Audit Client Information

What are the key milestones in the audit cycle? 
What will the audit approach be like?
What do audits examine?
How do the auditors examine these areas?
What are the outputs of the audit?
What happens if audits uncover something that’s seriously wrong?
What is the value of an audit?
Where to find out more
 

What are the key milestones in the audit cycle?
 

1. Planning – We schedule and begin to plan your audit.
2. Client Notification – We notify your Chief Executive and request a nomination for a Senior Responsible Officer (SRO), who will be the key contact throughout the audit process.
3. Senior Responsible Officer Visit – We meet with your nominated SRO to outline the audit process, agree scope and timeframes, and identify what documentation can be supplied to the auditors. 
4. Audit Engagement Letter – We confirm the audit timeframes in writing to your SRO. We issue a key-code for the self-assessment application, and brief you on the application's use. 
5. Client Self-assessment –  You complete the self-assessment within the agreed timeframes.
6. Desktop Review - We review the alignment of your self-assessment's ratings with the documentary evidence provided.
7. Onsite Audit – Independent auditors conduct onsite investigations to validate your self-assessment. 
8. Audit Reports – We provide you with a report consolidating findings. You will also receive a letter from the Chief Archivist reviewing the findings and, if appropriate, making recommendations.

 
 
Back to top

What will the audit approach be like?

Archives New Zealand is looking to provide New Zealanders with assurance that the recordkeeping practices of public offices are fit-for-purpose, i.e. that they:

• help public offices to meet the Government's requirements
• contribute to the management of business risk (legal compliance, operational, reporting, reputational and strategic risk) 
• promote productivity and continuous improvement

 
When we meet your Senior Responsible Officer (SRO) for the first time, we will provide a comprehensive briefing about the audit process and reporting.
 
We will ask your SRO to identify known problems or issues, with a view to ensuring that our audit does not focus unduly on areas where evaluative or corrective activity has already been actioned.
 
Audit compliance will be measured from a continuous improvement perspective rather than a pass/fail approach. 
 
Archives New Zealand aims to be pragmatic and helpful. Our audit procedures focus on producing helpful, actionable reports while keeping demand on your resources to a minimum.
 
Back to top

What do audits examine?

The audits will look for evidence of a maturing recordkeeping capability and compliance with the three mandatory standards which prescribe good recordkeeping practice:

• S7: Create and Maintain Recordkeeping Standard
• S2: Storage Standard
• S8: Electronic Recordkeeping Metadata Standard

The standards have been developed through an extensive consultative process. They are available online at:
Continuum Resource Kit

 
The audit is structured into eight areas. The first four cover general business activities, and the remainder cover more specific recordkeeping requirements:

General business activities

1. Planning
2. Resourcing
3. Training
4. Reporting

specific recordkeeping practices

5. Creation and capture
6. Retrievability and security
7. Maintenance and storage
8. Disposal and transfer

 
Back to top 

How do the audits examine these areas?

By using:

1. the results of your self-assessment (an application which allows you to construct a profile of your organisation's recordkeeping)
2. validation checks of your ratings within your self-assessment.

The Self-Assessment Application

Throughout 2008 and 2009, Archives New Zealand held a series of consultative workshops to develop a conceptual Audit Tool to appraise public offices’ recordkeeping capability.
 
This is now deployed in a web-based self-assessment application that allows public offices to conduct a self-assessment of their recordkeeping capability. This has navigational aids, contextual help and the capability to produce standard reports which can be used in business planning, business performance improvement initiatives and legal compliance reporting.
 

Validation

The result of your self-assessment is followed by a series of validation checks to confirm your self-assessment ratings:

• a desktop review carried out by recordkeeping professionals both internal and external to Archives New Zealand
• an onsite audit carried out by external audit providers as an independant validation.

 
We will analyse your self-assessment ratings and evidence supplied by you to develop an audit plan. The audit plan sets out how we will approach validating your organisation's self-assessment ratings when we come to visit you on site. The onsite audit consists of physical inspections, interviewing staff and clarifying the status, availability and dissemination of policy and procedural documents.
 
Back to top

What are the outputs of the audit?

Key outputs are:

• A summary findings report.
• A letter from the Chief Archivist to your Chief Executive reviewing the findings and, if appropriate, making recommendations.
• Annual Audit Report: The Chief Archivist will prepare a report to the Minister Responsible for Archives New Zealand on the audits conducted under section 33 of the Public Records Act 2005.

The annual report will:

• provide an overview of the recordkeeping capability of the public offices audited;
• summarise common recordkeeping themes, issues and risks, and
• identify areas requiring further research and/or investigation.

The Minister will present this report to the House of Representatives.
 
Back to top

What happens if audits uncover something that’s seriously wrong?

We emphasise that the Audit Team will always look to work with clients in a constructive and cooperative manner.
 
Our auditing standards specify the process for managing instances of non-compliance discovered during audits.
 
In the event of discovering evidence of serious instances of non-compliance with the requirements of the Public Records Act 2005, the Chief Archivist does have powers to:

• Inspect the archives and records of public offices (Public Records Act s29).
• Direct public offices to report on any aspect of recordkeeping or on the records they control (Public Records Act s31).

Back to top

What is the value of an audit?

A recordkeeping audit is a value-adding activity.
 
Value is provided through:

• Archives New Zealand’s support of a capability self-assessment application.
• No cost, low-impact, efficient audit procedures.
• The use of independent professional auditors to validate your self-assessment.
• The independent and objective review of your current position, direction and planned outcomes.

 
Tell us about any issues and concerns you have.
 
We encourage you to discuss any issues and problems with us. We will be as helpful as possible without prejudicing our independence.
 
 
Back to top

Where to find out more

For more information, please contact:
 
Programme Coordinator
 
Email: audit.advice@dia.govt.nz
 
Public Records Act Audit Programme
Archives New Zealand, Department of Internal Affairs
PO Box 12-050, Wellington
Telephone: 04 894 6027
Fax: 04 495 6210

 
Back to top