Document Sample
Governance Powered By Docstoc
					                                                                    BRIEFING NOTE
22 August, 2008
Optimising ICT governance in the Queensland Government
     The ICT Industry through the ICT Industry Working Group (IWG) is seeking better use of
      ICT as a transformation agent within government service delivery to meet the demands of
      the technology-savvy community.
     ICT governance refers to the people, policies, processes and structures involved in the
      decisions relating to the establishment, management and control of ICT-enabled projects
      or ICT delivery processes.
     Effective ICT governance is one of the critical success factors needed to meet the Smart
      State vision priority ‘Modernising the Federation and Delivering Accountable
     Successful ICT governance is transparent and accountable ― ensuring that existing ICT
      investments are re-used, risks are better managed and operational costs are controlled.
     The Service Delivery and Performance Commission’s (SDPC) 2006 Review of ICT
      governance in the Queensland Government 1 represented an important first step in
      improving ICT governance practices.
     Effective ICT governance will be crucial to delivering new government initiatives, such as
      the introduction of a sector-wide e-Right To Information (e-RTI) platform as outlined in
      the recent Solomon Report.
     The ICT industry believes that now, two years after the release of the SDPC R eview , that
      further action must be taken to optimise ICT governance within the Queensland
      Government to further improve the value government receives from investment in ICT.


Impacts of poor ICT governance
     Effective ICT governance remains a challenge for both the public and private sectors in
      Australia as well as organisations globally with continual reporting of poor ICT delivery.
     In 2005, KPMG’s Global IT Project Management Survey found that in the preceding 12
      months, 49% of organisations experienced at least one project failure.
     Research by Longhaus determined that in 2007 up to two out of three ICT-enabled
      projects undertaken by Australian organisations failed to meet one of the three basic
      project success factors of time, budget and agreed outcomes.
     In July 2008, four separate ICT failures were reported relating to emergency services
      systems ― all of which had life-threatening implications2. These included:
           o a boy who almost drowned when the fire department didn’t respond following a
               faulty Verizon system upgrade in Maryland, USA
           o seven ‚system shutdowns‛ prevented callers from reaching emergency services
               in Maine, USA

1 Published in September 2006, see (Accessed 21/08/2008)
2 As summarised by Michael Krigsman, see (Accessed


Pa ge 1                                      Research by Longhaus Pty Ltd +61 (0) 7 3868 4796,
            o  failed computers caused ambulance workers to fall back on pencil and paper call
               tracking in London, United Kingdom
           o system failure forced Queensland’s own Department of Emergency Services to
               record and track calls using whiteboards.
     Since its original recommendations, the SDPC has conducted eight reviews involving
      government agencies or owned corporations and has raised ICT governance-related
      actions in six cases3.
     The SDPC’s Review of the Shared Service Initiative completed in March 2007 also noted a
      series of separate project-related delays, including one delay of 10 months. The
      commission subsequently reported that each delay had increased the costs associated
      with the continued consolidation of the Queensland Government’s Fina nce and Human
      Resources Systems.
     While rigour often surrounds the initial approval of funding, continual failures during
      execution indicate that ICT governance in the Queensland Government falls away ,
      leaving projects without the accountability and transparency required to ensure success.

Current state of ICT governance in Australia
     Through a 2008 ICT Spending and Priorities Study Longhaus found that improving ICT
      governance was a priority for 51% of Australian organisations.
     In 2005, Australia became the first country to publish a standard for ICT governance with
      the release of AS8015 Corporate Governance of Information and Communications Technology .
      AS8015 contained the following six governance principles:
           o establish clearly understood responsibilities for ICT governance
           o plan ICT to best support the organisation
           o acquire ICT validly
           o ensure ICT performs well at all times
           o ensure ICT conforms with formal rules such as relevant legislation
           o ensure ICT use respects human factors4.
     Typically organisations use a number of techniques to implement effective ICT
      governance including portfolio, program and project management.
     While not new disciplines, program and project management have been gaining
      increasing momentum across government organisations for the management of both ICT
      and the broader government policy cycle.
     Successful ICT programs and projects require strong business sponsorship which creates
      linkages between executive vision, cascading down through strategies and measurable
      objectives to the ICT initiatives that enable or deliver the required business outcomes.

Government ICT governance structures
     Jurisdictions outside of Queensland are taking on various ICT governance approaches,
      but all feature a single central body responsible for ensuring transparency.
     Common practice by other jurisdictions is to align these central bodies with either the
      Treasury or Cabinet functions to ensure they have sufficient authority (see table below).
     In contrast, the Queensland Government situation involves two separate offices within
      the Department of Public Works, the Queensland Government Chief Information Office
      (QGCIO) and the Queensland Government Chief Technology Office (QGCTO). The latter
      is located within CITEC.

3 Longhaus conducted a review of SDPC published reports to identify references to ‚prioritisation‛,
‚program management‛ and ‚project management‛.
4 As defined by Althaus, Bridgeman & Davis, The Australian Policy Handbook, Fourth Edition 2007.

Pa ge 2                                      Research by Longhaus Pty Ltd +61 (0) 7 3868 4796,
     ICT governance is ensured through mandated regular reporting by agencies to these
      central bodies, providing transparency to government and the local ICT industry and
      allowing operational control to remain with the agencies.

Jurisdiction                      ICT governance bodies                 Host organisation
United States Federal             Offic e of Management &               Executive Office Of The
Government                        Budget                                President
United Kingdom                    CIO Council                           Cabinet Office
                                  Office of Government                  Treasury
Australian Federal                Australian Government                 Department of Finance &
Government                        Information Management                Deregulation
New South Wales                   NSW Government Chief                  Department of Commerce
Government                        Information Office
Victorian Government              Government Services                   Department of Treasury &
                                  Group5                                Finance
South Australian                  Office of the Chief                   Department for Transport,
Government                        Information Officer                   Energy and Infrastructure
Western Australia                 Office of e-Government                Department of Premier &

     The United States Federal Government’s Office of Management & Budget is also
      supported by legislation in the form of the Clinger-Cohen Act (formerly known as The
      Information Technology Management Reform Act of 1996 ), E-Government Act of 2002 and
      Paperwork Reduction Act of 1995.
     The Queensland Government Chief Information Office has no specific legislation and is
      currently an office within the Department of Public Works.
     Instead, limited legislative authority for ICT strategic planning in the Queensland
      Government is embedded within the Financial Management Standard 1997 (FMS) which
      is enabled by the Financial Administration and Audit Act 1977 (FAA).
     As a result, the current ICT governance structures (such as the Strategic Information &
      ICT Board and CIO Council Executive) are peer group review mechanisms implemented
      under administrative arrangements only and unsupported by any formally issued
      instrument from government.
     The ICT industry is aware that both the Premier and Minister recognise these issues and
      have publicly indicated that the QGCIO role requires strengthening from a whole-of-
      government perspective to ensure agency compliance6.
     The ICT industry is also aware that the Queensland Government is considering the
      formation of a new ICT-oriented department, such as a Department of eGovernment.
     This type of approach has been taken previously in the form of the Department of
      Innovation & Information Economy and more recently the Ministerial position of

5 After the last state election the Victorian Government devolved the role of the Office of the Chief
Information Officer (OCIO) and Chief Technology Office (CTO) back into the Department of Finance
& Treasury.
6 As reported by ZDNet 15 th July 2008, see

to-give-state-CIO-more-powers/0,139023166,339290614,00.htm (Accessed 22/08/2008)

Pa ge 3                                      Research by Longhaus Pty Ltd +61 (0) 7 3868 4796,
      Department Small Business, Information Technology Policy, and Multicultural Affairs
      attached to the Department of State Development, Trade and Innovation.
     The ICT industry considers that these approaches were hindered by the lack of legislative
      purpose and senior ministerial status required to promote the outcomes possible through
      effectively governed ICT in cabinet.

     The IWG recommends that the Queensland Government give consideration to the
      following actions:
    G1. Create an ‚Information & Technology Management Act‛ that establishes ICT governance
        arrangements for the Queensland Government and gives sufficient authority to the
        QGCIO and QGCTO to implem ent compliance measures.
    G2. Remove QGCTO from within CITEC to avoid perceived conflicts of interest between the
        governance role of QGCTO and the execution role of CITEC.
    G3. Migrate the QGCIO and QGCTO to a central agency, which may be a new agency tasked
        with the ICT-enabled transformation of the Queensland Government.
    G4. Request greater accountability for the outcomes of other ICT governance bodies, such as
        the Strategic Information & ICT CEO Committee, CIO Council and CIO Council
    G5. Formally adopt the principles of Australian Standard 8015.
    G6. Increase governance over the implementation of ICT-enabled projects and processes
        through agency compliance with a mandated set of reporting standards set by the
        QGCIO; thereby providing clear metrics for central agencies and a window into
        government for the ICT industry.
    G7. Provide sufficient budget and resources to enable the QGCIO and QGCTO to provide
        effective leadership and governance of government ICT investments.
    G8. Perform systematic and mandated collection of metrics in relation to ICT pr ojects to aid
        in measuring the effectiveness of ICT governance arrangements as well as identifying
        and promoting successful government ICT projects.
    G9. Expand ICT representation, preferably cross-agency or external, on business-level
        governance bodies which monitor major agency, cross-agency and whole-of-government
        programs and projects.
    G10. Require agencies to obtain strategy advice on their business case and specifications from
         an experienced external ICT consultant before tenders are prepared.
    G11. Consider the creation of a specialised ICT audit function, potentially within the new
         Information Commission or Queensland Audit Office, with the capacity to monitor
         compliance with the Government’s ICT governance framework and agree external
    G12. Stipulate that auditors should be fully qualified and certified in ICT governance through
         a recognised external industry group such as the Information Systems Audit and Control
         Association (ISACA) or similar body.

Pa ge 4                                       Research by Longhaus Pty Ltd +61 (0) 7 3868 4796,