While mostly earning strong pass marks from the national auditor, particularly for its Covid-19 response, the Australian National University’s (ANU’s) six-year-old primary records management system has not fared as well, with the ANAO calling out the Uni’s fragmented approach to recording data.

Known as ERMS (Electronic Records Management System), the data repository platform was implemented back in 2015 to meet the the ANU’s legislative and regulatory requirements for electronic records keeping.

“ERMS enables easy and efficient search and retrieval of records and provides sophisticated electronic records management capabilities to ensure that ANU records can be captured, found, accessed, secured, tracked, shared, and managed over time,” the ANU notes on its website.

The ERMS is rated as a ‘tier one’ system – that is, critical to the core business of the ANU and to meeting its statutory obligations. Despite this, use of the platform, while encouraged, is currently not mandatory for staff.

Following its recent audit, the Australian National Audit Office (ANAO) has called on the ANU to take necessary steps to ensure its information and records management practices meet the information management standards issued by the National Archives of Australia, mandating the use of its ERMS, and updating its supporting policies and procedures.

Officers at the ANU reported to the auditor that they were not comfortable using the ERMS and did not consider it “user friendly”. As a result, the system was found to be under-utilised by ANU staff.

Resistance to its use has resulted in a fragmented approach to records management, the auditor revealed, combining a hotchpotch of group folders, network drives, and Microsoft’s SharePoint service “to generate, store and distribute information”.

As a result, information “is either not [being] transferred into the ERMS, or not transferred in a timely manner”, the auditor wrote.

The National Archives of Australia regards the use of group folders, network drives, and SharePoint sites as inappropriate for records management.

The auditor recognised a number of risks in this fragmented records management system, including risks that: records are accessible, alterable, and able to be deleted be anyone; authenticity, integrity and trustworthiness cannot be demonstrated; identification of the record’s status or version is difficult; information is uncontrolled, taking up large volumes of network space; and, metadata is often missing or inaccurate.

The ANU has agreed to all of the ANAO’s recommendations to remedy its current approach to records management.

In October 2021, the ANU advised the ANAO that it had introduced a ‘workaround’ solution to integrate SharePoint with its ERMS.

The solution, once installed, automates the transfer of information from SharePoint to the ERMS.

However, the auditor has warned that the University’s continued use of network drives is not consistent with best practice standards. Moreover, the ANAO added, “it undermines the quality and completeness of information, and creates a risk that the information provided to its Council, Council Committees, the Academic Board and its sub-committees is not based on reliable records”.

The University’s record-keeping policy and practice is based on its legislative responsibilities as a Commonwealth agency and on AS ISO 15489, Australian Standard on Records Management.

The ANU otherwise fared well in the audit, with the ANAO finding its governance and control framework “largely effective, fit-for-purpose, supported by systems of control and accountability that are partially effective”.

It noted that the ANU also established fit-for-purpose financial and risk management arrangements to respond to the Covid-19 pandemic.

The ANU, one of the country’s leading research institutions, is a corporate Commonwealth entity under the Public Governance, Performance and Accountability Act 2013 (PGPA Act).

The university has 17,695 equivalent full-time student load as at October 2021, with $4.7 billion in controlled assets reported for the year ended 31 December 2020.

The audit was triggered as part of a follow up to series of audits in April and May 2019 that reviewed whether the boards of four corporate Commonwealth entities had established effective arrangements to comply with selected legislative and policy requirements and had adopted practices to support effective governance.

The audit, the ANAO said, provides independent assurance to Australia’s Parliament on the effectiveness of the governance arrangements of the ANU and its systems of control and accountability, including the arrangements established to respond to the Covid-19 pandemic.