NSW's plan to banish IT failures for good

The NSW government has released a tough new plan for keeping IT projects in check so funding can be blocked from ailing initiatives before they turn into the next LMBR.

The Department of Finance, Services and Innovation has put together a tiered review framework that will compel agencies to undergo mandatory check-ups at set intervals in an effort to protect the $2.4 billion the state spends on IT every year.

The state has learned the hard way how tricky big IT projects can become, as the Department of Education's notorious learning management and business reform (LMBR) reaches a total estimated cost of $752 million.

In response, the DFSI has set up a dedicated assurance unit that will become the independent arbiter of its new “ICT assurance framework” (IAF). The final word on whether projects are ready to progress will lie with new government chief information and digital officer Damon Rees.

“The [framework] will provide the NSW government effective tools to monitor this investment, receive early warning of emerging issues, and act ahead of time to prevent projects from failing,” the department said.

The risk-based scheme will see all projects in NSW that are valued at $10 million or more sorted according to risk, complexity, and profile into one of four tiers, with tier one reserved for those with the highest risk and profile.

The sliding scale of external monitoring means:

• All projects over $10 million must be registered through DFSI’s online IAF portal by the end of this month (earlier for high risk projects)
• Agencies must use the IAF risk matrix to categorise their project into a risk tier, which will then be assessed by the GCIDO’s office
• All projects subject to the IAF will need the green light from the GCIDO before they can proceed
• Tier one projects need to pass six independently audited gateway reviews plus twice-annual independent health checks and additional health checks if any adverse events arise
• IAF requirements relax progressively until tier four, where projects need only to pass a due diligence review at the first two phases of their rollout
• With the endorsement of the DFSI secretary, the GCIDO will be able to withhold approval for an agency to move onto the next stage of a project until gateway concerns are addressed.

Initial investment will be guided by a number of core principles, including funding projects sufficiently for their relative complexity, designing projects around maximum two-year modules - which each independently demonstrate value to the state - making sure all business change and asset maintenance costs are visible in the business case, and only releasing full funding to projects once they are “set up for success”.

DFSI received $9.8 million over four years in the 2016 budget to set up the framework, which was sent to agencies on September 5 through an official circular from DFSI secretary Martin Hoffman.

The scheme is a step up on even the Commonwealth’s ICT two-pass review process, which sees the federal Department of Finance take a comb through all tech projects over $30 million before they are sent to cabinet for approval, on top of the standard six-stage gateway review process.

One of the last big projects to get knocked back by Finance’s periodic audits was the AFP’s core crime systems replacement, which was ultimately cancelled.

Victoria has recently promised to shine a light on its own project performance with a public IT dashboard, but the first iteration of the transparency initiative is still based on data from March.