Hall goes on to say that in the public sector, such contracts create a perfect procurement storm that can wreck the best of intentions, and that under such conditions agencies are effectively asking potential bidders a foolish question that can be roughly translated as: "Given this obsolete and imperfect description of what we want and a schedule that was established with mechanisms unrelated to the work involved, give us a guaranteed cost that accounts for the information we haven't told you, delays beyond your control, unanticipated surprises and changes yet to be identified".

Systems integration firms know that daring to admit that this is a stupid question will result in their exclusion from a share of the multimillion dollar procurement.

In fairness it must be pointed out that Harrison defends the original price estimates, pointing out they only came about because at the time of the original outsourcing Customs knew it needed a new system called Cargo Management, and needed to "strike a number that they could use as a benchmark to evaluate the outsourcing". He also rejects headlines asserting the cost has blown out to $146 million, saying in his view the only sensible comparison is between the original $30 million and the actual cost of the ICS, which should be around $50 million.

"There was no suggestion originally when the $30 million was mentioned that that included either the CCF - the gateway component - or the Customs costs," he says.

"There was no basic science about anything in relation to this, so those comparisons are just sort of silly," Harrison says. "And as I say, when you look at the numbers, at the sort of business outcomes in this thing - we're collecting $6 billion in revenue, 55 million EDI transactions a year - you know, we think $146 million is pretty bloody good," he says.

Peachey also defends the mounting costs, pointing out that the original estimate of $30 million was made in an early discussion with industry before Customs had even set the user requirements.

"If you think about this project as being in development in earnest over the last three years, we've got a project team that we have to pay; we also have all the training materials and the industry support. We're developing interactive tutorials, we've put over 30,000 publications out, we've presented to more than 10,000 industry participants, all of that doesn't actually come free," she says. "So the total cost also includes the payment of staff for the legislative changes and also the restructuring changes, and the business process; that needs to be put into perspective. Yes, there have been some cost blowouts, but they are well documented and well publicized."

That may be the case. What is also clear is that the fact of that original estimate, and of the original fixed price contract, has seen Customs forced to the back foot by pressure from the federal opposition and a barrage of sensational headlines over recent times, like: "Customs faces tech calamity", "Customs defends its $146m system", "$80m Customs IT rejig in deep trouble", "Customs project postponed again" and "Customs busted in $100m overrun".

And therein lies the rub. Ironically, in his analysis of why so many public sector IT projects run into difficulties, Hall specifically points to the bad publicity that surrounds public sector project failures as contributing to the government sector's extreme aversion to risk.

"When a government project fails, the media quickly blast the administration for 'another public sector disaster', usually without providing a context for the discussion in terms of project difficulty," Hall writes. Combined with the natural tension between the executive and legislative branches and the increased potential for delay or rejection of the business case if the risk is candidly discussed, he concludes bad publicity tends to discourage the kind of upfront discussion of the uncertainty and risk so prevalent in the private sector.

The result of risk aversion is that business cases in the public sector tend to downplay risk by marginalizing and minimizing identification and discussion of potential problems and discouraging identification of stop/go decision points in the project life cycle that imply the project might be cancelled.

Harrison would likely agree, at least about the IT media. Harrison insists the ACS was aware of the risks from the outset and has always been willing to acknowledge the project was high risk, and points to research that highlights the increased risk attached to any project of more than 15,000 function points as proof that the media is being unfair.

However, once again the view is different on the outside. EDI's White fears that with the honourable exception of Harrison, the project may be severely lacking enough experienced and talented IT project managers able to understand the contract and risk management processes. And he claims junior staff will not speak out about problems and risks for fear of repercussions.

"The best way for a project manager to manage a project is to see the risks clearly, and to react to those things as they occur, because they all happen in real time. You can see things starting to not work and you can see parts of the project failing and you can see things symptomatic of deeper problems," White says. "A good project manager digs into that, finds out what's going on, ameliorates the problem, and continuously works with that process to make it better. What's happening at Customs is they're saying: 'No, no, it's all fantastic. The contractors are doing a great job. We're very happy with the process.' Yet, we get failure after failure after failure in terms of delivery of quality product."

If there is any objective accuracy to claims that the agency has had a tendency to bury bad news, Hall would say the Customs is far from alone. Under the heading "Project Status: If we punish the bearers of bad news, bad things will stop happening", Hall claims: "In the public sector . . . none of the sponsors, stakeholders or oversight bodies in the complex web of authority wants to be the last to discover that the project is troubled. This manifests itself as extreme sensitivity to the reporting of variance from plans," he notes.

"I'm not sure I agree fully with his [Hall's] interpretation of risk," Harrison comments. "I think private enterprise has a bent, if you like, to talk about public service aversion to risk but I think the reality is that we're just talking about different types of risk."