High risk that Defence ICT will go off the rails

2

news The Federal Government’s chief auditor has warned that the Department of Defence’s ICT operation is teetering on the brink of a dangerous precipice, in a landmark report published this afternoon into its current ICT governance structures and projects.

The report, Oversight and Management of Defence’s Information and Communication Technology, offers a detailed window into one of Australia’s largest and most complex technology environments. Defence’s so-called Defence Information Environment (DIE) soaks up some $1.2 billion in annual expenditure and ranges over 500 sites in Australia and overseas, providing functions as diverse as weapons support and electronic counter-insurgency to more normal office functions such as word processing.

It is also, however, one of Australia’s most ageing technology environments. A succession of reports over the past half-decade has found that a number of Defence’s key support systems, as well as its most basic infrastructure, has become unwieldy and is holding the department back in terms of its ability to deliver on its goals and sometimes basic operational functionality.

In 2008 and 2009, for example, the department suffered a number of problems with its payroll systems which led to widespread employee complaints. At the time, a KMPG audit stated that the two key Defence payroll systems — PMKeyS and ADFPay — were facing vendor support issues as they aged. PMKeyS was first rolled out in 2002.

In another example, the department also currently operates an unwieldy structure for accessing desktop systems, which has seen many staff issued with two personal computers, for accessing information repositories with separate levels of secrecy. Defence’s IT management has been seeking to remediate both problems for a number of years, but has been hamstrung by a number of factors focused around the complexity of the department’s technology operation.

Federal Government Auditor-General Ian McPhee had both good and bad news for the department in his report published this afternoon.

The report states that Defence has commenced the “vital work” of remediating the “publicly acknowledged deficiencies” in its ICT systems, with the program of work progressing under the department’s wider Strategic Reform Program kicked off in mid-2009. At the time, the Government announced it would invest more than $940 million over four years to reform Defence’s IT environment. “Since then, Defence has made modest progress in improving the performance of its ICT systems and has started replacing obsolescent equipment,” the report states.

In addition, the 2007 appointment of Defence chief information officer Greg Farr has had an effect — with Defence seeking since that time to map and cost all of its ICT systems and investments, as well as developing a department-wide coordinated approach to ICT investment. Defence now has visibility of some 75 percent of its total ICT expenditure — a notable improvement on the situation in mid-2009, when it could only get a grasp of half.

In addition, Defence is finalising a two-pass approval project for ICT initiatives, as well as having set up a major overarching IT oversight committee and implementing the UK Government’s P3M3 management maturity ranking system. Defence has also recently signed a resources contract with five major industry partners to help meet its shortfall of some 350 ICT staff.

However, in many ways, it appeared as though the risks involved in Defence’s ICT strategy went far towards outweighing many of the department’s abilities to meet its goals.

“At the time of its March 2010 progress report to the Government, Defence considered the Strategic Reform Program to be as complex an organisational reform agenda as had ever been undertaken in either the private or public sectors in Australia,” the report states. “Delivering ICT reform in Defence is a challenge of a very high order, entailing the simultaneous remediation of existing systems, the development of ICT systems critical to the SRP reform streams, and the achievement of savings at the upper bounds of feasibility.”

“More than two years into the reform process, ICT continues to represent a material risk to the timely achievement of the SRP investment and savings targets set in support of the longer-term objectives of the [2009] white paper.”

Defence’s ICT environment, the report states, suffers from relatively immature governance processes, the lack of a department-wide view of ICT interdependencies and competing priorities, complex and “sometimes confused” accountability structures and a high level of demand on its ICT staffing resources — “currently some 350 staff short of projected requirements”.

With respect to the eight major SRP reform streams which depend for their success on associated ICT projects, “schedule slippage is already evident”, and project failure could have a domino effect on other projects. “In this challenging environment, strong leadership focus will be required to deliver the benefits envisaged for the Defence organisation from the ICT transformation program over the next ten years,” the report states.

The report makes two key recommendations for Defence’s IT management going forward, to help address the problems.

The first revolves around Defence’s CIO Group, led by Greg Farr. The report recommends that the group’s role as the coordinating capability manager for Defence ICT be clarified, and that other Defence program managers adopt a full partnership model with the CIO Group to deliver on projects.

Secondly, the report recommends Defence focus on improving the whole of department of its needs by establishing an enterprise-wide benefits realisation framework; ensuring it has appropriate financial systems to support effective planning and monitoring of ICT investments; and developing a department-wide approach to escalating and treating ICT program and project risks. Defence agreed with both recommendations.

opinion/analysis
This is hardly a surprise. Defence’s IT environment has been teetering on the brink of disaster for years … if you hang around Defence tech staff, you’ll hear horror story upon horror story of extremely outdated software and hardware systems still being used in production, constant small failures, patches and bandaids being applied everywhere to keep things basically functioning and so on. Defence CIO Greg Farr has spoken about many of these problems himself over the years, and spent quite a bit of time in his first several years in the job remediating the emergency issues so that his CIO Group could gain some credibility to get bigger projects up.

However, as everyone involved in the situation recognises, this sort of thing can’t go on forever. Eventually Defence will have to drag itself into the modern age, and that’s what the Strategic Reform Program (and especially the IT components of it) are all about. Bringing Defence up to speed in one massive decade-long project of work that when 2030 ticks around, Defence’s core technology platforms aren’t the technology equivalent of the Intel 386 PC.

Can Defence do it without too many headaches? There is plenty of evidence that it can. Farr himself has already been through one fairly similar program of work at the Australian Taxation Office, and he’s collected a bunch of capable lieutenants around him. The CIO Group will also be able to draw on the very capable resources of the senior IT executives at the ATO, Immigration and the Department of Human Services, which have all now got very substantial experience in transformation and remediation programs. In addition, there is a clear appetite for change and energy about Defence’s IT environment right now that bodes very well.

Of course, it won’t be a smooth ride, and that’s what today’s report is all about. If I could sum its argument up in two words, those words would be: “Turbulence ahead”.

2 COMMENTS

  1. I suspect governance is actually the cause of most of the delays and costs. Any contractor dealing with defence will propose a raft of contigencies against the Defence force tradition of governance.

    • Perhaps. I think much of the problem is due to the slow nature of change at Defence, where things have to be uber-stable to support military efforts, but also part of the problem is not governance problems from the IT side of things, but from other aspects of the department, who would be slow to approve projects and would likely understand IT even less than people in similar roles in other departments.

      Defence is hardly an IT-focused environment when compared with the likes of Centrelink and the ATO, which are essentially similar in complexity to a major bank and function in quite a similar way.

Comments are closed.