The Australian National Audit Office (ANAO) last month handed down its examination of the Services Australia Welfare Payment Infrastructure Transformation (WPIT) program, finding the agency had "largely appropriate arrangements" in many areas, but was lacking on the cyber and cost monitoring fronts.
Representatives from ANAO faced Senate Estimates on Monday night and were asked for further opinions on the billion-dollar overhaul, with ANAO group executive director Lisa Rauter summarising her office's findings.
"The issues were that there were some control requirements … which the department weren't fully meeting," she said.
"There were controls in place, but we felt that they needed to be a level of assurance that the department sought for itself that all of the cybersecurity requirements were being met.
"The implications of that, given it relates to Services Australia systems which hold public data is the risk of potential threat, I guess, to those systems being corrupted."
Services Australia agreed to all of the recommendations made by ANAO, but Rauter could not provide a status of their implementation.
"Once we complete the audit, we don't keep auditing, so those recommendations are sitting with the department. The department agreed to the recommendations, therefore, we would expect they would take action on those," she said.
"The transition of systems was still very much in play when we undertook this audit -- they were dealing with COVID, too."
Auditor-General Grant Hehir said it would be unusual if a department was not aware of weaknesses when his office was undertaking its work.
Kicked off in 2015, WPIT was originally slated to cost around AU$1.5 billion and run from 2015 to 2022, with one of the core reasons for the program being to replace the then-30-year-old Income Security Integrated System (ISIS).
Rauter said with ISIS still in use, the ANAO has not been clear about which system would continue on as the central data repository.
"My understanding is that they were working through what the best option was for them in terms of where the central repository of data was held and in which system that would be -- it was of less risk for the department to hold that," she said.
"The decision on how that happens and using which technology is a matter for the department. We didn't dictate in which system that has to occur, more so they make sure it is risk managed."
ZDNet understands the department is currently reviewing data migration options for the remaining ISIS components to the new welfare payment system.
Asking Services Australia for an update on its implementation of ANAO's recommendations, department general manager Hank Jongen told ZDNet that the WPIT program has enabled an improved capability.
"The first three tranches of the WPIT Program has delivered significant modern ICT capability to the Centrelink Program. In particular, it has enabled an improved capability to deploy customer and staff facing changes to the Centrelink system in a much more dynamic manner," he said.
"This has been proven many times this year, during bushfires and the COVID crisis. The capability that has been delivered in our Welfare Payment Infrastructure Transformation program has allowed us to make instant system changes to quickly help the community when they needed us most, many of whom were interacting with Services Australia for the first time."