default text | larger text
top navagation imagemap Link to home page Link to search page Link to help page Link to sitemap page Link to website privacy statement Link to contacts page Link to disclaimer/copyright information
 
About the Office

Reports to Parliament

Performance Indicators

Other Publications

Media Statements

Work In Progress

Resource Links

Annual Report

Job Vacancies

Graduate
Opportunies

Information
for Agencies

Refer this Page

 

 

 

Second Public Sector Performance Report 2007

Report No 3 - April 2007

This second Public Sector Performance Report for 2007 contains the results of two information technology related examinations.

Major Information and Communications Technology Projects – Performance Examination

The community today expects government to deliver better, faster, cheaper and more convenient services in a wider variety of ways. Information and Communications Technology (ICT) assists government agencies to meet these challenges. These technologies have become essential for delivering many services to community standards at an acceptable cost.

However, major ICT projects are difficult to deliver. International research finds that many projects are not delivered on time and on budget and fail to achieve their intended benefits.

Key Findings

  • Over the next 10 years, Western Australian government agencies will be undertaking more than 150 major ICT projects (that is, projects costing more than $1 million), at a cost of at least $1.5 billion.
  • We recognise that public sector agencies have successfully delivered some major ICT projects. However, our previous audit reports and our examination of five projects currently underway identify that agencies have difficulty successfully delivering ICT projects. In this respect, Western Australian agencies share international experiences that major ICT projects typically underestimate the time and resources required.
  • Difficulties we identified include:
    • the duration of some projects were two to three times longer than estimated
    • budgets were exceeded by over 100 per cent
    • intended benefits were delayed or not fully realised.
  • Our audit also identifies that the same causes of difficulty have persisted over time. They include passive rather than active executive governance, changes to scope and requirements, technical complexity, inadequate costing and over-optimistic scheduling.
  • Some line agencies are taking positive steps to improve the delivery of their own major ICT projects, most notably, by introducing new project management methodologies and establishing executive governance arrangements.
  • Both the Department of Treasury and Finance and the Office of e-Government are also contributing to improvements in ICT projects. They are doing this through their review and approval process for major ICT projects.
  • There is a limited public sector wide approach to assisting agencies to learn from their own and other’s experiences.

What Should Be Done?

Public sector agencies should:

  • explicitly assess the extent to which the persistent difficulties in delivering projects pose a risk to their own projects
  • adopt strategies to address these risks and prevent project difficulties including:
    • building better business cases
    • active executive governance
    • focusing on business benefits
  • be more accountable for problems in project delivery, and report on project results, including total cost, timeliness, and benefits realised.

The Departments of the Premier and Cabinet, and Treasury and Finance should put in place a strategy that assists agencies to learn from each other’s experiences that includes:

  • identifying common difficulties and effective remedies
  • how to maximise the achievement of intended project benefits
  • sharing this learning among all agencies.

Security of Wireless Local Area Networks in Government

Information and communication technology (ICT) is the epitome of rapid technological advancement. Maintaining currency with ICT advancements is challenging but rewarding if managed properly. One of the important developments occurring in ICT is wireless technology.

Computer networks are formed traditionally by connecting computers using copper wire. In recent years, wireless connectivity using unlicensed radio frequency has become universally available. Computer interconnectivity using wireless gives greater fl exibility in information delivery and in responding to changes in ICT infrastructure needs. For instance, wireless can connect to the hard-wired network or operate as a separate network.

Wireless is also relatively cheap, though its service speed is presently slower than hard-wired networks. Wireless connectivity also creates security risks that agencies need to understand and factor into their business decisions. Such risks primarily relate to the signal range of wireless systems and the consequent capacity for people outside the premises to jam signals, intercept and read emails and access, read and change confidential information in agency networks.

This examination assessed the extent and adequacy of wireless implementation by WA government agencies. We examined 15 agencies, though for security reasons we are not disclosing their identity. Eight of the 15 agencies were making use of wireless though in only one of the eight agencies was it a primary network connection.

Key Findings

Wireless offers practical benefits but it also creates significant security risks. However, these risks are often not well managed:

  • Serious information security weaknesses were evident in seven of the eight agencies including one agency with wireless installed by a business unit without the knowledge or authority of the responsible persons.
  • Six of the seven agencies using authorised wireless systems could not provide the original business case for such use. Although the cost of a wireless system can be low, the risks can be high and therefore appropriate approval is essential.
  • Only four of the eight agencies with wireless systems installed had specific policy for wireless.
  • None of the agencies was monitoring for unauthorised installation of wireless access points or external interception of the agency’s wireless signals. Creating a wireless access point or intercepting wireless signals can be done simply and cheaply and must therefore be monitored.
Report summary table
With wireless
With adequate security
With business case
With wireless policy
Monitors for wireless activities
8/15
0/8
1/8
4/8
0/15

 

What Should Be Done?

All agencies should ensure that they have appropriate wireless policy and that they monitor for unauthorised wireless installation and access to the network. If they have wireless installed, then they should also periodically review security arrangements such as the strength of transmission signals and the adequacy of data encryption.

 

Click here for the Full Report in Adobe PDF (450kb PDF)

Problems downloading this report? Email our webmaster

Home Page | About the Office | Reports To Parliament | Performance Indicators | Other Publications
Media Statements | Work in Progress | Contact OAG | Resource Links | Annual Report | Job Vacancies

Information Copyright © 1996-2008 Office of the Auditor General
Disclaimer/Copyright | Privacy Declaration