An identity access management (IAM) project for the Fiona Stanley Hospital in Western Australia has failed due to poor management, according to a government audit.
“Project planning was deficient and governance and oversight including monitoring of progress was inadequate,” according to an Information Systems Audit Report released today by the WA Office of the Auditor General.
The IAM project for the new hospital was meant to provide anywhere, anytime access to IT systems and physical hospital buildings for authorised individuals.
The project commenced in 2011, but the WA Department of Health stopped development in October 2013. At the time of the decision, $6 million of a budgeted $9.2 million had been spent.
“The IAM project will not be complete when Fiona Stanley Hospital opens later this year,” said the audit. “Granting of access to the key IT applications and physical access to the hospital buildings will not be automated.”
The auditor blamed poor management of the project.
“The business mapping of staff roles to their required ICT access lagged behind the technical development of the solution. Critical technical dependencies and difficulties that threatened the feasibility of the project were therefore not identified in a timely manner.
“This issue, although raised in successive project status reports, was not elevated to the appropriate levels of management to be actioned.”
The audit lists a range of problems that contributed to the failure, including a missing business case, a protracted tendering process, no proof of concept to demonstrate viability and a lack of suitable project governance.
“Governance, ownership and oversight of the project was undermined by a number of factors including the appointment of the Chief Information Officer (CIO) as project executive sponsor,” the audit found. “This meant there was no independent project oversight.”
“In addition, Health delayed engaging a permanent project manager until late 2012, over four years after the project had started and a number of other key positions, including that of CIO and program and project managers were filled by contract staff.”
The audit recommended that the WA Department of Health should assess whether the IAM project is still able to deliver what it had intended and if it still matches current need. The department should also learn from its mistakes for the sake of future ICT projects, it said.
“Unless we get better at bringing in ICT projects on time and budget, the state will continue to spend millions more than necessary,” cautioned Auditor General Colin Murphy.
In response to the report, the Department of Health said it’s making several changes to improve the governance, management and delivery of ICT projects, including a new ICT governance structure and an ICT executive board.
“The new governance structure outlines the decision making framework for WA Health’s ICT investment. It clarifies the expected roles, responsibilities and accountabilities of all parties involved in the planning and delivery of ICT programs and projects.”
“This approach will ensure decisions about ICT are business-led and appropriately support the achievement of WA Health’s strategic and business objectives. The new arrangements will also ensure rigorous project management and reporting arrangements are in place for all ICT projects.”
The government department said it’s still deciding the fate of the IAM project.
“The Department of Health is currently giving consideration to whether the intended benefits will meet the current or future needs of the health system and appropriate ongoing management of the project.”
The Fiona Stanley project was just one ICT debacle identified today by the WA auditor. The report also reproached five state government agencies for poor implementation of the cloud.