- Evidence received
Overview
2.1This chapter summarises the themes and issues discussed in the evidence in relation to audits examined and procuring information technology. This includes:
- developing information technology capability within the Australian Public Service
- oversight of large information technology projects and procurement processes
- project delivery models
- project and procurement planning
- project funds, management and leadership
- project review and assurance, including gateway reviews
- advice and updates on project progress and completion.
- The Committee’s views and recommendations can be found in the next chapter.
Developing information technology capability
2.3Evidence received during the inquiry indicated that Australian Government departments supplement existing skills among their staff with external contractors due to capability gaps.
2.4For example, the Australian Public Service Audit of Employment (the Employment Audit), released in May 2023, found that the Australian Government had spent $20.8billion on an external labour workforce in the 2021-22 financial year (of which 43 per cent or $1.9 billion was spent on ICT or digital delivery contracts). At the time, the Finance Minister observed that the findings of the audit revealed a ‘shadow workforce’ within the public service.
2.5Data and digital transformation of public services continued to be a focus point for successive governments. For example, the 2022-23 State of the Service Report found that 76 per cent of agencies had identified ‘critical skills shortages’ in the area of digital and information technology.
2.6In December 2019, the Thodey Review found that the Australian Public Service needed to use data to provide better advice to the government of the day and better services to all Australians, but this required building capability in data and digital expertise. The Review stated that 65 per cent of agencies cited skills and capability as a barrier to using data, and 58 per cent of agencies thought they were under skilled in the digital aspects of delivery. The Review recommended that the Australian Government build data and digital expertise across the service by applying the professions model and creating Centres of Excellence. The Australian Government agreed in part to establish separate digital and data professions to build capability and support career paths in these critical areas.
2.7In November 2023, the Australian Government published the Thodey Progress Report, acknowledging that while the operating context of the Australian Government had shifted since the publication of the Thodey Review in 2019, the review remained ‘an important bedrock’. The Thodey Progress Report found that four out of the six recommendations related to data and digital transformation ‘complete’, with two ‘underway’ as at that time.
Digital Transformation Agency (DTA)
2.8The Digital Transformation Agency’s role includes the following:
- provide strategic and policy leadership on whole-of-government and shared ICT investments and digital service delivery
- develop, deliver and monitor whole-of-government strategies, policies and standards for digital and ICT investments, including ICT procurement
- manage strategic coordination and oversight functions for digital and ICT investments across the project life cycle, including providing advice on whole-of-government reuse opportunities
- manage whole-of-government digital procurement to simplify processes for government agencies, reduce costs and generate opportunities to reuse platforms and capabilities
- provide advice to the minister on whole-of-government and shared digital and ICT investment proposals
- undertake other relevant tasks as the minister may require.
- The Digital Transformation Agency told the Committee that its role has since expanded to include ‘a strong focus on doing assurance over the digital and ICT investments of the Commonwealth to make sure that they realise their goals’.
- Recent work to enhance capability includes the Data and Digital Government Strategy 2023. The Strategy has objectives that include:
- uplifting APS capability to ensure staff can effectively engage with data and digital technologies to produce useful insights, advice and operate more productively
- increasing the gender diversity of those working in digital and ICT roles in the APS
- developing a whole-of-APS Digital Workforce Plan
- improving pathways for entities to share technical expertise
- engaging with industry and global experts to stay informed of the latest tools, technologies and methodologies in data and digital capability development
- ensuring further development of data and digital skills.
- The Digital Transformation Agency submitted:
Through the Data and Digital Government Strategy, released jointly by DTA and the Department of Finance in late 2023, the Government recognises the need for a variety of skills and capabilities to support the implementation of data and digital technologies across the APS and has committed to the development of a Whole-of-APS Digital Workforce Plan.
The plan will represent an enterprise-wide view on how to equip the APS workforce to tackle immediate and emerging skills required for digital technologies. It will identify a suite of actions under key principles to guide Australian Government agencies to empower and skill their workforce with the capabilities needed to thrive in the digital space.
2.12The DTA told the Committee:
In partnership with Digital Victoria, the DTA trialled a senior responsible officer education program in 2023 with participants drawn from across 15 agencies. Work is underway to consider how this program might be rolled out more broadly as well as uplifted to best meet the needs of digital project leaders in the Australian Government.
Australian Public Service (APS) Digital Profession
2.13The Digital Profession was established along with the APS Digital Professional Stream Strategy in April 2020. The Strategy aims to ‘lift the digital expertise of the APS workforce, addressing the long-term capability needs to transform government services and progress the digitally-focused elements of the APS Workforce Strategy 2025’.
2.14The Digital Transformation Agency noted the following focus areas:
- collaborating across the APS on the development of a Data and Digital Workforce Plan to identify additional initiatives required to develop the future digital and data capability needs of the APS
- implementing new methods to build foundational skills in digital at all APS levels to operate in an increasingly digitally enabled and data driven environment
- collaborating with the DTA to build the skills and capability of APS leaders delivering large digital projects through training in theory and practical examples.
- The Committee asked how the Digital Profession sets measurable goals in relation to improving Australian Public Service skills. The Digital Transformation Agency said:
The Australian Public Service Commission (APSC) has developed a comprehensive framework to monitor the digital capability of the APS workforce. The evaluation of learning programs (including those provided through the Digital Professions) is only one of the four objectives that are tracked: the other three are the attraction, retention, and deployment of digital talent. For each objective, the framework monitors a number of indicators which are gathered from multiple data sources. For the evaluation of learning programmes, for example, it measures attendance, learning gain and application of the material to the work context.
Australian Public Service Strategic Commissioning Framework
2.16The APS Strategic Commissioning Framework provides agencies with mandatory requirements and principles to follow to reduce reliance on contracted services at an organisational level.
2.17The Framework notes that agencies must ‘move away from outsourcing work that is the core role of the APS or the agency.’ Further, agency heads are ‘accountable for rebalancing their workforce to prioritise direct employment, strengthen capability, and ensure any use of external expertise enhances the work and knowledge of the APS’.
2.18The Framework intends that ‘over time – when supported by APS recruitment, skilling and mobility – this approach will deepen system-wide capability and reduce the risks to integrity, expertise and public trust posed by excessive outsourcing.’
2.19The seven principles of the Framework are:
1start with rigorous planning
2APS employment is the default
3use APS networks first
4use external support in limited circumstances
5maximise the benefits and minimise the risk of any external arrangements
6apply merit when converting roles
7monitoring and accountability.
Oversight of Australian Government information technology procurement and projects
2.20The Department of Finance and the Digital Transformation Agency have oversight of procurement, project management and assurance.
2.21The Digital Transformation Agency’s role includes:
- the ICT Investment Approval Process
- the Investment Oversight Framework
- the Assurance Framework for Digital and ICT Investments
- The Department of Finance’s role includes:
- the Gateway Review process
- Commonwealth Procurement Rules
Digital Transformation Agency oversight
2.23The Digital Transformation Agency’s website states:
The DTA has Whole-of-Government responsibility for managing strategic coordination and oversight functions for digital and ICT investments, including during the delivery phase. The DTA will separately provide advice and ongoing oversight of assurance arrangements to ensure assurance is applied effectively to maintain delivery confidence in implementation of the proposal.
2.24Agencies are required to consult the DTA when developing digital and ICT-enabled proposals to seek advice on alignment with the government’s policies and must commence consultation with the DTA at the earliest opportunity to allow the Agency to provide advice on proposal development. The DTA will assess eligibility based on pre-determined criteria.
2.25This includes:
- the information technology investment approval (IIAP) process
- the Investment Oversight Framework (IOF).
- However, the DTA emphasised that accountability for delivering agreed outcomes always remains with the lead agency. The IIAP process applies if a proposal:
- is digital and ICT-enabled (the policy or service delivery outcomes are highly dependent on the underpinning digital and ICT system)
- has a total whole-of-life cost estimated to be $30 million or more, including total whole-of-life digital and ICT costs of $10 million or more. Whole-of-life costs must include operational costs, capital costs, and maintenance costs
- is assessed by the DTA as high risk through consideration of a Risk Potential Assessment Tool (RPAT) assessment. This risk may relate to factors such as significant change, cost, technical or business complexity, workforce capacity, and schedule.
- The IIAP involves a staged approval process, whereby agencies develop a business case to enable that Cabinet, and relevant government committees have sufficient information about the proposal.
Table 2.1Digital Transformation Agency staged process for ICT Investments
| | |
First pass approval | To provide sufficient level of information on the benefits, costs, risks and range of implementation options. | A clear strategic narrative to demonstrate alignment of business needs to policy objectives, realistic ICT options to deliver outcomes and manage risks, an indicative cost estimate, benefits and indicative schedule. |
Second pass approval | To provide and build further detail on the options agreed by Cabinet for further development. | Additional details on the delivery schedule, benefits realisation, risks, monitoring and reporting, cost estimate based on rigorous planning of required digital/ICT infrastructure, proofs of concept, approaches to market, expert external advice, overseas or domestic implementation, governance, and agreed assurance activities such as those with DTA or Finance |
Combined pass approval | Where there is urgent need for investment or rapid implementation needs, the relevant Minister may seek agreement to bring forward a second pass business case without first bringing forward a separate first pass business case. | The supporting business case for a combined pass approval must meet second pass business case requirements. |
Source: Digital Transformation Agency
2.28The IOF comprises six states:
- strategic planning: the DTA defines and sets the direction and vision for digital transformation within government to effectively deliver services and outcomes
- prioritisation: the DTA maintains visibility of the short, medium and longer term pipeline of proposed digital investments, to improve planning and identify capacity and capability gap, risks, opportunities for reuse, and ensuring alignment of investments with the digital transformation vision
- contestability: the DTA works with agencies to ensure that proposals are robust and are meeting whole-of-government digital policies and standards, prior to government consideration
- assurance: throughout delivery the DTA provides ministers and key stakeholders with confidence and assurance on whether projects are on track to achieve objectives
- sourcing: the DTA provides strategic sourcing advice and value for money arrangements to simplify digital procurement.
- In addition, the Digital Transformation Agency has developed an assurance framework, which is outlined below.
Table 2.2Digital Transformation Agency’s tiered model for assurance
| |
Tier 1 – Flagship digital investments | Represents the Government’s most complex and strategically significant investments, responsible for transforming the experience of people and business. For example, the Digital ID Program ($782 million). |
Tier 2 – Strategically Significant digital investments | Usually complex and strategically significant but may not have the same whole-of-government emphasis or same critically, or these projects have comparatively lower estimated costs. For example, the Apprenticeships Data Management System (ADMS) ($86 million). |
Tier 3 – Significant digital investments | Significant investments, likely focused on meeting the needs of one agency or a smaller group of agencies. They generally represent lower risk. For example, Ensuring Radiation and Nuclear Safety for all Australians ($3 million). |
Source: Digital Transformation Agency supplementary submission, page 7; Digital Transformation Agency Assurance Framework, page 10.
Department of Finance oversight
2.30The Department of Finance conducts assurance reviews, including oversight of information technology projects. There are two kinds of assurance reviews: implementation readiness assessments and Gateway Reviews.
2.31A ‘gateway review’ is an assurance mechanism. Independent reviewers assess a project’s progress and could identify potential corrective action. A colour system is used to signify issues: red, amber and green.
2.32The following projects are within the remit of Finance to recommend to Government that the proposal should be subject to the Gateway Review process:
- projects with a total estimated cost of $30 million or more for procurement or infrastructure
- projects with a total estimated cost of $30 million or more including an ICT component of at least $10 million
- programs with a total estimated cost of over $50 million.
2.33Project issues identified through the Gateway Review process were observed by the ANAO in Auditor-General Report No. 12 of 2023–24 Administration of the Parliamentary Expenses Management System. The ANAO found that the internal project status reporting displayed discrepancies with the Gateway Review ratings, and re-baselining impacted the overall efficacy of the gateway reviews process:
The definition of an overall red rating was met during the project, for example there were ongoing issues with the scope of the project, the schedule (and therefore benefits realisation) was re-baselined several times, and the budget was supplemented by additional funding. However, Gateway Reviews are a point in time assessment and the PEMS reviews occurred after the project was re-baselined. The Reviews therefore looked at the overall likelihood of success for the project based on the new parameters. This approach potentially reduced the impact of the Gateway Reviews in being able to appropriately escalate issues for action by the Senior Responsible Officer.
2.34In Auditor-General Report No. 20 of 2023–24 Design and Implementation of the Australian Apprenticeships Incentive System the ANAO observed that the Apprenticeships Data Management System (ADMS) had received overall Green or Green/Amber ratings. The ANAO noted in their submission that this reflected the success of this particular project.
2.35Departments procuring external services to deliver information technology projects are required to adhere to the Commonwealth Procurement Rules (CPRs), like any other public sector procurement process. The framework governing public sector procurement is provided by the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and articulated in the CPRs. Achieving value for money is the ‘core rule’ of the CPRs, requiring a consideration of both financial and non-financial costs and benefits associated with procurement. Officials must be satisfied, following reasonable enquiries, that the procurement will achieve a value for money outcome.
2.36Procurement approaches may vary. For example:
- Australian Government entities (or departments or agencies) can choose to procure via open tender, limited tender or from standing offer panel arrangements
- a tender process invites proposals from the private sector to carry out work. While there are many steps and detailed rules, broadly, whichever proposal makes the best offer is then selected and contracted to complete the work
- value for money is usually a key consideration in deciding whether to award contracts.
Project delivery models
2.37The Committee received evidence on delivery models for information technology projects, including on:
- the use of outsourcing (contracting a third party to do the work)
- completing the work with internal staff and resources (in house)
- A mixture of outsourcing and in house options.
- In the context of this inquiry, examples of delivery models varied:
- The Department of Home Affairs developed its visa processing system through a fully outsourced mode.
- The Department of Employment and Workplace Relations’ (DEWR) delivery of the Apprenticeships Data Management System (ADMS) was through a fully in-house capability.
- DEWR used a mixed model to deliver components of the Digital Employment Services model for Workforce Australia. While DEWR retained overall responsibility for the platform and most components were delivered by the department in-house, the following two components were delivered through outsourcing:
- the Procurement and Licence Management System (PaLMS) for program tender and contract management, built on Microsoft Dynamics 365 technology
- the Digital Services Contact Centre platform for DEWR’s contact centre supporting digital job seekers, also using Microsoft Dynamics 365 technology.
- Another approach was used for of the Parliamentary Expenses Management System. While this was reported by the ANAO as delivered in-house, the Department of Finance relied on a ‘fully contracted’ workforce, with most of the project expenditure on contractors, consultants, outsourcing and employees.
- The ANAO noted that the Australian Public Service Strategic Commissioning Framework aims to reduce the reliance on contractors, which has led to a ‘brain drain’ from agencies that had an embedded ‘reliance on contractors’.
- Further, the ANAO observed that senior departmental staff needed to have a base level of understanding of information technology issues. The Acting Auditor-General said:
How do you get a board member, a Deputy Secretary or a Secretary to understand this very technical stuff in the way that they understand risk so that they, therefore, might put more capability to it? … There is work in the academy in the APS around the digital and IT profession, and I think it's worth having.
2.43Some information technology systems discussed during the inquiry have used a ‘systems integrator’ approach. For example, a system integrator model was implemented (through procurement) by the Department of Defence in their delivery of Tranche 1 of the Enterprise Resource Planning Program and by the Department of Home Affairs in the procurement of the Permissions Capability.
2.44A systems integrator approach is where the contractor directly enters into an agreement with the contracting agency. In this arrangement, the agency directly contracts with any third-party service product providers (thus assuming all liability in relation to these agreements) and provide these to the lead contractor as ‘buyer furnished items’.
Systems integration and the Permissions Capability procurement
2.45Where agencies seek to implement a particular model of delivery (such as a systems integrator model), this can impact on other important procurement documentation such as the Request for Tender (RFT), approach to market and draft deeds of standing offer.
2.46During the tender process for the Permissions Capability project, the Department of Home Affairs had initially approached the market for a single contractor to design, implement and support the Permissions Capability. The department envisioned entering into an agreement with the selected contractor where the contractor would:
- assume responsibility for the overall Permissions Capability
- enter into agreements with suppliers for third party products or services directly.
- While the Department of Home Affairs had not used the term ‘end-to-end’ in their tender documents, the ANAO’s analysis was ‘of the substance of what was being sought through the RFT, and this was reflected in relevant records of the procurement’, such as sign-offs by the department’s legal adviser or the tender evaluation report.
- During the tender submission stage, some tenderers proposed the ‘systems integrator’ model. In this model, the Department would be entering into contracts with both the selected tenderer, and with any third-party provider for additional services directly. The selected Permissions Capability Contractor would assume no contractual liability in respect of third-party providers.
- The ANAO found that the fact that several tenderers proposed a different model to that included in the tender posed additional risk and impacted on the value for money evaluation for the tender submissions. The ANAO analysis found that the tender documentation:
…did not clearly identify if tenders that proposed alternative commercial models would be accepted for evaluation, and if they were accepted, how those tenders would be addressed in the evaluation and ranking of competing tenders.
2.50The ANAO recommended:
When undertaking procurements, the Department of Home Affairs clearly identify in its request documentation whether responses that depart from its preferred contracting approach will be accepted and, if so, identifying in its tender evaluation plan how those departures will be addressed in the evaluation and ranking of competing tenders.
2.51The Department of Home Affairs only partially agreed with the recommendation at the time, stating that it did not agree that tenderers were confused as to whether alternative commercial models would be considered in the procurement.
2.52The ANAO said:
The recommendation and audit findings on which it was based do not suggest confusion on the part of tenderers or that tenderers be privy to the department’s tender evaluation plan. Rather, by not addressing in tender evaluation planning how it would evaluate and compare tenders prepared on the basis of different commercial and contracting models to that proposed in the RFT, the department was unable to undertake a ‘full, detailed forensic price normalisation’. This adversely affected the comparative evaluation of tenders by the department.
2.53The Department of Home Affairs submitted that it had fully implemented the ANAO recommendation by updating its approach to market documentation to ‘highlight to procurers that, when planning to source complex requirements, they should consider whether the Department would benefit from alternative solutions to that specified in the Statement of Requirement’.
Procurement and project planning
2.54The ANAO observed that a lack of sufficient planning may create situations where departments eliminate or reduce the competition element between tenderers, by going for limited tender or sole-source options. This may impact on a department’s ability to evaluate proposals and conduct a fulsome value for money assessment by reducing the element of competition.
2.55For example, the Acting Auditor-General noted:
Another risk point that we see—and we talked about it in the hearing preceding this—is time pressure. People are going direct source under the exemptions in the CPRs because they haven't done sufficient long-term planning, and they back their accountable authority into a corner and say, 'Now we have to go direct source.'
2.56The Acting Auditor-General added:
Planning and risk management drive the level of resourcing you put on things, they drive the level of reporting you put on things, they drive the project planning, they drive the contract management, if it's procured, and so people need to actually invest in it.
2.57Further, the Acting Auditor-General said:
Agencies therefore are competing in a market against each other to try to get the capability but also the best value within that capability. If everyone's going out for a new IT system or a new database or a new this or a new that at the same time and there's pressure, are they able to achieve value for money in a market that's quite crowded? There are lots of players, but they are competing for lots of work. So there's risk in that.
2.58The Acting Auditor-General said that consequently, time pressures ‘bring risk to the accountable authority… risk to value for money and it potentially brings risk into the quality of contract management’. In addition, where a direct source was chosen due to planning issues or time pressures, departments may not be appropriately informed of the multiple market offerings available.
2.59The ANAO emphasised the importance of government departments being an ‘informed buyer’ and conducting timely market research and planning in advance of approaching the market. In particular, the Acting Auditor-General noted there is a strong case to conduct Request for Information (RFI) processes in advance of going to market for tender submissions:
I think going out early and doing some research, some benchmarking and sounding out of the market in a properly controlled way, with good probity around it, with good fairness around it and no competitive advantages, enhances business requirements.
2.60DEWR noted that while it has been focused on building its internal capability, there is still a need to supplement those skills from the market from time to time. In these cases, DEWR emphasised that it is striving to be ‘clear that there are some critical roles that, wherever possible, need to be in-house’, including project management and architecture which in DEWR’s view, ‘are critical to the success of the project’.
2.61DEWR officials noted:
… we do need to supplement capability. There are peaks and troughs. Projects end. So we can't always have all of the capability that we need. The key thing I have learned is about being very mindful in how you make the decisions about what roles you go and get from the market. If you do that careful planning upfront, you get better outcomes—that's been my experience.
2.62Further, DEWR observed that it was important to be ‘very mindful in how [departments] make the decisions about what roles you go and get from the market. If you do that careful planning upfront, you get better outcomes’. Department of Finance officials observed that departments should explore whether there is ‘a strategy to uplift or increase [our] capability in the APS area for the long term’.
2.63The Department of Finance noted:
We can't have every specialist and everything inhouse. It is what is fit for purpose. Some of the projects have a really short runway, and you need a special skill set for those sorts of outcomes, so from that perspective we use it on a case-by-case and value-for-money basis to get the right outcome for the government. To summarise, it's not one size fits all.
2.64Services Australia submitted that any ‘deep systems knowledge and business experience will come from the APS’, which ‘cannot be replicated by vendors and should not be’. Services Australia said that agencies should be prioritising knowledge transfer and enhancement of internal capabilities for internal staff, and agencies needed to have mechanisms to equip internal teams with the skills to maintain the product when the contract ceases. Services Australia added that departments should understand ‘critical skill gaps within the agency and make sure those gaps are being filled by the right people’.
2.65Services Australia submitted:
Before starting any ICT transformation, it is essential to have a deep understanding of the intricacies of the business and technical landscape that you operate within. The success of managing ICT systems relies heavily on well-documented and meticulously maintained business and system process documents.
2.66The Australian Computer Society submitted that effective oversight of projects requires significant in-house capabilities in addition to project management methodologies. Instead:
… agency project leads should possess a solid understanding of the project's high-level technical parameters and sound general and financial management capabilities to ensure maximum value is being achieved from the use of public monies. Skills critical for APS project leads include procurement experience, risk management, stakeholder management and engagement, financial management, and general management skills.[63]
2.67The Australian Computer Society also submitted that there are a variety of capability-related issues that currently impact on project delivery, including:
- shortfalls in technological or digital capability at senior management levels
- obstacles caused by private sector providers not familiar with government or public sector requirements
- issues with resourcing transparency in situations where skills requested by the procuring agency are then subject to resource substitution by the contracted supplier (such as systems integrator arrangements)
- outsourcing expertise to third-party providers to compensate for missing skills within the procuring agency.
2.68The ANAO said that while outsourced information technology projects have been a long-standing feature of the public sector, it is important to have embedded business analysts who understand how departmental systems behave. There is a need to be an ‘informed buyer’, and for that, departments require sufficient internal capability.
2.69The ANAO noted:
A lot of entities, even where their IT services are delivered in-house, rely on contractors—there is in-house personnel and then contractors. We do see that, where entities have less in-house staff with an IT capability, the less able they are to articulate to their providers what their needs are, to assess whether things are going wrong or not, to assess whether they're getting what they should be, to make those judgements and to provide themselves with assurance that they're getting the services they expect.
Planning and the parliamentary expense management system (PEMS)
2.70As reported by the ANAO, the Department of Finance used a ‘fully contracted’ workforce to build and deliver the PEMS system. Finance advised the ANAO that the project workforce planning was covered under an initial procurement plan. The ANAO made the following observations on the procurement plan and details surrounding its contracted workforce:
This document is the approval to approach the market for resources for PEMS and another project. It was not a discrete document that maps the resources or capability required over the project and it did not specify what resources were specifically for PEMS.
2.71During the project, additional resources were required, which the Department of Finance managed through changes to the integrated project plan and schedule.
2.72While the ANAO found that updates were made to the integrated schedule throughout the project, the Department of Finance was unable to demonstrate how changes to resource requirements were operationalised, such as updates to the resource plan in response to delays, or updates to resourcing profiles to reduce expenditure where there was budgetary overspend.
Project funds
2.73Funding for Commonwealth information technology projects is approved during the annual budget process. Projects valued over specific thresholds are subject to the ICT Investment Approval Process (IIAP), which the Department of Finance administers.
2.74When asked about the delivery of the Digital Employment Services System, DEWR stated:
… we had anticipated getting tranches 2 and 3 funding, but that didn't arise…
…. Where we can make enhancements we will, where funding is available, but we had originally anticipated getting future tranches of funding that, for other government priority reasons, we didn't get. That's why I think there are some areas in the system where we probably could do further investment, but we do need to have funding identified to do that. And that's a matter for government to prioritise.
2.75Mr Joshua Kennedy-White submitted that there was a systemic issue around the New Policy Proposal process, noting that the process was ‘characterised by overpromising to secure approval, leading to unrealistic expectations. This sets projects up for failure as they are initiated with underestimated costs and timelines.’[70]
2.76The Boston Consulting Group recommended a pathway to shift investment proposal approaches from project-based funding to ‘product-based’ funding, observing:
Digital technology platforms, products and services are rarely 'once-and-done' investments. Delivering modern and high-quality digital services requires continuing development of new features and enhancements.[71]
2.77The submission also referred to the approach of the New South Wales Government’s Digital Restart Fund (DRF). The NSW DRF is a Special Deposit Account, established through the Digital Restart Fund Act 2020 (NSW). The DRF:
…funds iterative, multi-disciplinary approaches to planning, designing, and developing digital products and services in NSW.
2.78Agencies providing evidence to the Committee emphasised the need for clarity and planning in funding models for not only the initial implementation, but also enhancements, upgrades and sustainment. For example, DEWR drew attention to the importance of budget allocations beyond just the development phase to cover funding for ongoing sustainment and user-led improvements.
2.79Lack of planning at the outset of a procurement or project can impact on available funding through the delivery lifecycle. For example, Auditor-General Report No. 12 of 2023–24: Administration of the Parliamentary Expenses Management System found that the government had agreed to the second pass business case for the project as part of the 2017–18 MYEFO process, including agreement for Finance to deliver the project in-house by June 2020 and provided funding of $38.1 million. However, the scope of the initial project brief and management plan was not clear, there was an inconsistent approach to gathering and agreeing user requirements, leading to milestones not being met and the project schedule being re-baselined a number of times following delays. This impacted the budget, with total expenditure on 30 June 2023 being $74.3 million.
Project management and leadership
2.80During the inquiry, some evidence discussed project management approaches. One project management approach, described as ‘agile’, is an iterative and incremental approach. This contrasts with traditional modes of management, such as the ‘waterfall’ mode.
2.81DEWR supported the ‘agile’ project management approach, which was used in a previous modernisation attempt for the apprenticeships system. Adam Shain, Acting Chief Digital Officer at DEWR stated:
We use incremental delivery—or agile, for the enthusiasts—and we think that's important because that lets us derisk the projects by delivering outcomes early that we can test with users. We can get real feedback from users and use that to respond and iterate as we go, and it also gives the senior responsible officer the opportunity to course-correct if things are going off track. That helps with benefits realisation.
2.82Similarly, the Acting Auditor-General observed:
… I think the agile approach has its benefits in risk management. The funding approach can determine how successful you are in all of that and at what points you need to seek additional funding for additionality that emerges.
2.83The Department of Finance advised the Committee that they had delivered the PEMS system through a ‘combination of the agile and waterfall’ approaches.
2.84A submission from the Australian Computer Society said that projects may face complexities such as budget overruns, delays or difficulties meeting stakeholder expectations where there are shortfalls in technological or digital capability at senior management levels.
2.85A submission from Mr Josh Kennedy-White submitted that the lack of IT strategy and policy leadership contributes to ‘inadequate project planning and execution’, which results in ‘strategic misalignment and mismanagement of projects’. Further, MrKennedy-White observed that there was a shortage of skilled project managers internally in government, leading to a consequent ‘over-reliance on external contractors, who may not always prioritise the Government’s best interests’.
Senior responsible officer
2.86Some departments and agencies will appoint a Senior Responsible Officer (SRO) as the key point of responsibility for a project. The Department of Finance describes the SRO as being:
… the official within a sponsoring entity who is the single point of overall accountability for the successful realisation of programme/project outcomes and objectives. Typically, the SRO would be an officer at the Senior Executive Service Band 2 or Band 3 level.
The SRO also has the authority to make decisions affecting the progress of the programme or project. However, the SRO is not responsible for the day-to-day management of a programme or project.
2.87The ANAO has commended the idea of an SRO as a ‘single point of accountability’, noting that the model worked best where departments appropriately clarified the SRO’s role and responsibilities:
Clearly documenting the role and responsibility of an SRO is important because departments, agencies and the public sector aren't simple and linear, and so making sure that SROs are very clear about their roles and responsibilities, their reporting lines and the responsibilities that they have, and the ones that they need to bring together with others, I think is a good concept.
2.88The Digital Transformation Agency’s assurance framework contains a section on SRO requirements. The framework recognises the central role of the SRO in achieving the requisite tone at the top and the important role that is played by agency SROs in the assurance system that supports the successful delivery of projects:
As the official with ultimate accountability for the investment’s delivery, SROs are required to champion assurance that is fit-for-purpose and aligned to risk and complexity.
2.89DEWR submitted that the recent delivery of the ADMS was successful due to their implementation of the SRO model. This model was supported by a dedicated Change Management Office, Project Manager, and Product Manager and resulted in ‘increasingly successful releases, that included external stakeholders acknowledging the benefits’. During public hearing proceedings, DEWR expanded on their model in this project. According to the ADMS project SRO, the starting point was to ‘professionalise’ the SRO role:
I'm sure the ANAO has seen in other areas that, where we appoint a SRO, part of their job is managing a large build and they're doing their day-to-day work as well, they've got a couple of people running a project management office with some consultants and they've got a little bit of change management happening. We've moved very far away from that. It's more professional, I would think, in the APS. Not only do we have a project management office; I've got a change management office that sits underneath my structure as well.
2.90Secondly, DEWR noted the value of embedding policy delivery staff into information technology teams to enable ‘ongoing discussions about where the policy is going’ and what the department is doing. DEWR said that staff with digital expertise were co-located with the policy teams.
2.91In its submission, the Australian Taxation Office (ATO) noted that digital and ICT projects have an inherently higher degree of uncertainty and complexity compared to other types of Commonwealth Government investment. It is therefore important to have an appropriate SRO model combined with technical and policy delivery staff. The ATO submitted:
Digital and ICT transformations in government are often combined with other initiatives, including policy reform, legislative changes, business process re-engineering, and organisational realignment. The difficulty of effectively implementing a digital and ICT transformation project increases exponentially with each additional layer of complexity. External dependencies, competing organisational priorities, and overlapping change initiatives all degrade the ability of a project to optimally align and sequence efforts.
Project review and assurance
2.92The Committee heard that conducting formalised reviews of projects after implementation (within a reasonable timeframe) is important for recognising learnings and lessons for future projects.
2.93The Department of Finance said that they would usually do ‘a closure report on any project, having regard to the size’. The DTA’s Benefits Management Policy considers that ‘benefits articulation and management requires ongoing refinement throughout the life of an investment.’
2.94The ATO submitted:
Reflecting on performance and capturing what worked and what did not is best practice for all projects regardless of size. The ATO continues to evolve and mature, learning from both the successes and challenges presented by the implementation of large, complex change.
2.95The ATO has implemented a requirement to complete end of program reports to learn from each project:
All programs in the ATO are required to complete an End of Program Report to confirm all benefits have been delivered, there is operational acceptance from business and to ensure plans are in place to realise the Program's intended value post-closure. Key lessons learned are also captured and documented in the final report. There may be additional external agency assurance requirements depending on the program scale and complexity.
2.96DEWR observed:
…benefits realisation also allows us to provide a case back to government when we want to build a new IT system, when we want to implement new initiatives as well, and we can say, through the benefits realisation of these other projects, 'This is how much money is being realised in terms of the benefit.' It starts to build a case, if that makes sense, and steers you towards, hopefully, a positive decision around further investment in IT.
2.97The Digital Transformation Agency established a Benefits Management Policy in March 2023, noting that the policy is intended to address a ‘shortfall’ in the transition from lessons identified to lessons that are ‘truly learned’ (and thus implemented in future projects). The Policy is intended to allow the DTA to work together with the Department of Finance to ensure that ‘learnings coming out of gateway reviews are being systematically captured and applied to informing the future design of projects.’
2.98The 2020 Independent Review of the Australian Public Service emphasised the central role of agency accountability to improve on the delivery of government services. Recommendations included improving the delivery of integrated government services and improving the funding, structure, and management of digital function across the APS contained stipulations around accountability. Implementation guidance for these recommendations recommended ‘retain[ing] agency accountability for core systems and decision-making, with detailed boundaries defined on a portfolio basis’, and ‘retain[ing] agency accountability for their digital capability, systems and delivery, including when services are provided through a single front door.’
2.99Accountability was noted by the DTA with regards to their assurance framework. The DTA’s principles for good assurance highlights that an appropriate assurance planning process requires agencies to demonstrate, among other matters, that there is ‘clear accountability within the agency for ensuring a robust and effective assurance program is achieved and maintained’. DTA submitted:
…the system does not dilute accountability for delivering agreed outcomes which always remains with the agencies leading delivery. In fact, a key focus of the assurance system is ensuring clear accountability exists.
2.100In reflecting on lessons learnt from a previous modernisation attempt prior to implementing the Apprenticeships Data Management System, DEWR noted that the department ‘tried to outsource the whole delivery and didn't recognise that, ultimately, it's [their] risk and [their] project that [they] needed to have accountability for.’
2.101Services Australia submitted that a key lesson learnt was that agencies ‘cannot outsource risk or accountability’ and regardless of what the vendor has committed to through a commercial contract, ‘an agency will always be accountable for the successful delivery and management of ICT systems’.
Project advice and updates
2.102The Australian Public Service is expected to provide the Australian Government with frank, honest, timely, and evidence-based advice.
Advice on the Parliamentary Expenses Management System
2.103In Auditor-General Report No. 12 of 2023–24: Administration of the Parliamentary Expenses Management System, the ANAO reported that the first Gateway Review of PEMS was done in March 2018. This reporting was rated as ‘amber’ due to scheduling pressures and low confidence around meeting user expectations. In July 2018, the gateway report was amber for the same reasons. The Department of Finance’s Secretary was made aware of these project issues in September 2018, November 2020 and June 2021.
2.104Conversely, the Department of Finance’s briefings to the Finance Minister, the first two of which were in March and June 2018, ‘noted’ project updates but did not make mention of delays or matters arising from the gateway reviews. It was not until November 2020 that the Department informed the Finance Minister that PEMS was not on track due to:
…delays in user acceptance testing, [an] unanticipated need to acquire specialised resources and complexity in [the] build due to unique parliamentary process[es]. Mitigations to this are re-baselining the project release date for office and travel expenses.
2.105The Department of Finance advised the ANAO that advice-related delays were due to caretaker period (the time when a general election is taking place), the COVID19 pandemic and natural disasters. When asked about these findings on advice to government during public hearing proceedings, the Department acknowledged that it was a ‘long time between briefs’, but ‘did not necessarily indicate that the issues in PEMS weren’t known at a very senior level in the department’.
2.106The Department of Finance stated that there was no record of a direct briefing provided to the Finance Minister. However, the Minister did receive regular Senate Estimates briefings about the status of the PEMS project and its delivery timeframe. Finance noted, ‘since March 2023, the PEMS governance arrangements have been revised and the Special Minister of State is now briefed on a regular basis’.
Advice on the Workforce Australia Services Panel and Digital Employment Services Platform
2.107In Auditor-General Report No. 7 of 2023–24: Establishment of the Workforce Australia Services Panel the ANAO observed that the Department of Employment and Workplace Relations had provided optimistic advice to government on timeframes. Although the Audit was not about the digital system, the procurement tenders assessment system was used for the assessment process and delivered as part of Tranche 1 (or the first portion) of the broader Digital Employment Services Platform.
2.108In October 2020, the Commonwealth Government had announced a $259 million investment for Tranche 1 of the digital platform, which was a fundamental element of delivering the replacement for Jobseeker, the New Employment Services Model (later named Workforce Australia). Tranche 1 was to be delivered progressively between January 2021 and June 2022, and was to include:
- base capabilities for digital service channels, including web and mobile applications
- foundational digital service channels for users of the platform, including tailored and targeted messaging and a Digital Services Contact Centre
- an end-to-end procurement and contract management solution to replace the department’s current systems.
- Ministers were advised by DEWR in April 2021 that the procurement and contracting system, the Procurement and Licence Management System, was to be delivered by 30 June 2021 to support the upcoming approach to market for the new employment model. In early June 2021 the envisioned tender management system was not included in the submission method as originally planned due to delays, and the department used their preexisting tender submission system in the final version of request for proposal documents.
- Additional implementation risks with the broader digital platform project were identified in November 2021 (concurrent with tender assessments), and assessment staff raised functionality issues with the department. This caused material impacts on the tender assessment timeframes and planned probity benefits.
- The ANAO reported that a ‘tiger team’ was established to ‘review and prioritise the critical deliverables for achievement of the Minimum Acceptance Criteria’. Further, a manual data transfer process put in place because the originally planned automated data transfer feature was no longer planned for Tranche 1. In February 2022, during an annual progress update to the government on the Digital Platform Project, the department reported that ‘the first key deliverable, the Tender Management System release one, was delivered on 30 June 2021’. This was despite the ANAO reporting:
At the same time of this advice in February 2022, a manual data transfer process was approved by the Project Sponsor. This was to enable new deeds with providers to be populated with the data held in PaLMS. This step was necessary because the automated data transfer feature was no longer planned for delivery as part of Tranche 1 by June 2022.
2.112DEWR responded that the purpose of the progress update was ‘different’ to the subject of the ANAO audit. The progress update was relevant to ‘the entire status of delivery of the New Employment Service Model’ and ‘outlined a workaround to address the known delays occurring in the build of the Tender Management System to ensure a functioning tender submission process for the provider procurement process’.
2.113The ANAO expanded on the inconsistency during the public hearing:
What we noticed in the audit were some inconsistencies between what was happening internally and what was being reported in annual updates…
…a fully integrated workflow for the tender management system and delivery of the contract licence management system was on track for completion by 30June2022. Around that same time, internally at the department, there was advice relating to descoping elements and also manual data processes that were needed because things hadn't been delivered. We also made an observation that, at the end of that period, a post-procurement review of that system identified that there were a number of issues with what had been delivered.
2.114Ms Rona Mellor PSM, the Acting Auditor-General summarised the issue as follows:
It’s a mismatch between what the department's telling itself internally and what it's reporting externally—and not good practice, really. I think that, as we've seen in this committee, accountability involves admission of delay, mistake or whatever, because then things get fixed.
Advice on the global digital platform and permissions capability
2.115The Department of Home Affairs’ delivery of the Global Digital Platform (GDP) (predecessor to the Permissions Capability procurement, was the subject of an ANAO audit in Auditor-General Report No. 34 of 2022–23 Procurement of the Permissions Capability) is an example of this. The Acting Auditor-General made the following observation:
… where you have to do something fast, [that] you need to tailor your risk management and planning to include pace. So, if you are asked by government for good reason to do something very fast, you need to be honest about what the risk is and you actually need to tailor your processes to build risk into the fact that pace is driving you.
2.116Once the Australian Government decided to adopt a new policy for the acquisition and development of a reusable workflow processing capability, Home Affairs terminated the late-stage GDP procurement process. At that time, the Department of Home Affairs and Digital Transformation Agency staff provided the Minister for Government Services with advice around possible procurement options, which the ANAO reported as:
- a limited tender to the two previous GDP tenderers
- an ‘accelerated’ open market approach using modified GDP procurement documents
- an open approach to market, not on accelerated timelines which would require an additional twelve months
- reinstatement of the GDP procurement.
- The Department of Home Affairs advised the Minister of Government Services that the ‘accelerated’ approach ‘involved a risk that the process would be viewed as ‘tokenistic’ by other market providers given the ‘deep engagement’’ between the department and the two selected tenderers for GDP, thus potentially dissuading other tenderers from participating in the new procurement. This risk was realised when the Permissions Capability procurement received eight tender submissions, in contrast to the 14 received for the Request for Expressions of Interest for the GDP procurement.
- The Committee asked about discrepancies between Gateway Reviews and internal reporting. The Department of Finance said that there should be consistency across reporting:
…you would expect consistency in the information that's available to those conducting reviews and looking at status, documentation and the like. Certainly, when we send a Gateway Review team in to assist an SRO, a really important part of that process is provision of relevant documents, which will include business cases and the like and reports that go up into the agency's internal assurance processes and the like. In general, you would expect the Gateway Review team to have access to the same information that's available at that first line within the agency itself.