Table of Contents

RTI Compliance Audit Checklist for Public Authorities

Direct answer. Every public authority should run an internal RTI compliance audit at least once a year, ideally aligned with the financial-year close. The audit should cover twelve areas: PIO designation, FAA designation, Section 4 disclosure, record management, RTI receipt and disposal SLAs, fees, appeals, third-party procedure, Section 25 returns, training, citizen feedback, and Information Commission directions outstanding. A scoring template is below — eighty per cent or above is the working benchmark; below sixty per cent is a red flag for the head of office and external audit.

CAG audits and Information Commission compliance reviews routinely flag the same patterns: outdated PIO pages, untracked appeal disposals, missing Section 25 returns, no Section 4 update log. An internal audit catches all of these before the external audit does. This checklist is designed for adoption by the public authority's vigilance / records committee.

When to run the audit

Twelve audit areas with scoring

Each area is scored out of ten. The total is out of 120; convert to percentage.

Area 1 — PIO designation (10)

Area 2 — FAA designation (10)

Area 3 — Section 4 disclosure (10)

Area 4 — Record management (10)

Area 5 — RTI receipt and disposal SLA (10)

Area 6 — Fees (5)

Area 7 — Appeals (10)

Area 8 — Third-party procedure (10)

Area 9 — Section 25 annual return (10)

Area 10 — Training (10)

Area 11 — Citizen feedback (10)

Area 12 — Outstanding Commission directions (15)

Step by step

  1. Step 1. Constitute an audit team — nodal RTI officer, internal audit officer, IT, vigilance.
  2. Step 2. Agree the score-sheet using the twelve areas above.
  3. Step 3. Sample 5% of applications and 10% of appeals for evidence.
  4. Step 4. Cross-verify with public-facing data (website, portal, Commission's records).
  5. Step 5. Score each area with documentary evidence.
  6. Step 6. Compile a draft report with scores, findings, recommendations.
  7. Step 7. Discuss with the head of office; finalise.
  8. Step 8. Place the report on the office's RTI page (with redactions for any sensitive personnel content).
  9. Step 9. Track corrective actions to closure.

Evidence the audit team should gather

Scoring benchmarks

Score % Rating Action
90+ Excellent Sustain
80 to 89 Good Minor improvements
70 to 79 Average Targeted improvements
60 to 69 Weak Action plan within 30 days
Below 60 Critical Head of office to convene review

Common public authority mistakes

Frequently asked questions

Is the audit mandatory by law?

The Act does not name an “audit” but the Section 25 return, Section 4 sign-off, and CAG performance audit collectively make internal audit a practical necessity.

Who pays for an external audit?

External audit (CAG, peer-review by another department, civil-society audit) is funded by the audit authority's budget. Internal audit is by the public authority's own staff.

How long does an audit take?

Two to three weeks in a small office; six weeks in a large ministry.

Can a third-party agency audit us?

Yes — many ministries engage civil-society partners (e.g. CHRI, RAAG) for independent scoring.

What if we score below 60%?

The head of office must convene a review and produce a 30-day action plan.

Do we publish the audit report?

Yes, with redactions for sensitive personnel matters.

Does the Commission accept our audit as evidence?

Yes. Commissions look favourably on public authorities that maintain internal audit and produce findings.

Sources

See also

Last reviewed: 9 May 2026.