The Australian National Audit Office (ANAO) has released its interim financial audit of the 18 largest Commonwealth portfolios, identifying ICT system problems at Defence, Centrelink and the Australian Taxation Office (ATO).
It has also drawn attention to Financial Management Information System (FMIS)and Human Resource Management Information System (HRMIS) issues across the covered agencies.
Defence – MILIS Project
The ANAO highlighted serious shortcomings in the implementation of the Department of Defence’s Military Integrated Logistic Information System (MILIS), applying the highest possible risk rating to the project in its latest report.
Implementation of the $650 million logistics system was completed in July 2010, but according to the ANAO, shortfalls in project governance and change management arrangements pose a “significant” risk to Defence’s financial management capabilities.
“These weaknesses included insufficient testing in an environment representative of MILIS’s future operating environment; the failure to deliver critical functionality; underestimating the level of resources and problem resolution required for known defects; insufficient preparedness for the impact of the defects on the user environment and financial statements; and non‐adherence with project management procedures,” said the report.
The ANAO found that the deficiencies impacted the accuracy and completeness of Defence’s financial records and its inventory assurance program. As a result the MILIS alone attracted two of the three Category A risk findings contained in the interim audit of 27 FMA Act agencies.
However, the report also noted that Defence had embarked on an intensive remediation strategy, the MILIS Inventory Assurance Program (MIAP), to resolve the issues. Phase 2 of this program is due to be complete by 30 June and the ANAO says it will revise its findings in its final audit for 2010-11.
Dimension Data has won five contracts for the support of the MIAP since the beginning of 2011.
Mincom have won the bulk of the contracts for the MILIS implementation, otherwise known as JP 2077. The Mincom Ellipse program is the core enabling application of MILIS and Mincom also won the contract for the design, implementation and planning of stage 2B.2 of the project, among other contracts.
Other suppliers to have contracts related to the project include CSC, Deloitte, Dimension Data, KPMG and SMS Consulting (in no particular order).
Centrelink – Security Access Management
The ANAO report advised that Centrelink’s Security Access Management System (SAMS) was susceptible to intermittent failures which caused inappropriate user access to be granted to benefits payment and debt management systems.
The failures opened the agency to the risk of fraudulent transactions, and the report described the ad hoc process that Centrelink had implemented to address the discrepancies as insufficient.
The SAMS was the subject of a major tender in March 2004, the scope of which was the ‘Redevelopment of Centrelink’s Security Access Management System (SAMS) User Interface and Workflow Layer’. In March 2005, it was reported by Computerworld that Centrelink had signed a deal with Novell to undertake the redevelopment.
Intermedium’s contracts database shows that Centrelink entered into a contract with Novell for “Security System Software licences for $1,650,000 with a start and end date of 4 May 2005. It also entered into a contract with Novell for ‘Development of Software Licences’ with a start and end date of 4 May 2005 for $1,540,000, suggesting that both contracts may relate to SAMS.
Centrelink is the last major users of Novell in the Federal Government, according to Intermedium’s contracts data.
ATO – Integrated Core Processing System
The Auditor-General also brought the ATO’s tax processing system under scrutiny.
The Integrated Core Processing System (ICP) was implemented by Accenture for the ATO between 2008 and 2010, as Release 3 of the agency’s Change Program.
The report found shortcomings in the ICP, applying a ‘moderate’ or Category B rating to the level of risk it posed to the agency’s financial management.
It found that the ICP did not maintain a visible record of the errors in taxpayer returns which would lead to those returns being processed manually. An audit of the manually processed returns identified a sustained rate of errors leading to incorrect payments.
The report also found that reconciliations between the financial data held in the ICP and legacy ICT systems was not performed in a timely manner due to differences between the systems.
The ATO has advised that changes are underway to address both of the issues identified by the ANAO report within the calendar year.
The ATO’s ICP was implemented over five sub-releases to provide for a single platform for taxation and superannuation processing, and is said by the agency to be more flexible and easier to maintain that its predecessors.
This is not the first time the system has been the subject of a review. In August 2010, CPT Global provided the ATO with its independent report into Release 3 of ATO Change Program. In it, CPT Global stated: “no implementation is totally without risk and while there have been some impacts to the Tax Community, the Tax Office has significantly mitigated the impacts through its risk management and governance processes.”
The report went on to outline how the ICP was launched at a stage when it was still imperfect, but emphasised that the ATO did this in the confidence that they had sufficient contingency plans in place to cope with any system failures.
FMIS and HRMIS
The audit found that while security management, incident and problem management were generally effective:
- 15 percent of agencies required improvement to their FMIS user access controls;
- 25 percent had not implemented an FMIS IT change management process with sufficient audit logging and reporting provisions; and
- 20 percent did not have effective HRMIS business continuity arrangements in place.
The Audit Report also provided a summary of both the FMIS and HRMIS applications used across the 27 agencies.
In terms of FMIS:
- 73 percent used SAP (20 agencies);
- 15 percent used Finance One (4 agencies); and
- 12 percent used QSP (3 agencies).
A summary of the HRMIS applications shows that of the same agencies:
- 46 percent used Aurion (13 agencies)
- 38 percent used SAP (10 agencies)
- 16 percent used Peoplesoft (4 agencies)
All agencies falling within the following 18 portfolios were part of the audit:
- Agriculture, Fisheries and Forestry Portfolio
- Attorney-General’s Portfolio
- Broadband, Communications and the Digital Economy Portfolio
- Climate Change and Energy Efficiency Portfolio
- Defence Portfolio
- Education, Employment and Workplace Relations Portfolio
- Families, Housing, Community Services and Indigenous Affairs Portfolio
- Finance and Deregulation Portfolio
- Foreign Affairs and Trade Portfolio
- Health and Ageing Portfolio
- Human Services Portfolio
- Immigration and Citizenship Portfolio
- Infrastructure and Transport Portfolio
- Innovation, Industry, Science and Research Portfolio
- Prime Minister and Cabinet Portfolio
- Resources, Energy and Tourism Portfolio
- Sustainability, Environment, Water, Population and Communities Portfolio
- Treasury Portfolio