Blog
30 Jan 2026

IM BLOG: The Audit Wake-Up Call: Why Records Management Keeps Failing (And what it means for you)

Every single ANAO performance audit in 2023–24 flagged records management issues, making this essential reading for records managers who want to understand the risks, the root causes and exactly where to focus next.

Blog The Audit Wake-Up Call Why Records Management Keeps Failing (And What It Means For You) (1).png

Here's a statistic that should make every records manager sit up straight: in 2023-24 all 45 performance audit reports tabled by the Australian National Audit Office (ANAO) included findings or negative commentary on recordkeeping and records management. That's not 'most' or 'many' - that's every single one.

If you're working in records and information management in the Australian Public Service, the ANAO's insights aren't just another report to file away. They're a mirror reflecting the persistent, systemic challenges that continue to undermine government accountability, transparency and operational effectiveness. Importantly, they're a roadmap showing where we need to focus our efforts and resources.

The Scale of the Problem

Over the past five years, records management issues have appeared in many ANAO performance audits, with mentions spanning overall conclusions, recommendations, audit findings and opportunities for improvement. This isn't a new problem - it's a chronic condition that refuses to heal.

When the ANAO mapped 41 records management recommendations against the National Archives' Information Management Standard principles, a clear pattern emerged. The majority clustered around two critical areas:

  • Principle 1: Governance of information – establishing clear responsibilities, policies and frameworks
  • Principle 2: Creating necessary information that is fit-for-purpose – ensuring records are complete, accurate and appropriately captured

Procurement audits were particularly exposed, with 88% (seven out of eight) procurement audits in 2023-24 included records management recommendations, reflecting how quickly probity and value-for-money are undermined when documentation is missing, incomplete or hard to retrieve.

What's Actually Going Wrong?

The ANAO's audit lessons reveal several recurring failure points that records managers will recognise all too well:

The Email Black Hole - one recurring issue is key records sitting outside official systems. In Tourism Australia’s procurement work, the ANAO found that key email records were stored outside the official records management system and documentation for one procurement could not be retrieved because it was held in emails managed by an employee who had left the agency.

The Network Drive Risk – in AITSL’s case, the ANAO found the organisation was using a network drive for records management, which did not meet National Archives standards and created risk under the Archives Act 1983. Issues included inconsistent documentation of stakeholder communications and changes to project plans.

The Governance Gap in Transitions - during the transition from the Cashless Debit Card program, the ANAO noted that coordination would have been strengthened by maintaining complete and accurate records, including evidence of required risk register reviews and meeting records to support senior oversight.

The Volume Challenge - scale compounds everything. In its earlier audit of Health’s records management, the ANAO reported that in a four-week period in 2015, the department sent 1,323,236 emails and received 2,843,146, illustrating the operational burden of identifying and capturing what constitutes the official record.

The Performance Statement Connection

There's a fascinating insight buried in the ANAO's work that records managers won’t find surprising: the quality of reporting and records generally reflects the quality of underlying data and systems.

When the ANAO assessed entity maturity in 'reporting and records' across 14 audited entities, the average rating was just 2.8 out of 5. However, the standout performers - the Attorney-General's Department, the Department of Industry, Science and Resources, and Treasury - all demonstrated strong records management processes enabling  reliable performance monitoring and reporting.

Treasury, assessed as 'advanced' in performance reporting maturity, achieved this through well-established records management processes supported by strong governance oversight, clear roles and responsibilities and senior staff accountability. This isn't coincidental, we have known for years that good records management is the foundation of good performance management.

What This Means for Records Managers

Your Work Directly Impacts Audit Outcomes - whether you're supporting procurement, program delivery or policy development, inadequate records management will likely be identified in performance audits. This creates reputational risk for your organisation and undermines public trust.

Governance Gaps Are Everywhere -  many organisations still lack basic information management frameworks, strategies and performance measures. If your organisation doesn't have these fundamentals in place, you're operating in a high-risk environment.

The Digital Transition Remains Incomplete - despite policies dating back to 2011 promoting digital records management, many entities still struggle with hybrid environments, paper stockpiles and inadequate eDRMS implementation and adoption.

Email and Collaboration Tools Are Your Biggest Risk - the shift to Microsoft 365 and other cloud platforms has created new challenges. Unless your organisation has implemented proper information governance for these tools, you're likely accumulating significant compliance debt.

Business System Integration Is Critical - records aren't just created in your eDRMS, they're generated across multiple business systems. If you haven't mapped where official records are created and ensured appropriate capture, you have blind spots in your information landscape.

Moving Forward: Priority Actions

Based on the ANAO's findings, records managers should focus on:

  • Securing executive support and visible leadership for records management- this is consistently identified as essential for improvement
  • Developing comprehensive information management frameworks and strategies with measurable outcomes rather than just compliance checklists
  • Addressing email and collaboration tool governance before it becomes your next audit finding
  • Building records management requirements into business process design rather than treating them as an afterthought
  • Establishing clear accountability for recordkeeping at all levels, including in performance agreements
  • Investing in change management and training to shift organisational culture around information management

The ANAO's message is clear: records management failures aren't technical problems - they're governance problems with real consequences for public administration and accountability. For records managers, these insights provide both validation of the importance of our work and a clear mandate for the changes we need to champion.

The question isn't whether your organisation will be audited on records management. It's whether you'll be ready when it happens.

Sources

This blog post draws on findings from the Australian National Audit Office's records management insights and audit reports, including:

  • ANAO Insights – Audit Lessons: Records Management (June 2025)
  • ANAO performance audit reports from 2023-24
  • Specific audit findings relating to Tourism Australia, Department of Social Services, Australian Institute for Teaching and School Leadership, Department of Health, Attorney-General's Department, Department of Industry, Science and Resources, and Treasury

For the complete analysis and detailed recommendations, visit the ANAO website at www.anao.gov.au

 

Meet your blog author:

Peta.png

 

Peta Sweeney CXRIM FRIM (Life), Information and Content Specialist, RIMPA Global

 

Return to listing