Western Australia’s Auditor General Colin Murphy has singled out a key identity access management project, and agencies’ management of cloud-based systems, for specific criticism in his latest Information Systems Audit Report.
The Auditor General outlined in detail numerous management oversights, deficient processes and security lapses that have marred the State’s ICT infrastructure.
Murphy found 455 general computer controls issues amongst the 54 agencies that were audited in 2013.
However, the overall result of the audit represented a slight improvement on the previous year, despite the fact that only eight of the 42 agencies that had capability assessments were meeting the Auditor General’s expectations for managing their ICT environments effectively.
Identity Access Management Project
When it was conceived, Fiona Stanley Hospital’s (FSH) Identity Access Management (IAM) project was intended to provide employees at FSH with:
- Authorised access ‘anywhere, anytime’ to the IT systems required to carry out their roles; and
- Authorised admittance to hospital buildings.
The first phase of the project began in 2011, following a tendering process that lasted nearly three years. The project was cancelled in October 2013 after some $6 million dollars of the project’s $9.2 million budget had already been spent without meeting a single deliverable.
According to Murphy, the IAM project was a textbook example of how ICT projects tend to run over budget and over time.
“Project planning was deficient and governance and oversight including monitoring of progress was inadequate. The business mapping of staff roles to their required ICT access lagged behind the technical development of the solution,” said the report.
“Critical technical dependencies and difficulties that threatened the feasibility of the project were therefore not identified in a timely manner. This issue, although raised in successive project status reports, was not elevated to the appropriate levels of management to be actioned.”
FSH will not be opening its doors until October 2014 in a four-staged opening, despite being originally slated to do so six months earlier in April.
The opening of the hospital was delayed due to problems implementing the facility’s ICT systems.
In May 2014, the Western Australian Government allocated an additional $40.1 million for FSH’s IT requirements, despite revelations a month earlier that the project had already blown its total budget to the tune of $330 million.
Cloud computing management hampered by “weaknesses”
The Auditor General also raised serious concerns with the way in which agencies had been managing their transition to cloud-based systems.
The report reviewed the performance of five agencies that had moved to adopt cloud technologies: the Department of Fisheries, the Department of Sport and Recreation, the Metropolitan Redevelopment Authority, the Public Sector Commission, and the Public Transport Authority.
Murphy found that none of the five agencies demonstrated effective management across all key areas relating to their implementation of a cloud-based service.
“Weaknesses included not assessing business risks and costs and benefits of shifting to the cloud, inadequate contractual arrangements, and weaknesses in the IT security and business continuity arrangements,” said the report.
“Weaknesses in the contractual arrangements with the cloud service providers included a lack of specificity relating to whether agency data can be stored offshore."
In response to the claim by the Auditor General that Fisheries did not put together a business case to justify the implementation of a system to monitor commercial marine vessels, the Department blamed the lack of information available to agencies on dealing with cloud technology.
“At the time the Department secured this contract there was limited information available to assist agencies purchasing solutions of this nature”, said the Department.
While Western Australia does not have a Whole of Government ICT Strategy as yet, ICT appears to moving higher up the agenda for Departments.
Anne Nolan, Director-General of the Department of Finance, revealed at the Intermedium/AIIA Western Australia Briefing on 25 June that a Director’s-General ICT Steering Committee had been established by Cabinet to provide leadership on the more effective and efficient use of ICT across Government.