The Queensland government's cloud-first rhetoric is not having the desired affect on adoption because agencies are still focused on managing IT rather than transforming service delivery, the state's auditor has found.
In a report tabled today [pdf], auditor-general Andrew Greaves said whilst the state government's cloud computing strategy had created awareness in the public sector of the technology, it was not driving the kind of change needed to actually boost adoption.
Two years ago the Queensland government became the first in Australia to force its agencies to consider cloud-based solutions first in any new IT procurements.
But the strategy's lead agency, the Department of Science, IT and Innovation (DSITI), never defined the benefits it expected would result from the approach and is not monitoring progress nor the effectiveness of agencies' implementation of the strategy, the audit report found.
This has meant agencies remain focused on managing IT assets and are not looking strategically at which elements of their IT environment would deliver greater value as a cloud-based solution.
"Departments now need to take a more strategic approach—to assess where cloud can add the most value, and to address the people, process or technology change activities that are required if the objectives of the ICT strategy are to be realised," advised the report.
"Failure to do so will limit their abilities to benefit from cloud and other emerging technologies and may result in higher cost ICT environments, more operational risks, an inability to keep up with citizen expectations of service delivery, and continued risk around ageing systems."
While DSITI offers guidance for agencies on assesssing the suitability of cloud computing, it does not provide any advice in terms of assessing technical standards, compliance, backup and DR, security, and data sovereignty, the report found.
"Each department sources this type of information independently," it said.
Similarly, despite establishing two separate panels for the procurement of cloud services, the department has no way of demonstrating that the panels provide value for money, according to the auditor.
"This is because they have not tracked the cost of establishing the panels, and do not have the data or processes to identify departments that use the panel for their cloud procurement," Greaves wrote.
"Consequently, DSITI is unable to identify the financial benefits of the panels or to forecast the usage for cloud services. Rather, it relies on the vendors to provide it with information about the use of the panels."
The audit office recommended the Qld government CIO update the state's cloud strategy to include performance indicators and expected benefits as well as timeframes for adoption.
It said DSITI should work with departments to obtain data on cloud usage, and the department and QGCIO should both work on developing guidelines for agencies to manage IT service and operational risks in a cloud environment.
All departments need to evaluate their current IT environment to develop roadmaps and transition plans for "transforming IT service delivery incrementally", the audit office said.