Critical systems across the Tasmanian government are at risk of failure due to poor long-term IT planning and a lack of coordinated investment and implementation, the state’s auditor-general has found.
In a scathing audit released on Tuesday, the Tasmanian Audit Office found the government’s strategy, critical systems and investment were “not managed in an effective, coordinated and strategic manner, in terms of efficiency and effectiveness”.
It put this down to “insufficient guidance to support whole-of-government ICT planning and prioritisation”, despite the existence of a digital governance and decision making policy framework.
All nine departments were examined as part of the audit, including the Department of Premier and Cabinet, which contains the Digital Strategy and Services (DSS) division, as well as Health, Treasury and Finance, Education and Justice.
While acknowledging some aspects of the governance framework were “working well”, the audit was critical of the government’s “lack of a vision outlining the future development and priorities for ICT across whole-of-government”, which it said was stifling progress.
It also said there was “no evidence” that the Department of Premier and Cabinet’s DSS division had the “appropriate mandate and resourcing” to support such a vision, even if it was developed.
“In our view, to achieve more effective whole-of-government ICT governance and decision-making, a planned approach should be adopted and implemented,” the report said, adding that one should be developed and executed within 18 months.
“This would support a comprehensive informed vision across whole-of-government. Agencies could then better plan for their own needs, increase collaboration for mutual gain and receive the benefits of a strategic whole-of-government ICT focus.”
While the government recently introduced a new digital strategy, it is yet to develop an accompanying IT vision and plan, although this is understood to be in progress.
The government suggests the strategy should precede the development of a vision and plan.
The audit similarly found there was “no strategic approach to prioritising departmental ICT investment proposals”, due in part to the lack of a whole-of-government vision, which was hampering funding for projects.
“The limitations of the current whole-of-government approach means planning is siloed within agencies and is variable, with differing levels of capability and maturity impacting on the quality of their strategies and plans,” the report said.
“Guidance for agencies in developing plans was limited and, together with the absence of a whole-of-government ICT vision, agencies were unable to plan for government priorities or realise effectiveness and efficiency improvements.”
The report said that if an "investment evaluation and prioritisation framework based on a whole-of-government ICT vision" was not introduced, the government risked the replacement of “significantly aged and unsupported … ICT assets”.
“There is a potential risk that critical ICT assets may fail due to an inability to adequately strategically plan, or obtain appropriate funding, for their replacement or investment needs,” the report said.
“Large scale, long-term or high value ICT asset replacement is at greater risk. As such, there is a possibility the government may not be able to deliver an essential service in the future.”
Commenting on the auditor-general's findings, science and technology minister Michael Ferguson blamed the “protracted and critical under-investment in crucial IT services and cyber security by previous state governments”.
He appeared to be responding to comments in the audit that elements of the previous government's 2011 IT strategy, which attempted to introduce “ICT resources that were forward-looking, adaptable and effectively managed”, were never implemented.
“Relevant ministers will discuss the report with their departments in relations to the responses to recommendations,” the minister added.
“However, we will not be deterred from our necessary and deliberate focus on cyber security and our ongoing efforts in digital transformation, which will see more government services available online.”
The Digital Service Board was similarly dismissive of the report, suggesting that the audit was “primarily focused on ICT technical risks and related funding priorities and ignores risk and opportunities relating to the provision of secure and user-friendly digital services”.
“Strengthening cyber security, building digital culture and capability across government, adopting a cloud-first policy; enhancing identity and information management; and establishing common data sharing services are the enablers that the Government’s digital transformation agenda is focussing on,” it said.
“Regrettably, these elements are inadequately considered in what this audit acknowledges as its primary focus: ‘the more traditional elements of ICT’.”
