news An audit of Western Australian departments and agencies have found a number lacked comprehensive or up to date strategic ICT plans, as well as potential conflicts of interest in their purchasing of technology-related goods and services.
The audit, published yesterday by the state’s auditor-general Colin Murphy (PDF), examined how agencies such as the Departments of Education and Mines and Petroleum, the Western Australian Land Information Authority (Landgate), the Lotteries Commission (Lotterywest), the Electricity Retail Corporation (Synergy) and Tourism WA engaged ICT contractors to help provide IT services to aid in their work.
It noted that when managed well, ICT contractors could deliver ICT solutions effectively and efficiently, but when managed poorly, agencies could waste a lot of money on ICT “for limited of zero benefits”.
Murphy concluded that of the departments and agencies examined, only Landgate managed all aspects of ICT contracting and procurement well. “A key area for improvement at four agencies — DMP, Lotterywest and Tourism WA was a lack of comprehensive and up-to-date strategic ICT plans,” wrote the auditor in the report.
“Without an up-to-date ICT strategy,” he added, “agencies significantly increase the risk of making poor use of contractors and getting poor ICT outcomes.”
The ICT strategies that did exist, Murphy wrote, were often out of date, did not clearly align ICT projects and sourcing strategies with identified current and future business needs, did not include resourcing requirements, lacked clear objectives and associated performance measures, and did not address the risks inherent to different ICT delivery options and strategies to mitigate those risks.
In addition, a number of the agencies did not fully comply with procurement policy for some of their contract arrangements — failing to develop business cases, establish contract management plans, seek appropriate approvals and so on. Some contracts were not competitively tendered.
For example, Synergy could not demonstrate competitive tendering for a contract originally valued at 380,000, which then stretched out to over $3 million. The agency also signed an initial contract worth $38 million (with ministerial approval), before reducing the scope to $21 million, and then adding new work onto the contract worth over $30 million — and that time without ministerial approval.
Conflicts of interest were also found — such as a case where a contractor was engaged to develop specifications for required ICT business applications for the Department of Mines and Petroleum that were subsequently put out to the market for companies to support them. However, the contractor had a close relationship with a company which provided support for 12 of the department’s applications.
In response to the issues raised, the departments broadly welcomed the auditor’s issues — broadly noting they were taking action to address the problems. For example, several are updating their new ICT strategic plans, with Synergy in particular noting it had appointed a new chief information officer, and Lotterywest establishing a corporate project management office.
The report represents the latest in a series of concerning reports into the Western Australian Government’s use of technology. In July this year, for example, and eight years after it was begun, the state announced it would cancel its controversial plan to provide shared corporate services to its departments and agencies through a centralised platform. The move came after the publication of an extensive report into the troubled project by the state’s Economic Regulation Authority.
In addition, in June, auditor-general Murphy published a report into ICT security within the government, noting that none of a wide range of government departments and agencies in the state were at that stage able to prevent basic cyber-attacks against their IT infrastructure — or even detect that they had taken place.
This doesn’t surprise me. After reading dozens of similar reports by State and Federal Government auditors over the past decade, I have come to believe that it is relatively normal for Australian departments and agencies to lack ICT strategic plans, basic IT security controls, technology governance structures and so on. This is an endemic problem.