The Victorian government’s IT services provider Cenitex is failing to meet both its own expectations and that of its 35 customers, with its ageing technology stack partly to blame, the state’s auditor-general has found.
In a scathing audit [pdf] released on Thursday, the state's audit office said the finding presented “significant challenges” to the agency's relevance as a shared services provider.
Amid an increasingly competitive IT services environment, the audit reveals Cenitex’s performance has “fallen short of its own targets and customer expectations”, and that the agency is struggling to understand customer needs.
The agency – which was established in 2008, first as a mandatory IT service provider – currently services 45,000 public servants across 35 departments, portfolio agencies and government entities.
“Cenitex has not met its own or its customers’ service level expectations. It is not yet efficient because, while it has data to suggest its fees are competitive, it does not meet it service targets,” the report states.
The auditor-general said the service levels – many of which were “set more than ten years ago” – had not been updated to meet contemporary expectations despite “changing ICT and customer environments”.
Real-time processing of data is one such customer needs that the auditor-general considers not to be well reflected in Cenitex’s service level measures, with “less than one in five (17 percent)” relating.
“Cenitex's measures instead focus on service provision and requests, which are less important,” the report states.
“Cenitex does not have some key service availability and incident management measures, which would help it prioritise what is important for customers.
“Comparative ICT service providers have set more challenging service level targets, enabled by adopting more innovative approaches, including automating processes.”
Although the agency managed to meet its “monthly service level targets on average 68.8 percent of the time from 1 January 2016 to 31 December 2018”, the level of performance varied “significantly” across different areas.
“While it met its service availability and request for service targets more than 70 per cent of the time, it met its restoration of service and call centre targets less than half of the time,” the report states.
In the case of restoration of service, the auditor-general said Cenitex “met these [monthly service level targets] only in two months and six months respectively over the 36‐month period”.
“These incidents also took longer on average to resolve—increasing from 2017 to 2018 by 2 hours (28 per cent) for severity 1 incidents and 2 hours and 27 minutes (37 per cent) for severity 2 incidents,” the reports states.
This is despite a downwards trend in both severity 1 and 2 incidents between January 2016 and December 2018 due to Cenitex’s “targeted program of initiatives to assess root causes and systemic issues”.
The report also found there was “no documentation outlining the basis for the associated targets or their alignment with ICT infrastructure, service requirements or funding”.
“Consequently, not all the service level measures are relevant or reflect current customer expectations,” the auditor-general said.
“Significant challenges” ahead
Partly responsible for Cenitex’s failure to meet service level expectations are “service disruptions due to ageing assets, unreliable end-of-life technology and lack of automation”.
“Cenitex faces significant challenge to stay relevant to its customers. These include changes in the way technology is delivered and consumed,” the report states.
“Cenitex hosts most of its business in managed data centres on old technology. This has created major resiliency issues, resulting in failures affecting service availability.”
The report points to the uncertainty between 2011 and 2014, when the then former Liberal government considered selling off the agency, as having “hampered its ability to plan for the future”.
“It did not invest with its technology platforms and services during this period to keep pace with accelerating change in the ICT industry, impacting its customers’ service delivery and workforce productivity,” the report states.
However, the auditor-general does note that the agency has begun to “upgrade its old technologies, increase service automation, redesign its structure and business processes” through its core IT overhaul, dubbed Project Fortify.
The project, which is considered Cenitex’s most ambitious technology refresh since its inception in 2008, will see the agency shift to an end-to-end VMware hybrid cloud environment to improve “resilience, reliability and security” before the end of 2019.
“Program Fortify aims to deliver four key technology initiatives, as well as increase service automation, redesign the organisation’s structure and business processes, and improve staff skills,” the audit states.
As at July, the approved budget for the project was around $25.1 million, which represents a $7.8 million increase on the original approved business case.
“The significant increase (around 45 per cent) to the original business case budget raises questions about whether the benefits of Program Fortify still outweigh the costs,” the auditor-general said.
The report recommends Cenitex strength is performance framework containing the service levels metrics and improve the quality of the information provided to the agency’s board.
The agency has also been asked to develop a benefits management plan of Program Fortify.