Records Management in Local Government: the Auditor General Reports

10 Sep 2019

The Local Government Amendment (Auditing) Act 2017 (WA) gave the Auditor General the mandate to audit Western Australia’s 139 local governments and 9 regional councils. This allows the Auditor General to undertake performance and focus area audits.

In April 2019, the Office of the Auditor General (OAG) released the Western Australian Auditor General’s Report on Records Management in Local Government (the Report). The OAG reviewed the record management plans and practices of four Western Australian local governments as a part of this audit.

Let’s take a look at some of the key findings of the report. In particular, why the OAG found that overall, the sampled local governments were not managing their records in a manner which would promote transparency and accountability in decision making.

Supporting procedures and policies

It was found that all local governments and regional councils had Record Keeping Plans (RKPs) approved by the State Records Commission.

However, the RKPs of all four local governments under review had not been updated to reflect current management expectations for record keeping.

For instance, the policies did not meet expectations in relation to providing guidance for:

  • individual business areas;
  • management of sensitive records; and
  • social media.

Only one of the four local governments met expectations in relation to the digitisation of records.

Implementation of RKPs

The OAG also identified that the four local Governments had not developed adequate tools to support the implementation of their RKPs. For instance, local government staff did not regularly undertake records management training. This may result in records being inadvertently lost.

Furthermore, thorough monitoring of staff records management practices was limited. The local governments were therefore restricted in their ability to identify areas of their records management that needed to be improved.

“Records stored outside of approved systems (e.g. on individual staff computer drives) are at higher risk of being lost or altered.”

Management of important records

Three of the four local governments were unable to locate various significant documents in a timely manner. These documents include contracts, human resource records, planning approvals and complaint correspondence. Being unable to locate important records results in ineffective use of staff resources, diminishes customer confidence, and introduces legislative risk.

In addition, all four local governments stored important records outside of their approved records management systems. Records stored outside of approved systems (e.g. on individual staff computer drives) are at higher risk of being lost or altered. Furthermore, record processing for archiving or disposal can be more difficult and less timely.

Key points

OAG recommendations:

  • Conduct regular and thorough staff records training
  • Regularly review staff record management practices
  • Implement timely disposal of records
  • Implement adequate protection for digital records

Protection of Records

All four local governments stored physical records either on-site, or both at on-site and off-site storage facilities. The security of on-site storage was generally well managed. However the RKP commitments to regularly inspect on-site storage facilities were generally not being met.

The local governments were at various stages of establishing or implementing Disaster Recovery Plans for records. However none of the four local governments had tested if their Disaster Recovery Plans met the required timeframes for the recovery of digital records.

Recommendations from the OAG

Following the Report, the OAG recommends that all Western Australian local governments review their record keeping policies and procedures and implement the following actions:

  • Conduct regular and thorough records training for staff;
  • Conduct regular reviews of staff record management practices including policies and/or procedures;
  • Implement timely disposal of records; and
  • Install or implement adequate protection for digital records.

Conclusions

Maintaining adequate records management plans, policies and procedures, can be seen as a form of risk management for local governments. All local governments should ensure these documents are current and are being supported by regular staff training.

Contact

For more information please contact: Neil Hartley

Disclaimer: This article contains references to and general summaries of the relevant law and does not constitute legal advice. The law may change and circumstances may differ from reader to reader. Therefore, you should seek legal advice for your specific circumstances. The law referred to in this publication is understood by Civic Legal as of publication date.