The Queensland government has realised that it is simply unable to continue managing its own outdated IT systems, and needs to stop providing almost all of its services in-house if it is to keep up with the times.
These are the key messages from the Queensland Government ICT Audit 2012, which it released on Friday in two (PDF) parts (PDF). In its findings, the report noted that the "1990s 'build, own, and maintain' approach to IT is still largely dominant and unsustainable", and that this model is forcing the government to miss the global shift toward cloud services.
Schedule and cost overruns for IT projects were found to be common throughout the government. Of all IT projects covered by the audit, 44 percent were found to have missed their original schedules by at least three months. On average, projects fell behind their schedule by one year, and it was found that un-staged, long-term projects were the least likely to even deliver on their outcomes and benefits. Additionally, 10 percent of audited projects had budget blow-outs of more than 75 percent.
The budget overruns do not necessarily indicate massive amounts of spending, however. The report noted that due to budget cuts, a large number of IT projects have been placed on hold. It singled out the Department of Communities, Child Safety and Disability Services, which has had 85 percent of its IT projects frozen. Although this department has a total of AU$40.6 million expenses on the horizon, only AU$1.4 million of those, or 3 percent, have been funded.
The issue could be partly due to the lack of business cases for projects. The report noted that in many cases, initiatives had no business case whatsoever, and for those projects that did include one, in many cases "it was subsequently not used as the basis upon which the initiative was conducted or managed".
The majority of agencies also had issues highlighting the benefits of a project, failing to clearly articulate the business benefit, as opposed to pure IT benefits, and not following through with whether these benefits were actually realised.
"The audit was unable to determine whether benefits or outcomes articulated in business cases were ever realised following implementation."
The main problem with Queensland's IT infrastructure, however, is due to years of trying to make its ageing systems work, often through customisation, when they should have been replaced. This compounds the issue even further, locking the government into legacy systems that result in it being "expensive, time consuming, and difficult to move away from a vendor product or even to upgrade (with all the complex customisations) to a newer version".
This becomes apparent in the government's IT spending on capital projects (12 percent), compared to those that are non-IT (20 percent). When capital expenditure is spent, the preference for departments has been to spend this money on in-house hardware and software. This has meant that operational funding, which would normally be used for outsourced IT services such as cloud computing, happens to a much lower degree, compounding the problem.
"This severely limits agencies' ability to be agile in their software solutions, and creates a significant long-term lock-in to the procured solutions."
Digging itself out of its hole will cost the government at least AU$7.4 billion — money that if not found could "create systemic business risk, particularly for large organisations" and impact departments' critical front-line services.
In terms of applications running, the report found that 52 percent of all applications were considered to be legacy systems — those that are older than the average age of all government systems, past their useful life date, or in poor technical condition.
Financial systems across the government span six versions of SAP and two other financial management products, and need to be migrated to a new version of SAP or another platform. This includes the possibility of moving to an "as-a-service" offering.
Likewise, 14 different payroll systems were found to be in use across the government. The report said that due to the fragmentation of the system and changes in the government, post-election, the staff of a single new agency could find themselves divided across as many as eight payroll systems.
Of all systems in use, 9.3 percent were found to provide the government with extremely low or no business value at all, which represent an annual operating cost of AU$8 million. That number could also be significantly higher, as between 20,000 and 30,000 small business applications were not included in the audit.
With respect to the individual operating systems for desktops, a large proportion of departments are still running Windows XP, despite mainstream support ending in April 2009, and extended support ending in April 2014. The report estimates that to upgrade to these systems to Windows 7 by their end of life will cost the government over AU$100 million.
The report noted that despite the upcoming deadline, an upgrade may not be the only option available to the government, suggesting that devices other than desktop PCs running Windows could be used, or that public servants could be allowed to bring their own devices to access government resources.
On the infrastructure side, the report reiterated the recommendations of an earlier Independent Commission of Audit, which called to discontinue the use of the government's shared services provider, CITEC.
The report said that CITEC's overheads are significant, and make it difficult to identify what value each department gains when using the provider. Although the government "noted" rather than accepted the latest recommendation, the independent audit's recommendations had been accepted previously.
CITEC is described in the report as exhibiting "poor financial performance", and that the possibility of achieving a positive financial position is "challenging". The report further went on to say that there is "little to suggest that it is aggressively taking action to address its financial position", and that "there is no evidence that CITEC is working to improve its value proposition to agencies or to government".
The report also recommended that Smart Service Queensland no longer be responsible for its ICT services, and instead outsource these functions. Earlier this year, it was discovered that this service had been storing unencrypted credit card details in its IT systems.
The former recommendations out of the 2006 Service Delivery and Performance Commission also sparked the movement toward consolidating the government's datacentres, networks, infrastructure, and other ancillary services, with the promise of achieving annual savings of AU$74 million. This would later become the ICT Consolidation (ICTC) project. However, the report found that no facts could be found to back these figures and that the audit's own efforts to demonstrate a saving based on the commission's recommendations failed to find any similar savings.
The report stated that ICTC has been a failure, due in part to the inability to get departments to consolidate their datacentres and infrastructure, and, as a result, 45 percent of the government's space within the Polaris datacentre remains vacant at a cost of AU$3.26 million each year. The two options proposed for resolving the issue were to force agencies to use existing datacentres like Polaris, while the second advocates for an as-a-service approach.