DTA slammed for breaking procurement rules in $55m ICT spend

An examination of the Digital Transformation Agency’s most costly procurements has found it did not manage risks or follow Commonwealth Procurement Rules, and “fell short of ethical requirements” in a sampled $54.5 million technology spend.

The damning review, released on Wednesday, found evidence of conflicts of interest, suppliers given unfair advantages, above market rates, duplicate payments, a disregard of fraud warnings, poor or missing records, and not monitoring contract performance in nine ICT-related procurements examined by the Australian National Audit Office (ANAO).

The ANAO found none of the nine procurements it scrutinised – covering projects like the myGov overhaul, the COVIDSafe app and cybersecurity – were conducted effectively, prompting eight recommendations for sweeping governance improvements at the DTA.

The original value of seven of the contracts awarded via the Digital Marketplace was $25 million, but has since more than doubled to $53.7 million, with the DTA found to have not properly managed performance or verified the work that suppliers said had been done.

While the DTA has established a procurement framework, the ANAO determined “its implementation and oversight has been weak”.

“The DTA did not conduct approach to market or tender evaluation processes effectively, and it did not consistently provide sound advice to decision-makers. The DTA’s frequent direct sourcing of suppliers using panel arrangements does not support the intent of the [Commonwealth Procurement Rules] including the achievement of value for money,” the report said.

The DTA has accepted the recommendations and attempted to justify some of the shortcomings as a consequence of pressures brought on by the pandemic.

Little regard was given to Commonwealth Procurement Rules [CPRs] in the procurements examined, with the ANAO finding the DTA routinely failed to consider value for money, assess risk or even estimate the maximum value of procurements in the planning phase.

The procurements examined by the ANAO were chosen based on their value, risk, relevance and type. They include seven of the DTA’s nine highest value procurements for 2019–20 and 2020–21.

When approaching the market, the DTA failed to keep appropriate records of the activity in nearly all the procurements.

Seven of the procurements were reported to have occurred through the Digital Marketplace, an online marketplace of digital and ICT services purportedly established to help smaller companies compete for government contracts.

The ANAO has previously found the DTA broke procurement rules in establishing the Digital Marketplace in 2017.

But in most cases the DTA approached only a single supplier on the marketplace, with the procurements only open for around one week or less. All of the contracts that resulted from single supplier approached procurements increased massively in value.

In one procurement for myGov funding case support, only a single supplier, management consultants Nous Group, was approached for the work outside the marketplace despite the DTA later reporting it as an open tender Digital Marketplace procurement.

The DTA accepted a verbal offer for an initial $121,000 contract with Nous Group which has ballooned 40-fold to nearly $5 million, with the scope of work changing substantially through 10 variations.

The ANAO concluded the DTA’s procurement process, particularly the use of panels, fell short of the intent of the CPRs.

In another incident, senior executive from the DTA met with representatives from cybersecurity firm CyberCX about the government’s planned project to ‘harden’ its IT. A subsequent approach to market sought a partner to for the work, but CyberCx missed the deadline to make an offer.

But after speaking with the company, the DTA decided to reapproach CyberCX and gave it an opportunity to make an offer to compete with a proposal which had already been ranked highest and considered the preferred supplier.

In order to “get the cost down a bit”, the DTA deputy chief executive officer allowed CyberCX to bid for the work, giving a verbal approval to set aside the initial preferred supplier and approach CyberCX.

CyberCX would eventually be handed a contract for the work, which has since increased eight-fold to $8.5 million.

The audit office also found ineffective or missing tender evaluation processes.

“None of the examined procurements fully complied with CPR requirements to: consider value for money; notify unsuccessful tenderers of the outcomes of procurements; and maintain appropriate records of the approach to market,” the report said.

The agency also failed to provide decision makers with “sound advice”, including whether the selected tenderers would provide value for money or how risks would be managed.

After the contracts were signed, the DTA did not effectively manage them, including monitoring the performance of many of its largest technology spends.

The DTA overpaid one supplier Delv more than $380,000 through two duplicate payments for its work on the COVIDSafe app. This was only noticed by the DTA when identified by the ANAO earlier this year as part of its inquiry. It’s unclear if the money has been returned, with Delv and the DTA yet to agree on a repayment plan as late as last month.

Payments for most of the nine procurement were also found to have been made without being tied to milestones. Invoices for four of the procurements were based on the time charged by consultants on the projects and were not linked to milestones or deliverables.

But the DTA “did not have documentation to demonstrate how timesheets were verified for any of the procurements”.

Value for money was not adequately considered in the variation to contracts after they were signed, which occurred in seven of the nine procurements examined by the ANAO.

“In one case, a directly sourced contract was ‘leveraged’ multiple times, increasing in value by 40 times with substantial changes to scope,” the report said.

“Varying a contract in this way is not consistent with ethical requirements.”

One contract was “leveraged” by the DTA through 10 different variations after it was originally signed for $121,000, “substantially changing” its scope and eventually reaching a cost of $4.9 million.

The ANAO made nine recommendation – eight to the DTA and one to the Department of Finance regarding better reporting for procurements from panel arrangements.

The DTA accepted its eight recommendations covering areas like risk management, fraud awareness and to align its approach to market and tender evaluation processes with CPRs.

Current DTA chief executive Chris Fechner said he welcomed the “opportunities for improvement” identified by the audit office.

“Work has already commenced on clarifying internal procurement processes and requirements, record keeping and governance at a central level with training and education campaigns to be rolled out at the agency soon,” he told the Auditor General.

Mr Fechner also provided additional comments to the ANAO “not intended for publication in the final report”.

In a public statement made Wednesday, the DTA chief executive also drew attention to some of the procurements relating to the government’s urgent response to the pandemic.

“The pace of the Government’s response to the pandemic increased the risks involved in these procurements, particularly where they were undertaken on shortened timeframes or transferred from one entity to another,” he said.

Only three of the DTA procurements examined by the ANAO relate to the government’s pandemic response and the DTA did not set aside CPRs for any of them, as may have been allowed under provisions for the protection of human health.

Does your company sell information technology products or services to the Australian Government? InnovationAus.com is conducting a survey of government suppliers. Have your say: Tell us your experience.

Do you know more? Contact James Riley via Email.