Manual for the Design and Implementation of Recordkeeping Systems (dirks)

Вид материалаДокументы

Содержание


Sample system assessment
Step 1 - Check the recordkeeping requirement/s
Step 2 - Identify the system to which the recordkeeping requirement applies
Step 3 - Translate recordkeeping requirements into questions you can use to interrogate the system
Step 4 - Undertake system assessment
Case studies and tips
Example: Results of Step D analysis
Tip: Duplicate systems and duplicated information
How long does system assessment take?
Example: How long does system assessment take?
Tips for improving your system assessment
Подобный материал:
1   ...   29   30   31   32   33   34   35   36   ...   71
^

Sample system assessment


The following example illustrates how a system assessment or 'gap analysis' may be undertaken with respect to a sample business activity, grant management, using a recordkeeping requirement derived from an Independent Commission Against Corruption (ICAC, NSW, Australia) guideline. 

The assessment is divided into various stages, in accordance with the methodology that has been outlined above. 
^

Step 1 - Check the recordkeeping requirement/s


Requirement

Registration number

1

Source name

Independent Commission Against Corruption (ICAC)

Source type

Guideline

Reference

ICAC, Taken for Granted? Better Management of Government Grants (March 1994), Principle 4

Relates to

Accountability

Description

'Funding recommendations and decisions should be fully documented and supported with explanatory notes. The Minister's role in the decision making process should be publicly disclosed with his/her decisions also documented. Documentation relating to funding decisions should be available for external scrutiny.'

Business activity

Grant management

System functionality requirement

Make record, Ensure accessibility

Accountability

Ministers, chief executives

Jurisdiction

NSW Government

Effective date

March 1994

Risk assessment

Required
^

Step 2 - Identify the system to which the recordkeeping requirement applies


Identify the relevant system or systems, basing your assessment on the business activity the systems perform. In this example, the analysis would be focused on the system or systems that are used to administer grant management. Remember to identify all components of a system - people, policy, procedure, tool and training. 
^

Step 3 - Translate recordkeeping requirements into questions you can use to interrogate the system


The following questions will help test whether requirements for evidence are met by the existing system(s):
  • are records of funding recommendations and decisions made?
  • are these records captured in the system?
  • are these records available for external scrutiny?
  • are such decisions supported with explanatory notes?
  • are the Minister's decisions documented?
^

Step 4 - Undertake system assessment


Such findings may be documented in the following manner:

 

Are requirements satisfied by existing systems?





Requirement

Response

Gap

Recommendations and decisions are made?

Yes

Nil

Records are captured into recordkeeping system?

No

Decisions kept by individual, or CEO

Records are available for external scrutiny?

No

Kept in hard copy form by individual, not in recordkeeping system

 

Such a methodical means of assessment will enable you to identify exactly how your systems are meeting, or in this case not meeting, your recordkeeping requirements. You can use the results of this assessment to identify strategies for rectifying these gaps in Step E: Identification of strategies for recordkeeping
^

Case studies and tips


Example: Common issues you may identify

Indiana University recently undertook a project to assess major business systems operating across the university. Common issues that arose in the University's assessments of its systems included:
  • staff not sure of what records are being retained or how to access older records
  • duplicate files managed within systems
  • inadequate naming conventions
  • no policy or procedures explaining what records should be captured or how they should be captured. As a result there is no routine or systematic capture of records
  • no clear retention strategies - staff tend to keep everything because there are no clear rules, or destroy records without appropriate authorization
  • some systems do not allow older records to be saved, instead they overwrite old data
  • some systems do not capture important metadata
  • some systems do not maintain the relationship between a record and its metadata 
  • some systems do not maintain a logical or physical relationship between records generated by the same or related business processes
  • staff are creating paper versions of electronic records, or creating personal electronic databases because they fear they will not be able to retrieve information from central systems. [8]

 

^ Example: Results of Step D analysis

One organization had a requirement to keep records of its licence agreements for fifty years after the issue of the licence. These records must be securely maintained for the duration of their existence. The organization has a number of offices across the state, each performing the licence management function. 

After undertaking their Step D analysis, it was concluded that:
  • the long term accessibility and evidentiality of the records was not assured. Licence records have to survive for upwards of fifty years and currently no strategies are in place to ensure this long-term objective is achieved. 
  • records are not stored in appropriately secure ways. System controls prevent unauthorized personnel from accessing and changing the records, but they do not prevent authorized staff from accidentally or intentionally modifying or deleting licences. 
  • policies and procedures for system use are widely available at central office. Training in system use and access is often frequently conducted in this office. In the regional offices, however, little policy or procedural documentation exists and that which does exist is frequently different to that used in central office. Regional office staff have also not been trained in system use. [9]

This case study is discussed again in Step E, to illustrate how the strategies outlined in the DIRKS Manual can enable you to remedy these types of system problems. 

 

^ Tip: Duplicate systems and duplicated information

Your assessment may reveal that information is duplicated across your department/section, in formal or informal systems. While removing duplicated information may increase organizational efficiency, it could also be a sign that something is wrong with current systems and practices. By asking staff why they retain their own copies of records or operate their own personal systems, you may discover:
  • poor response times from existing recordkeeping staff or systems hamper work
  • lack of trust in current systems
  • no knowledge of official systems, or
  • inaccessibility of official systems. 

These problems should be included in your analysis and strategies to address them can be identified in Step E.
^

How long does system assessment take?


Unfortunately there is no easy answer to the question of how long it will take to assess a system or systems in your department/section. This issue will depend on the amount of staff you are able to devote to the project, the size of the system or systems you are assessing and the extent of support you have for your investigations. 

 

^ Example: How long does system assessment take?

Indiana University calculated how long it took them to assess one of the largest systems in their organization, the Financial Aid Information System. This system processes data for an eight-campus system with over 90 000 students. It was calculated that it took 7.5 working weeks to identify all the functions, activities and transactions performed within this system, assess how the different records created in the course of these activities are managed, describe the general rules and operations of the system, and provide a series of recommendations as to how the system could be improved. Project staff said that as this system was the first they assessed, subsequent analysis would be faster. Note too that this was a very large and complex system and this explains the length of time required to assess it. [10]
^

Tips for improving your system assessment


The following advice may help you with your system assessment:
  • you will notice similarities between systems. Once you have assessed your first system, this assessment will provide you with relevant pointers or areas to look out for in subsequent analyses.
  • do not over-describe systems. It is hard to strike a balance and when you are uncertain you should document more about a system rather than less, as this will save you repeating your efforts down the track. Based on their experiences, staff at Indiana University decided that in future they would spend less time describing how the technical components of systems manage a transaction and less time actually describing functions, activities and transactions.
  • use risk assessment strategies to pinpoint functions and activities that have the greatest importance to your department/section, or that are subject to the greatest risk. 
  • employ staff with system assessment skills and with a good awareness of your recordkeeping requirements to undertake your system assessment. [11]