The Digital Continuity 2020 policy was in 2015 established as a means for pushing Australian government entities toward transitioning into entirely digital work processes and managing information as an asset, among other things.
It was intended that the policy would assist in the delivery of broader objectives for e-government and the digital economy, as well as provide support in implementing effective digital information management throughout the Australian government.
The policy was issued under the Archives Act 1983 and applies to all government information, data, and records, in addition to systems, services, and processes, with the National Archives of Australia being charged with its administration.
However, the Australian National Audit Office (ANAO) said the Archives has been largely ineffective in delivering its mandate.
"The Australian government is unlikely to achieve the objectives of the Digital Continuity policy by the end of 2020, and the National Archives of Australia has been largely ineffective in monitoring, assisting, and encouraging entities to meet the targets of the policy," ANAO wrote.
See also: National Archives of Australia concerned with capability to become cyber resilient
In its report [PDF], ANAO said the Archives' arrangements to administer the policy have been limited in effectiveness and that appropriate governance arrangements to provide strategic direction and oversight of the policy were not maintained.
The products, advice, and guidance material issued by the Archives to support entities in implementing the policy were largely fit for purpose, ANAO said, but they lacked a stakeholder engagement and communication strategy.
Under the policy, government entities are meant to transition to entirely digital work processes, with information to be created and managed in a digital format. It also requires interoperable information, systems, and processes that meet standards for short and long-term management, improve information quality, and enable information to be accessible, transferrable, and re-usable.
ANAO said risks to the implementation of the policy have not been effectively identified, managed, or reported.
"The priorities, objectives, and targets utilised by the Archives to measure its performance in overseeing the implementation of the policy have not been designed to appropriately align with the policy's objectives," the report said.
"Monitoring and reporting processes have been integrated into an annual whole-of-government survey, however the performance information is not clearly aligned with the policy itself, is not subject to sufficient quality assurance processes, and does not include clear and consistent benchmarks to measure success."
See also: The top challenges organizations face at digital transformation (TechRepublic)
The report makes seven recommendations, with the first asking the Archives to establish effective internal arrangements to administer and oversee the implementation of the policy, and any successor policies, which would include appropriate governance structures and a strategy to guide its administration.
ANAO also recommends an effective stakeholder engagement and communication strategy, and a strategy that includes monitoring and benchmarking capability, with progress continually reported back to the Archives.
It also asks for a risk management plan.
The Attorney-General's Department (AGD), Civil Aviation Safety Authority (CASA), and the Office of the Inspector-General of Intelligence and Security (IGIS) were selected by the ANAO to assess the extent to which the policy had been implemented.
The audit found all three government entities had only partially implemented the targets of the policy that were due by 31 December 2018.
AGD, meanwhile, has fully implemented or made substantial progress against all of the 17 targets, and CASA has partially implemented all targets except for one; and the IGIS has not implemented a number of targets, particularly those associated with principle two of the policy, ANAO said.
AGD and CASA have established specific arrangements to internally monitor and report on progress against the targets of the policy, while IGIS does not have such arrangements, the report said.
"Although IGIS may be unable to digitise a selection of analogue records due to originator entity restrictions, it has not implemented any of the general targets associated with the management of information digitally," ANAO wrote.
IGIS was asked by ANAO to establish a plan for the implementation of the policy, with a particular focus on the targets which were to be completed by the end of 2018.