Wednesday, September 10, 2008

Evaluating Electronic Financial Records Management in the Implementation of e-Government in Malaysia

THE EUROPEAN CONFERENCE ON INFORMATION MANAGEMENT AND EVALUATION (Presented)

Nurussobah Hussin, W.M.S. Wan Satirah, Mohd Nazir Ahmad
Universiti Teknologi MARA, Shah Alam, Malaysia
nur_huss@yahoo.com
assatirah@salam.uitm.edu.my
nazirfpm@yahoo.com


Abstract: With the introduction of Electronic Government (EG) Flagship Applications in 1996, Malaysian Government agencies create many records in electronic format. The Accountant General Department has developed the electronic financial records system for the use of federal and state public agencies in Malaysia. This study focused on the management of electronic financial records system for federal agencies. This study aims to identify whether the accountability, authenticity and integrity of electronic financial records is considered by the public sector. Two instruments namely questionnaires and guided interview were used in the process of data collection. A qualitative semi structured interviews were held with key players involved in managing financial records in the finance and IT Department in XXX and XXX (GOVERNMENT AGENCIES). The result of the study revealed that the organizations do not have enough skilled staff to meet organization’s records management requirement. The implication of the study is that, to manage the electronic financial records effectively and efficiently, it is important to maintain the integrity of electronic financial records: that is, the records must be complete, accurate, verifiable and secure from unauthorized person. The findings intended to be of use to both the accounting and information professions especially by those who are designing new electronic records systems and those who need to improve existing systems.

Keywords: records management, paper-based records, electronic records, public sector, e-SPKB, policy.


1. Introduction

The advent of e-government is changing the way organizations do business. Traditionally, records have been created on paper and authenticated by signing it in ink. Today, technology is making both paper and ink irrelevant to many business processes. This has all sorts of consequences, but, whether in ink or in an electronic format; a signature must fulfill the same functions: it has to authenticate the signer and the document. In order to use electronic signatures effectively, appropriate technological application need to be selected with the fulfillment of legal obligations.

The effective management of financial records necessitates the co-operation of accounting, auditing, computing and records personnel. Manual and written procedures are needed to define the records management process and its application to accounting and financial records, while financial instructions, audit and accounting manuals, in turn, should reflect the needs of records management. This systematic approach will gradually help to close the present gaps in the capacity to manage financial records and hence strengthen the controls on the management of government finance and the capacity for financial reporting.

In the past years, numerous case studies on management of financial records have been conducted in the developing countries by International Records Management Trust (IRMT). According to one case study in Vietnam in 2002, public awareness of corruption on virtually every continent has focused attention on the need for greater financial accountability. Well maintained records provide the basis for accountants to prepare financial reports on the management of state resources. This report enables parliament and public to see how financial resources have been accounted for and managed. Well-maintained records also permit independent auditors to give the public assurance that the financial records are credible. A well maintained record thus underpins good financial management and accountability and serves the needs of politicians, bureaucrats and citizens.

Since the envisioning of Malaysia being a developed country in the year 2020 and with the introduction of Electronic Government Flagship Applications in 1996, Malaysian government agencies create many records in digital format including financial records. The 7 pilot projects of the Electronic Government Flagship Application are Project Monitoring System (SPP II), Human Resource Management Information System (HRMIS), Generic Office Environment (GOE), Electronic Procurement (EP), Electronic Services (E-Services), Electronic Labour Exchange (ELX) and E-Syariah

In addition, the Accountant General Department has developed four accounting systems under the project of Electronic Government (EG-AG project) as listed below:

a) Sistem Perancangan & Kawalan Bajet Elektronik (eSPKB) (Electronic Budget Planning and Control System) is for Federal Government agencies
b) Sistem Perakaunan Berkomputer Standard Kerajaan Negeri (SPEK) (Standardized State Government Electronic Accounting System) is for state governments
c) SAGA is for statutory bodies
d) Government Financial Management Accounting System (GFMAS) is for accounting departments

This case study focused on the accountability, authenticity and integrity of Sistem Perancangan & Kawalan Bajet Elektronik (eSPKB) in federal government agencies. The eSPKB works in the controlling budget, manages responsible office’s expenditure and expedite the process of preparing financial documents. The eSPKB needs to be connected to National Audit Department’s legacy system for payment and accounting purposes.

2. Objective of the study

The objective of the study is to identify whether the accountability, authenticity and integrity of electronic financial records is considered by the public sector in Malaysia.


3. Literature Review

A record is defined as recorded information in any form, including data in computer systems, created or received and maintained by any organization or person in the transaction of business or the conduct of affairs and kept as evidence of such activity (McKemmish, 2008).
The Records Continuum Research Group (RCRG) of Monash University had developed the Conceptual Models of Records in Business and Socio-legal Contexts which describe the relationship of people, business and records. People conduct business of all kinds with each other, and in the course of doing business, they create and manage records.



Figure 1:Business Recordkeeping

In a business context, optimally recordkeeping forms an integral part of its activity. The following figure shows the conceptual model of recordkeeping where people do business that are governed by external mandates (such as laws, regulations, standards, best practice codes, professional ethics) and internal mandates (such as corporate culture, policies, administrative instructions, delegations, authorities). Authentic records of organizational activities provide evidence of that activity and function as corporate and collective memory. They also provide authoritative sources of value added information as they capture the content and context of the interactions the document.


Figure 2: Records and the Business context

Records management has been acknowledged as a vital component of management resources that helps decision making, avoid failures, and helps meet organizational goals. As a result, it exerts some pressure on organizations to devote more effort to their information handling mechanisms. Records management plays a vital role in ensuring that organizations remain competitive in their respective industries (Chartaby 1991). There are many reasons why records management is crucial, among others, legal compliance. Organizations could be faced with lawsuit and need to produce evidence (Montana, 1997). When records management is in place, be it manual or electronic, the risk of being prosecuted is minimized.

Many people raised concerns about securing electronic and paper records so that the evidence of financial transactions remains authentic and auditable. As one participant noted in the Global Forum Electronic Discussions organized by International Records Management Trust (2003), accountability is fundamental to good governance and therefore records management must be fundamental to the financial management processes, since records management underpins financial management which in turn contributes to good governance. Ensuring authenticity requires active intervention to protect and preserve records. For example, several participants suggested that audit compliance systems had to be developed or strengthened so that there is a direct relationship between the identification of the information to be protected and the protection of the records holding that information. One suggestion was that financial information had to be secure from the time of creation. To achieve that, perhaps only authorized personnel should be allowed access. Password protection was one way to ensure that the control environment is maintained. It shows that the authenticity and integrity of financial records in whatever form is very important to protect and manage because without effective and efficient records management in place, the desired impact of financial and governance reforms is often minimal at best.

According to Duranti (2006), digital records make up 80% of fraud investigation cases, according to the forensic technology team at PricewaterhouseCoopers, which analyzed the last two years worth of investigations. The number of cases handled by the firm has tripled in that time and the average case requires the analysis of 500,000 e-mails and user documents. A trusted recordkeeping system containing records guaranteed authentic by a trusted custodian would avoid the very high costs in financial and human resources incurred by investigators, but none is in place at this time.

Besides that, Gurushanta, Vigi, FICB, MIT (2002), highlighted the essential key points to prove the integrity of electronic record keeping system and the authenticity of electronic records can be demonstrated by adopting the following factors:

a) Sources of data: the source organization (or person) of the data involved.
b) Contemporaneous recording: that the electronic records were captured and the records recorded contemporaneously with, or within a reasonable time after the events to which they relate; (but contemporaneous recording within a particular database is not required).
c) Routine business data: that the data within a record is of a type that is regularly supplied to the organization during the regular activities of the organization from which the record comes.
d) Privileged data: that use in legal proceedings of the data in any particular record does not violate any legal principle of privileged or confidential data that prohibits its disclosure.
e) Data entry: that database capture and entry procedures are part of the "usual and ordinary course of business" of the organization.
f) Industry and national standards: that the organizations conforms to all appropriate standards relating to electronic record systems, including the inputting, importing and storage of data and all provisions relevant to preserving reliability of that data and electronic records system through which they are stored or transmitted.
g) Business reliance: that the organization itself relies upon the electronic records in its database(s) to make business decisions.
h) Retention and disposition of the electronic records are in accordance with legislative requirements are documented.
i) Software reliability: that the software reliably processes the data to which it is applied.
j) Recording of system alterations: that a record of system alterations is kept.
k) Security: proof of the security features used to guarantee the integrity of the total system; at the least the following key points of security should be able to be proved. (Protection against unauthorized access to data and permanent records, processing verification of data, safeguarding communications lines, maintaining backup copies of records for purposes of verification or replacement of falsified, lost or destroyed permanent or temporary records, and a disaster recovery program for electronic images, records and associated data.)

Duranti (2008) in Pre International Council on Archives (ICA) Congress Seminar in Kuala Lumpur identified a number of the digital records challenges as (1)The facility of reproduction and manipulation makes it difficult to identify the final, official, reliable or accurate version, (2)Technological obsolescence makes digital records inaccessible in a very short time span, and (3)Intellectual property and privacy rights are hard to protect.


4. Methodology

In this research, a case study approach was adopted. Eisenhardt (1999) noted that case studies typically combine data collection methods such as questionnaires, interviews, observation and archives. A questionnaire was used as the main research instrument and was administered to staff in financial department and IT department at XXX and XXX. The SPSS (Statistical P6. Conclusion and recommendations

5. Conclusion and Recommendation

As a conclusion, electronic financial records must be created reliably and maintain their integrity and authenticity in order to meet the demands of corporate accountability as well as supporting better management. As the study reveals 95% of the respondents answered that the electronic financial records system (eSPKB) has a security system to protect it from unauthorized person. The security systems used to access the electronic financial system (eSPKB) are password (95%), digital signature (84%), encryption technology (58%), and network security (58%). This is in line with the interview with the Project Manager of Electronic Government’s Application Project; types of security used in eSPKB system are PKI, Encryption technology, Network security, Access Control and Backup.

In addition, the respondents were asked about who has the authority to access the eSPKB. The result of the study shows that the top managers, accountant, authorized person in financial department (user of the system) and the auditor have the responsibility to access the system. For audit purposes, the auditor should request as ‘view’ for viewing information on screen. They cannot make any amendment to the records.

From the study also, 84% of the respondents agreed that their electronic financial records (eSPKB) do have a disaster recovery plan. The XXX Department uses magnetic tape and cartridge as the media to backup the records. The Project Manager of Electronic Government’s Application Project mentioned that there are daily, weekly, monthly, yearly, ad hoc and off-site backup. All backup records that are more than two years will be transferred to the appointed Accountant Office bank. However, more than 50% of the respondents are not aware of this. In addition, 79% of both organizations did not have enough skilled staffs to meet their records management requirement.

Based on the findings, several recommendations are put forward as part of public service reform. The recommendation includes: (1) recruiting a records manager, (2) government agencies should have in place electronic records management policy and guidelines, (3) continuously communicate to the staff regarding the policy and guidelines, the responsibility, and the importance of electronic records management from its creation, dissemination, storage, retention, and disposal, (4) improve the eSPKB system, (5) there need to be appropriate management structures in place to support the operation of the system, including legislation to support the legal admissibility of electronic information if there is no parallel paper system, and finally, (6) provide training to all records keepers.

So far, recruitment process of records managers is quite restricted. Government departments can only get a records manager by application made by the ministries to the Public Service Department. Upon approval, a cadre post will be created in the department. In most departments, records managers are appointed among the existing staff holding other post, such as registrar or executive officer. As a result, their task as records managers become secondary. In these two financial departments, the role as records managers are shared between IT personnel, auditors, accountants and executives.

For training and education, the National Archives of Malaysia has played the pivotal role in providing training program for the public sectors staff in records management. Other institutions that are involved include Malaysian Administrative Modernization and Management Planning Unit (MAMPU) and INTAN. For the higher institutions, the Faculty of Information Management, Universiti Teknologi MARA has been the pioneer in the area of records management in Malaysia. This faculty offers the undergraduate and master’s level program. The undergraduate program is known as the Bsc in Information Studies (Records Management), while currently, the master’s program in Msc. in Information Management allows students to specialized in Records Management. In addition to that, by 2009, Faculty of Information Management will offer a Master of Science in Records and Document Management program. As a result, training for records managers is not only essential but also should be made an ongoing process for services to cope with the development of media and profession.

Besides, eSPKB is a system that centralized in Accountant General (AG). It helps financial department, federal government organized their daily transaction or operation electronically. However, staffs in XXX Department that serve as a user of the system have identified a few problems. By referring to the problems, the system should be improved from time to time until user satisfied with the system provided. In order to improve that system, they need to ask the feedback from the user and implement the records management approach to the system. According to CAATT’s Guidelines for eSPKB system, there are clear information on registration, classification, access and tracking of the records. However, the guidelines are lack of information on retention, disposition and preservation.

National Archive of Malaysia has produced the Electronic Records Management Guideline under the e-SPARK project. The significance of this guideline is that it covers the management of electronic records throughout the entire life cycle including digital preservation. Besides that, National Archives of Malaysia and Accountant General have produced the retention schedule on financial records for the use of the public agencies. Therefore, it is important to ensure that, all the public agencies staff especially record keepers are aware of this guidelines, retention schedules and other existing policies such as National Archive Act 2003, Government Circulations and Directives, ISO 15489, Digital Signature Act 1997, Computer Crime Act, Electronic Commerce Act 2006 and Circulars on email management issued by Jabatan Perkhidmatan Awam (Public Service Department) & MAMPU.

Finally, the government agencies need to provide a vision of where they want to be in five to ten years, when they will be managing a predominantly electronic asset. This implies that new and innovative approaches are required to help ensure the authenticity, integrity and reliability of records in an electronic environment. It has the biggest impact on the Government of Malaysia as a whole.


REFERENCES


Chartaby, K. (1991) “Records Management: quo vadis?” Records Management Control ,3(4) Winter:108-113

Duranti, L. (2008) “The management of electronic Records for Good Governance”, Proceeding of International Congress on Archives, Kuala Lumpur, July

Duranti, L. (2006) “Long Term Preservation of Digital Records: An International Focus”, Proceeding of International Conference Asolo, Sept.

E-Government Policy Framework for Electronic Records Management 2001, [online] http://www.nationalarchives.gov.uk/electronicrecords/pdf/egov_framework.pdf

Eisenhardt, K.M. (1999) Building Theories From Case Study Research, in: Bryman, A. And Bugess, R.G. Qualitative Research, Vol.1. London:Sage, pp. 135-159.

“Evidence-Based Governance in the Electronic Age: Case Study on The Management of Electronic Financial Records In Vietnam. (2002) World Bank/ International Records Management Trust Partnership Project, June.

“IRMT/World Bank Evidence-based Governance in the Electronic Age Global Forum Electronic Discussions”, Summary of Discussion One: Information Technology, Electronic Records, and Record Keeping (2003), [online], http://www.irmt.org/download/DOCUME%7E1/GLOBAL/it.pdf

Mckemmish, S. & Evans, J (2008) ”Recordkeeping and the Importnce of Recordkeeping Metadata”, Proceeding of International Congress on Archives, Kuala Lumpur, July

Montana, J.C. (1997) “Legal Ethics and Records Management.” Records Management Quarterly, 31(4) October:43-4.

“Recordkeeping Metadata Project” (1998), Records Continuum Research Group, [online], http://www.sims.monash.edu.au/research/rcrg/research/spirt/deliver/conrelmod.html

Vigi Gurushanta, FICB, MIT. (2002) “e-Evidence Standard” Proving the integrity, reliability, and trust on electronic records ARMA/CIPS Conference, [online] http://radio.weblogs.com/0117653/gems/ARMA2002eEvidenceStd.pdf#search='eEvidence%20Standard'>
ackage for Social Science) was used as the main statistical analysis tool. As for the interviews, face to face meetings were arranged with the six top managers and key players from both departments where additional and more specific information was gathered. Observation was also employed on how the electronic financial records management system (e-SPKB) was used in the departments.