Blog - The Importance of Good Record Keeping: An Audit Perspective

By Kieran Donnelly (Comptroller and Auditor General)

I recently had the pleasure of visiting the Public Records Office Northern Ireland in the Titanic Quarter of Belfast, and was hugely impressed at the depth and range of material carefully preserved and stored within its archives for posterity. In recent times, it seems that people are moving towards a more de-cluttered way of life, and yet I noticed the many visitors to PRONI searching through old books, certificates and registers to discover new information about personal and shared histories.

My reason for visiting PRONI was to deliver a presentation to an audience of civil servants on the importance of official record keeping. While keeping records can be a source of pleasure and interest, when it comes to government, it is a matter of necessity. Indeed, I would argue that good records management is at the very foundation of government accountability.

Kieran Donnelly Presentation - Civil Servants Week 2019
Kieran Donnelly speaking during Civil Servants Week 2019

Every day, government is making decisions about how to spend public money and it is the responsibility of public auditors to ensure that this money is being spent properly. Effective record keeping is at the heart of this. Where it is absent, trust is undermined. The public service can and does get this right on most occasions. I think the difficulty lies where there are very big amounts of public money involved. Even if a hundred small decisions are well documented - if there are five or six involving large amounts of money that are not well documented, that really has a major impact on the perception of the public in regard to good governance.

It’s difficult to discuss the issue of good record keeping without mentioning the Renewable Heating Initiative Inquiry. One of the leading journalists covering the Inquiry, Sam McBride, identified a top 10 most eye-watering revelations, with number 10 on the list being “a culture of secrecy at the top of Stormont led to civil servants consciously not taking minutes of many meetings”. That is something which has captured many people’s attention – how could it be that these very important meetings at the top of government weren’t documented?

But the weaknesses in record-keeping highlighted in the RHI evidence sessions extend, beyond minutes, to the lack of clear records on who took key decisions, how these decisions were made, and what was actually agreed. RHI was an initiative spending huge amounts of public money. At the outset, there were different ways of delivering that renewable heat scheme, and yet there was a paucity of documentation in how the different options were weighed up. The Inquiry has been reliant on cross-examination of witnesses, text records and other unofficial records to help piece together the story of what happened. That is disappointing from an auditing perspective, as you should not need to rely on these methods -the full story should be found in the documentary record.

What has worried me the most with the RHI Inquiry evidence is the reliability of the official record. Dr Keith MacClean, one of the RHI Inquiry panellists, said “it’s hard to take any document at face value”. Barrister for the Inquiry Joseph Aiken has referred to “inaccurate language presented to the gatekeepers of public money”, with effectively one department writing formally to another department that the non-domestic scheme was good value for money when it was anything but. The reliability of the public record is so, so important and it goes right back to the core of civil service values and the importance of every public servant maintaining an accurate and reliable record.

NIAO Social Investment Fund Report Cover
The NIAO's 2018 Social Investment Fund Report

Another recent example is the Social Investment Fund, which was the focus of a 2018 NI Audit Office report. One of the things I was very concerned about was that, as the report states, documentation does not exist to show clearly how project ranking was carried out in each steering group. The report goes on to note inconsistencies in the quality of records, in particular steering group minutes, some of which lacked detail around how funding allocations and prioritisations were agreed. There was one particular case in Fermanagh, where a project was initially ranked at number 27, and it eventually emerged as project number 7 - it was the last project to make the cut for receipt of public money (£800k was awarded). There was no audit trail to show how it got from number 27 to number 7, something which should have been fundamental in public sector record keeping. That’s a major concern, and similar to some of the concerns highlighted in RHI, which is quite worrying.

Adding another dimension to the issues around effective record keeping is where third parties, such as private sector consultants, are involved in public administration. Examples which come to mind include the Northern Ireland Events Company and its appointment of a Chief Executive who, it subsequently turned out, didn’t have the qualifications set out in the job spec and didn’t meet the essential criteria, and yet passed the four stages of the recruitment process. As the early stages of the appointment process were contracted out to a private HR firm which did not maintain the detailed records, the parent department did not seem to be aware that the individual, who would act as Accounting Officer for that body, didn’t meet the essential criteria.

Other examples include the former Department of Culture, Arts and Leisure management of capital projects, specifically the contract for the Lyric Theatre – a fantastic building. However, there were unexplained adjustments in the tendering process. Through these adjustments the highest priced tender was actually successful, but there was no adequate audit trail of the rationale underpinning these adjustments. Again, a third party (private sector consultants) produced the tender documentation report but destroyed this very promptly after bids were evaluated. The NI Assembly’s Public Accounts Committee was scathing about this. They said “taking all of the points in the round the Committee is left with a very strong impression that the outcome of the tender process was both rigged and manipulated”. What they were saying was that, while there was no hard evidence that there was wrongdoing, there was absolutely zero assurance that it was done properly – it may have been done properly but there is no documentary evidence to provide that assurance.

These examples illustrate that, where third parties are involved in public administration, it is essential that the public body retains the control over the documentation.

However, I think my biggest worry in relation to record keeping is the siloed approach. Government needs to be completely interconnected to work well, and if every organisation builds a deeper silo in terms of protecting its own records, that is a recipe for disaster.

I am also concerned about unintended consequences of Data Protection and Freedom of Information legislation. You may recall David Sterling’s comments to the RHI Inquiry about the potential behavioural consequences of FOI, where people were less inclined to take minutes. I am equally concerned about data protection legislation – often, organisations are so concerned about data protection that they retain information in a very siloed way. I suppose the best example to do with RHI is the sharing of information, or lack of sharing, between the Office of Gas and Electricity Markets (Ofgem) and the Department for the Economy. Ofgem had a huge body of intelligence about the potential for wrongdoing and gaming on the RHI scheme but at the early stages they kept a lot of this to themselves because they were concerned about data protection. I think that is a misconstruction of data protection legislation – had the information been shared with the Department for the Economy earlier then some of the problems would probably have been picked up sooner.

In my discussions with people working across the public sector, I’m very keen to emphasise that where there is potential fraud or criminality, it is so important for public bodies to share information with one another, and that should normally trump data protection rules. It is not that there is anything wrong with data protection legislation, it’s that sometimes it is misconstrued by public bodies. In recent years, public servants have been very focused on GDPR and FOI, and sometimes I worry that other aspects of record keeping are being neglected. 

So, what do we need to do to restore confidence? I do think we need to revisit and refresh codes and standards. One of the interesting things that emerged from the RHI Inquiry was that the Civil Service in GB has an explicit requirement on public officials to keep accurate records, and for some reason that particular sentence was omitted from the code in Northern Ireland. I think we can expect, post-RHI, that existing codes will be strengthened. Good record keeping is the responsibility of every public servant, so should be an important part of all their training. There is also a need for more compliance work to ensure proper record keeping is observed as we move forward.

But one important caveat to all of this is that excessive documentation, and unnecessary record keeping, can be just as bad. I know that many public servants are concerned about whether, post-RHI, the pendulum will swing too far in the opposite direction. Over the years I have seen cases where the level of documentation is excessive; so it’s important that we exercise some common sense. For example, we don’t necessarily need long sets of minutes (Hansard-style), we need minutes that record decisions and action points, but these can be succinct. It’s about maintaining  sensible, accurate, open and proportionate records.