When IT governance goes wrong
- 21 September, 2010 19:21
- Comments
Inefficient IT projects are the bugbear of every IT manager.
Speaking the World Computer Congress 2010 in Brisbane, manager of Griffith University’s internal audit office, Cathy Blunt , provided an interesting insight into the main contributing factors to failed or inefficient IT products in government agencies. The public university has undergone internal changes to prevent similar failures, although Blunt wasn’t shy of self-criticism in her review of what sends government IT projects over the edge. Here are some of her thoughts.
Strategic Alignment
“The one that’s probably got the most press coverage over the last few months has been the Queensland Health payroll system. There’s a Queensland auditor’s report about that — it’s well worth a read. It will keep you awake at night for a little while if nothing else.
“In terms of strategic alignment there are a couple of things that the Queensland Audit Office included in their report: There were unclear roles and responsibilities, particularly those in Queensland Health and the people within CorpTech responsible for actually delivering the system, as well as IBM, the service delivery partner with CorpTech. The responsibility between those and who was responsible for the project outcomes was very unclear.
“There was also a lack of strategic outcomes as to what it was they were trying to deliver. Queensland Audit Office quite roundly criticised Queensland Health for not reviewing the awards for their staff before they tried to implement the system to try and reduce the number of awards that were captured in the payroll system they were delivering.
“The [Queensland] Department of Employment and Training was also hit with the same Queensland Audit Office report — they didn’t just want to pick on Queensland Health — and they were criticised for their IT Governance framework not being documented.
“Just to show that auditors don’t always get it right, the Australian National Audit Office (ANAO) was reviewed by KPMG and was criticised for needing better alignment needed between its key risks and IT strategic plan.”
Value Delivery
“The NSW Licensing Project certainly comes up fairly high. A lot of issues were raised that the initial business case did not consider all the agencies involved around savings, what the risks would be, how they would manage the risks involved with the project, how the change management would occur and also training across all of the agencies; it certainly involved a lot of backtracking to compensate.
“The [Queensland] Department of Public Works was criticised for not having mechanisms to demonstrate the value in their projects.”
Risk Management
“Queensland Health was again criticised by the Queensland Audit Office because significant risks in relation to the payroll project weren’t identified, quantified and they kept changing the goal posts as to what the risk framework was actually going to look like during the project. They dragged down the risk rating for some of the definitions during the project.
“The Queensland Department of Employment and Training also comes under fire again for some of their risk management processes in IT. No formal IT risk management processes or registers were in place over projects and other IT activities.”
Resource Management
“Griffith University — our own organisation, had a payroll project that was running over time and budget so they cut back the user acceptance testing (UAT) and refused to push back the go live date on it. Probably another month would have done it, but we found quite a number of issues after go live, that I actually identified as part of a payroll audit. Management didn’t find it themselves, and it took another 18 months before they addressed the issues and fixed it up.
“Because it was running over time and under budget, as soon as the project went live, all of the project skills from the contractors working on the project were shown the door, so we had no expertise there, and had to scramble to find people who had gone off to other projects.
“The Office of State Revenue had a major ICT revenue system going live at the same time as CorpTech was implementing a whole heap of SAP systems across Queensland Government. Queensland Treasury had an ICT steering committee, but we found that CorpTech were attracting the Office of State Revenue’s SAP experts by paying them better. It was obvious one part of Queensland Treasury wasn’t talking to the other.”
Performance Management
“The ANAO was criticised again for not providing key performance indicators for its IT strategic plan objectives. You’d think IT auditors would know better than that, but we like to keep ourselves on our toes every now and again.
“The Queensland Dept of Employment and Training had no project management office to oversee identification and measurement of project benefits. I had a discussion recently with the audit officer at the Department of Employment and Training and he had a lot of the issues that came out of the Queensland audit report. He has taken those lessons learned and turned it into a checklist, and has taken it to his information steering committee and IT management, and said: This is what I need you to check off for every project now, and show me you’re addressing these issues.’ It has been a nice way to turn around the learnings coming out of the work that’s been done in the Queensland Audit Office.”
Blunt also shared some of the issues she has found after spending four years internally auditing projects at Griffith University:
- Lack of formal IT risk assessment frameworks and registers
- Project methodology not always followed
- Project benefits realisation not identified and monitored
- IT Governance committees not working effectively
- Business agenda does not always meet best practices or expectations
- IT policies and procedures no implemented consistently
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Bookmark this page
- Share this article
- Got more on this story? Email CIO
- Follow CIO on twitter
-
Face Time - Interview with John Brennan and Robert DiStefano
-
Monday Grok: Will Siri crack the walls of GOOG?
-
Face Time - Interview with John Brennan and Robert DiStefano
-
Face Time - Interview with John Brennan and Robert DiStefano
-
Phones are distractions during catch-ups
-
Simplifying branch office security
Securing your business network is more important than ever. Malware, botnets and other malicious programs threaten your network—at your central offices and your branch offices alike. Yet enforcing consistent network security throughout your enterprise can be challenging—especially for those of you with branch offices with few users and no IT expertise. This paper introduces a new standard—an innovative, unified, cost-effective solution for managing branch office security, with centralised reporting and a clear process for determining return on investment (ROI). -
Seven Tips for Securing Mobile Workers
Seven Tips for Securing Mobile Workers is intended to offer practical guidance on dealing with one of the fastest growing threats to the security of sensitive and confidential information. -
Gartner MarketScope for Application Life Cycle Management
Organisations adopting agile practices, utilising global and distributed teams, or exploiting complex processes and technologies are most likely to benefit from using ALM tools to plan, manage and report on their development activities. This MarketScope assesses the market offerings and their providers.
-
Unix for Dummies, 5th Edition
-
Software Testing Fundamentals
-
Microsoft Official Academic Course
-
Game Programming
-
Professional Sharepoint 2007 Web Content Management Development
-
Professional ADO.NET 2
-
.Net Web Services Solutions
-
Apache, MySQL, and PHP Weekend Crash Course(tm)
-
Patterns for Parallel Software Design
Get exclusive access to Invitation only events CIO, reports & analysis. 
Comments
Post new comment