The NSW Independent Commission Against Corruption (ICAC) is attempting to help government agencies minimise the risk of corruption when they are managing IT contractors, following two recent high-profile cases in NSW.
In a paper released Wednesday, Managing IT contractors, improving IT outcomes, ICAC investigated the “unique pitfalls” that public sector managers who do not have IT expertise may face when dealing with contractors that are doing specialised IT work for their agencies.
Dr Robert Waldersee, executive director at ICAC’s Corruption Prevention Division told CIO Australia that over the past 12 months, ICAC spoke to CEOs and senior IT staff at several large organisations to determine best practices around auditing and managing IT contractors. Having these practices in place can “make corruption difficult,” he said.
ICAC found that all of their approaches to dealing with contractors were aimed at effectively managing five key areas:
- Linking of the business case to project controls
- Separating design and build
- Guarding the gateway through which contractors enter the organisation
- Managing project management
- Ensuring a clear exit strategy is in place.
ICAC uncovered corruption at two NSW government organisations since last year. In January 2012, a former IT contract project manager at the then Department of Education and Training engaged in corrupt conduct.
David Johnson was found to have manipulated the recruitment and payment processes at the department so he could financially benefit in the order of more than $400,000.
In October 2012, ICAC found that the University of Sydney’s IT manager Atilla “Todd” Demiralay engaged in corrupt conduct by using Succuro Recruitment, a business that he and his wife had a financial interest, to recruit contractors for the university.
Dr Waldersee said over the past 12 to 24 months the number of complaints to ICAC looked “fairly consistent” and the organisation has not specifically analysed complaints about IT contractors.
He said that managing IT contractors can be extremely hard for senior executives in government agencies who are not IT specialists. But these managers are still responsible to “sign off on a project.”
“You may not know whether a virtualised system is good or bad but you are forced to make a decision,” he said. He also pointed out that “if you’re a specialist in child protection, you’re unlikely to understand a complex document that has the specs of a new IT system.”
ICAC’s report said that decades of ”disruptive technological shifts” and constant innovation have led to unrelenting change in organisations being driven by an area that it outside the expertise of most operational managers.
This period of disruptive innovation has also resulted in the spread of an “immature industry structure with many micro firms,” the paper said.
There are around 20,000 IT firms in Australia with 85 per cent employing less than five people and only 500 with more than 20 staff. Meanwhile, there are more than 2000 specialist IT recruitment firms, some of which are owned by the contractors themselves, ICAC said.
Government needs for specialist IT assistance for a one-off project mean that it is often inappropriate to consider IT specialists for permanent positions, ICAC said.
Nor do specialists in cutting-edge technologies want to work in an environment where they are paid less and lose skills. Rather, specialists work in association with other micro firms, forming industry networks and associations, as needed, ICAC said.
“The resultant heavy reliance on contract IT specialists to design and implement highly innovative projects means that traditional methods of project control such as budget, specifications, timeframe, cost and measurement of deliverables become elastic and are rendered less effective,” ICAC said.
As these controls weaken, the ICAC has seen opportunities for profiteering and corruption increase; contractors can over-service, over-price and under-deliver.