Nearly six months after the Queensland Government’s centralised shared services arrangement was split into three, the State’s outgoing Auditor-General says that weaknesses within internal controls continue to trouble the bodies charged with providing these services.
A PriceWaterhouseCoopers report into the State’s shared services set-up, conducted in the wake of the Queensland Health payroll crisis, recommended that the centralised arrangement be broken into three more manageable tranches to better meet the needs of the State’s largest departments.
At the time of the payroll systems crash, corporate shared services were covered off between CorpTech, which maintained the IT supporting client agency’s corporate services functions such as financial management and human resources, and the Shared Service agency, which covered all non-ICT corporate functions.
Since July 2011, this arrangement has undergone a significant reshuffle. CorpTech and the Shared Services Agency have merged to form Queensland Shared Services (QSS), and Queensland Health and the Department of Education and Training have each established their own shared services units to meet their specific corporate services requirements.
While the uphill battle that Queensland Health shared services faces in getting its payroll system fully functioning was acknowledged, the report commended the amount of effort being placed in its remediation.
“The Department’s commitment to improve the payroll system through implementing recommendations from audit and other advisors such as Ernst & Young is evident,” said the report.
“Audit is supportive of the actions being undertaken by the Department and will continue to liaise with management and monitor systems’ enhancements as they are implemented,” it said.
However it also found that the access controls governing the Department of Education and Training’s SAP and ISAS human resource systems failed to properly protect the sensitive information they contain. Issues include excessive access levels for developers and a failure to remove terminated employees.
Across the whole shared services framework, the Auditor-General said that it is crucial that all parties understand where their responsibilities begin and end, especially in terms of financial management.
“QAO continues to identify financial management control issues in this environment. Although the significance of these issues has lessened over time, the lack of adequate operating level agreements is a major impediment to improvement as both agencies and Queensland Shared Services do not have complete clarity as to their responsibilities at each stage of the processing of transactions,” said the report.
Similarly, he said that there needs to be an immediate improvement in the transparency of contracting arrangements between the shared services providers and third party vendors, especially when it comes to key performance outcomes and accountability.
“Although operating level agreements have been in place for many years, the agreements generally lack clarity about the roles and responsibilities of each party and there is confusion about the service being provided and the actions to be taken by those receiving the service. An expectation gap currently exists between both parties to many of the operating level agreements,” said the report.
ICT functions across Queensland Government agencies are also performed by CITEC which, like QSS, falls within the Department of Public Works (DPW).
However, CITEC is classed by the DPW as a ‘commercialised business unit’ rather than a shared services provider, and its functions do not overlap with the strict corporate focus of QSS. On the forefront of CITEC’s agenda are whole-of-government infrastructure projects, such as a data centre consolidation and an identity management platform for use by all Queensland agencies.
In other jurisdictions, NSW seems to have taken heed of Queensland’s hard-learnt lessons when it comes to a ‘one-size-fits-all’ approach to shared services, aiming for six provision clusters under its Blueprint for Corporate and Shared Services.
However Victoria continues to push ahead with a single-provider model for ICT shared services, with the troubled CenITex serving in this role.
Auditor-General Glenn Poole has reached the end of this seven year term. He will be replaced by the current Victorian Assistant Auditor-General Andrew Greaves.