Govt vetting system failing despite $37m upgrades

The government systems underpinning the security vetting and clearance of Australian government employees and contractors are unreliable and difficult to use despite an extra $32 million investment over the past seven years.

In a report on the Australian government's approach to security vetting released yesterday, the Australian National Audit Office revealed the Defence department had invested heavily to improve the performance of core vetting systems to no avail.

The ePack and personnel security assessment management system (PSAMS) had $37 million poured into upgrades since 2008 with the expectation they would make a "marked difference" to vetting performance, the ANAO wrote.

The ePack system allows those requesting clearances to submit and complete their applications online.

The information is upload into PSAMS, which is meant to prevent vetting applicants from progressing through the system without having completed certain tasks.

The upgrades were approved in May 2008 with an expectation the project would be complete by June 2009 for ePack and March 2010 for PSAMS at a total cost of $4.8 million.

However, the upgrade for ePack did not go live until September 2010 and at the added cost of $5.6 million.

When the update went live, the system contained 58 severity one and 544 severity two level defects, meaning users struggled to adequately use the platform.

The PSAMS upgrade was also not released until December 2012 at a cost of over $32 million.

The ANAO attributed the delays to the government's creation of a centralised body for security vetting, the Australian Government Security Vetting Agency (AGSVA) within Defence, in 2010.

It meant the systems needed to be able to manage clearances for additional organisations and support revised security levels, the ANAO said.

AGSVA commenced operations in October 2010 without a comprehensive, centrally managed set of procedural documentation or robust, fully functioning ICT systems, the ANAO said.

The subsequent combined cost of the project ballooned out to $37.7 million - almost eight times the original estimate.

The audit office identified "shortcomings in project planning, insufficient application of ICT expertise and major changes in project scope" as drivers behind the delays and cost overruns.

To this day AGSVA staff are still occasionally having to rely on hard copy documentation when PSAMS fails, the audit office reported.

The agency is also forced to use Microsoft Outlook to manage workflow due to PSAMS' limitations.

While the upgrades had resulted in some improvements in completing vetting tasks and allowing the department to be compliant with policy, the ANAO said, the systems still lacked "reliability and functionality". 

"The ePack system remains a frustrating and difficult system for individual users to navigate, raising efficiency and productivity issues in the vetting process," the ANAO reported.

"Further, there is at times a reliance on inefficient hard copy documentation processes. PSAMS also does not support certain tasks .. as part of the ongoing management of clearances."

In spite of the costly upgrades, Defence determined in early 2014 the system would not be able to support future vetting operations, the ANAO said, meaning further investment in a new platform in the future was necessary.

The ANAO said Defence informed the audit office in February this year that ePack remained subject to ongoing fixes and enhancements.

The AGSVA currently deals with around 349,000 security clearances.

Among a number of recommendations, the audit office suggested Defence develop a "clear pathway to achieve agreed timeframes for processing and revalidating security clearances".

The agency agreed to adopt the recommendations, according to the report.