Chief Archivist’s Report to the Minister: Public Records Act 2005 Audits 2010/2011 HTML

Report on Recordkeeping Audits carried out in the 2010/2011 Financial Year

  1. The Public Records Act 2005 (the Act) includes provisions requiring the auditing of recordkeeping practices in public offices
  2. This is the first report prepared under section 35 of the Act on the audits conducted under section 33 in the 2010/2011 financial year. It covers the first 38 audits, undertaken between July 2010 and June 2011
  3. This first report includes extended description of the background, methodology and approach, to help readers the findings, which are presented at an aggregated level, rather than by individual agency. This reflects the Act’s requirement that the report cover the year’s audits, and aligns with the purposes of the Act, which include enabling Government to be held accountable through records of its affairs, and enhancing public confidence in the integrity of public records. The auditing of recordkeeping practices and reporting of findings to Parliament directly contribute to those objectives.
  4. Since the passing of the Act, Archives New Zealand has worked with public offices to develop audit methodology to achieve the purposes of the legislation. The programme being implemented will see Archives New Zealand audit public offices on a 5 year cycle, with over 200 public offices scheduled for audit in the 5 year period commencing July 2010.
  5. Overall, the audits found no evidence of significant failure to meet the requirements of the Act. All 38 public offices are making good progress with developing recordkeeping capability, and are aware of their requirements and responsibilities. The awareness of requirements is good; there is evidence of work being done in the records management area showing positive steps towards organisations having a sound basis for good ongoing records management. These positive steps included the development of well thought-out and documented records management procedures.
  6. The report was tabled in the House by the Minister of Internal Affairs, Hon. Chris Tremain, on December 06, 2012.

Table of Contents

  1. Introduction
  2. Executive summary
  3. Audit Programme Background
  4. Audit Programme Methodology
  5. Risks associated with Recordkeeping
  6. Scope of audits
  7. Key overall audit findings
  8. Audit Programme Continuous Improvement Approach

1. Introduction

This is the first report I have prepared as Chief Archivist for the Minister, under section 35 of the Public Records Act 2005 (the Act) on the audits conducted under section 33 in the 2010/2011 financial year. This report covers the first 38 audits, undertaken between July 2010 and June 2011. Individual reports have been provided directly to each of the 38 public offices. The sections of the Act providing for the independent audit of specified recordkeeping practices within public offices are attached at Appendix 1.

As this is my first report on findings of these audits, I have taken the opportunity to describe the methodology adopted in some detail in section 4 of this report.

Since the passing of the Act, Archives New Zealand has worked with public offices to develop audit methodology to achieve the purposes of the legislation. The programme being implemented will see Archives New Zealand audit public offices on a 5 year cycle, with over 200 public offices scheduled for audit in the 5 year period commencing July 2010.

The purposes of the Act include enabling Government to be held accountable through records of its affairs, and enhancing public confidence in the integrity of public records. The auditing of specified recordkeeping practices, and reporting of findings to Parliament directly contribute to those objectives.

Greg Goulding
Chief Archivist and General Manager
Archives New Zealand
Department of Internal Affairs

2. Executive Summary

During 2010/11 Archives New Zealand carried out the first year of audits under section 35 of the Public Records Act 2005. Since the passage of the Act, the audit programme has been designed and implemented, and is structured to assess progress with the development of systematically managed recordkeeping capability in public offices.

The audits in the reporting year focused on implementation of mandatory standards issued under the Act, recordkeeping directions and capability in public offices, and awareness of recordkeeping-related business risks.

The audit found no evidence of significant failure to meet the requirements of the Act. Some organizations did not appear to be meeting all requirements of the Storage Standard issued under the Act: steps have been taken to address the relevant issues with the agencies involved. All 38 public offices are making good progress with developing recordkeeping capability, and are aware of their requirements and responsibilities.

Overall the awareness of requirements is good, there is evidence of work being done in the records management areas and a high level of commitment to recordkeeping capability improvement was found within all public offices.

3. Audit Programme Background

The Public Records Act 2005 sets the framework for recordkeeping across government. Some recordkeeping requirements are set out directly in the Act, while more detailed obligations are put in place through the standard setting provisions of the legislation. Since 2006 the Public Records Act Standards Programme has been in place, and previous Chief Archivists and I have issued four mandatory standards that prescribe good recordkeeping practice:

Mandatory standards are developed with input from public offices, and subject to consultation before they are issued. The Disposal Standard was issued in June 2010, but in order to give public offices lead time to implement its requirements compliance is not required until July 2012. Accordingly this standard will become part of the audit framework from the 2012/13 year.

In Budget 2008, $4.2m crown funding was provided for the 2008-2015 Public Records Act 2005 Audit Programme. Following a preliminary planning phase, the audit team was appointed in 2009 and the detailed development and implementation of the Public Records Act 2005 Audit Programme framework and processes commenced. Audit standards and procedures were developed and independently reviewed by Office of the Auditor General (OAG). An online Audit Client Self-assessment Application was developed to provide a consistent approach to evidence gathering.

In 2010, user acceptance testing for the Audit Client Self-assessment Application commenced and in July 2010 initial audit partners were notified of their official audit. Onsite audits for the initial audit partners commenced December 2010.
The design of the audit methodology reflects Archives New Zealand’s assessment of the current recordkeeping environment, based on survey and operational information, and as described in my reports to the Minister on the state of recordkeeping within public offices under s32 of the Act. In particular, there is evidence that since the passage of the Act, public offices have undertaken significant work to improve recordkeeping practice, and that awareness of the business benefits of good recordkeeping is improving.

It is also clear that best practice in digital recordkeeping is still developing, and there are opportunities to embed good recordkeeping practices into new technology-enabled business systems. Archives also recognises that recordkeeping audits are a new intervention, and we need to ensure they positively support effective and efficient recordkeeping, and contribute to the Act’s purpose of public confidence in the integrity of public records.

Through the Public Records Act 2005 Audit Programme, Archives New Zealand provides New Zealanders with assurance that:

4. Audit Programme Methodology

Each public office is audited using the same process, to ensure consistency of findings. Audit compliance is measured from a continuous improvement perspective rather than using a pass/fail approach. The audit is designed to assess progress with the development of a systematically-managed recordkeeping capability. 

The 8 steps shown in the Audit Lifecycle below are followed by the audit team for every audit client. This allows a structured approach and ensures continuity and consistency with each individual client.

Planning, Clinet Notification, Senior Responsible Officer Visit, Audit Engagement Letter, Client Self-assessment, Desktop Review, Onsite Audit, Audit Reports,

 

 

1. Planning

The audits are scheduled by financial year, allowing a balanced cohort to be selected, and interactions to be efficiently scheduled. Once the group for the year is identified, planning and resource allocation for each individual audit commences.

2. Client Notification

The Chief Executive of each public office to be audited is notified by the Chief Archivist of the scheduled audit and a nomination for a Senior Responsible Officer (SRO), who will be the key contact for the audit, is requested. This notification takes place six months prior to the onsite audit. 

3. Senior Responsible Officer Visit

The audit team meet with the SRO to outline the audit process, agree scope and timeframes, identify what documentation can be supplied to the auditors.

4. Audit Engagement Letter

The agreed scope, timeframes, key contacts, additional sites for physical storage inspections and other relevant details are confirmed in writing to the client’s SRO. 

5. Client Self-assessment

A self assessment is completed by the audit client (SRO), using the online application developed by Archives. The self-assessment is based on the core statutory requirements of the Public Records Act 2005 and related mandatory recordkeeping standards, and reflects the audit criteria developed by the Chief Archivist. 

The client self-assessment application assesses organisational maturity against 8 recordkeeping capability areas. They are -

Management: Planning – Resourcing – Training – Reporting
Operational: Create/Capture – Retrievability/Security – Maintain/Storage – Disposal/Transfer

The SRO rates their organisation’s progress, coverage and their intentions to progress in relation to each attribute contained in the self-assessment, and provides documentary evidence to support the rating.

6. Desktop Review

Archives New Zealand staff validate the ratings of the clients self-assessment with the documentary evidence provided. An audit plan containing focus questions for the onsite audit is developed from this review.

7. Onsite Audit

Independent auditors conduct an onsite audit using the audit plan to validate the clients self-assessment and recordkeeping capability. Archives New Zealand use external audit providers to carry out the onsite audit. Onsite audits always include a physical storage inspection of the site being audited.

8. Reports

Client Self-assessment Report - A preliminary client report is produced at the completion of the self-assessment.

Audit Findings Report -  At the completion of the audit, the public office receives an Audit Findings Report, with final ratings, and a letter from the Chief Archivist containing recommendations for capability improvement. If appropriate, this will also contain directions to report back on progress following-up these recommendations.

Chief Archivist’s report to the Minister  - As required by s35 of the Act, at the conclusion of each year’s audits an annual report of the audit findings for all audits carried out within the financial year is provided to the Minister for presentation to the House. This report takes the form of an overview of findings and recommendations.

5. Risks associated with Recordkeeping 

The audit approach makes explicit to public offices the fact that failure to manage records satisfactorily exposes organisations to a range of business risks: 

Examples of business risks associated with poor recordkeeping are given in more detail in the table below:

Strategic

Operational

Reporting

Reputation

Compliance

6. Scope of audits

In accordance with s33(2) of the Act, I specified that the following aspects of recordkeeping practice be the focus of the audits for the financial year 2010/2011:

Archives New Zealand audits public offices on a 5 year cycle. This report covers the first 38 audits, undertaken between July 2010 and June 2011. The programme has been designed to audit a broad range of entities in each annual cohort. A breakdown of offices audited by entity type for the 2010/2011 financial year is given below.

Entity Type for the Financial Year 2010/2011
Entity Type Number Audited 2010/2011
Autonomous Crown Entities 5
Crown Agents 7
Crown Agents- District Health Board 1
Crown Entity Company 2
Crown Entities - TEIs - Polytechnic 2
Crown Entities - TEIs- Universities/Wananga 1
Crown Entity Companies - Crown Research Institute 2
Independent Crown Entities 5
Non Public Service Departments 1
Offices Of Parliament 1
Public Finance Act 4th Schedule Organisations 2
Public Service Departments 6
State Owned Enterprises 3
Total 38

Refer Appendix One for a full list of public offices audited for the 2010/2011 financial year.

7. Key Overall Audit Findings

The audit found no evidence of significant failure to meet the requirements of the Act. Some organizations did not appear to be meeting all requirements of the Storage Standard issued under the Act: steps have been taken to address the relevant issues with the agencies involved. All 38 public offices are making good progress with developing recordkeeping capability, and are aware of their requirements and responsibilities.

It should be emphasised that the audits are designed to assess overall recordkeeping programme maturity, concentrating on systemic strengths and weaknesses rather than focussing on individual instances of recordkeeping in the agency. Even robust and mature recordkeeping systems cannot ensure that recordkeeping failures will never occur. Good recordkeeping does, however, provide confidence that related risks are being well-managed. This is reflected in the fundamental requirements of the Public Records Act that all public offices will take appropriate steps to ensure that a record of important activities is created and maintained, and that this being the case, no steps are taken to undermine this through unauthorised disposal.

Overall the awareness of regulatory requirements is good, there is widespread evidence of work being done in the records management areas. A high level of commitment to recordkeeping capability improvement was found within all Public Offices.

Positive steps demonstrated during the onsite audits include:

Individual public offices have received recommendations specific to their business and current situation, which address particular risks and opportunities for improvements. Recommendations made in individual Audit Finding Reports include:

The documentation seen during all the audits gives confidence to the recordkeeping ability of all 38 organisations.
Stakeholders can therefore have a measure of assurance that recordkeeping is consistent with good practice, and contributing to broader organisational, governmental and societal goals.

Overall, however, the analysis of the operating environment shows there is variable recordkeeping practices within public offices. Of particular note is the variable use of General Disposal Authorities. These authorities apply across a wide range of public offices, and there is evidence of opportunities to reduce the costs associated with storage both onsite and offsite.

Findings and Recommendations for Physical Storage Inspections

Every audit includes a physical storage inspection of records held onsite. Where a public office has multiple sites where physical records are held, additional sites are selected for this storage inspection process. The results are included as part of the office’s Audit Findings Report. The inspections audit against the requirements contained in the Storage Standard.

The overall findings were that most of the storage facilities were being well managed and maintained satisfactorily. 

Some storage facilities were found to be performing below the minimum requirements as set out in the storage standard. These public offices have been contacted by the appropriate staff with Archives New Zealand to work through the issues to bring the facility back up to a satisfactory level.

Summary of Final Audit Findings for the 2010-2011 Year

The summary of final audit findings shows aggregate results for public offices audited in the 2010-2011 financial year. The shading indicates ‘best fit’ across the body of audited public offices. Individual audit clients rated at each level for the particular element is shown in the percentage (%).

General Business Activities - Summary

Planning

Stage Description Achievement  
Initiation Policy and planning initiated. Shows evidence of a managed approach for the management of records.
Establishment  Policy and plans are being implemented.  Awareness of the need for and basic implementation of recordkeeping requirements.  
Capability  Policy and plans are regularly reviewed and updated. Awareness of the need for and basic implementation of recordkeeping requirements 

 

Resourcing

Stage Description Achievement  
Initiation  Resourcing requirements for recordkeeping identified.  Shows evidence of a managed approach for identifying resourcing requirements for the management of records. 
Establishment  Resourcing for recordkeeping established.  Shows evidence of a managed approach for identifying resourcing requirements for the management of records. 
Capability  Succession planning and resourcing is part of business plans.  Shows evidence of a managed approach for identifying resourcing requirements for the management of records. 

 

Training

Stage Description Achievement  
Initiation Training needs analysis undertaken. Shows evidence of a managed approach for identifying training requirements for the management of records.
Establishment Training programme established. Awareness of the need for and basic implementation of systems and/or controls for training requirements.
Capability Training programme actively monitored, reviewed and updated. Awareness of the need for and basic implementation of systems and/or controls for training requirements.

 

Reporting

Stage Description Achievement  
Initiation  Reporting requirements identified.  Shows evidence of a managed approach for identifying reporting requirements for the management of records. 
Establishment  Basic operational reporting established.  Awareness of the need for and basic implementation of systems and/or controls for reporting requirements. 
Capability  Recordkeeping is part of organisational risk and reporting framework.  Shows evidence of a managed approach for identifying reporting requirements for the management of records. 

 

Specific Recordkeeping Practice - Summary

Creation & Capture

Stage Description Achievement  
Initiation  Recordkeeping requirements have been identified. Shows evidence of a managed approach for the creation and capture of records.
Establishment  Systems and controls are implemented. Awareness of the need for and basic implementation of systems and/or controls for the creation and capture of records.
Capability  Systems and controls are actively monitored and reviewed. Awareness of the need for and basic implementation of systems and/or controls for the creation and capture of records.

 

Retrievability & Security

Stage Description Achievement  
Initiation  Recordkeeping requirements have been identified. Shows evidence of a managed approach for the retrievability and security of records.
Establishment  Systems and controls are implemented. Shows evidence of a managed approach for the retrievability and security of records.
Capability  Systems and controls are actively monitored and reviewed. Shows evidence of a managed approach for the retrievability and security of records.

 

Maintenance & Storage

Stage Description Achievement  
Initiation  Recordkeeping requirements have been identified.  Shows evidence of a managed approach for the maintenance and storage of records. 
Establishment  System and controls are implemented.  Shows evidence of a managed approach for the maintenance and storage of records. 
Capability  System and controls are actively monitored and reviewed.  Awareness of the need for and basic implementation of systems and/or controls for the maintenance and storage of records. 

 

Disposal & Transfer

Stage Description Achievement  
Initiation  Development of disposal authorities and implementation plans initiated.. Shows evidence of a managed approach for the disposal and transfer of records.
Establishment  Authorised disposal authorities and implantation plans established Awareness of the need for and basic implementation of systems and/or controls for disposal and transfer of records.
Capability  Disposal of records actively managed. Awareness of the need for and basic implementation of systems and/or controls for the disposal and transfer of records.

 

Legend

Absent No evidence of management understanding. No systematic approach to recordkeeping requirements. This can lead to unpredictable outcomes.
Represents 0 – 25% of indicator attributes demonstrated to this level.
 
Aware Awareness of the need for, and basic implementation of, recordkeeping requirements is evident. This can show uncoordinated and incomplete approaches which can lead to inconsistent outcomes/results. Represents >25% - <50% of indicator attributes demonstrated to this level.
Actioned Evidence of a managed approach to recordkeeping is apparent. Represents >50% - <75% of indicator attributes demonstrated to this level.
Embedded Effective management of records is fully integrated throughout the organisation and continuous improvement is evident. Represents >75% - <100% of indicator attributes demonstrated to this level.

 

8. Audit Programme Continuous Improvement Approach

The Audit programme has actively gathered feedback from public offices and stakeholders to refine the Public Records Act audit process, methodology, application and reporting approach. This reflects my desire to ensure that the Public Records Act audit programme continues to develop demonstrable value to the wider public sector and also progressively improve. The programme aims to limit demand on client resources, and support business planning, risk management and internal audit reporting activity. The reporting seeks to avoid ‘pass / fail’ thinking and behaviours and focus on capability improvement.

As a result of feedback in the 2010/11 year the primary areas to be addressed are:

1.  Questions contained in the Audit Self-assessment Application:

This is to ensure that the questions are easily understood and can be interpreted consistently across all entity types.

2.  Audit Self-assessment Application use by the Public:

This is to allow public offices to independently measure recordkeeping capability within the organisation and for public offices who have been through an audit, to measure improvement in capability since their audit.

3. Tools to assist information, document and evidence gathering:

All of the above helps decrease the additional time, and resourcing during the audit process.

Appendix One: Public Offices Audited in 2010/11

Organisation Entity Type

Alcohol Advisory Council of New Zealand - Autonomous Crown Entity
Animal Control Products - State Owned Enterprise
Broadcasting Commission - Autonomous Crown Entity
Broadcasting Standards Authority - Independent Crown Entity
Crown Law Office - Public Service Department
Department of Conservation - Public Service Department
Drug Free Sport New Zealand - Independent Crown Entity
Electricity Corporation of New Zealand Limited - State Owned Enterprise
Energy Efficiency and Conservation Authority - Crown Agent
Environmental Risk Management Authority - Autonomous Crown Entity
Families Commission - Autonomous Crown Entity
Health and Disability Commissioner - Independent Crown Entity
Health Research Council of New Zealand - Crown Agent
Health Sponsorship Council - Crown Agent
Institute of Geological and Nuclear Sciences - Crown Entity – Crown Research Institute
Learning Media Limited - State Owned Enterprise
Maritime New Zealand - Crown Agent
Ministry of Fisheries - Public Service Department
Ministry of Pacific Island Affairs - Public Service Department
Ministry of Transport - Public Service Department
National Institute of Water and Atmospheric Research Limited - Crown Entity – Crown Research Institute
New Zealand Blood Service - Crown Agent
New Zealand Film Commission - Autonomous Crown Entity
New Zealand Fish and Game Council (National Office) - Public Finance Act 4th Schedule Organisation
New Zealand Game and Bird Habitat Trust - Public Finance Act 4th Schedule Organisation
New Zealand Qualifications Authority - Crown Agent
New Zealand Venture Investment Fund Limited - Crown Entity Company
Office of Film and Literature Classification - Independent Crown Entity
Office of the Parliamentary Commissioner for the Environment - Office of Parliament
Open Polytechnic of New Zealand - Crown Entity – TEIs - Polytechnic
Parliamentary Counsel Office - Non Public Service Department
Radio New Zealand Limited - Crown Entity Company
Securities Commission - Independent Crown Entity
Sport and Recreation New Zealand - Crown Agent
State Services Commission - Public Service Department
Waikato District Health Board - Crown Agent – District Health Board
Whitireia Community Polytechnic - Crown Entity – TEIs - Polytechnic
Victoria University - Crown Entity – TEIs – University/Wananga

Appendix Two: Audit Programme Budget

Crown Funding

Crown funding for the audit programme covers seven financial years, from 2008-9 to 2014-15.

2008-9 and 2009-10 funding was for programme establishment and implementation.

2010-2015 funding is for routine audit operations.

The 2008-2015 financial model for the audit programme forecast total operating costs as follows:

Audit Programme Forecast - Total Operating Costs
Year 2008/9 2009/10 2010/11 2011/12 2012/13 2013/14 2014/15 2008/15
Total
 
Operating Cost
 
229,183 379,202 705,798 684,147 684,104 708,048 732,830 4,123,312

 

Appendix Three: Extracts from the Public Records Act 2005

Section 3 Purposes of Act

(c) to enable the Government to be held accountable by –

(i) ensuring that full and accurate records of the affairs of central and local government are created and maintained; and
(ii) providing for the preservation of, and public access to, records of long-term value; and

(d) to enhance public confidence in the integrity of public records and local authority records; and

(e) to provide an appropriate framework within which public offices and local authorities create and maintain public records and local authority records.

Section 35 Audit Reports

“As soon as is reasonably practicable after the end of the financial year in which an audit has been conducted:
(a) the Chief Archivist must prepare a report to the Minister on the audits conducted under section 33; and
(b) the Minister must prepare a report on the audit conducted under section 34; and
(c) in each case, the Minister must present the report the House of Representatives.”

Section 11 Functions and duties of Chief Archivist

(1) The functions of the Chief Archivist, in achieving the purposes of this Act, are –

(b) in relation to public records –

 

(vi) to monitor and report on compliance of public offices with this Act;
(viii) to issue criteria for the independent auditing of public offices under section 33 and to review, amend, or revoke the criteria.

Section 33 Independent audit of public offices

(1) As soon as is reasonably practicable after the date that is 5 years from the commencement of this Act, an independent audit of recordkeeping practices must be carried out in every public office.

(2) The Chief Archivist must commission and meet the costs of each audit, which must –

(a) Cover the aspects of recordkeeping practices specified for the purpose of the audit by the Chief Archivist; and
(b) Be based on criteria developed by the Chief Archivist.

(3) Further audits must be conducted at intervals of not less than 5 years and not more than 10 years after the date of the previous audit (but it is not necessary to conduct an audit of all public offices in the same year).

Section 34 Audit of Recordkeeping Practices of Chief Archivist

(1) The Minister must commission an independent audit of the recordkeeping practices of the Chief Archivist –

(a) as soon as is reasonably practicable after the date that is 5 years from the commencement of the Act; and
(b) at intervals of not less than 5 years and not more than 10 years after the date of the previous audit.

(2) An audit commissioned under subsection (1) must –

(a) cover the aspects of recordkeeping practices specified for the purpose of the audit by the Minister; and
(b) be based on criteria specified by the Minister on the advice of the Archives Council.