'Significant failures' marred Victoria's fines IT system upgrade: auditor

Victoria's fines IT system overhaul suffered "significant failures" in planning and governance, some stemming from a desire to avoid a repeat of past mistakes, a scathing report by the state’s auditor has found.

The review of the infringements enforcements and warrant (VIEW) system also reveals that the project has now cost more than $125 million – almost three times its original budget of $46 million.

The report, released on Wednesday, criticised the Department of Justice and Community Safety (DJCS) for missing key targets that mean VIEW remains incomplete after more than five years of work.

“DJCS’s significant failures in planning the VIEW project meant that its implementation did not meet the expect time, cost, quality and functionality targets,” the report [pdf] concluded.

VIEW, which has been delivered on Civica's software platform, was originally intended to replace the 22-year-old Victorian infringements management system (VIMS) by January 2018.

But short timeframes and the need for significant customisation meant only five percent of intended functionality was delivered at go-live, a far cry from the 90 percent that DJCS had expected.

While remaining functionality was expected to be delivered six months later, Civica failed to meet the revised deadlines on two occasions, which had “significant, negative implications for Fines Victoria’s ability to process and enforce infringements”.

DJCS later made the decision to “not deliver VIEW in the form it originally intended” and is working through a program of remediation, which a report earlier this year indicated had “shown progress in operationalising end-to-end functionality”.

COTS “unrealistic” for fines management

One of the main reasons behind the failure was DJCS’s “misguided” decision to procure a commercial-off-the-shelf or COTS system, which the auditor said was unsuitable for the “complex” task at hand.

DJCS opted for a COTS system to avoid a repeat of its first failed attempt to replace the legacy VIMS with a customised fines IT system between 2007 and 2015.

That project – which was contracted to Tenix Solutions – was terminated after it overran by six years and cost $60 million – more than twice its planned outlay of $24.9 million.

Staff were of the belief that they should “avoid attempting another customised IT build”, despite an after action report blaming DJCS's “IT expertise” and “uninformed” approach to buying.

“This led to a fixed preference for a COTS IT solution with minimal customisation,” the report said, adding that staff “felt that [this approach] would avoid the complexity of the past attempt”.

“This was unrealistic because COTS solutions are designed and intended for delivering mass, simple transactions.

“Fines management in Victoria involves a myriad of complex and bespoke processes. Using a COTS solution could have met only some elements of the fines management system.

“Alternatively, fines processes would have required significant implication and streamlining to fit the COTS solution, which DJCS did not contemplate.”

By “limiting its procurement strategy” to only a COTS system, the auditor said DJCS “biased the advice it gave to government on available options”.

Worse still, DJCS was found not to have a “sound understanding” of the fines management systems and process across agencies when it went to market in January 2016.

At this time, the Fines Victoria business unit within DJCS had not yet been established and proposed legislation was still under development.

“DJCS went to market with underdeveloped specifications that were partially based on outdated and misleading requirements from the previous failed IT projects,” the report said.

Planning, governance hamstrung by staffing gaps

The auditor was also highly critical of DJCS’s wider governance of the project, which it said was “ineffective” and “not commensurate with the project’s importance and challenging nature”.

Core issues included a failure to “recognise or… fully acknowledge its gaps in technical expertise”, despite this having been raised in the project’s gateway reviews.

The lack of appropriate knowledge and experience meant that DJCS “staff were unable to properly consider IT options that could realistically deliver on its policy intent” and evaluate vendor claims.

It also led DJCS to “over-rely on a contracted IT advisor from an external advisory firm” whose “background and experience was not appropriate for the scale and complexity of the project”.

“DJCS tasked the advisor with multiple and conflicting roles across vendor procurement, project delivery and reviewing and assuring the project's progress,” the report added.

“This significantly compromised the independence and quality of advice provided to the project steering committee.

It also failed to “fully inform the Attorney-General about the project’s substantial risks and likely consequence”, which was partly due to “inaccurate reporting” from Civica and the IT advisor.

Ultimately, it recommended that “the launch go ahead, despite not having fully tested the system, adequately trained its staff or having contingency arrangements in place if the launch failed”.

Skills gaps also played a hand in the selection of a solution that was not fit for purpose, with vendor evaluation criteria overemphasising lesser requirements in place of fundamental technical elements.

“Based on… difficulties with the vendor for its past failed project, DJCS allocated almost 37 percent of the evaluation criteria to support in-project capability and customer service,” the audit said.

“Vital technical requirements, such as interfaces, reporting and generating fines correspondence, each accounted for less than five percent.”

The audit said there was similarly no evidence that DJCS “tested the preffered vendor's ability to customise its offerings”, despite the final tender assessment giving its software a functionality score of only 63 percent.

Even a site team sent to the US and the UK to review and assess the applicability of the software “did not have the necessary IT expertise to undertake that task”.

“DJCS also did not undertake simple inquiries that it could have made from Melbourne,” the report added.

“Doing so would have revealed that the successful vendor’s product had never been tested at the scale and complexity required to manage fines in Victoria.

"It had only been applied in local councils in London for traffic and parking fines and in local libraries for transactions in the hundreds of thousands each year.

“This was clearly not comparable to the roughly 6 million often complex fines transactions Victoria undertakes yearly.

“Such due diligence should have alerted DJCS to the likely incompatibility of the solution and negated the need for site visits.”