Is ANAO aware we are in a post-document world?

By Stephen Bounds

This scathing ANAO Audit of Australia’s Health Department highlights many issues of concern, however it does seem to embody a fundamentally old school interpretation of record-keeping which places documents at its foundation.

Record-keeping is about tracking business decisions and actions – and not simply the decisions and actions themselves, but also the information required to contextualise and justify them. This makes it fundamentally rooted in business processes. You can’t effectively implement record-keeping without knowing the right points in each business process to identify those decision and action points.

Yet over and over again, we see agencies implementing EDRMS systems which do little more than attach labels and permissions controls to electronic documents, and treating this as if the technology solution is all that’s required to “do record-keeping”. But this approach fails as a record-keeping solution because government departments, to be frank, aren’t in the 1950s any more.

We are in a post-document world. Line of business systems supporting core government business assemble screens on desktops, tablets, and mobile devices on demand from a complex and interwoven mesh of structured and unstructured data from local and cloud-based systems.

Senate Order no. 12 (the so-called “Harradine order” highlighted in the ANAO audit) is archaic in its references to “files” with the implication that all of an agency’s business can be adequately captured by looking for the equivalent of a dog-eared manila folder and a label on the front. What is meant by a “file” when data is being dynamically referenced from 12 places?

It’s probably true that the Health department shouldn’t have reported in its Checkup audit that “all” its “files” were being tabled in the Senate (as it did in a recent ANAO audit). The ANAO remarked that Health couldn’t be sure of that list’s completeness as long as any shared drives remained accessible to staff. But as soon as all shared drives as locked down, EDRMS systems become promptly filled with trivia and irrelevant paperwork because there’s no other place to hold the myriad of electronic information that staff manipulate daily to do their work (assuming they don’t completely give up and just open a Box account instead).

As I observed when writing about the Digital Transition Policy back in June 2013, it didn’t take Nostradamus to predict there would be issues with Checkup, the self-assessment tool used by the National Archives to monitor compliance with its requirement that all born-digital records in Commonwealth agencies and departments to be handled electronically by 2015.

But I do have sympathy with record-keeping staff, who I think sometimes become convenient scapegoats for organisations that want to give the appearance of compliance through an EDRMS, while ducking the more complex question of meeting record-keeping standards across the rest of their processes and technology platforms.

The need for evidence, authenticity and integrity of records has never been greater. But trying to shoehorn everything into the document-centric EDRMS has been broken for at least 10 years, and it’s not going to fix itself now.

Placing all documents under record-keeping controls makes management and disposal all but impossible, unless you empower staff to delete their own records (as Health did). However, this then removes the independent controls which are intended to ensure the integrity of business records in the first place.  

The only way to do record-keeping effectively is to start from the business process, and then ensure that appropriate record-keeping controls are in place for each process. It needs serious strategic attention and senior management buy in. Anything else is just operating on a wish and a prayer.

Stephen Bounds is an Information and Knowledge Management Specialist with a wide gamut of experience across the government and private sectors.  As founding director of knowquestion Pty Ltd, Stephen provides strategic thought leadership in the development and implementation of modern information systems. Contact him at