An Auditor-General’s review of a $313 million business transformation project at the Australian Bureau of Statistics aimed at reducing the risk of system failure has provided insights into the now infamous 2016 eCensus failure and prompted fresh guidance to Commonwealth agencies.
The audit focused on the ABS’ risk management arrangements for its Statistical Business Transformation Program and did not directly examine the planning and events around the eCensus failure.
However, the Australian National Audit Office and the eCensus issues highlighted the need to ensure the adequacy of the ABS’ overall risk management arrangements and capabilities.
“The audit will provide assurance regarding the adequacy of risk management arrangements underpinning the delivery of the program. Any suggestions for improvement or recommendations from the audit could usefully inform the delivery of the remaining elements of the Program and assist the ABS to improve its approach to risk management,” the ANAO wrote.
The ANAO found that the ABS’ risk management framework only partially met Commonwealth guidelines and that it was yet to be fully integrated into the bureau’s business processes.
It also found deficiencies in the ABS’ ability to conduct regular oversight of strategic risk.
The ANAO also found discrepancies between the ABS self-assessment of the operational maturity of its risk management against Commonwealth benchmarks when compared with that conducted by private provider, Deloitte Risk Advisory.
While the ABS self-assessed its risk management maturity level as “Systematic” in 2017, and higher as “Integrated” in 2018, Deloitte’s 2017 review only managed to give it score of “Fundamental”, the lowest possible grade of maturity.
The ANAO recommended that the ABS finalise its risk management framework to comply with Commonwealth policy. In response, the ABS said it had already made progress toward the goal.
“The ABS is working to align its risk management framework with the Commonwealth Risk Management Policy and will be implementing an effective process to manage the strategic risks. ABS has already enhanced its risk management of our main economic and population statistics,” the ABS said.
Overall, the ANAO found that the ABS’ risk management measures for the transformation program were adequate, but raised some concerns around the potential risk of a cost blow-out.
“The risk that the ABS will not have sufficient funds to fully implement the program has not been managed effectively. The ABS has not quantified the scale of funding issues or revised the program costs to reflect changing circumstances,” the ANAO said.
In its response to the audit the ABS defended its performance managing the project and said that new technology was increasing risks associated with delivering an estimated 500 data sets each year, while resources to manage them were becoming scarcer.
It also noted that the many aspects of the project, including its progress, had attracted praise the Department of Finance in 2017 Gateway Review.
Nevertheless, the ANAO recommended that the ABS update it total program cost and manage its budget to ensure that it meets its outcomes.
In response to the review the ANAO a new set of best practice guidelines for all agencies, including taking steps to ensure that their risk management strategies are in line with Commonwealth guidelines and undertaking regular cost updates in large projects.