2.3.3 Records managementAccording to Megill(2005), record management is the professional practice of managing the records of an organization throughout their life cycle from the time they are created to their eventual disposal. It includes identifying, classifying, storing, securing, retrieving, tracking and permanently preserving records. Record management is primarily concerned with the managing the evidence of organizations activities as well as reduction or mitigation of risk associated with it. Just as the records of the organization come in a variety of formats, the storage of records can vary throughout the organization.
File maintenance may be carried out by the owner, designee, a records repository, or clerk. Records may be managed in a centralized location, such as a records center or repository, or the control of records may be decentralized across various departments and locations within the entity. Records may be formally and discretely identified by coding and housed in folders specifically designed for optimum protection and storage capacity, or they may be casually identified and filed with no apparent indexing.
Organizations that manage records casually find it difficult to access and retrieve information when needed. The inefficiency of filing maintenance and storage systems can prove to be costly in terms of wasted space and resources expended searching for records.During the course of an audit, original paper records owned by the area under review are sometimes needed as evidence to support findings. Ideally, copies should be made but on the rare occasion when original evidence is required, a copy of the record or a marker should be placed in the organizations file and the original returned as soon as possible. In order to maintain audit trails the original records may have to remain within the internal audit records system until the audit is completed (e.g. when all actions have been agreed and completed by management). These documents need to be held securely when in the custody of internal audit. Where digital material is concerned, access to content can be given without custody and relevant metadata examined and, if necessary, the record extracted. The integrity of information and records being used by internal audit must be maintained and a clear distinction made between the records used and those created by the audit service (Megill, 2005).Internal audit information will largely consist of documents (e.g. work in progress such as draft working papers or draft reports). It is not always necessary to retain all versions of working papers and reports, but it might be useful to retain at least those versions where significant changes were made in order to be able to demonstrate how final versions were reached and to support the decision making process that resulted in final versions of audit reports, findings and recommendations. The information and records should be organized to ensure that: staff can work effectively and efficiently without having to waste time hunting for information; internal auditors can find what they need quickly and easily or determine who has the data; new staff can learn to use the system quickly; any risks that information can be accidentally amended, deleted or that confidential information can be accidentally disseminated are minimized; internal audit work is conducted in an orderly, efficient and accountable manner; audit findings, conclusions and recommendations are fully documented and supported; continuity is provided in the event of a disaster; legislative and regulatory requirements are met; records are relevant, reliable, authentic, complete and usable; records are retained only for as long as they are needed and disposed of in accordance with the organizations information disposal rules, relevant regulations and legislation; there is an audit trail which enables any record entry to be traced to a named individual at a given date/time with the secure knowledge that all alterations can be traced and deletions identified; new staff can see what has been done, or not done, and why and any decisions made can be justified or recognized at a later date (Megill, 2005).According to PPOA (2008), an organizations ability to function effectively and give account of its actions will be undermined if sound records management principles are not applied. Procurement records play a significant role as evidence of purchases of goods and services. Unorganized or otherwise poorly managed records mean that an organization does not have ready access to authoritative information, to support sound decision making or delivery of programs and services. This factor contributes to difficulties in retrieval and use of procurement records efficiently and therefore inability to carry out the audit process. Sound records management is a critical component for good governance, effective and efficient administration, transparency, accountability and delivery of quality services to the citizens. Good record keeping practices contribute to the following: creation and maintenance of accurate and reliable information; easy accessibility to information; transparency and accountability; procurement units and procuring entities performing their functions efficiently; availability of authentic, reliable and tangible records to fight corruption; and resources being matched to objectives.Records form the foundation of good and accountable administration. Unorganized and poorly managed records lead to inability to access information needed to support policy formulation, implementation and delivery of programs and services. Procurement records provide the controls that document how a procurement action was undertaken, and protects essential audit trails. Disorganized records mean reviewers and auditors take an excessive amount of time to locate needed records. A well-managed procurement records management system will enable the physical and logical control of records and prevent unauthorized access, tampering, loss, misplacement or destruction of documents. Proper records management is essential for ensuring transparency and probity in the procurement and financial management. Records are important for accountability and are a powerful deterrent against procurement and financial malpractices. Weak records management practices mean officials cannot be held accountable for their actions (PPOA, 2008).