Recordkeeping FAQs – Using third party software for business transactions December 18, 2017

Across the NSW public sector, organisations are using a variety of third party software to manage their business.

The recent NSW Auditor-General’s report into agency compliance with Government travel policies has highlighted some of the advantages and disadvantages with using third party software for business transactions.

Since September 2016, an approved private sector company has provided travel services to the NSW Government under a contract negotiated by the Department of Finance, Services and Innovation. The software automatically captures key information fields and approval processes, and the Auditor-General has recommended use of the tool to avoid control weaknesses and allow better documentation of travel decisions. This is a good example of records creation and capture happening seamlessly behind the scenes, without additional steps required to make sure the process is accountable should questions arise.

This is important as records around approval of travel-related expenses are required to be retained for a minimum of 7 years after action completed or expiry of approval, including requests that are refused (see GA28, 15.2.1).

Our advice on accountable outsourcing notes the important role that the contract plays in outsourcing arrangements and advises that the contract should include clauses relating to:

  • the recordkeeping requirements of the business being outsourced
  • ownership (including intellectual property) of records
  • timely records disposal
  • the return of records at the termination/expiration of the contract
  • information and records security ( including systems security and records storage security)
  • privacy management and protection of personal information
  • rights of access and arrangements for access to records (including access under GIPA legislation)
  • monitoring and inspection arrangements for compliance
  • the processes and penalties for failing to comply with records provisions in the contract.

The Auditor-General noted in the report that most agency records management systems did not retain adequate travel documentation, and that travel records retained by the previous approved supplier were difficult to access and retrieve. This means that relatively recent records (created in 2016 and before) have effectively been lost well before they can be legally destroyed.

State Archives and Records NSW has recently revised the checklist for assessing business systems. Agencies can use this checklist to assess the ability of existing and proposed systems to capture and keep records. This includes third party software.

Understanding the capabilities and limitations of systems in relation to recordkeeping will enable organisations to implement effective mitigation strategies to ensure that they are making and keeping the records they need to support their business.

Leave a Reply

You must be logged in to post a comment.