All Australian Government agencies are required to create, capture and manage evidence of their business. This requirement is set out in a number of laws, and is reinforced in the Records Management Standard AS ISO 15489. The level to which you comply with these requirements should be informed by a risk assessment of your business. The higher the risk, the more rigorous your compliance needs to be.

Good information management is made up of three parts working together: policies, procedures and guidelines, IT systems and the system's users. Once you have decided your compliance requriements, your agency should use them to design computer systems, to write procedures and guidelines and to train staff.

Records management needs constant attention to ensure it is compliant with appropriate laws and regulations. This means:

• monitoring – observing the quality of records and metadata entered
• auditing – conducting officially-programmed examinations of the systems, focusing on records creation, capture and description
• reporting – presenting official reports to the senior executive of the agency on the efficiency and effectiveness of the system, using information gained from monitoring and auditing activities

Reporting should be used to gain support for applying solutions where monitoring or auditing find a problem in the system.

These three tasks are strongly interrelated. However, it is important that each is undertaken regularly to ensure the quality of the information being kept in the systems, as well as the ability of the system to support your agency’s work.

The reporting function in particular is vital in making sure that your agency’s executive is aware of how good records are the basis of good business and in gaining support when required for greater compliance or systems upgrade.