If you ever find yourself running a troubled IT project for a Commonwealth agency, and the Digital Transformation Agency (DTA) comes knocking, the best way to thwart them is to bump up your self-reported scores, fail to answer DTA calls, and not reply to any emails out of the digital agency.
Such a scenario was played out on Monday night at Senate Estimates, as the full toothlessness of the DTA was laid bare.
The DTA in early 2017 was charged with looking into the structure of existing Australian government technology projects over AU$10 million. The DTA "monitors, verifies, and engages" with the programs and labels them as at one of those three stages.
DTA chief Randall Brugeaud revealed on Monday night that for a troubled IT project to get on the DTA's radar, the responsible agency is required to dob themselves in.
"We do normal, regular wave data collection where we take input from agencies on their self-assessment of their program. We have targeted interventions where programs are self-reporting that they're having delivery issues," Brugeaud said.
The comments were made in response to questions on the Australian Criminal Intelligence Commission's (ACIC) troubled biometrics program that was last month labelled deficient in almost every way by the Australian National Audit Office (ANAO).
The Biometric Identification Services (BIS) project was awarded to NEC Australia with an initial budget of AU$52 million. The project was meant to replace the existing National Automated Fingerprint Identification System (NAFIS) and provide facial recognition capabilities to enhance law enforcement's biometric capabilities.
The ACIC first started reporting to the DTA in August 2017 as part of the regular performance reporting that agencies do to the DTA.
Facing the brunt of the Finance and Public Administration Legislation Committee, DTA chief portfolio officer Joanne Hutchinson was asked if the ACIC had in fact submitted six bi-monthly reports that consistently reflected an "amber/red confidence" in project delivery, as well as what painting confidence in a red hue meant.
"Projects self-assess their delivery status. They typically will mean that they are having some form of difficulty with one or more aspects of their project. That may be anything ranging from the timing of deliverables through to sourcing, suppliers or staff," she explained, noting the DTA collects information on around 20 different items related to ongoing projects.
An amber classification meant there were concerns on the capacity to deliver the project.
Hutchinson said the DTA initiated discussions and held a meeting with the ACIC in early 2018 and received advice in May that the ACIC had upped its confidence level in the project -- meaning the ACIC had told the DTA things were going swimmingly merely one month before the AU$34 million contract was terminated.
The DTA "reached out a number of times" to the ACIC for a third meeting between March and June. Hutchison later clarified attempts were made by email and telephone to contact the agency, but radio silence ensued.
While she reaffirmed the DTA's position, the accountability of identifying and reporting issues with IT projects lies with agency heads and their ministers, not the DTA and its minister.
With senators concerned that the ability of the DTA to engage with government entities is limited -- mainly because a AU$34 million project was scrapped and the responsible agency chose not to return the DTA's phone calls -- Brugeaud was asked if there was a structural problem within the operating model of the DTA.
"If they return our phone calls. There is an opportunity, clearly, for us to escalate. However, in this particular case, that occurred very late in the program due to the fact that the self-assessment was adjusted to a medium delivery confidence later in the program," the former statistician said.
"Given the outcomes of the review of this and any other program that may not have gone particularly well, then we would have clearly provided advice.
"The DTA has limited capacity and jurisdiction over individual projects. There are many large projects being run across government. For us to have a forensic view of every project that's reporting amber at any reporting point is just impractical, even with a broader mandate."