THE FINANCIAL CAPABILITY MODEL AND THE RECORDS MANAGEMENT FUNCTION: AN ASSESSMENT

Transcription

1 THE FINANCIAL CAPABILITY MODEL AND THE RECORDS MANAGEMENT FUNCTION: AN ASSESSMENT A RESEARCH PAPER IN SUPPORT OF THE PUBLIC POLICY FORUM DISCUSSION PAPER ON INFORMATION MANAGEMENT TO SUPPORT EVIDENCE-BASED GOVERNANCE IN THE ELECTRONIC AGE February 2002 by John McDonald

2 About the Author John McDonald is an independent consultant based in Ottawa. This research paper was prepared in the context of a project sponsored by the Public Policy Forum as part of its work on public sector management reform and on governance. The project team was led by David Brown, Director, Special Projects, at the Public Policy Forum and also included Andrew Lipchak. The team was assisted by Geneviève Lépine, Research Associate at the Public Policy Forum. The Public Policy Forum (PPF) is a non-profit organization aimed at improving the quality of government in Canada through better dialogue between government, the private and third sectors. The Forum s members, drawn from businesses, federal and provincial governments, the voluntary sector and the labour movement, share a common belief that an efficient and effective public service is a key element in ensuring our quality of life and global competitive position. Established in 1987, the Public Policy Forum has gained a reputation as a trusted, neutral facilitator, capable of bringing together a wide range of stakeholders in productive dialogue. Its research program provides a neutral base to inform collective decision-making. ISBN

3 Table of Contents Preface... 1 Executive Summary Introduction Background The Financial Capability Model (FCM)...7 THE MODEL... 8 THE DEVELOPMENT OF THE MODEL THE APPLICATION OF THE MODEL The Records Management Function Assessment of the Financial Capability Model...20 THE MODEL THE MATURITY LEVELS THE KEY PROCESS AREAS (KPA S) ESTABLISHING A FRAMEWORK FOR RECORDS MANAGEMENT KPAS Towards a Maturity Model for Records Management Conclusions...38 Appendix A - Financial Management Capability Model: Outline...40 Appendix B - Financial Management Capability Model: Example of a Level and Key Process Area (KPA)...43 Appendix C - E-Capacity Checklist and the Software Capability Model: Methodology and Lessons Learned...47 Appendix D - Endnotes...50

4 Preface The electronic environment is dominating the agenda of modern governments including those in the developing world where the application of information and communications technologies (ICT s) are seen as a major catalyst to economic and social advancement. The potential is rising for greater citizen participation in governmental processes through the innovative use of ICT s and the adoption of e-government strategies. The growing intimacy between the citizen and the government is accelerating the need for effective strategies, tools and techniques to help citizens and governments transact business in trustworthy environments based on records that are authentic, reliable, accessible, understandable, and usable. Based on discussions with the International Records Management Trust and subsequent funding from the National Archives of Canada, Public Works and Government Services, and the Treasury Board Secretariat, the Public Policy Forum is undertaking a study of the relationship between governance and recordkeeping. The findings of this study are described in the discussion paper, Information Management to Support Evidence-Based Governance in the Electronic Age. This report describes the results of an investigation into the feasibility of using a maturity model developed for the financial management community as the basis for a similar model for use as a roadmap by the records management community. It is also designed to contribute to the further development of strategies and tools that will permit public sector organizations to manage information as an asset similar to any other valued asset. The Public Policy Forum (PPF) is grateful for the support provided by the National Archives of Canada, Public Works and Government Services, and the Treasury Board Secretariat. The Forum is also grateful to Andrew Lipchak and John McDonald who wrote the two reports while under contract with the PPF. 1

5 Executive Summary This research paper was prepared in support of a study on the relationship between information management and good governance. The purpose of the study, entitled Information Management to Support Evidence-based Governance in the Electronic Age, is to identify key issues which governments in both developed and developing countries should consider in assessing and improving their recordkeeping (or records management) programs. Although governments are increasingly recognizing the relationship between governance and recordkeeping, they are struggling to ensure that the related infrastructure of policies, standards and practices, systems and technologies, and people is complete, effective, and relevant, especially in an electronic environment. The struggle is exacerbated by the absence of tools to help them assess the adequacy of their existing recordkeeping infrastructures and to provide them with a road map to help guide them in enhancing their infrastructures. Such a road map would help them understand the direction they should be taking to move systematically toward higher levels of records management maturity. At the same time, it would respect their need to take steps that fit their resources, capabilities and conditions. Other resource management functions such as human resources, information technology, and finance have developed such maturity models to serve this purpose. One such model is the Financial Capability Model (FCM), developed by the Office of the Auditor General of Canada. Based on a preliminary review of the attributes of the model, the conclusion was reached that it might offer a framework within which a recordkeeping maturity model might be developed. At the very least it would help to inform the nature and structure of an effective recordkeeping maturity model, whether or not fully based on the FCM. Significant components of the FCM could be adapted for use in the development of a similar model for recordkeeping. The model is based on five levels of maturity supported by Key Performance Areas (KPAs) that guide how an organization can move from one level of maturity to another. Institutionalization Common Features provide indicators of what the organization must be capable of supporting as an infrastructure if the goals of the KPAs are to be met and if the level of maturity is to be sustained through time. Based on the approach taken by the FCM, a proposed set of cumulative maturity levels is presented for the records management function, as follows: Level 1: An infrastructure for managing records is not in place. Records are created, used and retained based on protocols established by individuals or work groups. Level 2: An infrastructure is in place for controlling the retention, protection, and disposition of records. The relationship between records management and business needs is weak. Level 3: An infrastructure is in place to ensure that records are created to document business activities, that records are accessed and retrieved effectively and that they are retained and disposed of according to corporately approved standards and in 2

6 compliance with laws and policies. The relationship between records management and business needs is strong. Level 4: An infrastructure is in place to ensure that the right information in authentic and reliable records is provided to the right person at the right time in the right format at a reasonable cost. Level 5: An infrastructure is in place to exploit information in records to meet the needs of a knowledge-based organization functioning in a continuous learning environment. A methodology for developing the KPAs required to link together the maturity levels is proposed and examples are provided. Although much can be learned from the experience gained through the assessment of the FCM, there are a number of implications. These range from the issue of deciding whether or not an organization must achieve all of the requirements for a given maturity level before it can claim that it has reached that level, to the challenges of relating the maturity levels for records management to the yet-undefined maturity levels for governance. Regardless, the FCM provides an excellent basis for the development of a much-needed maturity model for recordkeeping. Aside from helping governments advance their records management programs in a consistent and systematic manner, such a model would also support the consistent and systematic implementation of the new International Records Management Standard. The outcome would be a global approach to the establishment of records management programs using the same road map in terms of their future evolution. At a time when countries around the world are promoting common values and objectives for governance, the need for records management programs (which underpin good governance) to reflect common objectives and attributes has never been greater. An international records management standard coupled with an internationally endorsed records management maturity model would go a long way to satisfying this requirement. 3

7 1. Introduction 1.1 Records, when well managed, are both instruments of accountability and authoritative sources of information that can be used to support decision-making and the delivery of government programs and services. The effective creation, use, and preservation of records are integral components of a government s ability to reflect the values and ethics associated with good governance. 1.2 Although governments are increasingly recognizing the significance of this relationship, they are struggling to ensure that the infrastructure of policies, standards and practices, systems and technologies, and people is complete, effective, and relevant, especially in an electronic environment. The struggle is exacerbated by the absence of tools to help them assess the adequacy of their existing recordkeeping infrastructures and to provide them with a road map to help guide them in enhancing their infrastructures if and as required. 1.3 What is the nature of that road map from a recordkeeping perspective? Are tools available or can they be developed / modified to help analyse where a given records management program is located in terms of its level of maturity, capability, and relevance? Can these same tools offer a process for defining what steps need to be taken to proceed from one level of maturity and capability to the next? Given that records are valuable resources that need to be managed, can lessons be learned from other resource management functions to help answer these questions? 1.4 This report explores these questions and offers a perspective on the extent to which one such capability model developed for the financial management function might be applicable to the assessment of the records management function in a public sector setting. 1.5 The report begins with a brief review of the capability and maturity models that have emerged to support functions such as information management (e.g. Information Management Capacity Check under development by the National Archives of Canada) and information technology (e.g. the Capability Maturity Model for Software produced by Carnegie Mellon University) and the rationale behind the selection of the Financial Capability Model developed within the Financial Management function as a focus of attention for this study. It continues by exploring the attributes of the records management function (within the context of information management) and the extent to which it can be defined in terms of levels of maturity. A commentary is provided on the relationship between levels of maturity for records management and levels of maturity for governance. The report continues with an assessment of the applicability of the Financial Capability Model (developed by the Office of the Auditor General of Canada) as the basis for the development of a similar maturity model for the records management function. The implications of the assessment for the development of maturity models for the records management function are also described. 1.6 Terms and expressions such as capacity, capability and maturity are often used interchangeably to explain what many would perceive to be the same concept. This report 4

8 will use the expression maturity model. While capacity focuses on the conditions necessary to achieve a set of objectives within the context of a given stage along a continuum, the term maturity tends to address the entire continuum and although the focus is on the conditions at each stage along the continuum, the emphasis is as much on the relationships among stages and the processes by which one can move from one stage to the next as they are about the individual stages themselves. The key is that no one stage is right or wrong. It is simply a state of being, much like the stages of maturity experienced by human beings. 1.7 The term records management function refers to the infrastructure of policies, standards and practices, systems, and people that are brought together within a management framework (i.e. planning, organizing, and controlling) to enable recordkeeping to be undertaken in support of decision-making, program/service delivery, and the ability to meet accountability requirements prescribed by laws and policies. 1.8 The term model is favoured over tool because the objective of this exercise is as much to establish a reference model from which tools can be produced as it is to develop the tools themselves. In fact, given the nearly complete absence of diagnostic tools for the records management function, the establishment of a reference model upon which the tools could be developed is seen as an important pre-requisite. 2. Background 2.1 Records management can play a significant role in the achievement of the goals of good governance (e.g. transparency, accountability, public trust, protection of rights and entitlements, citizen engagement, service, etc.). Although governments are beginning to recognize this role, they are struggling to determine how their existing records management functions should be positioned and enhanced to ensure that they are effective and relevant. In doing so, they are raising questions concerning how the adequacy of their existing programs can be assessed and how strategies leading to improvements (as required) can be established. In short, they are seeking a road map to help them determine where they are, where they need to be and through what stages they need to through in order to get there. 2.2 The tools and techniques that would appear to come closest to satisfying this requirement are associated with the audit and evaluation function. However, these are often in the form of checklists that provide an in-time measurement of whether or not a program is meeting a certain set of requirements. For instance, the Treasury Board of Canada s Guide to the Review of the Management of Government Information Holdings 1 provides a highly useful checklist of conditions that need to be met if a given government institution is to demonstrate that it is in compliance with the requirements of the Management of Government Information Holdings 2 policy (soon to be replaced with the new Management of Government Information policy). While presented as a self-assessment tool for use by program managers, the Guide presents conditions of compliance that either are or are not being met. 2.3 Similarly, the IM-Ready Survey 3, also produced by the Treasury Board Secretariat, measured the state of information management across the Canadian government at one 5

9 point in time but did not position the scales that it used (e.g. 1 to 5) as levels of maturity. Rather, they were seen as levels of inadequacy documenting the fact that they have not achieved a certain standard. 2.4 Tools such as the Guide and the Survey are based on right-wrong paradigms that focus on narrow judgements about adequacy rather than maturity. Rarely do they leave room for those being audited to diagnose their current state, establish goals that are incremental and progressive, and establish a map to guide them from where they are to where they need to be with respect to the next higher levels of maturity and capability The FCM derives it s experience from the Capability Maturity Model for Software (CMMS) 4 developed in 1996 by the Software Engineering Institute at Carnegie Mellon University to help software organizations improve the maturity of their software processes. The model described various stages of maturity ranging along an evolutionary path from ad hoc, chaotic processes to mature, disciplined software processes. The CMMS is organized into five maturity levels: 1) Initial. The software process is characterized as ad hoc, and occasionally even chaotic. Few processes are defined, and success depends on individual effort and heroics. 2) Repeatable. Basic project management processes are established to track cost, schedule, and functionality. The necessary process discipline is in place to repeat earlier successes on projects with similar applications. 3) Defined. The software process for both management and engineering activities is documented, standardized, and integrated into a standard software process for the organization. All projects use an approved, tailored version of the organization's standard software process for developing and maintaining software. 4) Managed. Detailed measures of the software process and product quality are collected. Both the software process and products are quantitatively understood and controlled. 5) Optimizing. Continuous process improvement is enabled by quantitative feedback from the process and from piloting innovative ideas and technologies. 2.7 According to the model, predictability, effectiveness, and control of an organization's software processes are expected to improve as the organization moves through each of these five levels. 2.8 Except for Level 1 (i.e. the only unacceptable level of the five levels), each maturity level is decomposed into several key process areas that indicate the areas an organization should focus on to improve its software processes and to transition to the next level of maturity. 2.9 The CMMS inspired a number of related initiatives that have resulted in the development of capability measurement tools for other resource management functions 5. In 6

10 the Government of Canada, the CMMS was one of the components of the Enhanced Management Framework 6 and the ICMM served to inform the development of the Government s E-Capacity checklist 7, which is being used by government institutions to assess their level of capacity and e- readiness for carrying out the objectives of the Government On-line initiative. The CMM was also used as the foundation for the development of the Financial Capability Model (FCM) 8 developed by the Office of the Auditor General. 3. The Financial Capability Model (FCM) 3.1 The FCM was developed by the Office of the Auditor General as a self-assessment tool for use in assessing the level of financial management in government institutions and to provide institutions with a road map for improvement. In effect, it provides a framework that describes the key elements of effective financial management. It sets out a path that an organization can follow to develop progressively more sophisticated financial management practices, as needed. It shows the steps in progressing from a level of financial management typical of a start-up organization to the strong, effective, financial management capabilities associated with a more mature and complex organization. 3.2 Figure 3.1 illustrates the scope and depth of the financial management function upon which the FCM is mapped. 7

11 Figure 3.1 Elements of Financial Management 3.3 In addition to its use in auditing, the Financial Management Capability Model also provides a tool that a government organization can use to: Determine its financial management requirements according to the nature, complexity and associated risks of its operations; Assess its existing financial management capabilities against the requirements it has determined; and Identify any gaps between those requirements and its existing financial management capabilities. Having identified these gaps, an organization can then address any significant ones and work toward developing the appropriate level of financial management capability. The Model The model illustrates the stages through which an organization can evolve as it defines, implements, measures, controls, and improves its financial management processes. These steps have been organized into five progressive "capability levels" (see figure 3.2). 8

12 Figure 3.2 Financial Capability Model: Maturity Levels Each level represents a well-defined stage toward developing a mature financial management regime. Level 1 (Start-up): Describes the financial management characteristics of an organization that has not yet established its key policies and practices or its control framework. Level 2 (Control): The focus is on ensuring that adequate resources are available, assets are safeguarded, data are reliable, and operations are monitored and controlled and conducted with prudence and probity. It describes current expectations for financial management based on established Treasury Board guidelines, Receiver- General directives and the Financial Administration Act. Level 3 (Information): The focus is on integrating the organization's financial and non-financial systems, practices and procedures to provide information that can be used to manage resources with prudence and probity and in an efficient and economical manner. Level 4 (Managed): The organization uses the information developed at Level 3 to balance two competing objectives: using its resources economically and efficiently, and producing cost-effective results - for example, goods or services of acceptable 9

13 quality. The organization understands the financial implications of the choices and trade-offs it makes between these objectives. Level 5 (Optimizing): The organization uses information from inside and outside the organization to set and achieve strategic targets or objectives for improvement. Achieving these targets enables the organization to increase the value of its services or products to clients or consumers Each level is described according to the following attributes: An overview of the capabilities at the level; An overview of the key process areas (KPAs) at each level - their purpose, goals, and outcomes; A graphic representation of how each KPA interacts with the others at that level; and An indication, in general terms, of the risks associated with remaining at that level and what an organization must do to achieve the capabilities at the next level KPAs are the main building blocks that determine the financial management capability of an organization (see figure 3.3). They identify what must be in place at that capability level before the organization can advance to the next capability level. Figure 3.3 Key Process Areas An example of a maturity stage and a KPA are described in Appendix A. According to the model, only when an organization has instituted all of the KPAs associated with a given level of financial management capability may it be considered to have achieved that level. 10

14 3.4.6 In order to achieve the goals in one or more key process areas, an organization must carry out certain activities: Identifying requirements - such as the need for a certain control system - and developing plans and procedures to meet them; Carrying out those plans and procedures; Tracking and monitoring the work being done; and Correcting any problems that may arise In turn, these activities produce immediate outputs (for example, a control system) or longer-term outcomes (such as careful management of the cost of products or services). According to the model, once an organization undertakes the necessary work and achieves the outputs or outcomes associated with a KPA, it is considered to have mastered that KPA and therefore established a basic building block that contributes to the achievement of a particular capability level. A fundamental principle is that all of the KPAs for a given level must be mastered before the organization can proceed to the next level. Figure 3.4: Key Process Areas and their Relationship to the Financial Management Function 11

15 Figure 3.5: Model of a Key Process Area (Level 4 of the FCM Maturity Model) The Development of the Model The process involved in developing the model is as important to understand as the model itself. It was developed over a two-year period by a small group of 3-5 people within the Office of the Auditor General (OAG) supported by 3-5 functional specialists from other departments The trigger for the development of the model was the recognition that the OAG and, by extension, government departments lacked a tool to help them understand where given financial management functions were located on a scale of maturity. In too many cases audits performed by the OAG were measuring capacity and producing report cards that measured capacity at a given point in time without due regard to where the given financial management function resided on a scale of maturity. The OAG and departments alike recognized the need for a diagnostic tool that would provide the road map required to help guide the evolution of the function through various levels of maturity but at a pace that respected the needs and state of maturity of the organization itself The OAG team used the Capability Maturity Model for Software (CMMS) and the expertise resident at Carnegie Mellon as the basis for the development of the FCM. The bond between the OAG and Carnegie Mellon was so close that the OAG contracted the services of a specialist who had been involved in the development of the CMMS to help in the design of the equivalent for the financial management function Various drafts of the model were developed and shared with financial officers across the government and, more formally, with the Chief Financial Officers in government institutions. An Advisory Committee comprising senior officials from within the OAG 12

16 together with selected Chief Financial Officers from government departments, reviewed progress and provided direction and advice In 1999, the draft FCM was approved and made available to the financial community across the government As the model was being approved, the TBS Comptrollership Branch launched an initiative to develop a similar model for the Comptrollership function. While offering greater flexibility than the FCM (i.e. not all KPAs needed to be achieved before attaining a specific level) the initiative generated some confusion as financial officers began to raise questions about the relationship between the two models. In 2001, a project was established to harmonize the two models. The Application of the Model Although the model has been applied in a number of financial management audits 9, efforts have been made to encourage its use as a self-assessment guide for program managers. Rather than be viewed solely as an instrument of audit employed only by auditors, the OAG is advising departments that it can be used as a diagnostic tool that can help to increase the confidence level that a given financial management function is adequate or, if it is not adequate, the steps involved in advancing the function to the appropriate level of maturity. 4. The Records Management Function 4.1 A record is something that has a purpose (i.e. it is not merely the residue or by-product of organizational activities). In fact it has two purposes: To serve as an authoritative source of information (in context) to support decisionmaking and the delivery of programs and services. To serve as an instrument of accountability by providing the essential evidence governments and citizens require to account for their decisions and activities and to respond to the requirements of laws and policies. 4.2 In order to serve these purposes, records must have certain attributes and they must be managed in an environment that ensures their authenticity and integrity for the length of time they are required. The attributes of a record are its structure (discernable organization), content (it conveys identifiable information or evidence) and context (reference to the circumstances in which it was created or acquired). The environment in which it is managed must be supported by an infrastructure of policies, standards and practices, systems and technologies, and people that are dedicated to ensuring the authenticity, availability, accessibility, and understandability of records for as long as they are required for business and accountability purposes. Such an infrastructure must be managed which is why records 13

17 Law Mandate Financial Capability Model and the Records Management Function management is (or should be) a corporate function similar in status and organization to Human Resources and Financial Management. 4.3 Records management is a subset of information management 10. It has a dedicated purpose to serve the ability of organizations to document their activities. As such, however, they also support the fundamental functions of information management which are to capture information, to provide access and retrieval capabilities, and to ensure that the information protected and retained in a trustworthy environment. 4.4 An understanding of the records management function begins with an understanding of the business of government (i.e. if records are an integral part of the business of government then an understanding of how that business is viewed must first be acquired) 11. In a service environment, this business view (see figure 4.1) begins with an individual interacting with a given government process (i.e. a public servant applying for retirement benefits; a citizen applying for a license; a policy officer developing a briefing note for the Assistant Deputy Minister, etc.). Organization B u s i n e s s V i e w Function/activity Accountability Business process task task task task Figure 4.1: Business View 4.5 The service is supported by a business process comprising of a set of related tasks which generate an information product (e.g. license, cheque, report, etc.) which could be recorded on paper, electronically, etc. The business process supports the requirements of a given government function or activity which is managed by accountable individuals located inside an organization. The organizational structure is nothing more than a management and accountability framework for the function / activity and the business process. All of this (i.e. the organization, the functions, and the processes) are situated within an accountability framework which itself is derived from a mandate(s) and an enabling law(s). 14

18 4.6 The basic relationship among the business process (or workflow), the information product, the function / activity, the organizational structure (accountability framework), and the enabling law and mandate is a constant regardless of the type of program or service being delivered. 4.7 The business view model described in figure 4.1 illustrates the means by which government institutions carry out their program responsibilities (i.e. their business). 4.8 The Records Management Infrastructure view (see figures 4.2 and 4.3) is aligned with the business view. It focuses on the delivery of an information product generated by the tasks in the business process or workflow (see figure 4.2). The individual tasks themselves generate information objects (i.e. records) of their own (e.g. the various types of personnel records generated to support the processing of an application for retirement benefits or for a license; to support the development of a briefing note for the Assistant Deputy Minister, etc.). 4.9 In executing these tasks, three kinds of activities are carried out, namely: Activities done to bring records into existence to support decision making, program delivery, and to meet accountability requirements. These activities include: create, generate, collect, capture, receive, etc. The label given to this set of activities is create. Activities done with records to support decision making, program delivery, and to meet accountability requirements. These activities include: transmit, exchange, access, retrieve, disseminate, share, etc.). The label given to this set of activities is use. Activities done to records to ensure that they are authentic, reliable, available, usable, and understandable for as long as required to support decision making, program delivery, and to meet accountability requirements. These activities include: organize, describe, classify, retain, protect, store, migrate, dispose, etc. The label given to this set of activities is preserve. Records View create use preserve 15

19 A w a r e n e s s/ U n d e r s t a n d i n g Financial Capability Model and the Records Management Function Figure 4.2: Records View - Part 1 Figure 4.3: Records View - Part 2 Records View O w n e r s h i p/ A c c o u n t a b i l i t y Law/policy Standards/ practices create preserve use Systems People Business Process 4.10 These activities may be viewed at different levels: At the level of the individual record (i.e. a draft of the briefing note); At the level of the business process (i.e. all of the records associated with the preparation and dissemination of the briefing note); At the level of the organizational unit (i.e. all of the records for which a unit within the policy sector of the department is responsible); At the level of the function (i.e. all of the records associated with the policy development function the responsibility for which might reside in one organizational area or be shared with multiple organizational entities); At the level of the government institution (i.e. all of the records under the control of a given government department); and At the level of the involvement of other external organizations as active participants (i.e. all of the records associated with land management as generated by central agencies, individual government departments, other governments, the private sector, etc.) The three activities are managed by a framework of: (see figure 4.3) Laws and policies (that reflect the values and ethics of the organization in terms of the way in which it creates, uses, and preserves records; that support directly the strategic directions of the organization); Standards and Practices (that are authoritative, shared, owned, implemented, and measured); and Systems (that respect the requirements for records creation, use and preservation and that are directly related to the values and principles of the organization re: transparency, accountability, effective program delivery, etc.); 16

20 4.12 This framework cannot exist in a vacuum. It must be supported by people who have an awareness and an understanding of the importance and relevance of records to their programs. But more than this, the framework requires ownership and accountability through public servants who understand its fundamental importance in enabling them to carry out their program responsibilities and to reflect the values that guide their behaviour as public servants in a democratic government. Normally this ownership is reflected in an accountability framework extending across a given organization: 4.13 From the people perspective the model may be viewed from three perspectives. The first perspective is that of the manager and his or her staff who carry out their responsibilities in support of a given function or set of functions. These responsibilities are based on a mandate derived from one or several enabling laws and / or policies, supported by strategic and operational goals, and infused with the governance values set out for the public service. The second perspective is that of the manager and staff who carry out their responsibilities for designing, building and maintaining the records management infrastructure. These responsibilities are based on a mandate derived from one or several enabling laws and / or policies, supported by strategic and operational goals (for the advancement of the infrastructure in line with the needs of the business of the organization), and infused not only with the governance values of the public service but also the values that guide them as professionals. Both the manager and the infrastructure manager and staff view the same model but the laws, mandates, strategic priorities, values, etc. as well as the ownership and accountability may differ because of the role each plays in the model. The third perspective is that of the citizen (a business or individual) receiving a service or otherwise inter-acting with the government. Citizens expect that a trustworthy environment is in place to support this interaction and that the information associated with the interaction is authentic, reliable, complete, and accurate. They count on both the program managers and the records management infrastructure builders to have carried out their responsibilities for establishing such a trustworthy environment and for managing effectively the records that support their interactions Based on this model it follows that the highest level of records management maturity should reflect a set of values and objectives that are consistent with the highest levels of values and objectives guiding the governance structures of public sector organizations. If a government is to support values such as transparency, public trust, accountability, etc. then it follows that government would be expected to support a culture that values information and the role it plays in supporting a citizen-state interaction founded on trust and respect. In this ideal context (i.e. reflecting the highest level of records management and governance maturity), public servants would be expected to 12 : 17

21 Be fully conscious of the role information plays in establishing a relationship with citizens built on trust, integrity, and quality service; Understand the varied needs of citizens including businesses and respond to these needs with information which is complete, relevant, organized, timely and structured to maximize self sufficiency and access; Understand the central and critical role information plays in support of government business and accountability; Understand the need to document what they are doing with the records created as a result of their activities; See these records as valuable sources of information to help them do their job and as instruments of accountability; Understand the need to apply common standards and best practices to manage, make accessible and protect information assets; and Appreciate the value of sharing and exploiting information and knowledge to support more integrated program delivery within government (i.e. where appropriate and authorized) Within this context, those responsible for the records management infrastructure that reflects such a maturity level would be expected to subscribe to the following objectives: To provide a trustworthy environment within which government business can be conducted; To enable public servants to generate, collect, receive, document and otherwise create the records they require to support decision-making, program and service delivery and accountability; To enable public servants to access, retrieve, exchange, transmit, disseminate, exploit and otherwise use the information they require to make decisions, deliver programs and services and to hold themselves accountable; To enable public servants to identify, describe, protect, retain, migrate and otherwise preserve the authenticity of records for as long as they are required; and To provide expert advice on the management of records This vision of the relationship between records management and governance does not stop with public servants and those involved in developing and maintaining the records management infrastructure. It extends to the citizens (individuals and businesses) who are both the contributors to and beneficiaries of the infrastructure. In ideal circumstances these are citizens who: Understand their rights and entitlements in terms of their interaction with government programs and activities; Understand the importance of records as evidence of their interaction with government programs and services; 18

22 Expect their government to support a trustworthy environment that enables the protection of the information they provide to obtain government benefits and services; Expect their government to be able to hold itself accountable for its decisions and actions; and Expect their government to manage the records generated as a result of their engagement with the decision-making and policy development activities of the government (and who recognize the importance of records in providing evidence of such interaction) The preceding discussion has tried to illustrate that the convergence of governance values and records management values is reflected in the goals and behaviour of three players: program officials at all levels, records management infrastructure builders, and citizens. If the conditions described above are reflected in the behaviour of these players then one could suggest that an organization has reached the highest level of maturity in terms of the way in which it is governing its business and managing the records that support this business. Moreover, it would appear from the above that it might be feasible to express at least the highest attributes of governance and records management as integrated rather than separate statements (though this remains to be tested) Needless to say, not all organizations will reflect these attributes. Some will reflect a complete absence of record-keeping capability or a fragmented approach at best while others will be at various stages along an evolutionary path leading to the kind of records management maturity set out above. Similarly, the extent to which organizations are demonstrating the attributes of good governance will vary from those who are only beginning to establish governance frameworks to those that are reflecting the highest levels possible of a values-based governance framework Regardless of the governance or records management maturity levels displayed by an organization, one of the central features of a maturity model is that it does not pass judgment on whether or not a given organization has passed or failed. It is very much a diagnostic tool that permits an organization to assess where it is on a scale of maturity and if, where, and how it needs to proceed. While the first level may not be a desirable level, the subsequent levels may or may not be adequate depending upon the nature of the organization, its approach to governance and its approach to the establishment of a recordkeeping infrastructure An organization just establishing itself cannot be expected to reach the highest level of governance or records management maturity right away. It will require time and a systematic approach to the development of both its records management function (including the establishment of recordkeeping culture) and its governance framework before it can achieve the level of maturity enjoyed by other more values-based and records-sensitive organizations The exploration of the attributes of a maturity model for governance is beyond the scope of this paper. However, the foregoing discussion has attempted to illustrate how important it is to assess any proposed records management maturity model against a similar 19

23 maturity model for governance. While the remainder of this paper will focus on the attributes of a records management maturity model, subsequent work emerging from this current initiative should focus on the development of a relevant governance maturity model against which any proposed records management maturity model can be mapped The purpose of the next section of this report is to assess the applicability of the FCM model in terms of the extent to which it can help in the design of the structure and contents of a maturity model for records management and, most importantly, the processes by which such a model should be applied. The objective is to set the stage for the development of a working model that would not only provide an analytical tool to more precisely identify where given records management functions lie along an evolutionary path, but also how these functions can evolve in a systematic manner from where they are now to subsequent and more enhanced levels of records management maturity. 5. Assessment of the Financial Capability Model 5.1 In the absence of maturity models for records management and yet recognizing that such models could be extremely useful, the key question to be answered in this section is, Can the Financial Capability Model (FCM) be used as the basis for the development of a similar capability model for records management? 5.2 The short answer is yes. While the model is directed to the financial management function, its structure and, most importantly, the process by which it was developed, applied, and maintained can help to inform the development of a similar model for the records management function. 5.3 The potential role of the FCM is addressed in three parts: The model itself; The process by which the model was developed; and How the model should be applied. The Model One of the key features of the FCM is that it does not presume that an organization is either right or wrong in terms of its location along the maturity level (though it does explain that level one is not acceptable). This is extremely important. In the past, records management programs have been assessed on the extent to which they have either passed or failed. The audits of records management performed by the National Archives throughout the 1980s and the self-assessment guide that was produced by the Treasury Board Secretariat to measure compliance with the its Management of Government Information Holdings 13 policy are examples of the black and white, either-or approach taken to assessing records management capacity. 20

24 5.4.2 The questions these instruments asked were along the lines of the following: Does the institution have the capacity or not to respond to the government s recordkeeping requirements? If the records management program is inadequate in what way is it inadequate? This pass / fail approach to measuring records management capacity is a negative way of arriving at conclusions concerning the status and effectiveness of a records management program. They also fail to provide the road map most institutions are looking for to determine what needs to be done to mature beyond where they are and how quickly it needs to be done The application of a maturity model, however, provides a map of where the records management program is located along an evolutionary curve or scale of records management maturity. This understanding can then be used to make decisions concerning the strategies required (if any) to move from one maturity level to the next. In some cases, it may be concluded that remaining at Level 3, for instance, is entirely appropriate given the nature of the organization and where the organization is located in terms of its own evolution, especially in its reflection of the goals and objectives of good governance An example from the Department of Public Works and Government Services (PWGSC) using the structure of the FCM might help to illustrate the way in which a maturity model can become a road map rather than a yes / no compliance tool. In 1998, the Superannuation program of PWGSC moved to Shédiac, New Brunswick. In the very initial stages, as the move was proceeding, it was safe to say that parts of the superannuation function were experiencing the attributes of a Level 1 stage of maturity. As the disruptions caused by the move began to dissipate, however, the function evolved to Level 2 as it established basic processes and procedures for ensuring data integrity. Once Level 2 was achieved, the function evolved to Level 3 as it implemented service level standards and other tools to help manage the organization responsible for the function. The attributes of Level 3 formed the foundation for migration to Level 4 where the organization recognized the value of its financial information holdings in supporting sophisticated analysis and decision-making. This set the stage for the evolution of the function to Level 5 where initiatives are underway to establish a continuous learning organization focusing on harnessing and exploiting financial information to achieve strategic objectives and the establishment of a knowledge-based organization This example illustrates the importance of ensuring that the state of a given records management function is assessed within the context of the state of the organization itself at any given point in time. Examples of this relationship from a governance perspective are provided in the main report. Another example, often experienced in the government, is based on the results of a re-organization. 21

25 A given organization, having come through a major re-organization, may experience a Level 1 state of maturity as it seeks to establish or re-establish basic records management controls. As the impact of the reorganization subsides but before the new organization has evolved, a records management program reflecting Level 2 capabilities may be perfectly acceptable given the state of the organization at that point in time. As the new organization matures and becomes more established, however, its records management function will also need to evolve and mature. The Maturity Levels With respect to the levels themselves and based on the perspectives offered in section 2 it would appear that the maturity levels described for the FCM could be adapted for use in a records management model. The challenge, however, is to define the attributes of each records management maturity level and to have these accepted across a given jurisdiction Given that the definition of the maturity levels should be based on commonly-held values and beliefs, an added challenge will be the identification of the principles and values that would be expected to govern the records management function at any given maturity level. An effort to set the stage for this identification process was offered in the previous chapter While the levels described in the FCM could help to inform the description of similar levels for a proposed records management maturity model, other maturity models should also be examined. This would lead to a better understanding of what is involved in articulating the attributes of individual maturity levels. For instance, the E-Capacity checklist sets out a layered approach to the expression of maturity levels to guide federal government departments in identifying where they are located along the evolutionary curve of e-business maturity. The levels are expressed as follows: Level 1: Senior management is aware of the need for funding and limited funding exists to support the e-government program. Resource requirements have not been identified. Level 2: Senior management has made the initial funding and resource commitments, but they are inadequate to achieve the objectives stated in the e- vision. Resource requirements have been identified. Level 3: Senior management has made adequate funding and resource commitments for the initial investment in e-government Level 4: Future year resource requirements are being identified and addressed in light of new e-opportunities and organizational capabilities. 22