43, entities need to be able to access and use all of their records as necessary, in whatever format they are stored, and wherever they might be located. This is especially relevant in the context of high volume digital information, which needs to be ‘discoverable, accessible and useable.’44

Metadata

3.21 The efficient retrieval of records in a TRIM EDRMS environment requires the system to be configured in a way that reflects its business operations and that will support search and retrieval of documents on the basis of a wide range of parameters which represent the record’s underlying metadata. Such parameters include the numeric identifier assigned to the record, the title of the document or file, the timing of the document’s creation, and the original creator of the document or record. 45 TRIM EDRMS is a specialist records management system, and has been configured by Health to capture and store relevant operational and metadata details when business records are created.

Storage of paper-based records

3.22 The storage requirements for Health’s records, especially those in paper-based and other physical formats, present significant challenges.

3.23 Health currently has some 56 560 lineal metres of records held in storage boxes. Whilst the majority of these files were created after 1970 some storage boxes also contain files recording matters since Health commenced operations in 1921. The majority of paper-based files are held in off-site document storage facilities managed by third parties, with an undetermined number of Health files also retained by Archives.46

3.24 A large percentage of Health’s paper-based files are included in TRIM EDRMS as a digital file item, referencing the number and location of the physical paper-based file. Many other historical paper-based files are listed on compact disks which record details transferred from old index cards used prior to the introduction of computerised records management systems in the 1980s. In addition, Health has estimated that some 43 000 historical files currently in storage are not recorded in any system. Health advised the ANAO that listings of those historical files were being compiled.

3.25 The relevant support services contract made provision for a file census each year to confirm the existence and location of Health’s paper-based files. In 2012, as a cost-saving measure, Health decided to suspend the annual file census, which was last conducted in 2013.47

Physical objects storing records

3.26 As at 30 April 2015, Health had referenced more than 3200 files on TRIM EDRMS as records containing information in various formats other than paper or digital documents. These files contained one or more items, including: USB keys, films and DVDs, voice and video cassette tapes, compact discs, floppy discs, books, photos and negatives. The ANAO analysed a sample of 300 files to determine the nature of the storage media items included in the listing. Table 3.1 summarises the contents of the file listings examined, many of which contained multiple elements.

Table 3.1: Content of physical items listed as records within TRIM EDRMS

Item description

Number of items in the 300 sample files

Voice and Video cassettes

168

Compact disc

453

USB key

26

Film or DVD

3

Other items (including books, photos, negatives, floppy disks etc.)

309

No item description recorded, or item contents described as ‘unknown’

164

Source: ANAO analysis.

3.27 As indicated in Table 3.1, some 164 items reviewed by the ANAO were inadequately described. Shortcomings in the description of such items have implications for their ongoing management and future retrieval.

Document Search

3.28 The EDRMS search facility does not support the identification of records attached to emails. At best the search may identify the host email if there is an exact match of identifying terminology contained within the title or body of the attachment.

Does Health have arrangements in place for records disposal that meet Archive requirements?

A core control within TRIM EDRMS to mitigate the risk of inadvertent or deliberate deletion of files/records is the ability to ‘finalise’ a document as an official record. This process effectively locks the document and prevents any further alteration or deletion. Whilst Health’s procedural guidance details how to finalise completed records, there is currently no requirement for staff to do so, and of the 6.3 million digital documents in the TRIM EDRMS, only 27 693 (0.4 per cent) had been finalised as records as at May 2015.

The ANAO observed a number of procedural shortcomings in relation to a recent destruction of Health records, and the documentation supporting the destruction process remains incomplete. Without complete documentation, the department would not be in a position to provide assurance that files/records were destroyed in accordance with the Australian Government Protective Security Policy Framework.

3.29 Archives has recently reinforced the need for entities to implement an appropriate management plan to retain official records only for as long as they are operationally or legislatively required.48 Decisions on keeping, destroying or transferring records are regulated by the Archives Act, and there are three main ways in which most entities can delete or destroy their records:

  1. Normal Administrative Practice — entities may dispose of low-level records which have short term value;
  2. general records authorities (GRAs)49—allow entities to dispose of records which form part of the common business activities undertaken by the entity; and
  3. entity-specific records authorities—cover individual business activities undertaken by entities which are specifically agreed with Archives.

3.30 Normal Administrative Practice allows entities to destroy certain types of records without seeking specific prior permission from Archives. Guidance provided by Archives suggests that entities undertake a risk assessment on their business operations to identify those records where Normal Administrative Practice can be applied.50 Archives also suggests that records subject to destruction using Normal Administrative Practice will generally fall into one of five broad categories:

  1. facilitative, transitory or short term items such as staff appointment diaries and personal items, and most emails that have been captured by the entity’s EDRMS;
  2. rough working papers or calculations;
  3. drafts not intended for further use or reference;
  4. copies of material retained for reference purposes only; and
  5. published material not included as part of an entity’s records.

3.31 To supplement its Records Management Policy document (CBR2), Health prepared a Normal Administrative Practice Policy document in May 2012. The policy applies to: all departmental staff; all aspects of the department’s operations; and records in all formats created and received as part of the department’s business that are not needed as evidence of that business.51

3.32 The ANAO noted many examples of records in the TRIM EDRMS, especially drafts and duplicate copies of documents, which were more than 12 months old and met the criteria for deletion under the Normal Administrative Practice policy. Consistent and timely application of the policy would help reduce the number of unnecessary records retained by Health and lessen the related call on IT resources and storage costs.

3.33 As at 31 March 2015, Archives had issued six entity-specific records authorities covering 10 core business areas within Health.52 Health advised the ANAO that it is liaising with Archives to finalise further entity-specific records authorities which will cover six more of its core business activities.

Deleting files in the TRIM EDRMS

3.34 The integrity of an entity’s records base relies heavily on sufficient controls being in place to monitor and detect inappropriate file deletions from its recordkeeping systems. User access and modification controls contribute to the effective protection of documents and files from unauthorised alteration or destruction.53

3.35 Within the TRIM EDRMS, Health staff can currently delete electronic documents that have not been finalised in two ways. Documents can either be moved via a drag and drop action into the electronic recycle bin, or can be moved to the recycle bin by accessing and selecting the delete document option which gives the user the opportunity to select a reason for the deletion, based on normal administrative procedure. For those documents that have been dragged and dropped, a manual review is performed by the records management unit to identify the affected files, and apply a normal administrative procedure reason. However, this process is not documented and does not have an audit trail. Further, there is currently no review process by managers or the records management unit to verify the appropriateness of the normal administrative procedure reason selected by staff for files transferred into the recycle bin.

3.36 A core control within TRIM EDRMS to mitigate the risk of inadvertent or deliberate deletion is the ability to ‘finalise’ documents as an official record. This process effectively locks the document and prevents any further alteration or deletion in the TRIM EDRMS. Of the 6.3 million digital documents in the TRIM EDRMS, only 27 693 (0.4 per cent) had been finalised as records as at May 2015. While the control has been documented in Health’s procedures and the relevant guidance document explains how to finalise a record, the department does not require staff to finalise records, nor provide criteria to guide staff as to when finalisation is appropriate.54

Destruction of paper-based records

3.37 Prior to 2014, Health did not directly destroy any of its paper-based records. Records were destroyed by other entities, primarily Archives, on Health’s behalf.55 In the case of Health records held by Archives, departmental permission is required for destruction. When the expiry date for destruction is reached, Archives contacts Health to advise that it has assessed the records as having no historical significance and therefore considers they do not warrant continued retention.

3.38 In 2014 Health initiated its first destruction of records under the Administrative Functions Disposal Authority general records authority, coordinated by the department’s third party provider of records management services. The service provider individually listed on a spreadsheet a number (2481) of administrative record files as at 29 July 2014 that had passed their sentencing date and were due to be destroyed. Health did not advise the service provider of any instructions or requirements relating to the destruction, nor did it specify the number of files authorised for destruction.

3.39 The service provider subsequently arranged for the physical destruction of the Health files to be facilitated by another records management firm. However, the Certificate of Destruction provided to Health by the sub-contracted firm did not identify who undertook the destruction of the records, or where the destruction of records took place. Nor did the certificate confirm the actual number of records/files destroyed. As a consequence, Health’s record of the destruction process remains incomplete, and the department would not be in a position to provide assurance that files/records were destroyed in accordance with the Australian Government Protective Security Policy Framework.

Recommendation No.4

3.40 To strengthen the management and control framework for the finalisation, deletion and destruction of records, the ANAO recommends that Health:

  1. develops criteria for the finalisation of records in TRIM EDRMS and requires staff to finalise records in accordance with the criteria; and
  1. documents files/records authorised for destruction and obtains confirmation that files/records are destroyed in accordance with the Australian Government Protective Security Policy Framework.

Entity response: Agreed

Was there a timely transfer of aged care records following machinery of government changes?

Health developed an entity-specific records authority for its core aged care business activities in 2011, and this authority was transferred to the Department of Social Services (DSS) as part of machinery of government changes in 2013. In practice, Health struggled to identify paper-based records relating to aged care for transfer to DSS.

There were also delays in transferring responsibility for electronic records from Health to DSS. Health identified the relevant aged care digital files through the TRIM EDRMS and an extract was provided to DSS to effect the transfer. The extraction and transfer of digital files from the TRIM EDRMS to DSS occurred in April 2015, some 16 months after the relevant Administrative Arrangements Order was made on 12 December 2013. The Archives benchmark for transfer is one month.

3.41 The Administrative Arrangements Order (AAO) of 12 December 2013 transferred responsibility for the aged care function from Health to the Department of Social Services (DSS).

3.42 Archives states that the basic principle applying to administrative changes is for the records to follow the business.56 In line with this principle, the records associated with the aged care function became the responsibility of DSS when the AAO was made.

3.43 When a transfer occurs, several issues require consideration: identification of the affected records (both electronic and physical); management responsibility for physical files; and putting in place relevant records authorities.

3.44 Health determined, on advice from its records management service provider, that paper-based files relating to aged care could not be separately identified and removed from storage. Health’s contract with the service provider did not require the detailed contents of individual files to be catalogued, which meant that without a full stocktake (at considerable cost to Health), paper-based files relating to aged care were not discernible from other Health related files. For those files that were separately identified, there was uncertainty between DSS and Health around the number of boxes containing physical files to be transferred and the quality of data relating to the content of storage boxes. The matter remained unresolved as at 30 June 2015, some 18 months after the transfer of functions.

3.45 The difficulties encountered in identifying relevant files arose largely from the practice of storing Health’s paper-based files solely on the basis of their sentencing expiry date. If files were boxed on the basis of their source business activity or division, as well as their sentencing expiry date, identification difficulties would have been much reduced. Lessons learned from this experience could usefully inform arrangements for the storage of future paper-based records.

3.46 Archives recommends that records be transferred within one month of an AAO being made.57 At the time of the audit, most physical files relating to Aged Care were still held by Health, with notional management transferred to DSS in November 2014 for some identified physical files.58 The cost of identifying individual files for transfer was considered prohibitive by Health, and it was agreed that the files would transfer upon individual request by DSS. All requests were managed by Health’s service provider, which had responsibility for accessing requested files and providing them to DSS.

4. Staff experiences using TRIM EDRMS and Health’s framework for assessing TRIM outcomes

Areas examined

This chapter reviews the experiences of Department of Health staff in using TRIM EDRMS and the steps taken by Health to assess the benefits realised following the system’s implementation.

Conclusions

The level of understanding of records management policies and practices by Health staff is variable. Inconsistent titling of stored files and records filed in systems other than the TRIM EDRMS hinders staff in efficiently and effectively locating business records.

The expected outcomes and benefits identified as part of the TRIM EDRMS project planning were not formally monitored during or after implementation. As a consequence Health was unable to assess or demonstrate whether the TRIM EDRMS project realised its specified objectives.

Introduction

4.1 If the implementation of an electronic document records management system (EDRMS) is well managed, it should result in a system that is straightforward to understand and easy for staff to use. It should also deliver operational benefits. Assessing the use of an EDRMS, and monitoring the benefits resulting from its implementation, can improve its operation and contribute to operational efficiency.

4.2 To assess the level of staff familiarity with, and opinions on using TRIM EDRMS, the ANAO interviewed a random sample of 30 Health staff, selected across 15 divisions and covering some 27 different branches, regarding records management practices. More than 75 per cent of staff interviewed had been employed at Health for more than 3 years. The interviews related to:

  1. creating and capturing records;
  2. describing records (metadata);
  3. training and support;
  4. understanding of Health’s recordkeeping policies and procedures;
  5. storing records;
  6. accessing and using records; and
  7. the performance of TRIM EDRMS.

4.3 To help assess whether staff could readily locate files within the system, staff were also asked to search for and locate a document within TRIM EDRMS that had been previously identified by ANAO as having been created within the staff member’s work area.

What is the user experience of TRIM EDRMS?

In considering user experiences with TRIM EDRMS, the ANAO interviewed 30 Health staff and also observed their ability to efficiently locate documents within the system.

Interviewed staff advised that following the implementation of TRIM EDRMS, they continued to hold records for use on a day-to-day basis in either the TRIM EDRMS or the shared drive, with some staff holding records on both systems. Only seven (23 per cent) of the staff interviewed were aware of Health’s key policy document covering records management, Corporate Business Rule 2. Similarly, only 16 staff (53 per cent) had an awareness of Health’s Business Classification System, which provides guidance to staff on standard naming conventions for the titling of all paper and digital files created in the department.

Only 18 per cent of documents previously identified by the ANAO as being filed within their work section were able to be located in TRIM by the interviewed staff. The ANAO observed that staff often needed to search a variety of potential title words or phrases before information or documents related to the target document were identified. The need to do so was due primarily to inconsistency in the titling of records.

Creating and capturing records

4.4 Following implementation of the TRIM EDRMS, staff were able to continue to use the shared drive to file records. Staff interviewed by the ANAO indicated that they held records for use on a day-to-day basis in both the TRIM EDRMS and the shared drive. Overall, some 25 per cent of the work files of interviewed staff were located on the shared drive.

Training and support

4.5 As noted earlier, Health provided both classroom and computer-based training options for staff at the time the EDRMS was implemented. Staff are now required to complete computer-based e-Learning modules covering general records management as well as basic functionality in TRIM EDRMS before they are given full access to the system. Of the staff interviewed, only 22 (70 per cent) had completed general records management training and 23 staff (73 per cent) advised that they had received training on the use of TRIM EDRMS. Seven staff (23 per cent) indicated they would like to receive more training on records management and the use of the TRIM EDRMS.

Understanding Health’s policies and procedures on records management

4.6 A number of the staff interviewed indicated that the department’s policies and procedures in relation to records management were not easy to understand and many were not aware of how to implement key aspects of Health’s records management policy and guidance. Only seven (23 per cent) of the staff interviewed were aware of Health’s key policy document covering records management, Corporate Business Rule 2. Similarly, only 16 staff (53 per cent) had an awareness of Health’s Business Classification System, which provides guidance to staff on standard naming conventions for the titling of all paper and digital files created in the department.

Performance of TRIM EDRMS

4.7 A key concern expressed by 23 (77 per cent) of the interviewed staff was that they regularly experience slow response times from TRIM EDRMS.

4.8 Staff were also asked to comment on the process of checking documents back into the EDRMS after they had finished using them.59 A total of 14 staff (47 per cent) stated that the checked-in status of documents was not always clearly shown by the EDRMS. Staff also identified delays ranging from 10 minutes to a full working day to check documents in.

Searching for and locating a specific document in TRIM EDRMS

4.9 To assess whether staff could readily locate files within the system, staff interviewed by the ANAO were asked to search for and locate a document within TRIM EDRMS that had previously been identified by ANAO as having been created within the staff member’s work area. Only 18 per cent of the documents previously identified by the ANAO as being filed within their work section could be located by staff. The ANAO observed that staff often needed to search a variety of potential title words or phrases before information or documents related to the target document were identified. The need to do so was due primarily to inconsistency in the titling of records. Staff generally supported this observation by suggesting that, notwithstanding the Business Classification System, the approach taken to title individual files can vary significantly between work units.

4.10 Two key determinants of how efficiently and effectively staff are able to locate documents are the consistency of titling for stored files and whether records are located in systems other than the TRIM EDRMS. Both issues were highlighted by the interviewed staff, who also noted that the TRIM EDRMS search function beyond section level has been disabled by Health due to system capacity constraints.

Did Health assess the benefits arising from implementation of TRIM EDRMS?

While expected outcomes and benefits were identified in the department’s Project Management Plan for TRIM EDRMS, the project checkpoints and outcomes were not formally monitored during implementation. As a consequence, Health was unable to assess or demonstrate whether the TRIM EDRMS project has realised its specified objectives.

4.11 The identification of expected outcomes and benefits during the planning stages of a project allows for the subsequent evaluation of project performance in order to determine whether benefits have been realised.60

4.12 Health drafted an assessment framework for the TRIM EDRMS project in its Project Management Plan and Roadmap. The assessment framework comprised three components: outcome(s)/benefits; benefits realisation; and key performance indicators for progress checkpoints.

4.13 The expected outcomes and benefits as stated in the draft TRIM EDRMS Project Management Plan included:

  • improved and ongoing compliance with government recordkeeping obligations;
  • improved mitigation of the risks surrounding poor recordkeeping and corporate document management;
  • improved reuse and sharing of accurate information and improved version control;
  • improved ability to efficiently capture and manage the increasing volume of electronic documents and records including emails; and
  • a reduction of paper files, paper usage and associated costs.

4.14 The department assumed that staff would use electronic files wherever possible, and would only create paper files by exception. It calculated anticipated benefits based on: savings in the physical cost of creating paper files; savings in staff time in creating paper files; a reduction in the outsourced provider costs of paper file storage; and efficiencies from staff take-up of TRIM EDRMS.

4.15 With the exception of the number of paper-based files created, Health did not formally monitor the outcomes and benefits that were set out in the TRIM EDRMS Project Management Plan. The TRIM EDRMS Project Closure Report stated that as at August 2013, 68 per cent of staff were using TRIM EDRMS and there was a 63 per cent reduction in the creation of new paper files compared with the same time in the previous financial year (prior to roll-out).

4.16 The department’s failure to monitor the full range of expected outcomes and benefits identified in the TRIM EDRMS Project Management Plan means that it is not able to assess or demonstrate whether the project has realised its specified objectives.

Appendices

Appendices

Please refer to the attached PDF of the report for the Appendices:

  • Appendix 1: Entity response

Footnotes

1 Standards Australia, Australian Standard—Records Management – Part 1 AS ISO 15489.1—2002, 3 Terms and definitions, p. 3.

2 Management Advisory Committee Report No. 8, Note for File—A Report on Recordkeeping in the Australian Public Service, Canberra, August 2007, Preface. The Report also observes that all Australian public servants:

‘have an obligation to ensure that key decisions and events are recorded in a way that captures the important features of a discussion or decision, presents a faithful and accurate account of the key things that have occurred and can easily be retrieved when needed.’

3 The TRIM EDRMS project approval allocated capital funding of some $5.4 million with operational requirements to be absorbed within the information technology division budget.

4 Prior to the implementation of its first digital records management system (COReDOCS) in 1997, Health maintained all of its official records in paper-based files and has continued to create paper-based files in some circumstances. Paper files continued to be required in certain situations for security classification reasons, and in other instances continued to be created due to staff preferences.

5 TRIM Context is a commercial application used by the department for the management of paper files.

6 The terms records management and recordkeeping have the same meaning throughout this report.

7 National Archives of Australia [Internet], NAA, available from <http://www.naa.gov.au/records-management/agency/keep-destroy-transfer/fo...> [accessed 29 June 2015].

8 Standards Australia, Australian Standard—Records Management – Part 1 AS ISO 15489.1—2002, 3 Terms and definitions, p. 3.

9 Management Advisory Committee Report No. 8, Note for File—A Report on Recordkeeping in the Australian Public Service, Canberra, August 2007, Preface. The APSC also advises that one indicator of meeting APS values relating to accountability includes ‘good record systems’.

10 The key information governance documents and templates recommended by the Archives are available from Archive’s website at [Internet] <http:// www.naa.gov.au/records-management/strategic-information/information-governance/key-documents/index.asp> [accessed 29 June 2015].

11 For details of the Digital Transition Policy, refer to [Internet] < http://www.naa.gov.au/records-management/digital-transition-and-digital-continuity/digital-transition-policy/index.aspx> [accessed 26 June 2015].

12 This number excludes files or records previously identified as forming part of the National Archives and transferred to Archives.

13 The usual measure to record the number of boxes containing multiple files in storage is lineal metres, which reflects the length of shelf space taken up by the boxes when placed side by side. Health currently estimates it has over 56 560 lineal metres of shelf space taken up by its paper files and other physical objects records.

14 During the course of the audit, Health was preparing a Request for Tender (RFT) for the provision of office support services, including records management. Health advised the ANAO that the proposed scope of this RFT includes an option to extend the scope of services to include the sentencing and digitisation of offsite paper-based records holdings as a discrete project. Archives defines sentencing as: ‘the process of identifying and classifying records according to a disposal authority and applying the specified disposal action’. Refer to [internet]< http://www.naa.gov.au/Images/Sentencing_tcm16-47302.pdf

15 Digital ‘files’ are created within TRIM EDRMS and newly created documents are then saved into these files. When TRIM EDRMS was rolled out in 2013 Health staff were also able to transfer current working documents from the existing COReDOCS EDRMS system and from the shared drive by saving them within TRIM EDRMS. Individual staff were responsible for deciding what was transferred.

16 Health moved from using the Lotus Notes system to the Microsoft Outlook system to process emails in 2014. A number of Health staff advised the ANAO that transferring email records out of Microsoft Outlook and into TRIM EDRMS individually is more difficult and time consuming than it was using the Lotus Notes system where emails could be uploaded in bulk.

17 Relevant ANAO audit reports include: Report No.53, 2011–12 Records Management in the Australian Public Service; Report No.6, 2006–07 Recordkeeping including the Management of Electronic Records; Report No.7, 2003–04 Recordkeeping in Large Commonwealth Organisations; and Report No.45, 2001–02 Recordkeeping.

18 For example, ANAO Audit Report No.25, 2014–15 Administration of the Fifth Community Pharmacy Agreement, identified persistent shortcomings in Health’s recordkeeping relating to the agreement.

19 Health advised the ANAO in August 2015 that as part of the Department’s efficiency review, the Therapeutic Goods Administration was fully integrated into the department as the Regulatory Services Group.

20 National Archives of Australia [Internet], NAA, available from <http://www.naa.gov.au/records-management/strategic-information/information-governance/index.asp> [accessed 29 June 2015].

21 Available at NAA’s website [Internet] <http:// www.naa.gov.au/records-management/strategic-information/information-governance/key-documents/index.aspx> [accessed 29 June 2015].

22 Guidance on information governance is provided by the National Archives of Australia [Internet], available from <http://www.naa.gov.au/records-management/strategic-information/information-governance/index.aspx> [accessed 29 June 2015].

23 Standards Australia, Australian Standard—Records Management – Part 1 AS ISO 15489.1—2002, 6 Policy and responsibilities, p. 5.

24 During this performance audit, the records management framework available on Health’s intranet for use by staff was accessible via a download of the PDF version of the document. The PDF version was not up to date, and referred to the environment prior to the TRIM EDRMS rollout.

25 This approach is set out in Archives guidance at:[Internet] < http://www.naa.gov.au/records-management/strategic-information/information-governance/key-documents/policy.aspx> [accessed 29 June 2015], and in greater detail within AS 15489.1 (Standards Australia, op cit., AS ISO 15489.1, 8 Design and Implementation of a records system p.8). Archives provides reference material and templates, while the Standard provides guidance as to the content, which is consistent with Archives material.

26 Standards Australia, AS ISO 15489.1, 6.3 Access, retrieval and use, p.5.

27 Standards Australia, AS ISO 15489.1, 6.3 Responsibilities, p.5.

28 Duty statements were reviewed for APS4 to EL2 staff members (one duty statement reviewed at each level), in addition to the RMU team’s duty statements. A standard template is used for duty statements across the department, which is then adopted to suit the needs of the individual role.

29 The Commonwealth Procurement Guidelines were revised and reissued as the Commonwealth Procurement Rules from 1 July 2012.

30 The ANAO considered the information management systems relating to the national medical stockpile in Performance Audit Report No. 53, 2013–14 Management of the National Medical Stockpile, p. 75.

31 On 14 November 1994, the Senate agreed to a motion by Senator Brian Harradine requiring all Australian Government departments and agencies to produce an indexed list of files every six months for tabling before Parliament. The production of the list is intended to make the operations of government more transparent to the Australian public.

32 See ANAO Better Practice Guide— Successful Implementation of Policy Initiatives, October 2014, Canberra, Part 2 Building Blocks for Successful Implementation and Chapter 3, Part 2 – Governance.

33 Archives announced in May 2014 that it will develop a Digital Continuity 2020 Policy to build on the foundations of the Digital Transition Policy.

34 The Australian Government Digital Transition Policy was developed by the Department of the Prime Minister and Cabinet and approved in July 2011. Archives, in consultation with the Australian Government Information Management Office (AGIMO) and the Office of the Australian Information Commissioner (OAIC), is the lead entity for implementation of the policy across government.

35 The digital continuity initiative was launched to build upon the digital transition policy.

36 This training was to be based on the ‘Keep the Knowledge–Make a Record’ training package developed by Archives, available at [Internet] <http://naa.gov.au/records-management/development/keep-the-knowledge/index.aspx> [accessed 29 June 2015].

37 Formal records of the attendance rate of records management training were not kept by Health. The figures were obtained from the available information held in relation to training delivery.

38 The quiz contained 10 questions. A pass rate of seven out of 10 was required to be deemed a pass.

39 Since 2004 the department has engaged Converga Pty Ltd, a specialist business process firm, to provide various office services support functions, including record sentencing and coordinating all paper-based records storage and destruction.

40 As described in the publication National Archives of Australia, Sentencing, NAA, December 2007, available at [Internet] <http://www.naa.gov.au/records-management/agency/keep-destroy-transfer/se...> [accessed on 29 June 2015] sentencing is: ‘the process of identifying and classifying records according to a disposal authority and applying the specified disposal action’. Disposal authorities are issued by Archives following consideration of entities’ record retention requirements.

41 SMS is more commonly referred to as ‘text messaging’ which is a service component of phone, web-based, or mobile communication systems.

42 Archives identifies SMS as a potential record in the listing on their website, where they outline types of digital records. Accessible at: [Internet] <http://www.naa.gov.au/records-management/agency/digital/types-dr/index.aspx> [accessed 29 June 2015].

43 These include freedom of information requests, responding to parliamentary or ministerial enquiries, or providing information to courts or other judicial bodies as part of legal disclosure requirements. During 2013–14 Health received 314 freedom of information requests, provided 1384 ministerial briefings and received 20 legal information requests including subpoenas, summonses, discovery orders and notices to produce.

44 National Archives of Australia, Digital Continuity Principles [Internet], NAA, Principle 4, accessible at: [Internet] <http://www.naa.gov.au/records-management/agency/digital/digital-continuity/principles/index.aspx> [accessed 29 June 2015].

45 Metadata provides relevant digital information regarding the record, including who created and captured it and when it was captured as well as details about the content, appearance, structure and technical characteristics of the record. To assist entities create records with appropriate metadata, Archives has published the Australian Government Recordkeeping Metadata Standard Version 2.0 –July 2008 (AGRkMS) which describes information about records and the contexts in which they are captured and used. This is information that Archives recommends be captured in business systems used by Australian Government entities to create and capture records. Archives also published, in June 2011, the Australian Government Recordkeeping Metadata Standard Implementation Guidelines Version 2.0 to assist entities apply the Standard.

46 Excluding Archives, Health currently has boxes of files stored in external premises managed by two specialist records managers who have their own filing protocols to record the storage location of Health files within their facilities. TRIM EDRMS records the details of these location identifiers.

47 The 2013 census only covered files within Health’s offices and excluded files held in off-site storage facilities.

48 National Archives of Australia, Check-up Digital 2014, Canberra, Statement 2.4.

49 Records authorities are permissions provided by Archives following consultation with entities to determine which records created by an individual entity, or administrative records created by all entities, must be kept and which records can be destroyed. These permissions enable entities to comply with the requirements of Section 24 (2) (b) of the Archives Act. General records authorities identify the requirements for keeping or destroying a number of record types that are common to most Australian Government entities. Archives is responsible for preparing and issuing general records authorities.

50 National Archives of Australia, Normal administrative practice [Internet], NAA, available at: <http://www.naa.gov.au/records-management/agency/keep-destroy-transfer/nap/index.aspx> [accessed 29 June 2015].

51 Department of Health, Normal Administrative Practice (NAP) Policy, Canberra, 2012, Section 4.

52 Records which form part of the core business activity of an entity can only be destroyed in accordance with the permission conferred by a specific records authority, agreed between Archives and the entity. The process of agreeing an entity-specific records authority will identify those core business records that will be retained as part of the national archives, as well as the retention requirements for other records. In determining the retention requirements for core business records, consideration is given to the accountability requirements of the entity, its ongoing business needs, and community interests.

53 Standards Australia, AS ISO 15489.1, s. 8.3.6, Access, retrieval and use, p.10.

54 As discussed, the shared drives also continue to be used for records storage by staff. There is currently no facility to ‘finalise’ records on the shared drives.

55 In 2011, following authorisation by Health, Centrelink also undertook a destruction of paper-based records that it was holding for operational purposes on Health’s behalf.

56 See guidance from Archives in relation to transfers following administrative changes at <http://naa.gov.au/records-management/agency/keep-destroy-transfer/follow...> [accessed 29 June 2015].

58 In the course of the audit, Health advised the ANAO that a number of records were still being reviewed to determine whether their ownership should transfer to DSS.

59 When staff access and open a document from the TRIM EDRMS it is referred to as being checked-out and the system indicates its status. Staff may then amend the document and other staff are able to access the document in a read only mode whilst it remains checked-out. When staff have finished with the document it is saved and checked-in to the system.

60 A discussion of the benefits of monitoring, review and evaluation of project implementations is contained in Successful implementation of policy initiatives, Better Practice Guide, ANAO and Department of the Prime Minister and Cabinet, Canberra, October 2014, Chapter 8. Available at: [Internet] http://www.anao.gov.au/~/media/Files/BetterPracticeGuides.

Related documents: