The Victorian Auditor-General’s Office has released a scathing report on the state justice department’s new infringements system, highlighting failures in governance and risk management.
VAGO’s latest audit report, tabled on Wednesday, has also encouraged Victorian Public Service leaders to facilitate conversations about public servants’ role in providing advice to the government.
The audit assessed the Department of Justice and Community Safety’s (DJCS) system to manage fines and incorporate new social justice initiatives. The Victorian Infringements Enforcement Warrant (VIEW) system was launched in December 2017, by which time the department had expected the system to deliver 90% of its required functionality.
However, the audit report noted that it quickly became clear that VIEW had “substantially less” functionality than expected, which was later estimated to be just 5%.
“This had significant, negative implications for Fines Victoria’s ability to process and enforce infringements and meet its legislative requirements,” it said.
VIEW remains incomplete, despite costing more than $125 million. The rollout of the project didn’t meet the expected time, cost, quality and functionality targets due to the department’s “significant failures”, according to the audit report.
“These failures were mainly due to DJCS’s misguided and poorly implemented risk-mitigation strategy to procure a commercial off-the-shelf (COTS) system,” it said.
“This is because no COTS system existed, or could reasonably be expected to exist, that could meet DJCS’s complex requirements.”
To avoid this issue occurring again, the VPS must change its approach to sourcing, managing and governing complex IT projects, VAGO said.
IT capability needed
VAGO noted that, before the creation of VIEW, DJCS had failed to implement another fines IT system. That previous project was terminated after it took six years longer than expected and cost $59.9 million — more than twice the planned cost of $24.9 million.
“With the VIEW project, DJCS’s failure to identify, procure and implement an effective IT solution immediately followed its previous failed attempt,” the audit report said.
When delivering VIEW, the department didn’t engage enough appropriately skilled people, which was exacerbated by poor oversight and review processes, the audit found. Many staff who had worked on the previous failed IT solution were also kept on board for VIEW.
The audit found that the lack of expertise at DJCS led to an over-reliance on a contracted IT advisor, which also lacked the appropriate level of expertise to deliver the project. According to the report, the department tasked the advisor with a number of roles which “significantly compromised the independence and quality of advice provided to the project steering committee”.
The audit also found that the steering committee was “poorly constituted and governed”.
Governance of VIEW project ‘ineffective’
Despite the project being of high value and high risk, DJCS’s governance arrangements, oversight and reporting fell short, the audit found.
DJCS had asked the attorney-general for an extension early on in the project, but it didn’t properly explain why it needed additional time or the consequences of a failed launch. Staff interviews with VAGO revealed that when the attorney-general granted a project extension that was less than what DJCS had requested, the department accepted it.
“These staff also told us that they lacked the power to direct the project and experienced internal pushback when they continued to highlight risks to its delivery,” the report said.
“For example, DJCS never submitted a brief that it drafted for the attorney-general, which conveyed the risks in substantial detail.”
DJCS’s reporting to the attorney-general was “overly optimistic” as the launch date approached, the report said, which was partly due to the inaccurate reporting it received from the vendor, IT advisor, and project team.
“It recommended to the attorney-general that the launch go ahead, despite not having fully tested the system, adequately trained its staff or having contingency arrangements in place if the launch failed,” the report said.
VAGO noted that public servants who fail to provide robust advice to government are being inconsistent with the public sector code of conduct.
“There can be a range of pressures that may lead public servants to compromise the code of conduct’s requirements. However, upholding the code is core to their role and the effective functioning of the government,” it said.
“As such, the challenges that senior public servants face in consistently meeting this expectation warrant open discussion within the public service and with government.”
VAGO made seven recommendations — all of which were accepted — to the Department of Premier and Cabinet, the Department of Treasury and Finance, and the Victorian Public Sector Commission.
It recommended that the VPSC and DPC strengthen leadership training and development to focus on and facilitate conversations about public servants’ role in providing advice to the government, and expectations for full and frank advice. They should also develop guidance for public servants on how to meaningfully engage with ministerial offices to appropriately convey risks and mitigation options for major projects and strategic activities.
VAGO also called for DPC to establish an IT projects centre of excellence to create a centralised, dedicated team of IT project and technical experts dedicated to building capability across government.
Other recommendations related to risk management and project governance.
READ MORE:
Commonwealth agencies failing to comply with cyber security requirements
Any feedback or news tips? Here’s where to contact the relevant team.