Anti-corruption body calls for better control of IT contractors

IT contractors are necessary for work that simply can't be done in-house, but they also represent a significant risk that must be more carefully managed.

Mismanaged IT contractor projects or corrupt procurement practices have been targeted by the NSW Independent Commission Against Corruption (ICAC) in its latest paper.

The paper — titled Managing IT contractors, improving IT outcomes — highlights several of the pitfalls that organisations fall into when overseeing IT projects.

Although never naming the organisations, the paper uses several examples, including one IT contractor that brought five of his friends onto his project, defrauding the agency of more than AU$400,000.

The paper is critical of the use of IT contractors, but also realistic, noting that it is inappropriate to expect organisations to hire specialist IT professionals for a single project, or expect contractors to want to work in such positions.

Recognising the need to still use IT contractors, the paper recommends five key actions that organisations should consider.

These are:

  • Using a clear business case and linking them to project controls

  • Separating design aspects of the project from those responsible for the eventual project build

  • Having a single "gateway" through which contractors enter the organisation, and ensuring it is properly guarded against corruption

  • Being aware of proper project management techniques

  • Preparing an exit strategy for ensuring the project does not have long-term dependencies on contractors.

The NSW government welcomed the paper, with Minister for Finance and Services Andrew Constance agreeing with the ICAC's first point of ensuring that a clear business case is "essential to avoid issues such as scope creep, unnecessary customisation, corruption risks associated with hiring specialist contractors, and under-quoting to lock in future business."

Constance is currently considering the Public Accounts Committee's inquiry into the procurement and management of IT in the NSW public sector. It handed down its final report in May, and a response is expected by November 30. He said that the ICAC's paper mirrored the findings of the inquiry, although the inquiry's report has 41 recommendations that go into far more detail by also considering the skills and knowledge of project sponsors, as well as information security issues.

Furthermore, the report's two key issues are for the need to develop new investment frameworks and fund more cloud-based as-a-service projects.

These concerns are expected to be addressed in the next update to the state's ICT Strategy.