When IT governance goes wrong
- 21 September, 2010 19:21
Inefficient IT projects are the bugbear of every IT manager.
Speaking the World Computer Congress 2010 in Brisbane, manager of Griffith University’s internal audit office, Cathy Blunt , provided an interesting insight into the main contributing factors to failed or inefficient IT products in government agencies. The public university has undergone internal changes to prevent similar failures, although Blunt wasn’t shy of self-criticism in her review of what sends government IT projects over the edge. Here are some of her thoughts.
“The one that’s probably got the most press coverage over the last few months has been the Queensland Health payroll system. There’s a Queensland auditor’s report about that — it’s well worth a read. It will keep you awake at night for a little while if nothing else.
“In terms of strategic alignment there are a couple of things that the Queensland Audit Office included in their report: There were unclear roles and responsibilities, particularly those in Queensland Health and the people within CorpTech responsible for actually delivering the system, as well as IBM, the service delivery partner with CorpTech. The responsibility between those and who was responsible for the project outcomes was very unclear.
“There was also a lack of strategic outcomes as to what it was they were trying to deliver. Queensland Audit Office quite roundly criticised Queensland Health for not reviewing the awards for their staff before they tried to implement the system to try and reduce the number of awards that were captured in the payroll system they were delivering.
“The [Queensland] Department of Employment and Training was also hit with the same Queensland Audit Office report — they didn’t just want to pick on Queensland Health — and they were criticised for their IT Governance framework not being documented.
“Just to show that auditors don’t always get it right, the Australian National Audit Office (ANAO) was reviewed by KPMG and was criticised for needing better alignment needed between its key risks and IT strategic plan.”
“The NSW Licensing Project certainly comes up fairly high. A lot of issues were raised that the initial business case did not consider all the agencies involved around savings, what the risks would be, how they would manage the risks involved with the project, how the change management would occur and also training across all of the agencies; it certainly involved a lot of backtracking to compensate.
“The [Queensland] Department of Public Works was criticised for not having mechanisms to demonstrate the value in their projects.”
“Queensland Health was again criticised by the Queensland Audit Office because significant risks in relation to the payroll project weren’t identified, quantified and they kept changing the goal posts as to what the risk framework was actually going to look like during the project. They dragged down the risk rating for some of the definitions during the project.
“The Queensland Department of Employment and Training also comes under fire again for some of their risk management processes in IT. No formal IT risk management processes or registers were in place over projects and other IT activities.”
“Griffith University — our own organisation, had a payroll project that was running over time and budget so they cut back the user acceptance testing (UAT) and refused to push back the go live date on it. Probably another month would have done it, but we found quite a number of issues after go live, that I actually identified as part of a payroll audit. Management didn’t find it themselves, and it took another 18 months before they addressed the issues and fixed it up.
“Because it was running over time and under budget, as soon as the project went live, all of the project skills from the contractors working on the project were shown the door, so we had no expertise there, and had to scramble to find people who had gone off to other projects.
“The Office of State Revenue had a major ICT revenue system going live at the same time as CorpTech was implementing a whole heap of SAP systems across Queensland Government. Queensland Treasury had an ICT steering committee, but we found that CorpTech were attracting the Office of State Revenue’s SAP experts by paying them better. It was obvious one part of Queensland Treasury wasn’t talking to the other.”
“The ANAO was criticised again for not providing key performance indicators for its IT strategic plan objectives. You’d think IT auditors would know better than that, but we like to keep ourselves on our toes every now and again.
“The Queensland Dept of Employment and Training had no project management office to oversee identification and measurement of project benefits. I had a discussion recently with the audit officer at the Department of Employment and Training and he had a lot of the issues that came out of the Queensland audit report. He has taken those lessons learned and turned it into a checklist, and has taken it to his information steering committee and IT management, and said: This is what I need you to check off for every project now, and show me you’re addressing these issues.’ It has been a nice way to turn around the learnings coming out of the work that’s been done in the Queensland Audit Office.”
Blunt also shared some of the issues she has found after spending four years internally auditing projects at Griffith University:
- Lack of formal IT risk assessment frameworks and registers
- Project methodology not always followed
- Project benefits realisation not identified and monitored
- IT Governance committees not working effectively
- Business agenda does not always meet best practices or expectations
- IT policies and procedures no implemented consistently
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Real-Time Protection Against Malware Infection
- Governance For All - Empowering IT and Business Content Owners
- Choice and Control – Considerations for Developing Enterprise Cloud Strategies
- Vodafone Ireland Implements World-Class Service Excellence with HP BSM
- Tolly Report: Performance Survey of Virtual Environment Security
Why change management doesn’t work
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
Staying Ahead of the Data Explosion
The total volume of data being processed and stored by businesses is rising exponentially. IDC has estimated that the size of the "digital universe" will increase 29 fold between 2010 and 2020. Data storage technology has undergone a steady increase in capacity, along with a steady decline in the cost per unit to store information. Unfortunately, data storage capacity is not keeping pace with data growth and necessitating greater intelligence in the storage infrastructure. Read more.
The SPARC Difference - Reduce Risks, Cut Costs, Power Innovation
Despite current economic factors, IT investment continues to be fueled by the need for better and more agile IT capabilities to support an enterprise’s business strategy, as well as to keep up with the rapidly changing demands of the ‘always-on’ user. However, budgets are squeezed and executives are under pressure to reduce capital expenditure and streamline administrative costs. A key strategy is to consolidate and refresh existing IT infrastructures. Download now to find out what technology can add value and enable you to change the shape of your IT budget and, to transform IT into a force for change and innovation.
Vodafone Ireland Implements World-Class Service Excellence with HP BSM
Shane Gaffney, head of IT operations explain how HP Business Service Manager solutions have helped Vodafone to transform from a reactive to a proactive IT Operations function, and to align their priorities to match the business and drive business value, delivering 300% ROI in one year. Download today.