A second report tabled by the Queensland Auditor-General, Glenn Poole, into the Queensland State Government's shared services model has placed services provider CorpTech in the crosshairs for evaluation.
The report follows a damning evaluation of the Queensland Health payroll debacle, in which whole-of-government IT consolidation was called into question and the Government threatening to terminate a services contract with IBM. Employees affected by the bungle were recently told to recalculate their group certificates to ensure financials were correct.
However, while IBM was blamed for the majority of issues at Queensland Health, the latest report from the Auditor-General has shifted attention back to CorpTech as a potential failing point for issues in health and other government departments.
"While control environments are maturing at business unit levels, some of the internal controls that span across agencies or business units within agencies are not operating effectively," the Auditor-General's report reads, identifying particular risks in finance and human applications, general computer controls, system disaster recovery, segment reporting, the Annual Leave Central Scheme and Electronic Funds Transfer.
"Project management and implementation of new systems without effective consultation with other affected shared service stakeholders has led to inefficiencies in the delivery of key government outputs."
CorpTech was part of a shared services initiatives begun by the Queensland State Government in 2003 as a way of delivering cost savings in services and infrastructure across varied government departments. The Government merged CorpTech and infrastructure provider, CITEC, last year under the Department of Public Works.
However, the lack of updated technology has caused department processes to be weighed down by up to 15 legacy payroll systems in 13 different government departments, from providers SAP, Aurion, LATTICE, and TSS.
Queensland public works minister, Robert Schwarten defended the SAP payroll system last week, saying it was not at fault for issues at Queensland Health. However, the latest report from the Auditor-General found a standard system configuration was not used for one of the SAP payroll systems used in the health department - ECC5 - which could deliver human error in the way certain transactions are scrutinised.
"The number of systems that need to be separately maintained by CorpTech increases the risk of security failures and data integrity issues," the report reads. "While [CITEC] management has addressed several issues, minimal progress was made towards deploying technologies to assist in the detection of attempts to circumvent the technical controls that protect financial information and transaction processing."
As the Auditor-General's latest report was conducted in conjunction with the previous report on Queensland Health, many of the findings and recommendations around CorpTech have been addressed by the government.
Schwarten welcomed the report as an affirmation of decisions already taken by the Queensland State Government in the wake of the Queensland Health payroll debacle. The government acknowledged that shared services lead CorpTech was buckling under the pressure of multiple legacy systems, and called for a dual review of both the services provider and the state's whole-of-government shared services model, to be completed in September by PricewaterhouseCoopers analyst, Roger McComiskie.
"My department has offered Mr McComiskie full access to all information that he may require," Schwarten said in a statement.