Compliance programs
Understand your compliance requirements
All Australian Government agencies are required to create, capture and manage evidence of their business. This requirement is set out in a range of legislation and stressed in Australian and international standards. The level to which you comply with these requirements should be informed by a risk assessment of your business. The higher the risk, the more rigorous your compliance needs to be.
Create a compliant information management framework
Good information management is made up of three elements working together – policies, procedures and guidelines, IT systems and the systems users. Once you have decided on your compliance requirements, your agency should refer to them when acquiring computer systems, writing procedures and guidelines and training staff.
Maintaining compliance
Records management needs constant attention to ensure it is compliant with relevant legislation and regulations. This means:
- monitoring – observing the quality of records and metadata entered
- auditing – conducting officially-programmed examinations of the systems, focusing on records creation, capture and description
- reporting – presenting official reports to the senior executive of the agency on the efficiency and effectiveness of the system, using information gained from monitoring and auditing activities. Reports can be used to gain support for solutions to identified problems.
These three tasks are strongly interrelated. It is important that each is undertaken regularly to maintain both the quality of information being kept and the ability of systems to support your agency’s work.
The reporting function in particular will help to ensure that your agency’s senior management are aware of the role of records as the basis of good business and to gain their support when required for greater compliance or systems upgrade.
