SA govt spends $20m-plus on legacy system support each year

Legacy systems are costing the South Australian government in excess of $20 million in additional vendor support costs each year, with more than a quarter of major applications now unsupported.

The finding is contained in the auditor-general's annual IT review of the state’s 18 biggest agencies, which also reveals almost three-quarters of applications are more than a decade old.

The agencies audited include the departments of Premier and Cabinet, Treasury and Finance, Education, Human Services, Health, Corrective Services, as well as South Australia Police.

The auditor found that the heavy reliance on legacy systems for key business processes presents a “challenge” for agencies, with those systems “impacting current business operations and strategic objectives”.

According to figures provided to the auditor “at least $20 million” is being spent on additional vendor support costs by the 18 agencies each year, with the majority of the money flowing to legacy applications ($18.9 million).

However, this figure does not include costs for the 59 percent of applications covered by current vendor support arrangements, or those applications, operating systems and databases that receive only in-house support.

“These additional costs are not included in this total as it was difficult for agencies to accurately allocate the cost to maintain each system,” the report states, adding that the exact cost of additional vendor costs is “difficult to quantify”.

Of the 215 legacy applications reviewed, only 55 applications (26 percent) were found to be less than a decade old, with the remaining 160 applications (76 percent) between 10 and 26 years old. 

The report said the vast majority of the 160 applications that are more than a decade old were implemented between 2001 and 2010, or 1991 and 2000, though 24 applications date back at least 30 years.

It noted that two agencies maintained “significantly more [applications] than others”, accounting for 84 of the 215 applications tested, though did not name the agencies. One agency had no legacy applications in operation.

Only 60 percent of the applications were found to be upgraded in the last five years, with around half the remaining applications “unsupported by the application vendor”, despite the majority being identified as “key business applications”.

The auditor also found financial applications were more likely to be updated or replaced on a regular basis than operational applications, despite accounting for just eight percent of the applications tested.

Agencies advised the auditor that while they “intended to upgrade or replace 162 (75 percent)” of their legacy applications, there were no plans to replace the remaining 53 applications - 39 of which are key business applications. 

The most common reasons given by agencies for the lack of replacement plans was “other agency priorities”, followed by “resource deficiencies” and “still assessing future options”, though “no vendor upgrade available” also ranked high. 

The auditor said that although some legacy applications were meeting current business needs, these apps “may present agencies with other risks and challenges” over time such as security vulnerability, problems with integration and potential system performance issues.

“We acknowledge the difficulties agencies have when accurately assessing the costs and benefits associated with upgrading or replacing their legacy systems. In some cases, replacing them will require significant funding and resourcing,” the report states.

“Despite these costs, agencies must be proactive in managing legacy systems and manage the risks arising from them. They should prepare business cases to help evaluate the feasibility of replacing these systems against other agency priorities.”

“We note that legacy systems are impacting current business operations and strategic objectives within agencies. They are also potentially increasing operational costs and exposing agencies to additional security risks.”