Background

1. Records management is the ‘efficient and systematic control of the creation, receipt, maintenance, use and disposition of records, including processes for capturing and maintaining evidence of, and information about, business activities and transactions in the form of records.’¹ Proper records management is an essential foundation for sound public administration, where entities operate in an environment of high accountability. Records created by government entities document the information on which decisions are based and provide evidence of decision-making processes which can later be scrutinised.²

2. The Archives Act 1983 (Archives Act) sets out the basic legislative definitions and framework for managing Australian Government records. The Archives Act also outlines the requirements of entities in relation to the preservation, access and destruction of information which is created or received in the course of undertaking government business.

3. Advances in information technology have required government entities to reassess the systems and practices traditionally used to record and manage information arising from their day-to-day operations, with new standards for information management being progressively introduced into public administration practices. To guide entities in the move towards digital information and records management, the Australian Government released the Digital Transition Policy in 2011. The policy requires entities, amongst other things, to self-assess their progress towards the policy’s goals by way of an annual online questionnaire developed by the National Archives of Australia (Archives).

4. The Department of Health (Health) implemented its first digital records management referencing system, COReDOCS, in 1997. Following an eight year (2003 to 2011) internal assessment and approval process, Health commenced a project to upgrade the COReDOCS system in 2012 with a specialist electronic document records management system (known as TRIM EDRMS), at a cost of some $5.4m.³ The project objective was to expand the existing paper-based system into a full EDRMS solution to meet the department’s records and document management requirements.

Audit objective and criteria

5. The audit objective was to assess the effectiveness of the Department of Health’s records management arrangements, including Health’s progress in transitioning to digital records management.

6. To form a conclusion against the audit objective, the audit examined whether Health has:

1. developed an appropriate information management strategy to provide a framework for an effective and efficient records management system which delivered identified business needs;
2. an appropriate governance framework to assist in effectively managing its records; and
3. effectively rolled-out the TRIM EDRMS to maximise system benefits, and implemented operational measures to maintain the ongoing integrity of data.

Overall conclusion

7. The Department of Health’s records management requirements are not consistently applied and the transition to a robust digital information and records management system remains incomplete.

Supporting findings

Health’s information management strategy and governance arrangements

8. Health does not currently have an overarching information management framework and has not articulated how its information as a whole is managed. Similarly, Health is yet to develop an information management strategy which describes the department’s current records management environment, its short, medium and long term goals, and outlines the basis for planning to meet organisational records management targets, such as the goals for paper-based records reduction.

Planning and governance of the TRIM EDRMS implementation

9. It took some eight years (2003 to 2011) for Health to assess the feasibility of a new EDRMS and secure internal approval for its implementation. Health advised that the delay was primarily due to budgetary constraints, a lack of experienced records management staff and limited executive support for the project.

10. The TRIM EDRMS project was included as part of the Departmental National Alignment (DNA) change program with oversight by the Better Business Tools Program Board. The project’s scope was limited to incorporating two business systems—COReDOCS⁴ and TRIM Context⁵—for replacement as recordkeeping⁶ systems by TRIM EDRMS.

11. A Risk Management Plan was developed for the EDRMS project in June 2011, and has remained in draft form. As at June 2015, the draft Risk Management Plan listed the status of treatments as being in progress and did not identify the controls in place to mitigate identified risks, notwithstanding statements in the plan that the controls are effective.

12. An EDRMS Quality Management Plan was developed in January 2012. While the plan sets out the quality assurance responsibilities and requirements for the EDRMS project, it was not formally approved and the department was unable to demonstrate that the plan had been referred to and used during the life of the project.

13. Prior to implementing TRIM EDRMS, Health did not undertake any analysis of which of its business systems potentially stored official records, and the department continues to use a number of other recordkeeping systems such as the common shared drive. This situation continues notwithstanding Health’s decision to make TRIM EDRMS the only recognised records management system within the department.

14. One risk of storing records outside TRIM EDRMS is that Health cannot provide assurance that it is compliant with Senate Procedural Order of Continuing Effect No. 12.

15. As at June 2015, the department had not conducted a post implementation review of the TRIM EDRMS project, which was closed in August 2013. During the course of the audit, Health acknowledged that its implementation of the TRIM EDRMS project was not fully effective, and advised the ANAO that it had initiated a remediation project. The application of key governance and risk management practices, such as the appointment of a senior responsible officer and use of a project oversight framework, would support the successful implementation of the remediation project.

16. The ANAO has made two recommendations aimed at strengthening the governance of Health’s records management and the department’s TRIM EDRMS remediation project.

Health’s progress in transitioning to digital records management

17. The Australian Government released the Digital Transition Policy in 2011. Among other things, the policy required entities to self-assess their progress towards the policy’s goals by way of annual online questionnaires (known as Check-up 2.0 and Check-up Digital).

18. Health did not develop a plan or strategy to monitor its status in complying with the Digital Transition Policy or the later Digital Continuity 2020 targets set by the Australian Government. The department advised the ANAO that its responses to Check-up 2.0 and the later Check-up Digital assessments were not considered by any of its executive or governance committees before they were provided to the Secretary for submission to Archives.

Health’s operation of the TRIM EDRMS

Staff training and support

19. Health provided both online and face-to face training to staff as part of the 2013 TRIM EDRMS roll-out, but it is not possible to determine with confidence how many staff participated. Staff were also advised that general records management training was a prerequisite to undertaking the TRIM EDRMS specific training. However, Health could not demonstrate that this requirement was monitored and followed up with staff.

20. The TRIM EDRMS training is now delivered online, with no face-to-face interaction. Training modules do not have an assessment component and are deemed to be completed once they have been run on the user’s desktop, without any monitoring to provide assurance that the staff member completed the training. Staff interviews undertaken by the ANAO indicated that approximately 30 per cent of interviewees had not undertaken the relevant training modules prior to using TRIM EDRMS, and many staff were not familiar with key departmental policies.

Creation, storage and destruction of records

21. The ANAO observed numerous instances of duplicated documents created and stored within the TRIM EDRMS, including drafts and different versions of the same document. Without any clear indicators or titling, this makes locating and identifying the final versions of documents difficult. Further, Health had not issued guidance to staff on the sentencing of digital records, to facilitate the authorised deletion of documents stored on TRIM EDRMS.

22. A core control within TRIM EDRMS to mitigate the risk of inadvertent or deliberate deletion of files/records is the ability to ‘finalise’ a document as an official record. This process effectively locks the document and prevents any further alteration or deletion. Whilst Health’s procedural guidance details how to finalise completed records, there is currently no requirement for staff to do so, and of the 6.3 million digital documents in the TRIM EDRMS, only 27 693 (0.4 per cent) had been finalised as records as at May 2015.

23. The ANAO observed a number of procedural shortcomings in relation to a recent destruction of Health records, and the documentation supporting the destruction process remains incomplete. Without complete documentation, the department would not be in a position to provide assurance that files/records were destroyed in accordance with the Australian Government Protective Security Policy Framework.

24. The ANAO has made two recommendations aimed at strengthening Health’s management of the disposal, deletion and destruction of departmental records.

Transfer of records following machinery of government changes

25. Health developed an entity-specific records authority for its core aged care business activities in 2011, and this authority was transferred to the Department of Social Services (DSS) as part of machinery of government changes in 2013. In practice, Health struggled to identify paper-based records relating to aged care for transfer to DSS.

26. There were also delays in transferring responsibility for electronic records from Health to DSS. Health identified the relevant aged care digital files through the TRIM EDRMS and an extract was provided to DSS to effect the transfer. The extraction and transfer of digital files from the TRIM EDRMS to DSS occurred in April 2015, some 16 months after the relevant Administrative Arrangements Order was made on 12 December 2013. The Archives benchmark for transfer is one month.⁷

Staff experiences using TRIM EDRMS and Health’s framework for assessing TRIM outcomes

The user experience

27. In considering user experiences with TRIM EDRMS, the ANAO interviewed 30 Health staff and also observed their ability to efficiently locate documents within the system.

28. Interviewed staff advised that following the implementation of TRIM EDRMS, they continued to hold records for use on a day-to-day basis in either the TRIM EDRMS or the shared drive, with some staff holding records on both systems. Only 23 per cent of the staff interviewed were aware of Health’s key policy document covering records management, Corporate Business Rule 2. Similarly, only 53 per cent of staff had an awareness of Health’s Business Classification System, which provides guidance to staff on standard naming conventions for the titling of all paper and digital files created in the department.

29. Only 18 per cent of documents previously identified by the ANAO as being filed within their work section were able to be located in TRIM by the interviewed staff. The ANAO observed that staff often needed to search a variety of potential title words or phrases before information or documents related to the target document were identified. The need to do so was due primarily to inconsistency in the titling of records.

Assessing the benefits of implementation

30. While expected outcomes and benefits were identified in the department’s Project Management Plan for TRIM EDRMS, the project checkpoints and outcomes were not formally monitored during implementation. As a consequence, Health was unable to assess or demonstrate whether the TRIM EDRMS project has realised its specified objectives.

Recommendations

Summary of entity response

The Department of Health summary response to the proposed report is provided below, while its full response is provided at Appendix 1.

The Department accepts the four recommendations and commits to addressing each of them. The findings will form a vital part of ensuring that Health implements an effective program of work to lift the digital information and records management capability of the organisation.

Overview

1.1 Records management is the ‘efficient and systematic control of the creation, receipt, maintenance, use and disposition of records, including processes for capturing and maintaining evidence of, and information about, business activities and transactions in the form of records.’⁸

1.2 Departments of State, such as the Australian Government Department of Health, have an obligation to ensure that key decisions and events are recorded in a way that captures the important features of a discussion or decision.⁹ Effective records management facilitates informed decisions, enables government entities to discharge accountability and advisory obligations to government and the Parliament, and to contribute effectively to audit, Freedom of Information (FOI) and administrative review processes. It also enables departments to protect the Commonwealth’s interests in the event of disputes and legal action.

Australian Government records

1.3 The Archives Act 1983 (Archives Act) sets out the basic legislative definitions and framework for managing Australian Government records. The Archives Act also outlines the requirements of entities in relation to the preservation, access and destruction of information which is created or received in the course of undertaking government business.

1.4 Entities are responsible for applying appropriate records management practices to meet their responsibilities under the Archives Act. In recent years the National Archives of Australia (Archives) has released detailed guidance to assist entities develop and maintain appropriate records management practices. The guidance relates to: information governance and frameworks; the creation, capture and description of records; record storage and security; preservation of records; and which records are to be kept, destroyed or transferred to the Archives. ¹⁰

1.5 A key aspect of Archive’s responsibilities under the Archives Act is to authorise the disposal or destruction of records by Australian Government entities, as summarised below.

Source: Section 24 of the Archives Act 1983.

Australian Government Digital Transition Policy

1.6 Advances in information technology have required government entities to reassess the systems and practices traditionally used to record and manage information arising from their day-to-day operations, with new standards for information management being progressively introduced into public administration practices.

1.7 The Australian Government’s Digital Transition Policy was released in July 2011.¹¹ The purpose of the policy is to move all Australian Government entities to digital information and records management for efficiency purposes.

1.8 To assist entities to meet their responsibilities under the policy, Archives introduced the Check-up 2.0 online questionnaire in 2011. Entities were required to submit annual self-assessments of their records management status against the Check-up 2.0 ‘minimum requirements for basic information and records management’ to the Archives. In 2014 Archives replaced Check-up 2.0 with Check-up Digital, a questionnaire intended to encourage entities to focus on business benefits and adopt a risk-based approach to information management. The questionnaire also provided entities the opportunity to gauge the maturity of their digital information management, and set clear directions for improved digital practices.

Health’s record holdings and systems

1.9 Health introduced its first electronic records management system, TRIM Context, in 1985, and its first digital records management system, COReDOCS, in 1997. Before 1985, Health maintained all of its official records in paper-based files and has continued to create paper-based files in some circumstances. Paper files continued to be required in certain situations for security classification reasons, and in other instances continued to be created due to staff preferences.

1.10 Health advised the ANAO that it held more than 1.79 million physical paper-based files as at 28 February 2015.¹² Apart from files held by staff on Health’s premises for current access, the majority of paper-based files are stored in standard sized cardboard boxes at specialist records management facilities.¹³ Health also advised the ANAO that the annual cost of storing its paper-based records is approximately $720 000.¹⁴

1.11 Between 1997 and 2013, records of Health’s official business activities were stored on a range of platforms, in addition to COReDOCS:

1. TRIM Context: a commercial application used by the department for the management of paper files;
2. File Request Database: a bespoke Lotus Notes application for electronic submission of paper file management requests by staff;
3. shared computer drive locations for electronic files; and
4. the Lotus Notes email system.

1.12 Health replaced the COReDOCS system in 2013 with an updated specialist electronic document records management system (EDRMS), referred to as TRIM EDRMS in this audit report.

1.13 Figure 1.1 provides a timeline of significant changes to Health’s recordkeeping arrangements since the first electronic records management system was introduced in 1985.

Figure 1.1: Timeline of key events impacting records management at Health since 1985

Source: ANAO.

Health’s TRIM Electronic Document Records Management System (EDRMS)

1.14 In 2003, Health commenced investigating a number of suitable EDRMS solutions to replace COReDOCS. In 2009, Health established the EDRMS Project to procure and implement an EDRMS solution to enable the department to manage its increasing volume of electronic records, and to meet the records management requirements of the Archives Act. In March 2009, the department’s executive committee approved the EDRMS Project and allocated capital funding of $5.4 million with operational requirements to be absorbed within the information technology divisional budget. The EDRMS project objective was to expand the existing paper-based TRIM Context (Records Management System) into an EDRMS solution to meet the department’s records and document management requirements.

1.15 Commencement of the agreed TRIM EDRMS project took a further two years (2010 to 2011), and following pilot roll-outs in South Australia and the Office of Health Protection in 2012, Health implemented TRIM EDRMS across the department in August 2013 to replace the existing COReDOCS digital recordkeeping system.

1.16 The TRIM EDRMS database is maintained on Windows Servers and an Oracle database (metadata) repository. A front end Graphical User Interface (GUI) provides the primary user interface for TRIM EDRMS. The GUI allows Health staff to add and manage records but does not allow them access to the underlying TRIM EDRMS databases.

1.17 At the time of the audit, access to oversight and management of the TRIM EDRMS database was provided through Health Administrators (located in the Records Management Unit and Information Technology Division) and outsourced providers.

1.18 The TRIM EDRMS is identified in Health’s internal corporate policies as the official ‘recordkeeping system’ capable of storing departmental records. As at 30 April 2015 Health had more than 205 other separate computer systems to assist staff in carrying out their duties to deliver its 10 business outcomes. Health has not assessed all of these systems to identify if they contain potential records.

1.19 Health has estimated that it has approximately 6.3 million digital documents ‘filed’ in the TRIM EDRMS, with some 52 920 new digital files created since 2013.¹⁵ Table 1.1 identifies the number of paper and digital files created each year since the implementation of the TRIM EDRMS. Health advised the ANAO that during Financial Year 2014–15 there was a number of records management projects that resulted in the increase to paper file creation.

Table 1.1: Files created in Health’s TRIM EDRMS

Source: Health TRIM EDRMS Extract.

1.20 Health also creates potential records through staff sending and receiving electronic emails. Health advised the ANAO that during the four week period from 30 March 2015 to 26 April 2015 a total of 1 323 236 emails were sent from, and 2 843 146 emails were received by, the department. Health further advised that these numbers are typical of the current volume of email traffic. The high volume of email traffic poses a significant ongoing challenge for Health’s records management, as staff need to identify which emails should be classified as an official record and ensure they are appropriately filed within TRIM EDRMS.¹⁶

Previous audit coverage

1.21 The ANAO has previously undertaken four performance audits which have considered the effectiveness of government entities in meeting their records management responsibilities.¹⁷ A key conclusion reached in the two most recent audits was that entities needed to make an ongoing commitment to meet their records management responsibilities, especially in an environment where, increasingly, records are created and stored electronically.

1.22 Previous ANAO performance audits have also identified recordkeeping and records management as an area requiring the department’s focus, particularly relating to incomplete, inaccurate, duplicated and inaccessible records of key decisions and actions.¹⁸

Audit objective, criteria and scope

1.23 The audit objective was to assess the effectiveness of the Department of Health’s records management arrangements, including Health’s progress in transitioning to digital records management.

1.24 To form a conclusion against the audit objective, the audit examined whether Health has:

1. developed an appropriate information management strategy to provide a framework for an effective and efficient records management system which delivered identified business needs;
2. an appropriate governance framework to assist in effectively managing its records; and
3. effectively rolled-out the TRIM EDRMS to maximise system benefits, and implemented operational measures to maintain the ongoing integrity of data.

1.25 To assess the status of Health’s information and records management framework and governance arrangements, and its progress towards implementing the Australian Government’s Digital Transition Policy, the ANAO examined records management (and relevant information management) strategies, policies and guidelines, as well as systems and training materials relating to the creation, maintenance and destruction of records.

1.26 In considering Health’s selection and implementation of the TRIM EDRMS, and how the department assessed the realisation of benefits arising from its use, the ANAO reviewed governance and other documents which supported the TRIM EDRMS implementation project.

1.27 In conducting the audit, the ANAO met with the department’s Chief Operating Officer and Chief Information Officer, and interviewed key records management, business continuity, ICT, legal and freedom of information staff, including third party contract support staff. The ANAO also interviewed 30 staff representatives (at APS grades APS4 to EL2) across some 27 branches regarding recordkeeping arrangements and practices, and reviewed the ease with which those staff were able to access documents filed within the TRIM EDRMS.

1.28 Some Health portfolio entities and the Therapeutic Goods Administration (TGA)¹⁹ also use the TRIM EDRMS. The use of TRIM by the TGA and portfolio entities was outside the scope of this audit.

1.29 The audit was conducted in accordance with ANAO auditing standards at a cost to the ANAO of approximately $459 000.

Introduction

2.1 With the increasing use of digital information to support government business, entities derive benefit from a strategic vision of how their information and records management requirements will be met in the present and future. A clear strategic vision can assist entities to implement information technology solutions that are best suited to their operational requirements. Once implemented, records management systems need to be supported by an effective governance framework and guidance that is well understood by staff and easy to apply. The ANAO examined the implementation of Health’s TRIM EDRMS and the governance arrangements in place to support the system.

Has Health developed an effective information and records management governance framework?

2.2 Information governance addresses how an organisation’s information assets are managed to support organisational outcomes. Any information created and captured as evidence of an entity’s business should be managed as a record, including emails, social media, databases, websites or content on mobile devices, business systems or other digital technologies.²⁰ The National Archives of Australia (Archives) advises entities that three key documents lay the foundations for effective information governance:

1. an information and records management framework;
2. an information and records management strategy; and
3. an information and records management policy.

2.3 Table 2.1 summarises Health’s progress in developing these documents.

Table 2.1: Health’s information governance documentation

Information and records management framework

2.4 Archives guidance advises that an information and records management framework should:

outline the legal, regulatory and business context within which information and records are created, used and managed.²¹

2.5 An overarching information management framework lays the foundation for how an entity manages the information being created and received through all aspects of its day-to-day activities. Specifically, an information management framework identifies and defines how all types of information (including data, documents, records or datasets) is managed to support organisational outcomes.²²

2.6 Records management is a sub-component of information management. If a comprehensive records management framework is not in place, the completeness and integrity of the records base is brought into question.²³

2.7 Health has developed a records management framework and associated guidance and policies, outlined within its Corporate Business Rule 2 – Records Management (CBR2).²⁴ The department has not yet developed an overarching information management framework and has not articulated how its information as a whole is managed. In the context of its implementation of the Australian Government’s Digital Transition Policy, the department should develop an overarching information management framework.

Information and records management strategy

2.8 An information and records management strategy sets out the planned approach to information and records management to meet current and future organisational needs and regulatory requirements. It should describe the current status, short, medium and long term goals and provide the basis for planning to meet organisational targets.²⁵ These considerations are particularly relevant in the context of working towards implementation of the Australian Government’s Digital Continuity 2020 Policy and Health’s TRIM EDRMS remediation project discussed in paragraph 2.29. Health did not have an information and records management strategy at the time of the audit, and could usefully develop a strategy to guide its future initiatives and approach to performance measurement.

Information and records management policy

2.10 An information and records management policy is a key guidance document for staff. Setting out the expectations, responsibilities, practices and benefits of good information and records management, the policy should build on, and reference, the framework and strategy documents discussed above. In particular:

records management responsibilities and authorities should be defined and assigned, and promulgated throughout the organisation, so that, where a specific need to create and capture records is identified, it should be clear who is responsible for taking the necessary action.²⁶

2.11 Health has addressed the issue of roles and responsibilities in its Corporate Business Rule 2 – Records Management. Over time, variations in Health’s structural arrangements have resulted in changes to the policy owner responsible for the oversight of records management within Health, and the removal of roles that were assigned responsibilities within the document. These developments were not reflected in the policy reviewed by the ANAO. For instance, as at May 2015 the Information Technology Division roles and responsibilities documented within Corporate Business Rule 2 did not align with the documented responsibilities of identified positions within the Division. Health subsequently updated Corporate Business Rule 2 in June 2015 to address the issues outlined above.

2.12 To help create a robust and accountable records management environment within an organisation, the relevant standard indicates that responsibilities in relation to records management should be captured within the duty statements for all staff, not just record management professionals.²⁷ For records management unit (RMU) staff, Health included relevant duties and obligations for records management in their duty statements. A sample of duty statements examined by the ANAO, for staff not working within the RMU²⁸, indicated that the duty statements did not incorporate any responsibilities for recordkeeping. There would be merit in Health incorporating an appropriate reference to recordkeeping in staff duty statements over time.

Did Health’s project planning and governance facilitate the implementation of the TRIM EDRMS?

2.13 Prior to 1997, Health’s official business activities were primarily recorded and maintained in paper-based files. In 1997 Health implemented a bespoke version of the Lotus Notes Document Management System for electronic records, known as COReDOCS, in response to the increasing volume of digital data.

2.14 By 2002 Health recognised that COReDOCS was no longer able to meet its business needs and began considering a replacement EDRMS. As an interim solution the department made shared computer drive locations accessible to staff to enable electronic files to be created, stored and accessed.

Implementation timeline

2.15 The TRIM EDRMS project commenced in 2009-10 and was rescheduled for the 2010–11 financial year to allow time to engage additional experienced resources either through staff recruitment or the use of contractors. Further delays were experienced during this time due to TRIM EDRMS version incompatibility with the department’s new desktop software. A revised project approach was developed and approved by Health’s Executive Committee in April 2011, with work commencing under the governance of the EDRMS Project Steering Committee. The implementation timeline for the revised project from 2011 is summarised at Table 2.2.

Table 2.2: TRIM EDRMS implementation timeline since 2011

Source: Department of Health documentation.

2.16 The roll-out phase for the EDRMS project commenced with two pilots, conducted in the South Australian State Office during July 2012 and in Central Office (the Office of Health Protection) during September 2012. Health advised the ANAO that system and training improvements were made as a result of the two pilots, but Health did not document the nature of these improvements.

2.17 The full production roll-out of the TRIM EDRMS occurred between October 2012 and August 2013.

Project planning and procurement strategy

2.18 A Risk Management Plan was initially developed for the TRIM EDRMS project in June 2011, and Health advised that the plan was updated and provided to key governance boards during the life of the project. The Risk Management Plan was not finalised and has remained in draft form. As at June 2015, the draft plan listed the status of treatments as being in progress and did not identify the controls in place to mitigate identified risks, notwithstanding statements in the plan that the controls are effective.

2.19 A TRIM EDRMS Quality Management Plan was developed in January 2012. While the plan sets out the quality assurance responsibilities and requirements for the TRIM EDRMS project, it was not formally approved and the department was unable to demonstrate that the plan had been referred to and used during the life of the project.

2.20 A procurement strategy for the TRIM EDRMS project, prepared with reference to the Commonwealth Procurement Guidelines²⁹, was approved by the Chief Operating Officer in September 2011. The Procurement Strategy divided procurement related activities into five independent procurement modules and for each procurement process the department established a Tender Evaluation Committee and utilised advice from probity advisors. The ANAO did not review the procurement processes undertaken by the department for the TRIM EDRMS project as part of this audit.

Did Health analyse the location of potential records before transitioning to TRIM EDRMS?

2.21 While TRIM EDRMS is the only recognised records management system within the department, Health currently uses other recordkeeping systems including:

1. the common shared drive used to file records prior to the introduction of TRIM EDRMS, which remains accessible as a ‘read-write’ system. This is despite Health’s intention that the shared drive would be primarily a read-only system following the roll-out of TRIM EDRMS; and
2. the standalone computer and database supporting management of the national medical stockpile. ³⁰

2.22 Prior to implementing TRIM EDRMS, Health did not undertake any analysis of which of its business systems potentially stored official records. The Archives notes that a specialised EDRMS provides the security, access, version control and audit functionality required for better practice information management. There would be merit in Health identifying those systems used to maintain official records and assess the risks of holding records within them. This would assist in considering if such systems should be made compliant with the EDRMS characteristics noted above or if the information they contain should be transferred or cross-referenced into TRIM EDRMS.

What are the risks to the department of storing records outside TRIM EDRMS?

2.23 Senate Procedural Order of Continuing Effect No. 12: Indexed Lists of Departmental and Agency Files, requires Australian Government entities to create an indexed list of the titles of all relevant files, including new parts of existing files, created by them in the preceding six months (commencing on 1 January and on 1 July, respectively), and to place the listing on their website on the Internet.³¹

2.24 The Check-up 2.0 questionnaires (discussed further at paragraph 2.32) for each of the three years 2011—2013 asked entities:

‘To what extent does your agency meet the requirements of the Senate Procedural Order of Continuing Effect No. 10: Indexed Lists of Departmental and Agency Files?’

2.25 For each of the three years Health’s self-assessed rating for this question was:

‘6=Excellent’.

2.26 Health advised the ANAO that the compilation of the listing for the Senate Procedural Order does not include any files created on its shared drive. Health has continued to allow files to be created and stored on its shared drive even after the implementation of the TRIM EDRMS, despite the operating instruction that TRIM EDRMS is to be used as the only recordkeeping system.

2.27 As a result it is not possible for Health to provide assurance that the listing it creates complies with Senate Procedural Order of Continuing Effect No. 12.

Did Health conduct a post implementation review?

2.28 The Australian Standard on Records Management indicates that following the implementation of an EDRMS solution, entities should undertake a post implementation review. The purpose of the review is to assess if the original objectives and business needs for the project have been met and to identify key lessons learned to be applied to future systems implementations. As at June 2015, the department had not conducted a post implementation review of the TRIM EDRMS project which was closed in August 2013.

2.29 In September 2015, Health advised the ANAO that it had initiated a TRIM EDRMS remediation project in order to address the shortcomings identified in this performance audit. The project would benefit from the application of better practice relating to governance, risk management and performance measurement, including the appointment of a senior responsible officer accountable for the project’s implementation.³²

Does Health have governance arrangements to oversee the implementation of key government digital policies?

2.31 The purpose of the Digital Transition Policy³³ is to move all Australian Government entities to digital information and records management for efficiency purposes. When introduced in 2011³⁴, the policy required all entities to:

1. enlist senior management support to drive change;
2. complete a self-assessment records management status questionnaire (Check-up 2.0);
3. reduce paper stockpiles;
4. manage digital information wherever it is held; and
5. consider what resources are needed.

2.32 To assist entities to move towards the digital information and records management environment intended under the Digital Transition Policy, Archives introduced the Check-up 2.0 online questionnaire for government entities in July 2011. Check-up 2.0 required all entities to self-assess their information and records management capability for each of the three years from 2011 to 2013, and was followed by a Check-up digital assessment in 2014.

2.33 The department did not develop a plan or strategy to monitor its status in complying with the 2011 Digital Transition Policy and transitioning to the targets set out as part of the later Digital Continuity 2020 initiative.³⁵ Going forward, there would be merit in Health establishing appropriate governance and oversight arrangements to monitor its implementation of these government policy initiatives.

2.34 Health advised the ANAO that its responses to both the Check-up 2.0 and Check-up Digital assessments were not considered by any of its executive or governance committees before they were provided to the Secretary for submission to Archives. In considering its governance arrangements, Health should also reflect on how best to progress and monitor unfinished business such as: decommissioning of the shared drive; the development of a policy to address the sentencing of digital records; and the identification of historical records to be digitised so as to reduce its holdings of paper-based records.

Introduction

3.1 The effective roll-out and operation of an EDRMS relies heavily on the provision of: staff training and support; and the availability of up-to-date reference materials. The ANAO examined the guidance and training made available within Health at the time of the rollout and on an ongoing basis, as well as the practicalities for Health staff in managing records on TRIM.

Did Health provide appropriate support and training for users of the TRIM EDRMS?

3.2 Health staff can currently access TRIM EDRMS guidance in three ways:

1. reference material available on the intranet–outlining Health’s expectations of staff, procedural guidance and advice on good recordkeeping practices;
2. a help desk–offering support during business hours can be contacted via email or telephone; and
3. online training modules–completed by staff at their own pace.

Reference material and help desk

3.3 The provision of up-to-date guidance materials can help users to understand both their responsibilities and how to use the TRIM EDRMS system appropriately. Reference materials are documented on the intranet, and staff are directed to reference points for the system including initial training, policy, and procedural documentation relating to file titling, appropriate use, access controls and digital file structure. The TRIM EDRMS functionality is also addressed within a guidance document setting out key areas such as adding and editing documents, access controls and the search function.

3.4 Since December 2014, Health has provided graduated support to staff and improved oversight of technical issues to systems administrators. Depending on the nature of the problem, user support for the TRIM EDRMS is provided by either the Information Technology (IT) Help Desk, the Records Management Unit (RMU) or the IT Division (ITD) technical assistance. This model has evolved since the TRIM EDRMS system was first implemented. At that time, all calls were directly routed to RMU’s TRIM EDRMS Help Desk.

Training environment

3.5 The ANAO reviewed the training environment from the time leading up to the TRIM EDRMS rollout in 2013 through to May 2015. The content, method of delivery and take up of training were examined.

Pre-rollout training

3.6 The importance of appropriate training was highlighted in the 2005 business case for the TRIM EDRMS. The business case identified that unless users were provided with the appropriate level of hands-on training they would avoid storing documents in the system and would continue to use the shared drive or their personal drives.

3.7 In response Health developed an approach recommending mandatory face-to-face training for all staff in relation to the principles of records management³⁶, in addition to the training required for the operation of the TRIM EDRMS (computer-based classroom training). The proposed approach was not approved by the executive, on the basis of cost, and a revised training approach was adopted. Staff were expected to complete either: an online questionnaire (10 questions); an e-learning module; or a one hour face-to-face training session. Staff were also expected to complete mandatory computer-based EDRMS training.

3.8 General records management training for staff was undertaken between May 2012 and August 2012. Health advised the ANAO that of the 5183 staff at Health at the time³⁷, one hour face-to-face training was provided to 810 staff nationally (16%), with 754 recorded as receiving a pass. In addition, 1621 staff (31%) completed the online module and the remainder either undertook the online quiz to complete their training (2518 or 49%)³⁸, or did not undertake any training (234 or 4%). Health did not follow up with staff in relation to attendance. Face-to-face training ended in August 2012, and has not been offered since. The online module and quiz remain available for use, and completing one of these options is a current prerequisite to obtaining full user access to the TRIM EDRMS.

3.9 The TRIM EDRMS training was delivered in the two months preceding the 2013 rollout. Staff were advised that general records management training was a prerequisite to undertaking the TRIM EDRMS specific training. However, Health could not demonstrate that this requirement was monitored and followed up with staff. Health’s records indicate that the TRIM EDRMS specific training had a higher attendance rate than the general records management training, with 84 per cent of staff undertaking the computer-based training module in a classroom setting (involving face-to-face interaction), in the lead up to the implementation of the system.

Post-rollout training

3.10 All TRIM EDRMS training is now delivered online, with no face-to-face interaction. In order to gain read/write access to TRIM EDRMS, users must undertake both an online general records management training course and the online module of the TRIM EDRMS specific training. Neither online course has an assessment component and is deemed to be complete once the modules have been run on the user’s desktop. There is no monitoring to provide assurance that the staff member actually completed the training.

3.11 Approximately one third of a sample of 30 Health staff interviewed by the ANAO indicated that they had not undertaken the relevant training modules prior to using TRIM EDRMS. Further, the ANAO’s staff interviews relating to knowledge of two of the key documents guiding recordkeeping policy (Corporate Business Rule 2 – Records Management (CBR2) and the Business Classification System (BCS)) suggest that the level of training, communication and engagement within Health requires review. Of the 30 staff interviewed by the ANAO, over 75 per cent were not familiar with Corporate Business Rule 2, and 45 per cent were not familiar with the Business Classification System. Training issues could usefully be considered as part of the new TRIM EDRMS remediation project.

3.12 Health advised the ANAO that due to internal resourcing priorities, it does not engage in active promotion of staff responsibilities for records management.

Does Health have appropriate arrangements in place for records creation, storage and retrieval?

Records creation

File titles

3.13 Health has implemented processes to oversee quality assurance of file names relating to both paper and digital files created by Health staff within the TRIM EDRMS. A third party service provider³⁹ assesses file names at the time of creation in accordance with a Business Classification System specified by Health. The use of a Business Classification System assists Health in managing and sentencing its records.⁴⁰

3.14 As at June 2015 Health had not issued guidelines on the sentencing of digital files created within the EDRMS, which has affected the quality assurance process for file titling. Further, Health does not routinely create files that have a date included in the title to facilitate records management and sentencing, a practice which can impact on the efficiency and effectiveness of sentencing and record retrieval within the department.

Shared drives and emails

3.16 The departmental shared drive was intended to be accessible as primarily a read-only system following the roll-out of the EDRMS. At the time of the roll-out in August 2013, Health staff were encouraged to transfer existing shared drive documents onto EDRMS. However, the shared drive has remained fully accessible to all staff since the roll-out, resulting in inconsistent use of the TRIM EDRMS platform by staff. While some branches have effectively moved their operations onto the EDRMS platform, other areas continue to use the shared drive not only to access existing documents but to store newly created records.

3.17 ANAO interviews with Health staff indicated that a range of electronic systems, including shared drives and the email system (Outlook) are used by staff to store and manage business records, and these records are not consistently captured within the EDRMS. As shown in Figure 3.1, the space used by the shared drive has grown since the introduction of TRIM EDRMS in 2012, as staff continue to store documents outside the prescribed EDRMS platform.

Figure 3.1: Size of shared drives

Source: ANAO analysis of Health data.

Duplicate documents

3.18 The ANAO observed numerous instances of duplicated documents created within the EDRMS, including drafts and different versions of the same document without any clear indicators or titling to identify which version was the final one. The proliferation of documents can affect the ready identification and retrieval of official records. To help avoid the proliferation of documents, relevant strategies could be incorporated in departmental training and guidance.

Mobile phones

3.19 Health’s records management policy, Corporate Business Rule 2, does not address the potential for staff to communicate with the department, or the Minister’s office, via a mobile phone belonging to the individual or the department. It is possible that such communications, in the form of emails or short message service (SMS) transcripts⁴¹, could involve exchanges of information or commentary that potentially would be classified as a record from Health’s perspective.⁴² There would be benefit in the department incorporating relevant guidance in Corporate Business Rule 2.

Records storage and retrieval

3.20 To effectively support business activities, and satisfy legislative and accountability requirements⁴³, entities need to be able to access and use all of their records as necessary, in whatever format they are stored, and wherever they might be located. This is especially relevant in the context of high volume digital information, which needs to be ‘discoverable, accessible and useable.’⁴⁴

Metadata

3.21 The efficient retrieval of records in a TRIM EDRMS environment requires the system to be configured in a way that reflects its business operations and that will support search and retrieval of documents on the basis of a wide range of parameters which represent the record’s underlying metadata. Such parameters include the numeric identifier assigned to the record, the title of the document or file, the timing of the document’s creation, and the original creator of the document or record. ⁴⁵ TRIM EDRMS is a specialist records management system, and has been configured by Health to capture and store relevant operational and metadata details when business records are created.

Storage of paper-based records

3.22 The storage requirements for Health’s records, especially those in paper-based and other physical formats, present significant challenges.

3.23 Health currently has some 56 560 lineal metres of records held in storage boxes. Whilst the majority of these files were created after 1970 some storage boxes also contain files recording matters since Health commenced operations in 1921. The majority of paper-based files are held in off-site document storage facilities managed by third parties, with an undetermined number of Health files also retained by Archives.⁴⁶

3.24 A large percentage of Health’s paper-based files are included in TRIM EDRMS as a digital file item, referencing the number and location of the physical paper-based file. Many other historical paper-based files are listed on compact disks which record details transferred from old index cards used prior to the introduction of computerised records management systems in the 1980s. In addition, Health has estimated that some 43 000 historical files currently in storage are not recorded in any system. Health advised the ANAO that listings of those historical files were being compiled.

3.25 The relevant support services contract made provision for a file census each year to confirm the existence and location of Health’s paper-based files. In 2012, as a cost-saving measure, Health decided to suspend the annual file census, which was last conducted in 2013.⁴⁷

Physical objects storing records

3.26 As at 30 April 2015, Health had referenced more than 3200 files on TRIM EDRMS as records containing information in various formats other than paper or digital documents. These files contained one or more items, including: USB keys, films and DVDs, voice and video cassette tapes, compact discs, floppy discs, books, photos and negatives. The ANAO analysed a sample of 300 files to determine the nature of the storage media items included in the listing. Table 3.1 summarises the contents of the file listings examined, many of which contained multiple elements.

Table 3.1: Content of physical items listed as records within TRIM EDRMS

Source: ANAO analysis.

3.27 As indicated in Table 3.1, some 164 items reviewed by the ANAO were inadequately described. Shortcomings in the description of such items have implications for their ongoing management and future retrieval.

Document Search

3.28 The EDRMS search facility does not support the identification of records attached to emails. At best the search may identify the host email if there is an exact match of identifying terminology contained within the title or body of the attachment.

Does Health have arrangements in place for records disposal that meet Archive requirements?

3.29 Archives has recently reinforced the need for entities to implement an appropriate management plan to retain official records only for as long as they are operationally or legislatively required.⁴⁸ Decisions on keeping, destroying or transferring records are regulated by the Archives Act, and there are three main ways in which most entities can delete or destroy their records:

1. Normal Administrative Practice — entities may dispose of low-level records which have short term value;
2. general records authorities (GRAs)⁴⁹—allow entities to dispose of records which form part of the common business activities undertaken by the entity; and
3. entity-specific records authorities—cover individual business activities undertaken by entities which are specifically agreed with Archives.

3.30 Normal Administrative Practice allows entities to destroy certain types of records without seeking specific prior permission from Archives. Guidance provided by Archives suggests that entities undertake a risk assessment on their business operations to identify those records where Normal Administrative Practice can be applied.⁵⁰ Archives also suggests that records subject to destruction using Normal Administrative Practice will generally fall into one of five broad categories:

1. facilitative, transitory or short term items such as staff appointment diaries and personal items, and most emails that have been captured by the entity’s EDRMS;
2. rough working papers or calculations;
3. drafts not intended for further use or reference;
4. copies of material retained for reference purposes only; and
5. published material not included as part of an entity’s records.

3.31 To supplement its Records Management Policy document (CBR2), Health prepared a Normal Administrative Practice Policy document in May 2012. The policy applies to: all departmental staff; all aspects of the department’s operations; and records in all formats created and received as part of the department’s business that are not needed as evidence of that business.⁵¹

3.32 The ANAO noted many examples of records in the TRIM EDRMS, especially drafts and duplicate copies of documents, which were more than 12 months old and met the criteria for deletion under the Normal Administrative Practice policy. Consistent and timely application of the policy would help reduce the number of unnecessary records retained by Health and lessen the related call on IT resources and storage costs.

3.33 As at 31 March 2015, Archives had issued six entity-specific records authorities covering 10 core business areas within Health.⁵² Health advised the ANAO that it is liaising with Archives to finalise further entity-specific records authorities which will cover six more of its core business activities.

Deleting files in the TRIM EDRMS

3.34 The integrity of an entity’s records base relies heavily on sufficient controls being in place to monitor and detect inappropriate file deletions from its recordkeeping systems. User access and modification controls contribute to the effective protection of documents and files from unauthorised alteration or destruction.⁵³

3.35 Within the TRIM EDRMS, Health staff can currently delete electronic documents that have not been finalised in two ways. Documents can either be moved via a drag and drop action into the electronic recycle bin, or can be moved to the recycle bin by accessing and selecting the delete document option which gives the user the opportunity to select a reason for the deletion, based on normal administrative procedure. For those documents that have been dragged and dropped, a manual review is performed by the records management unit to identify the affected files, and apply a normal administrative procedure reason. However, this process is not documented and does not have an audit trail. Further, there is currently no review process by managers or the records management unit to verify the appropriateness of the normal administrative procedure reason selected by staff for files transferred into the recycle bin.

3.36 A core control within TRIM EDRMS to mitigate the risk of inadvertent or deliberate deletion is the ability to ‘finalise’ documents as an official record. This process effectively locks the document and prevents any further alteration or deletion in the TRIM EDRMS. Of the 6.3 million digital documents in the TRIM EDRMS, only 27 693 (0.4 per cent) had been finalised as records as at May 2015. While the control has been documented in Health’s procedures and the relevant guidance document explains how to finalise a record, the department does not require staff to finalise records, nor provide criteria to guide staff as to when finalisation is appropriate.⁵⁴

Destruction of paper-based records

3.37 Prior to 2014, Health did not directly destroy any of its paper-based records. Records were destroyed by other entities, primarily Archives, on Health’s behalf.⁵⁵ In the case of Health records held by Archives, departmental permission is required for destruction. When the expiry date for destruction is reached, Archives contacts Health to advise that it has assessed the records as having no historical significance and therefore considers they do not warrant continued retention.

3.38 In 2014 Health initiated its first destruction of records under the Administrative Functions Disposal Authority general records authority, coordinated by the department’s third party provider of records management services. The service provider individually listed on a spreadsheet a number (2481) of administrative record files as at 29 July 2014 that had passed their sentencing date and were due to be destroyed. Health did not advise the service provider of any instructions or requirements relating to the destruction, nor did it specify the number of files authorised for destruction.

3.39 The service provider subsequently arranged for the physical destruction of the Health files to be facilitated by another records management firm. However, the Certificate of Destruction provided to Health by the sub-contracted firm did not identify who undertook the destruction of the records, or where the destruction of records took place. Nor did the certificate confirm the actual number of records/files destroyed. As a consequence, Health’s record of the destruction process remains incomplete, and the department would not be in a position to provide assurance that files/records were destroyed in accordance with the Australian Government Protective Security Policy Framework.

Was there a timely transfer of aged care records following machinery of government changes?

3.41 The Administrative Arrangements Order (AAO) of 12 December 2013 transferred responsibility for the aged care function from Health to the Department of Social Services (DSS).

3.42 Archives states that the basic principle applying to administrative changes is for the records to follow the business.⁵⁶ In line with this principle, the records associated with the aged care function became the responsibility of DSS when the AAO was made.

3.43 When a transfer occurs, several issues require consideration: identification of the affected records (both electronic and physical); management responsibility for physical files; and putting in place relevant records authorities.

3.44 Health determined, on advice from its records management service provider, that paper-based files relating to aged care could not be separately identified and removed from storage. Health’s contract with the service provider did not require the detailed contents of individual files to be catalogued, which meant that without a full stocktake (at considerable cost to Health), paper-based files relating to aged care were not discernible from other Health related files. For those files that were separately identified, there was uncertainty between DSS and Health around the number of boxes containing physical files to be transferred and the quality of data relating to the content of storage boxes. The matter remained unresolved as at 30 June 2015, some 18 months after the transfer of functions.

3.45 The difficulties encountered in identifying relevant files arose largely from the practice of storing Health’s paper-based files solely on the basis of their sentencing expiry date. If files were boxed on the basis of their source business activity or division, as well as their sentencing expiry date, identification difficulties would have been much reduced. Lessons learned from this experience could usefully inform arrangements for the storage of future paper-based records.

3.46 Archives recommends that records be transferred within one month of an AAO being made.⁵⁷ At the time of the audit, most physical files relating to Aged Care were still held by Health, with notional management transferred to DSS in November 2014 for some identified physical files.⁵⁸ The cost of identifying individual files for transfer was considered prohibitive by Health, and it was agreed that the files would transfer upon individual request by DSS. All requests were managed by Health’s service provider, which had responsibility for accessing requested files and providing them to DSS.

Introduction

4.1 If the implementation of an electronic document records management system (EDRMS) is well managed, it should result in a system that is straightforward to understand and easy for staff to use. It should also deliver operational benefits. Assessing the use of an EDRMS, and monitoring the benefits resulting from its implementation, can improve its operation and contribute to operational efficiency.

4.2 To assess the level of staff familiarity with, and opinions on using TRIM EDRMS, the ANAO interviewed a random sample of 30 Health staff, selected across 15 divisions and covering some 27 different branches, regarding records management practices. More than 75 per cent of staff interviewed had been employed at Health for more than 3 years. The interviews related to:

1. creating and capturing records;
2. describing records (metadata);
3. training and support;
4. understanding of Health’s recordkeeping policies and procedures;
5. storing records;
6. accessing and using records; and
7. the performance of TRIM EDRMS.

4.3 To help assess whether staff could readily locate files within the system, staff were also asked to search for and locate a document within TRIM EDRMS that had been previously identified by ANAO as having been created within the staff member’s work area.

What is the user experience of TRIM EDRMS?

Creating and capturing records

4.4 Following implementation of the TRIM EDRMS, staff were able to continue to use the shared drive to file records. Staff interviewed by the ANAO indicated that they held records for use on a day-to-day basis in both the TRIM EDRMS and the shared drive. Overall, some 25 per cent of the work files of interviewed staff were located on the shared drive.

Training and support

4.5 As noted earlier, Health provided both classroom and computer-based training options for staff at the time the EDRMS was implemented. Staff are now required to complete computer-based e-Learning modules covering general records management as well as basic functionality in TRIM EDRMS before they are given full access to the system. Of the staff interviewed, only 22 (70 per cent) had completed general records management training and 23 staff (73 per cent) advised that they had received training on the use of TRIM EDRMS. Seven staff (23 per cent) indicated they would like to receive more training on records management and the use of the TRIM EDRMS.

Understanding Health’s policies and procedures on records management

4.6 A number of the staff interviewed indicated that the department’s policies and procedures in relation to records management were not easy to understand and many were not aware of how to implement key aspects of Health’s records management policy and guidance. Only seven (23 per cent) of the staff interviewed were aware of Health’s key policy document covering records management, Corporate Business Rule 2. Similarly, only 16 staff (53 per cent) had an awareness of Health’s Business Classification System, which provides guidance to staff on standard naming conventions for the titling of all paper and digital files created in the department.

Performance of TRIM EDRMS

4.7 A key concern expressed by 23 (77 per cent) of the interviewed staff was that they regularly experience slow response times from TRIM EDRMS.

4.8 Staff were also asked to comment on the process of checking documents back into the EDRMS after they had finished using them.⁵⁹ A total of 14 staff (47 per cent) stated that the checked-in status of documents was not always clearly shown by the EDRMS. Staff also identified delays ranging from 10 minutes to a full working day to check documents in.

Searching for and locating a specific document in TRIM EDRMS

4.9 To assess whether staff could readily locate files within the system, staff interviewed by the ANAO were asked to search for and locate a document within TRIM EDRMS that had previously been identified by ANAO as having been created within the staff member’s work area. Only 18 per cent of the documents previously identified by the ANAO as being filed within their work section could be located by staff. The ANAO observed that staff often needed to search a variety of potential title words or phrases before information or documents related to the target document were identified. The need to do so was due primarily to inconsistency in the titling of records. Staff generally supported this observation by suggesting that, notwithstanding the Business Classification System, the approach taken to title individual files can vary significantly between work units.

4.10 Two key determinants of how efficiently and effectively staff are able to locate documents are the consistency of titling for stored files and whether records are located in systems other than the TRIM EDRMS. Both issues were highlighted by the interviewed staff, who also noted that the TRIM EDRMS search function beyond section level has been disabled by Health due to system capacity constraints.

Did Health assess the benefits arising from implementation of TRIM EDRMS?

4.11 The identification of expected outcomes and benefits during the planning stages of a project allows for the subsequent evaluation of project performance in order to determine whether benefits have been realised.⁶⁰

4.12 Health drafted an assessment framework for the TRIM EDRMS project in its Project Management Plan and Roadmap. The assessment framework comprised three components: outcome(s)/benefits; benefits realisation; and key performance indicators for progress checkpoints.

4.13 The expected outcomes and benefits as stated in the draft TRIM EDRMS Project Management Plan included:

• improved and ongoing compliance with government recordkeeping obligations;
• improved mitigation of the risks surrounding poor recordkeeping and corporate document management;
• improved reuse and sharing of accurate information and improved version control;
• improved ability to efficiently capture and manage the increasing volume of electronic documents and records including emails; and
• a reduction of paper files, paper usage and associated costs.

4.14 The department assumed that staff would use electronic files wherever possible, and would only create paper files by exception. It calculated anticipated benefits based on: savings in the physical cost of creating paper files; savings in staff time in creating paper files; a reduction in the outsourced provider costs of paper file storage; and efficiencies from staff take-up of TRIM EDRMS.

4.15 With the exception of the number of paper-based files created, Health did not formally monitor the outcomes and benefits that were set out in the TRIM EDRMS Project Management Plan. The TRIM EDRMS Project Closure Report stated that as at August 2013, 68 per cent of staff were using TRIM EDRMS and there was a 63 per cent reduction in the creation of new paper files compared with the same time in the previous financial year (prior to roll-out).

4.16 The department’s failure to monitor the full range of expected outcomes and benefits identified in the TRIM EDRMS Project Management Plan means that it is not able to assess or demonstrate whether the project has realised its specified objectives.

Appendices

Please refer to the attached PDF of the report for the Appendices:

• Appendix 1: Entity response