Last updated:

What is recordkeeping assessment and monitoring?

Assessing and monitoring recordkeeping is a key component of an effective records management program. It is the process of reviewing and evaluating how well public records are being created, stored and managed. A monitoring and assessment program helps organisations to ensure that records are complete, accurate, and accessible, and that they are complying with their legal and regulatory obligations.

 

Why assess recordkeeping practices?

Regular monitoring and assessment of recordkeeping has many benefits. Along with ensuring compliance with the Standards issued by PROV, and your other legislative and regulatory requirements, the process can:

  • highlight recordkeeping achievements and successes
  • identify and address risks to records
  • assess processes to determine where records are needed
  • support continuous improvement activities
  • help with planning for new services, processes and system upgrades.

The results of an assessment program can be used as evidence to direct the focus and resources of the records management team. Reporting to the executive on assessment and monitoring activities can demonstrate the value of recordkeeping. It can highlight where improvements have occurred and how managing records effectively has improved the efficiency of the business.

Well managed public information supports the provision of services to the Victorian community and enhances public trust in government processes and officials.

 

What public offices need to do

Victorian public sector organisations have a responsibility under the Public Records Act 1973 to carry out a program of efficient management of public records in accordance with the Standards issued by PROV.

The Strategic Management Standard requires public offices to monitor, regularly assess and report on their recordkeeping compliance and performance, taking remedial action when necessary.

This involves designing a recordkeeping assessment program which will address your organisation's needs, highlight issues and weaknesses and result in systemic improvements over time. Where a public office has an audit program, recordkeeping must be included.

A recordkeeping compliance assessment program should monitor and report on:

  • compliance with PROV's records management Standards
  • compliance with organisation-specific and broader Victorian government information and data management requirements
  • compliance with internal recordkeeping policies and procedures
  • performance of records management function and systems
  • progress towards achieving targets set in the organisation's records management plan or strategy.

For each type of assessment, you will need to determine the performance criteria, assessment methods, and how the results will be analysed and reported. The Strategic Management Guideline provides additional guidance about implementing a recordkeeping assessment program.

 

Performance Criteria

Performance criteria are the measures by which you assess progress towards meeting your recordkeeping objectives. Your performance criteria should include both qualitative and quantitative measures and assess compliance with requirements and how effectively your recordkeeping program is performing. 

The measures you choose should reflect the scope and purpose of the assessment. For example, criteria for a high-level assessment of the whole organisation will be different to criteria for assessing a single business unit, process or system.

Identifying performance measures

Organisation's should developed performance criteria that reflect their recordkeeping compliance obligations, business needs and strategic goals.

If you are measuring:Measures should be based on:
Compliance with legal and regulatory obligations

Legislation and regulations

PROV Standards

Victorian Protective Data Security Standards

Performance of recordkeeping function

Agreed service levels

Key performance indicators

Level of customer satisfaction

Access to and use of records

Progress toward delivering strategic objectivesTargets set in a records management plan or strategy

 

Assessment methods

Public offices should use multiple assessment methods to gain a broad understanding of the maturity of their recordkeeping practices. You should choose methods that support the goals of the assessment and will provide data that can demonstrate your progress toward meeting your recordkeeping objectives.

You can use the following approaches to collect information during the assessment:

  • Refer to documentation (Information Asset Register / Retention and Disposal Authorities - noting records with long retention periods / Records registers and lists, such as vital records register)
  • Inspect the storage environment - physical and/or digital
  • Review the business systems and processes that manage records
  • Run system reports
  • Interview staff and/or conduct workshops or surveys.

Assessment approaches

The Recordkeeping Assessment Tool (RKAT) is an online self-assessment platform developed by PROV. The tool is designed to help organisations measure the maturity of their recordkeeping practices against the requirements of the PROV Standards. PROV recommends that Victorian public offices design their recordkeeping compliance assessment program using RKAT.

RKAT supports public offices to assess their recordkeeping using different approaches, including measuring:

  • organisation-wide recordkeeping practices
  • strategic management of recordkeeping
  • progress towards digital transition
  • recordkeeping practices of individual business units; or
  • the recordkeeping functionality of individual business systems.

Using RKAT, organisations can assess recordkeeping in digital only, physical only, or all formats.

Example compliance assessment programs using RKAT

 

LARGE AGENCY

Scenario: A large agency with multiple business units. is targeting information management improvement.

In this example there is a small central records management team responsible for developing recordkeeping strategy and policy, ensuring organisational compliance with recordkeeping Standards and providing training and advice. Responsibility for operational records management is decentralised to business units.

Suggested RKAT program for this example:

Gain commitment from the committee with responsibility for information governance (the committee) for the below recordkeeping compliance assessment program:

  • Use RKAT to assess the strategic management aspects of recordkeeping every two years and use results to develop a strategic plan for improving recordkeeping practices across the organisation. Regularly report progress on delivering strategic plan activities to the committee. Present the results to the committee after each assessment.
  • Use RKAT to measure the recordkeeping practices of five organisational units every year as a rolling program. Report individual results to the head and management team within each organisational unit. Work with each organisational unit to develop an agreed action plan to improve weaknesses and require them to report progress to you. Prepare a report of organisational unit results and progress for the committee on an annual basis.
MEDIUM AGENCY

Scenario: A medium sized agency has identified issues with a key business system.

In this example, there is a small records management team that ensures that corporate documents are captured and controlled in a well-managed EDRMS. However, an external audit has found that a critical business system is not capturing and keeping full and accurate records. This has raised concern that other business systems may have similar problems.

Suggested RKAT program for this example:

Gain commitment from the ICT Steering Committee (or equivalent) for the below business system recordkeeping compliance program:

  • Identify the critical business systems used across the organisation and place them in priority order.
  • Work with business system owners to use RKAT to assess the recordkeeping performance of the system they are responsible for.
  • Provide each business system owner with the results report and work with them to develop an action plan to rectify or mitigate any issues.
  • Present the report and subsequent action plan for each business system to the ICT Steering Committee.
  • Use these reports to identify any systemic issues and report findings and recommendations to the ICT Steering Committee.
SMALL AGENCY

Scenario: A small agency is commencing a records management improvement program.

In this example, the business manager of an agency with a small number of staff recognises that they need to improve records management practices. The agency uses a shared drive to store electronic documents, but people find it hard to find documents when they need them. There is little confidence that important emails are being saved into it. The business manager's assistant keeps a register of important incoming mail and creates a small number of physical files for key documents (i.e. hardcopy correspondence, contracts, Board agendas and minutes).

Suggested RKAT program for this example:

Gain commitment from the management committee to undertake an assessment using RKAT and use the results to:

  • Assess organisational practices (for a small organisation with limited recordkeeping capacity, using the business unit scope is a practical approach).
  • Provide the RKAT assessment report to the management committee.
  • Develop an action plan to progressively improve practices across your agency and obtain management committee approval for it.
  • Regularly report progress on implementing the action plan to the management committee.
  • Use RKAT to assess the agency on an annual or bi-annual basis.

The Information Management Maturity Measurement Tool (IM3) has been developed by PROV to help Victorian public offices to assess the maturity of their information management and data management practices against a range of Victorian government standards and frameworks, including some PROV Standards. 

Comprising of a questionnaire and supporting guideline, the tool helps agencies to:

  • Measure their performance against the Whole of Victorian Government information management standards and data management policies
  • Assess their ability to meet information management and data management best practice.

By undertaking an assessment using the IM3, you can identify areas for improvement, discover organisational trends over time and obtain valuable insights that can be incorporated into information and data strategies.

Public offices can use the IM3 tool to conduct a benchmarking exercise. Using the results of the Information Management Assessment Program (IMMAP), organisations can:

  • Compare their own results over time
  • Select a target organisation and use their results as a benchmark for comparison
  • Compare their IM3 results with the averages found in the Information Management Maturity Current State Report.

Over time, you can use the results of these tools to demonstrate progress towards a more mature records management function.

These approaches may a assist a public office to identify where their information management practices deviate from other organisations to locate areas of compliance and areas for improvement.

Key Performance Indicators (KPIs) can be used to measure the performance of your recordkeeping program against its goals. KPIs are qualitative or quantatative measures that can be developed through the analysis of the functions of the records management services and activities. KPIs should support a public office's strategy, vision and objectives.

Example KPIs include:

  • % of records with disposal requirements assigned
  • number of people in the organisation who have attended records management training during the year
  • % of systems holding permanent records which meet VERS requirements
  • % of record retrieval requests met within 24 hours
  • 100% of sensitive documents have appropriate security protections applied.

If a public office has an audit program, records management must be included, and results should be reported through the usual governance processes. Internal audits should include periodic reviews of the organisation's records management systems, procedures and practices. Compliance audits assess the extent to which recordkeeping procedures are being complied with and identify opportunities for improvement.

Report recommendations issued by the Victorian Auditor-General's Office (VAGO), concerns raised by regulatory authorities such as the Office of the Victorian Information Commissioner (OVIC), or risks identified in a risk assessment may be a reason to initiate a compliance audit.

A compliance audit should be:

  • based on the public office's recordkeeping policies, procedures, strategy and training
  • able to identify and address the public office's exposure to recordkeeping risks
  • supported by the highest level of management
  • adequately resourced
  • repeatable in all sections of the public office
  • regularly conducted and continuously improved.

Compliance audits may be conducted by the organisation or a section of the organisation undertaking self-assessment, or by an independent person. The independent person or team could be an internal auditor or an external auditor including an officer from VAGO.

Continuous improvement

Continuous improvement is the ongoing process of identifying small changes that can improve the efficiency, effectiveness and quality of a process, product or program. Public offices should use the results of a recordkeeping assessment to identify improvements they can implement in their records management program.

Under the Public Records Act 1973, the head of a public office has a duty to ensure that a program of records management is carried out in accordance with the Standards issued by PROV. This includes ensuring that adequate resourcing is provided to address areas of concern within a reasonable timeframe.

Continuous improvement methodologies

Public offices should research continuous improvement methodologies to decide which will best suit their purposes. Some well-known continuous improvement methodologies include:

  • Business Process Reengineering
  • Fishbone diagrams
  • Kaizen
  • Six Sigma
  • Total Quality Management.

Continuous improvement examples

One of the best approaches to continuous improvement is ensuring that staff within the organisation understand recordkeeping requirements. PROV offers free online training modules to assist with upskilling staff. These can be included in your induction program or as ongoing training requirements.

Some other examples of activities that could be included in a program of continuous improvement:

  • Records management strategy refresh
  • Policy and procedure review
  • Stakeholder engagement plan review
  • Training program assessment
  • Compliance audit program
  • Retention and Disposal Authority review
  • Review of staff access to records
  • Storage inspections.

 

Reporting results

The results of a recordkeeping compliance assessment program should be reported to the executive through the public office's usual governance structure and included in other organisational audit and compliance programs. It is important that recordkeeping compliance assessment programs, like records management policies and procedures, have support from the highest levels of management.

Reports should be provided to public office management on:

  • Records management activities
  • Internal records mnagement cimplaince reviews
  • Changes to existing systems and implementation of new systems which are used to manage records
  • The delivery of records management strategies.

Material in the Public Record Office Victoria archival collection contains words and descriptions that reflect attitudes and government policies at different times which may be insensitive and upsetting

Aboriginal and Torres Strait Islander Peoples should be aware the collection and website may contain images, voices and names of deceased persons.

PROV provides advice to researchers wishing to access, publish or re-use records about Aboriginal Peoples

Learn more