Making government record-keeping work

By Stephen Bounds

Even through all government agencies are well aware of their obligations to maintain records under the law, public sector organisations continue to struggle to comply with record-keeping requirements. A significant reason for this is that many people see record-keeping as adding work without adding value.

But what if there was a way to demonstrate practical records compliance, while allowing teams to optimise their processes at the same time?

The purpose of compliant record-keeping systems is not just to put a “tick in the box”. Broadly speaking, there are three questions that record-keeping seeks to answer:

  • What happened?
  • When did it happen?
  • Why did it happen?

Record-keeping controls are then applied to the information answering these questions to:

  • prevent loss, fraud, and malfeasance
  • guard against accusations of loss, fraud, and malfeasance.

Every team should care about these outcomes. Further, organisational processes that clearly demonstrate the intent to have a complete and accurate record of activities are a sign of mature, responsible governance. This creates stakeholder trust and improves an organisation’s reputation.

Conversely, where systems cannot be shown to routinely and comprehensively capture records, legal challenges are more likely to have extensive discovery exercises approved. Discovery processes in organisations with immature record-keeping practices are more likely to require examination or disclosure of all e-mail accounts, shared drives, and even back up tapes. This leads to a significant increase in organisational expenses when legal proceedings do occur.

According to the UK records boffin James Lappin, the ISO15489 records management standard still provides the best technologically neutral description of how record-keeping systems need to work. The standard outlines five key tasks of a reliable record-keeping system:

  1. Routine and comprehensive capture of all records arising from activities that it covers
  2. Act as the main source of reference for the activities it covers
  3. Link records to the activities from which they arose
  4. Protect records from amendment or deletion
  5. Preserve access to records over time

As Lappin explains, when record-keeping was predominantly a paper-based exercise it was feasible to institute control points in centralised delivery operations: the mail room, the typing pool, and the file registry. Each applied appropriate governance controls as paper documents were moved around.

However, with the rise of electronic record-keeping, these centralised points of control have been lost. Modern organisations use distributed information flows that bypass any attempts at central governance.

Radical rethinking is required. There are three basic approaches with a reasonable chance of success in achieving compliant record-keeping in a modern organisational environment:

  • Stage-gate record-keeping: Set up processes that require information to be sent to a compliant location before work can proceed. This approach captures the correct, minimum set of necessary records but may be seen to add transaction costs.

This approach works well for defined, repeatable processes such as service desk management, executive meetings, and case management. Having KPIs that measure against records placed in the stage-gate location will assist in compliance.

  • Comprehensive capture: Ensure capture of all records that pass through known channels or are stored in a known location (eg a shared mailbox). This approach captures many records that are of minimal value to the business, but will achieve records compliance with minimal added costs to business transactions.

This approach works best for responsive practices and unstructured team collaboration. The key risk is that these systems may be assumed to be comprehensive points of capture when they are not. Risks can be reduced by focusing on comprehensive capture for key decision makers (for example, by automatically declaring every CEO email to be a record).

  • Activity monitoring: Explicitly task people with monitoring business activities and capturing records contemporaneously as they are generated. For example, some health facilities have dedicated staff who record the activities of doctors electronically as they do rounds.

This approach is most valuable where records capture cannot be automated, and it is inefficient or impractical to ask expensive professionals to stop to record work as they go. Obviously, this approach comes with greater expense, but – particularly where there is significant risk of legal action – it can be a useful option.

If each team sets their own information flows, each team must also take responsibility for planning how they will discharge their record-keeping obligations. These plans should be tangible, practical, and business-focused, describing (for example) how requests for service are accepted and how records of work performed are stored.

This is the point where things normally break down. Many centralised records teams attempt to overlay traditional archival approaches for records management and storage on team processes, including function/activity classification. This is overkill and more importantly, without draconian enforcement measures such a prescriptive approach to record-keeping is doomed to fail.

All that is really required is to identify:

(a) the correct baseline retention period for team work and

(b) any broad exceptions that warrant specific handling.

For example – if a team’s records fall within 10-15 classes that all have a similar retention period, the actual classification is essentially irrelevant. Since storage is cheap and management costs are expensive, “rolling up” all of these classes to a single retention period achieves the same goal in a pragmatic way that respects the time of staff.

Central governance should be limited to noting the group that owns each information space to maintain business continuity (even when restructures occur) and the agreed top-level retention arrangements. Function and activity classification to retain traceability to the organisation’s disposal authority can then be managed behind the scenes.

Beyond this simple piece of governance, day-to-day handling of content in these broad spaces should become the sole prerogative of the team.

At the end of the day, record-keeping is about making business work better. The only path to sustained records compliance comes from teams being able to adopt processes that they value. Government records teams need to transform their thinking, working to make a sustained switch from “big brother” to “trusted partner”.

Stephen Bounds is the Executive of Information Management at Cordelta, a Canberra professional and management services firm.