Browse our range of reports and publications including performance and financial statement audit reports, assurance review reports, information reports and annual reports.
Insights: Audit lessons
Published: Friday 20 June 2025
Published
Records Management is targeted at all Australian Government officials. It also benefits those in information management roles.
Contact
Please direct enquiries through our contact page.
Performance audit (Auditor-General Report No. 53 of 2011–12)
Published: Wednesday 27 June 2012
Published
To assess the extent to which agencies create, manage and dispose of records in accordance with key business, legal and policy requirements.
The agencies included in the audit were the: Australian Customs and Border Protection Service (Customs); Department of Immigration and Citizenship (DIAC); and the Department of the Treasury (Treasury). The audit also considered the Archives' response to Recommendation No. 1 from ANAO Audit Report No.6 2006, 07 Recordkeeping including the Management of Electronic Records, including whether they had clarified Australian Government records management requirements for agencies.
Entity
Across agencies
Performance audit (Auditor-General Report No. 10 of 2015–16)
Published: Tuesday 1 December 2015
Published
The audit objective was to assess the effectiveness of the Department of Health’s records management arrangements, including Health’s progress in transitioning to digital records management.
Entity
Department of Health
Contact
Please direct enquiries relating to reports through our contact page.
- Effective records management and accountability arrangements are integral to robust and successful corporate governance and public administration. Accordingly, entities need to document the outcomes of governance processes, particularly that of the Board that are related to the adherence to legal and policy requirements and execution of primary responsibilities of the organisation.
- In operating an Electronic Data Records Management System, entities should mandate its use and provide relevant training to all staff in order to ensure the full benefits are obtained through the consolidation of fragmented systems and manual records.
- An effective Electronic Data and Records Management System is essential for the management of digital records. The National Archives of Australia does not consider that network drives are acceptable for the storage of official records.
Performance audit (Auditor-General Report No. 30 of 1997–98)
Published: Thursday 18 December 1997
Published
The objectives of the audit were to:
- assist OGIT in the timely identification and correction of any deficiencies in the evaluation process;
- provide advice to the Parliament, the Government and other interested parties on the probity of the evaluation process; and
- test for adherence to legislative and other specified requirements, such as in industry development.
Entity
Office of Government Information Technology
- Public service stewardship is underpinned by effective records management that enables entities to anticipate and plan, record and measure outcomes, and learn and adapt. Effective records management aligned to the principle of stewardship involves entities going above minimal compliance with mandatory requirements and meeting the intent of the Archives Act 1983.
- Accountable authorities should regularly seek assurance that records management policies are current, consistent with the requirements of the Archives Act 1983 and Commonwealth Procurement Rules, and that those policies are being adhered to.
- Records management systems should maintain a complete record of decisions and actions, particularly where such information demonstrates the entity has fulfilled legislative and procedural requirements and supports conversations with internal and external stakeholders about the reasons for the decision. Point-in-time decisions should be readily identifiable to promote transparency and effective case management.
Performance audit (Auditor-General Report No. 32 of 2001–02)
Published: Thursday 14 February 2002
Published
This follow-up Audit reviewed the Department of Health and Ageing's implementation of the recommendations of Audit Report No. 36, 1999-2000, Home and Community Care. The objective of the follow-up audit was to assess the extent to which the Department had implemented the nine recommendations of Audit Report No. 36, 1999-2000. The audit examined areas relating to funding, guidance, fees, coordination with other aged and disability care programs, acquittals, accountability and data requirements, and records management.
Entity
Department of Health and Ageing
- Entity human resource management information systems (HRMIS) should be configured to demonstrate compliance with legislative, award, enterprise agreement and policy requirements that documentary evidence has been sighted by the approver or recorded in the system.
- ATO has implemented automated HRMIS controls to prevent employees using personal (and carer’s) leave without evidence in excess of annual entitlements. Entity human resource management information systems should optimise preventative controls in applying employee conditions, and management monitoring and reporting of compliance with employee conditions.
- Entities with crisis management responsibilities should ensure key operational decisions and the basis of these are documented to support transparency and accountability in the management of critical events which impact on citizen lives.
- Where it is intended that grants administration and payment information will support the achievement of benefits through providing information to improve decision-making, arrangements should be in place to ensure the quality and integrity of that information.
- Maintaining records of key decisions and actions taken in relation to campaign advertising supports effective administration and entity accountability.
- Appropriate information management policy and procedural frameworks that are supported by effective information management systems are essential to ensure that reliable records exist to support informed and accurate decision making.
- Keeping sufficient evidence of decision-making processes and outcomes is fundamental to effective governance, accountability and transparency. When undertaking procurement and managing contracts, entities should put in place appropriate arrangements to manage information in accordance with applicable Australian Government records management and information security requirements.
- Transparency, accountability and informed decision-making is supported by the making and keeping of records. This includes the creation of good quality information that contains sufficient detail to meet current business needs and that can be efficiently found and understood by others in the future.
- Entities should ensure records relating to conflict of interest declarations are current, complete and accessible.
- Records of regulatory actions, including the rationale for decisions, supports transparency and accountability. A regulator should be able to demonstrate that decisions align with legislative requirements and that compliance activities are aligned to risk, available evidence and legislative powers.
- Evidence and advice are required to be retained and documented at all stages of a procurement, including when the Commonwealth Procurement Rules do not apply. Not maintaining adequate records impairs the ability to evaluate performance and plan effectively for the future.
- Records are a critical part of robust knowledge management practices. They support transparency and accountability for past decisions and help inform future decision-making.
- Records are a critical part of robust knowledge management practices, such as supporting transparency and accountability for past decisions and informing future decision-making.
- Key compliance assessment and enforcement records should be fit-for-purpose and contain sufficient information to support regulatory decisions.
- AgriFutures Australia maintained a comprehensive gifts register, which helped it demonstrate that it is appropriately managing its risks of inappropriate external influence. Similarly, retaining records of credit card transactions and their timely review, as the Grains Research and Development Corporation generally did, helps demonstrate that an entity is appropriately managing its credit card risks.
- Records are a critical part of robust knowledge management practices, such as supporting transparency and accountability for past decisions and informing future decision making.
- The ARC administers the NCGP using a bespoke end-to-end Research Management System. Where cost effective, IT infrastructure for grants assessment and grants management should be fit-for-purpose. Systems that embed and validate high volume and transparent processes, such as those used by the ARC for managing potential conflicts of interest within the research sector, can deliver enhanced efficiency and assurance.
- Sound record management procedures should be in place not just for major projects but for all entity business transactions and decision making.
- Given that personnel can change and machinery of government changes can occur, records are a critical part of informing future decision making and transparency and accountability for past decision making.
- When decisions are taken to depart from departmental policies and proven practices, it is important that the reasons for any departures be recorded, including in advice to decision-makers.
- Sound record keeping, including documented rationales for key decisions, can assist in providing transparency and accountability of decision making. This is of particular importance for re-occurring activities, such as the negotiation of enterprise agreements, to provide consistency in assessments, as well as providing future bargaining teams with a solid basis to undertake bargaining activities.
- Entities should ensure that basic controls over the completeness and accuracy of client records are consistently implemented and that critical client records can be reliably located.
- To ensure that collection and other asset management frameworks are complete, up-to-date and accessible to all appropriate staff, entities should: identify all relevant policies, plans and procedures; assess and fill in any gaps in these framework documents, ensuring that they meet applicable standards; and maintain them using appropriate version control and approval. Regular review is necessary to ensure that they are current and relevant; as is maintaining them in a central and accessible location.
- The effective management of complaint records enables analysis to be undertaken to identify trends over time and any necessary improvements to business practices. Proper records also provide assurance that complaints are being managed and addressed where appropriate.
- Record systems that consist of multiple independent databases and physical files inhibit attempts to analyse and identify trends and emerging or changing business risks. Entities should ensure that information can be aggregated in a form which provides sufficient insight into performance and risk, particularly of organisational priorities.
- Retaining tender assessment working documents—the importance of entities officially filing both tender evaluation reports and detailed individual assessments or modelling to ensure their decisions are transparent and have an accessible audit trail.
- Documentation recording key steps in the policy development process, including advice provided to Ministers and Government and relevant decisions made should be stored in a way that enables easy identification and retrieval.
- Information assets should be effectively managed, including by ensuring that entities not party to the transaction do not hold confidential project-related information.
- Good records should be created of the negotiations process including documentation that clearly identifies each meeting, the participants, agenda and outcomes.
- Documenting key decisions, the rationale for those decisions, and the extent to which relevant evidence is considered supports integrity, transparency and defensibility of investigative processes.
- Good record keeping underpins the integrity and defensibility of investigations and inquiries, particularly where activities may result in adverse outcomes for individuals.
- Record keeping is not only a requirement of the Archives Act but is also crucial to evidencing compliance with other legislative requirements and duties. In addition, the Commonwealth Integrity Strategy recognises that adhering to high standards of record keeping as crucial to integrity by ensuring information held is complete, accurate and appropriately accessible to the public. Appropriate records management also supports maintenance of corporate knowledge, particularly in teams where there is high staff turnover, or external reviews by regulators, tribunals or courts.
- Entities should fully document any decisions and processes adopted to adjust contractors’ tendered prices to support transparency and enable a consistent, ‘like for like’ comparison of competing offers.
- In a sector where senior officers and key personnel change, well established lessons processes that include sound records are important to communicate reasons behind changes. This is to ensure that their importance is clear to future decision-makers and prior mistakes are not repeated.
- Key program or funding decisions should be supported by briefs to ministers. Discussions on funding decisions should be documented and, along with email correspondence, should be filed in official systems. Discussions and emails should not replace the practice of providing advice through the ministerial briefing process. For guidance on providing ministerial advice, entities can refer to Australian Public Service Commission’s Working with Ministers.
- Good record keeping is required by law and supports effective corporate governance, accountability and performance.
- Entities must maintain complete and accurate records of key contractual arrangements with suppliers, including shared services arrangements provided by the Australian Government.
- Documenting established practices supports entities to apply consistent processes and decision-making across business areas, reduce duplication, and improve business continuity.
Corporate
Updated: Wednesday 2 May 2018
Updated
The ANAO may collect personal information in the course of undertaking its audit program and for operational purposes not related to its audit work. This policy outlines our personal information handling practices, how we handle specific types of personal information and the information collected online by the ANAO.
Contact
Please direct enquiries about our Privacy Policy through our contact page.
Performance audit (Auditor-General Report No. 6 of 2006–07)
Published: Thursday 12 October 2006
Published
The objective of the audit was to assess the extent to which entities were meeting their recordkeeping responsibilities. In particular, the audit examined how effectively the entities were managing records that were created and stored electronically in corporate recordkeeping systems and in other electronic systems in accordance with recordkeeping requirements.
Entity
The Attorney General’s Department; The Australian Electoral Commission; The Department of the Prime Minister and Cabinet
Performance audit (Auditor-General Report No. 8 of 2009–10)
Published: Thursday 29 October 2009
Published
The objective of this audit was to provide a strategic review on the progress of the Tax Office's implementation of the Change Program.
To achieve this, the ANAO examined:
- the planning for, and governance of, the Change Program, particularly in relation to the management of risk and the assurance framework established by the Tax Office, and its management of contractual arrangements for the project;
- implementation issues associated with Releases 1 and 2 of the Change Program, and more specifically in relation to Release 3, the first use of the new ICP system to process FBT returns; and
- the funding of the Change Program, including measurement and attribution of the costs of the project and consideration of any benefits realisation to date.
Entity
Australian Taxation Office
Performance audit (Auditor-General Report No. 35 of 2006–07)
Published: Wednesday 2 May 2007
Published
The audit objective was to assess whether the early stages of DIAC's preparations for the re-tendering of the detention and health services contracts were consistent with sound practice. The audit focused on governance arrangements, in particular the recordkeeping arrangements, roles and responsibilities of personnel, expert advisors and the probity auditor—matters raised in the previous audit report. The audit did not examine the RFT, which is not due to be issued until April 2007.
Entity
NO-DEPTS-LISTED
Performance audit (Auditor-General Report No. 45 of 2004–05)
Published: Friday 27 May 2005
Published
The audit focuses on DMO's equipment acquisition and support, at the system program management level. The objective of the audit was to assess the adequacy of Defence's capital equipment project definition, approval, acquisition and logistics support management. The SPOs subject to audit are:Aerospace Systems Division's Tactical Fighter Systems Program Office (TFSPO), which is responsible for acquisition and logistics support management of the Air Force's F/A-18 and Hawk 127 fleets and associated equipment. TFSPO is located at Williamtown, NSW; Land Systems Division's Track Manoeuvre Systems Program Office (TMSPO), which is responsible for the acquisition and logistics support management of Army's Leopard Tanks and M113 Armed Personnel Carrier fleets. TMSPO is located in Melbourne;Electronic and Weapon Systems Division's Over-the-Horizon Radar Systems Program Office (OTHRSPO), which is responsible for acquisition and logistics support management of the Jindalee Operational Radar Network (JORN) and Jindalee OTHR systems. OTHRSPO is located within the Defence Science and Technology Organisation (DSTO) precinct at Edinburgh, South Australia; and Maritime Systems Division's Fast Frigate Guided System Program Office (FFGSPO), which is responsible for the support and upgrade of the Navy's FFG fleet. FFGSPO is located at Garden Island, Sydney.In view of the significant role that DMO's SPOs play in managing major capital equipment acquisition projects, the audit includes a case study of the $1.448 billion Fast Frigate Guided (FFG) Upgrade Project. A high level of audit assurance is not able to be provided on the FFG Upgrade Project given deficiencies in the FFGSPO information management systems and deficiencies in the level of design and development disclosure provided to SPO personnel by the FFG Upgrade Prime Contractor. The ANAO was unable to access appropriate audit evidence on the financial expenditure associated with the FFG Upgrade Project, and the Project's approved Equipment Acquisition Strategy.
Entity
Department of Defence
Performance audit (Auditor-General Report No. 58 of 2004–05)
Published: Wednesday 29 June 2005
Published
The objective of the audit was to assess the effectiveness of Health's administration of the National Respite for Carers Program.
Entity
Department of Health and Ageing
Performance audit (Auditor-General Report No. 7 of 2003–04)
Published: Wednesday 24 September 2003
Published
The audit reviewed the recordkeeping frameworks of four large Commonwealth organisations. The objective of the audit was to assess whether recordkeeping policies, systems and procedures were in accordance with relevant Government policies, legislation, accepted standards and recordkeeping principles, and applicable organisational controls.
Entity
Centrelink; Department of Agriculture, Fisheries and Forestry; Department of Family and Community Services; Department of Health and Ageing
Performance audit (Auditor-General Report No. 43 of 2013–14)
Published: Wednesday 18 June 2014
Published
The objective of the audit was to assess the effectiveness of the Department of the Environment’s regulation of proponents’ compliance with Part 9 of the Environment Protection and Biodiversity Conservation Act 1999.
Entity
Department of the Environment
Contact
Please direct enquiries relating to reports through our contact page.
Performance audit (Auditor-General Report No. 32 of 2008–09)
Published: Tuesday 19 May 2009
Published
The objective of the audit was to review Defence's management of the HQJOC Project's tender process, including probity management, for the construction of the joint operation headquarters in order to provide assurance that the policy principles for the use of private financing had been followed.
Entity
Department of Defence
Performance audit (Auditor-General Report No. 37 of 2004–05)
Published: Thursday 10 March 2005
Published
The objectives of this audit were to examine the management of business support service contracts in selected agencies to: assess the effectiveness of business support service contract management in the transition, ongoing management and monitoring and succession planning stages of the contract management lifecycle; and identify examples of better practice and opportunities for improvement for individual agencies and Australian Government agencies more broadly.
Entity
Australian Industrial Registry; ComSuper; Family Court of Australia; IP Australia; Department of Finance and Administration
Performance audit (Auditor-General Report No. 18 of 2004–05)
Published: Thursday 16 December 2004
Published
The Therapeutic Goods Administration (TGA), a division of the Commonwealth Department of Health and Ageing, is responsible for the regulation of the manufacture and supply of therapeutic goods. The objective of the audit was to assess the TGA's regulation of non-prescription medicinal products. In particular, it reviewed the TGA's systems, procedures and resource management processes used to approve new manufacturers, monitor ongoing manufacturer and product compliance with mandated requirements, and manage non-compliance. The audit made 26 recommendations designed to improve the transparency, quality and reliability of regulatory decisions taken by the TGA and improve its accountability mechanisms by enhancing its management information systems.
Entity
Department of Health and Ageing