Carbon-reporting tool misses the mark

Summary:Limited functionality and security issues have dogged the Australian Government's online carbon-reporting tool, the Online System for Comprehensive Activity Reporting (OSCAR) — but it only has to survive until it's replaced by a more robust system.

Limited functionality and security issues have dogged the Australian Government's online carbon-reporting tool, the Online System for Comprehensive Activity Reporting (OSCAR) — but it only has to survive until it's replaced by a more robust system.

The government requires over 700 companies to report their emissions and energy usage under the National Greenhouse Reporting Act (2007), because their emissions and/or energy consumption surpass the government's threshold.

The organisations enter their energy and emissions data into OSCAR, which automatically calculates greenhouse-gas emissions. The system was based on a platform that had been used to collect energy data from Australian government agencies.

Carbon-reporting software companies said that they have experienced a surge in interest since the government said it would adopt a carbon price on 1 July 2012. However, an audit, which has just been released by the Australian National Audit Office into the administration of the National Greenhouse and Energy Reporting Scheme (NGERS), has found that of the 180 organisations surveyed, 128, or 71.1 per cent, are using manual spreadsheets to record their emissions data. Only 5 per cent have fully automated systems.

Although the spreadsheets are low cost for the corporations, the audit said they are prone to error, and that less than half of the companies surveyed use independent assurance for their numbers. Currently, the Department of Climate Change and Energy Efficiency doesn't check the data; it just looks for obvious errors in submitted data for consistency over reported years, and also for calculation errors. In 2009-10, almost three quarters of submitted reports contained errors, and 17 per cent contained significant errors.

Organisations expressed a desire to implement greater automation in reporting, but are worried about the costs of automated systems, according to the audit.

One major sticking point of OSCAR has been the lack of an upload facility, so that organisations have to manually enter the data. This has nipped in the bud the desire of many organisations to implement automated reporting systems, according to the audit.

"The absence of an upload facility in OSCAR for corporations appears to be a constraint on the further development of automated systems. The development of a data-upload facility in OSCAR would enhance the functionality and effectiveness of the system for both corporations and [the department]," the report found.

Security has also been a sore point for the system. In 2008, the department completed a report on the threats and risks facing OSCAR, which found that the environment and controls in place weren't designed to support the NGERS. Work needed to be done on the security framework, application security and integrity of systems development, the report said. The department ordered a number of security measures to be implemented, and penetration testing was conducted to see how effective those measures had been. After those tasks, further action was also recommended.

The current audit followed up on this, commissioning a security audit for its investigation, which subjected the system to a brute-force attack and found "significant vulnerabilities". That audit made 40 recommendations to improve system security, eight of which are to deal with high-priority security problems. The audit recommends that the patch-management process be formalised, that protection of servers running OSCAR be hardened and that administrator access and privileges within OSCAR be implemented. Those conducting the audit feared that unauthorised parties could gain access to emissions data.

The department has improved the security of the system since the audit, the report said, taking action on very high risks. The department also plans to upgrade system functionality by the end of the 2011-12 reporting period.

The audit stated concerns that data isn't being shared across agencies and jurisdictions, with no single portal for Australian state and territory government-reporting requirements yet in existence. The report recommends that the department addresses this. The department had intended to revamp OSCAR's functionality as it rolled out the Carbon Pollution Reduction Scheme, but the scheme was put on ice in April 2010, and the department lost resources for an upgrade. It has managed to complete incremental upgrades; for example, for the 2010-11 reporting year, the ability to roll a company's corporate structure and energy sources forward from the previous reporting year has been added.

"However, the absence of an upload facility, the level of duplication of data requirements across programs, potential for errors in manual data entry and the slowness of the system adversely impacts upon registered corporations. Some of these issues may become particularly acute with the price on carbon due to commence in July 2012," the report said.

The department told the audit office that resources have been allocated for a substantial upgrade for NGERS reporting, with a project to develop a more robust system scheduled for the longer term. Until then, it will complete an interim upgrade of OSCAR for the 2011-12 financial reporting period.

Topics: Government, Emerging Tech, Government : AU, Software

About

Suzanne Tindal cut her teeth at ZDNet.com.au as the site's telecommunications reporter, a role that saw her break some of the biggest stories associated with the National Broadband Network process. She then turned her attention to all matters in government and corporate ICT circles. Now she's taking on the whole gamut as news editor for t... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.