Victorian Auditor-General's Office (Australia)


Reports & Publications

	Home > Reports & Publications > Other parliamentary reports

PART 1: EXECUTIVE SUMMARY

OVERVIEW

1.1 Following a request from the Speaker of the Legislative Assembly in March 2003, I have reviewed the recent parliamentary information technology (IT) upgrade managed by Parliament’s Joint Services Department.

1.2 In November 2002, the IT upgrade was rolled-out throughout the parliamentary precinct and 132 electorate offices across the State. The upgrade, referred to as the Parlynet 2002 Project, was large in scale and not a simple task. It introduced a significantly different IT environment from the one to which the system’s users were accustomed.

1.3 Immediately after the roll-out, users started to report problems with the performance of the Parlynet network and applications. Users who responded to a survey undertaken by us were clearly unhappy about the speed, reliability and functionality of the system. However, the responses also showed that some users lacked the skills necessary to use the system effectively.

1.4 We observed performance problems with the system including long log on times, delays in accessing electronic files and the need to improve some aspects of the system’s security. Parliament’s IT Unit has struggled to resolve reported problems on a timely basis; the lack of diagnostic tools, the volume of calls and the inexperience of the IT Unit’s staff in the changed operating environment, have affected the ability of the Unit to deal with the problems, and there is no clear plan in place to identify how to proceed with resolving the remaining problems.

1.5 Many aspects of project governance and project management that can ensure the success of government IT projects were not addressed during the Parlynet 2002 Project and as a result, some key risks to Parliament and the success of the Project were not adequately managed. Management of the Project did not conform with best practice principles and there was insufficient attention given to testing the performance of the new system either before or after roll-out. Despite the reported performance problems, the contractor was released from the contract before the problems were resolved.

1.6 We believe that the unsatisfactory outcomes of the Parlynet 2002 Project were not only a result of poor project management; they were also a product of wider issues related to the management of Parliament’s administrative services. For example, the management arrangements and responsibilities for the upgrade were unclear, the Joint Services Department lacks strategies and policies to govern its IT and other functions, and IT staff need training to enable them to effectively and efficiently manage the new technologies introduced. There is also a need to give greater attention to risk management and the development of policies and procedures to enable effective asset and financial management.

KEY FINDINGS

Outcomes from Parliament’s IT upgrade

1.7 Some performance problems reported after the IT upgrade have been resolved. Others, such as excessive user log on and log off times, delays in accessing electronic files, faulty printers, problems with standardisation of printer set-up and failures with the email application, continue to impact on the system’s performance. (para. 3.3)

1.8 Because of application conflicts identified during the IT upgrade, controls that were designed to restrict users from installing non-standard applications were removed and users are free to load (and they have loaded) non-standard applications onto the IT system. They may also load applications that enable non-standard devices such as handheld electronic diaries to be used. The ability to load non-standard items of equipment and software leads to problems with system security and the management of licences. (paras 3.5 and 3.10)

1.9 A number of Parliament’s key IT systems which were decentralised prior to the IT upgrade are operated by other business units. The management and location of these facilities are outside of the control of the IT Unit, resulting in a lack of consistency in the management of IT operations and potential control risks. (para. 3.10)

1.10 Help Desk calls were not addressed in a controlled and systematic basis, due to inadequately configured Help Desk software, lack of problem prioritisation, insufficient resources, and no continued analysis and review of Help Desk clearances. (para. 3.19)

1.11 At the time of preparing this report, the IT Unit had taken action to improve response times and to improve the ability of IT staff to resolve problems. Despite this action, there is no plan in place to prioritise and systematically address the performance problems. (paras 3.23 and 3.24)

1.12 We estimate that the cost of the Parlynet 2002 Project exceeded available funds by $1.664 million. The Treasurer subsequently approved the application of funds already held within parliamentary funds to address the estimated funding shortfall. (paras 3.26 to 3.32)

Why did things go wrong?

1.13 The Parlynet 2002 Project governance structure did not meet our expectations; the role of the Parlynet 2002 Project Steering Committee was not clearly defined, responsibility for decision-making was unclear, accountability and reporting arrangements between the Project Sponsor, Project Manager and the Steering Committee were not established, the scope of the Project was not clearly defined and the Steering Committee did not constrain the scope. (paras 4.4 and 4.5)

1.14 Parlynet 2002 was undertaken without sufficient understanding of what was involved, planning or consideration of the resources required. There was no schedule or plan for the Project as a whole and the scope of the work could reasonably have been expected to be managed as 5 or 6 separate projects spread over 2 to 3 years. (para. 4.8)

1.15 The Project Steering Committee did not identify or effectively manage risks to, or arising from, the Project including risks to the Project timelines, meeting user needs, performance of the system, transfer of performance risk to the contractor, constraining Project costs, harnessing stakeholder support and contractual risk. (para 4.9)

1.16 The Project operated under a firm requirement that the system be upgraded by the start of November 2002. Scheduling the roll-out immediately prior to a potential election, and continuing the roll-out during the election period was imprudent, caused disruption to work in electorate offices and in the parliamentary departments, and delayed the roll-out. (para. 4.9)

1.17 A decision was made to change from one brand of hardware to another, knowing that the IT Unit’s staff had neither the skills nor experience to manage or support the new equipment. By introducing new technology and applications, management risked the IT system not being used to its full advantage, and disenfranchising users. (para. 4.10)

1.18 Our assessment of the Project’s management against best practice principles revealed that the principles were generally not followed and, as a result, project management was poor. (paras 4.13 and 4.14)

1.19 The failure to comprehensively and adequately test the new system at the pre-roll-out and pilot stages seriously compromised the success of the IT upgrade and had a significant impact on the reliability, availability and security of Parliament’s IT environment. (paras 4.19 and 4.23 to 4.27)

1.20 Despite the fact that performance issues identified in the post-implementation testing had not been resolved, and despite the number of problems experienced by users immediately following roll-out, the Project was signed-off as completed on 30 January 2003, and the contractor released from its performance guarantee. (para. 4.20)

1.21 The contractor was required to provide limited training to users. Given the extent of the changes implemented through the Parlynet 2002 Project, we believe that the scope of training to be delivered was not sufficient to enable all users to effectively use the new system. (paras 4.29 and 4.30)

1.22 The Project’s funds were not well managed. For example, purchase orders were approved and payments made without considering whether funds were available to meet the cost, approved expenditure delegations were exceeded and detailed periodic reports on the Project’s financial status were not produced. (para. 4.35)

1.23 IT equipment valued at $452 000 was purchased in August 2002 without inviting public tenders. While there is no specific requirement for Parliament to tender for such amounts, this would have been a prudent means of testing the market price of the equipment purchased. We were unable to sight quotes from suppliers to support the purchase of this equipment and were, therefore, unable to determine whether the equipment was competitively priced. (para. 4.35)

1.24 The IT Unit’s staff did not have the skills and experience to effectively manage the new technologies and applications introduced through the Project. Despite this, only limited training was provided to IT Unit staff before the deployment of the IT upgrade and there was no training in relation to some key technology areas. (para. 4.40)

1.25 Parliament’s IT Manager left the organisation in June 2002 and the position was vacant until a new IT Manager arrived in August of that year. During that period, significant decisions about the system requirements and the Project were made, including selection of the contractor, the choice of the hardware to be used and finalisation of the detailed technical definition of the system. (para. 4.42)

Management of Parliament’s administrative services

1.26 In accordance with their legislative responsibilities, both the House Committee of Parliament and its IT Sub-Committee had major roles in advising the Presiding Officers on key IT and Project–related matters. However, we found limited evidence of how those Committees fulfilled these roles. For example, the IT Sub-Committee did not meet between April 2001 and November 2002 - the entire period of the Project development and proposed roll-out. (paras 5.5 to 5.9)

1.27 Because of the multitude of reporting relationships for the Project, the accountabilities and responsibility were diffused and, we believe, impacted on the Project outcomes. (paras 5.17 to 5.22)

1.28 Attention needs to be given to improving IT governance. For example, there is only one endorsed IT policy in place to guide Parliament’s IT activities and there are no business rules to limit the range of applications that may be loaded onto the system by users or to limit the number or types of add-on equipment (e.g. handheld electronic diaries) to be used. Consideration also needs to be given to whether the risks arising from the decentralisation of systems to areas outside the control of the IT Unit are in the best interests of the organisation. (para. 5.23)

1.29 We are not aware of a co-ordinated risk management framework in place for the parliamentary departments, or that the Presiding Officers or the House Committee were fully appraised of the risks associated with the Parlynet 2002 Project. Parliament’s audit committee met only once in each of the 2000-01, 2001-02 and 2002-03 years, and did not examine Parliament’s risk exposures or their management. (paras 5.26 to 5.30)

1.30 Apart from delegations for approving expenditure, there are no documented policies or procedures in place at Parliament to guide financial management within the parliamentary departments. The absence of specific financial management policies and procedures and clear lines of accountability and responsibility contributed to many of the poor financial management practices evident in the management of the Parlynet 2002 Project. (paras 5.32 and 5.33)

1.31 The Joint Services Department is not effectively monitoring the IT assets under its control. During 2002-03, additional costs of $406 700 were incurred to extend leases while missing items scheduled to be returned to the lessor were located ($319 500), to meet the cost of damaged, or missing parts of, equipment returned to the lessor ($42 200) and to meet the cost of items not returned ($45 000). The Department was unable to explain to us how much of the latter amount related to items that could not be located. Subsequent to the IT upgrade, the asset register was not updated to reflect equipment swaps made as laptops were returned to the Joint Services Department for repair. (paras 5.36, 5.37 and 5.40)

1.32 We were unable to substantiate the number of leased assets not returned at the time of closing-out the pre-Parlynet 2002 lease because the records of assets leased and assets returned were compiled on inconsistent bases and, therefore, could not be reliably matched. In addition, supporting documentation from the lessor could not be provided to enable us to conclusively determine the accuracy of the list of assets leased. (para 5.37)

1.33 Documentation relating to Parliament’s IT upgrade was deficient. In some cases documentation had to be secured from third parties; in others, documentation could not be provided to us. As a result, management was unable to adequately address a number of inquiries made by us either conclusively or, in a timely manner. (paras 5.46 to 5.48)

RECOMMENDATIONS


Paragraph number	Recommendation
Outcomes from Parliament’s IT upgrade
3.40	To assist resolution of the system’s performance problems in a timely manner, we recommend that Parliament take immediate action to: • assign responsibility for ensuring adequate attention and resources are allocated to resolving the system’s performance problems, and for providing necessary support to the IT Unit; • develop a communication plan to keep users informed about action being taken to resolve problems, action planned, timelines and progress made; • undertake an analysis of Parlynet, including the volume of network traffic and the standard operating environment to identify reasons for poor performance and improvements required; • review network security; • develop a plan that identifies IT resource requirements and establishes appropriate priorities and timelines for action to resolve problems; • improve the responsiveness of the Help Desk by engaging appropriately skilled and experienced personnel to set up software to enable analysis of problems for prioritisation purposes, effective workflow management, and for monitoring timeliness and appropriateness of response; and • develop a schedule to address urgent training needs, aimed at: • improving general computer skills and system-specific skills of users; and • developing the skills of IT staff to better maintain Parlynet and to resolve performance issues.
Why did things go wrong?
4.53	We recommend that Parliament use best practice principles for large IT projects in future to ensure that appropriate project governance and project management arrangements are established and used.
Management of Parliament’s administrative services
5.62	We recommend that Parliament review existing arrangements to manage its administrative services to ensure that: • roles and responsibilities of officers, and terms of reference for committees, are established with clear responsibility for decision-making and providing advice; • accountability is strengthened by rationalising the number of positions to whom officers report; • risks to the organisation are identified and effectively managed; and • minutes are kept, reasons for decisions documented and approvals noted.
5.63	We recommend that Parliament’s IT governance be improved by: • reviewing the IT Strategy; • developing and endorsing policies and standards to guide the full range of Parliament’s IT activities; • developing business rules to limit the range of applications and add-on equipment that will be supported in the standard operating environment; • considering risks to the environment arising from decentralised IT facilities; and • establishing forward plans for growth and future expansion.
5.64	To improve its financial and asset management, we recommend that the Joint Services Department: • explicitly adopt the provisions of the Financial Management Act 1994, the regulations under the Act, and the policies of the Victorian Government Purchasing Board; • establish and maintain registers of assets, including owned and leased IT assets, and software licences; and • establish appropriate procedures for financial and asset management, and internal controls to ensure compliance with established procedures.
5.65	To improve the management of its IT operations, we recommend that the Joint Services Department: • establish policies and obtain appropriate resources to improve its responsiveness to resolving IT problems; • develop short and long-term training strategies for staff within the IT Unit to ensure the currency of their skills to enable efficient and effective maintenance of the system; and • establish benchmarks and indicators for assessing the performance of IT operations, including: • system and network performance and availability; • performance of the Help Desk in resolving reported problems; and • security-related issues or incidents.

RESPONSE provided by the Joint Secretaries of the Joint Services Department, Parliament of Victoria

We welcome the report and would like to take this opportunity to thank you and your staff for the time and effort that you have taken to prepare it. Thanks should also go to the Members and other staff of the Parliament, in particular staff of the IT Unit, who assisted the audit team during the review.

The report provides good guidance in the way forward and provides excellent advice and assistance in how to avoid possible recurrences of the issues raised during the course of the Parlynet 2002 Project.

The Joint Services Department has begun to address some of the issues that your report raises and has already acted on some of the recommendations, including:

• seeking to identify causes of poor system performance and the means by which they can be improved;

• developing a comprehensive set of policies and standards for Parliament’s IT activities;

• development of business rules as to introduction of new hardware and software;

• better documentation of minutes of meetings and decisions;

• addressing the deficiencies in the technical and other training needs of staff;

• recruiting staff with appropriate skill sets;

• assigning specific responsibility for IT asset management;

• providing training in finance management practices to key IT staff (and others);

• planning for a review of the existing strategic plan; and

• beginning to develop practices to ensure business needs drive the provision of IT services.

We do appreciate that these aspects are a small part in a major task and understand that there are a significant number of matters that will take some time and effort to address.