Questions over DTA's govt-wide IT oversight function

Questions have been raised over the Digital Transformation Agency’s ability to intervene in failing government IT projects following the downfall of the national biometrics database last year.

In senate estimates overnight Labor Senator Jenny McAllister confronted the government’s lead on IT policy and procurement over its oversight of projects as part of its digital investment review process.

Her questioning centred around the Australian Criminal Intelligence Commission’s (ACIC) junked biometrics identification services (BIS) project, which the auditor-general last month characterised as “deficient in almost every significant respect”.

The project, which had intended to replace the national automated fingerprint identification system, was dumped last June due to ongoing delays, forcing the ACIC to swallow costs of $34 million.

While the audit itself was not critical of the DTA’s involvement in the project – noting that it is not a regulator and has no legislative mandate to direct entities – McAllister said the agency’s failure to effectively mitigate issues with the BIS project highlighted limitations at the heart of its mandate.

The committee heard that attempts were made to contact the ACIC about the project after it consistently self-reported the status of the project as amber/red, but that these were largely limited to email and phone contact.

“Do you think this points to some of the limitations of the operating model for the DTA? That you’re before a senate committee, senators are trying to understand what you role is and why you didn’t prevent this $34 million disaster and your answer is because they wouldn’t return our phone calls,” McAllister said.

“It does point to a structural problem in the role of the organisation does it not?”

It was a conclusion rejected by DTA CEO Randall Brugeaud, who indicated the agency had the ability to escalate its engagement with agencies over troubled IT project but that this was hindered by last minute changes to the ACIC’s self-reporting on the project.

“There is an opportunity clearly for us to escalate, however in this particular case that occurred very late in the program due to the fact the self-assessment was adjusted to a medium delivery confidence late in the program,” he said.

Brugeaud – who only became aware of issues with the project in May 2018, a month before the contract was terminated by the ACIC - said the DTA’s visibility of projects, including those most at risk, was largely limited to what agencies self-report.

“We have the visibility of the inputs that are provided through the self-assessments of the individual agencies involved, so if that wasn’t made visible to us we wouldn’t have been aware of it,” he said.

He also rejected that the DTA had any accountability for a project that was the “responsibility of the owning agency” and said it was ultimately up to the government to decide its mandate.

“We have a limited capacity to forensically examine projects in detail across government, so ultimately the accountability lies with the owning agency and our involvement and our capacity to government is at an aggregate level,” he said.

“Fundamentally we’re working within the parameters that have been assigned.”

The DTA's visibility of projects has previously come under fire for failing another $24 million government IT project last year.

At budget estimates last May the agency was blasted by Labor Senator Doug Cameron for its lack oversight of the Department of Education’s national apprenticeship management system (AAMS), which was similarly scrapped after a series of governance failings.