Annex J
Information Technology Systems
1. The nature of the Department and its operational imperatives means that the Department of Work and Income (as with its predecessor NZ Income Support a business unit of the Department of Social Welfare), is a very large user of technology systems. The Department has a significant IT operation both as a manager and as one of the users and contributors to the data platform operated by the Ministry of Social Policy. DWI is also a major user of telephonic systems. The Department is virtually totally reliant on these technology systems for its day to day operations. Any failures in these systems can have a significantly detrimental effect on the ability of the Department to perform its prescribed functions and consequently a very serious impact on many of the people DWI has described as its "customers". There may also be serious wider government implications such as an inability to transmit to the Inland Revenue Department information about tax deductions and other Crown revenue.
2. The Government, as owner of the IT systems operated or utilised by DWI and controlled by the Ministry of Social Policy through its Consolidated Network System, has a large investment in ensuring that the systems in both organisations are well managed and maintained. The structural arrangements as between contributing organisations, the organisational management of the systems, including relationship management, and the management of contracts for supply of IT services, is therefore a critical function for top management in DTI. Because of the interconnection with MSP as the "Owner" of the consolidated network there must be high level management interaction between these two public sector departments. A major IT development such as FOCIS adds to the imperative for the Chief Executive of DWI and other senior staff in the Department to be appropriately but directly involved in the oversight and management of IT and telephonic services. This includes high level interaction with other contributors both inside and outside the public sector whether that be operational or developmental.
3. There are three areas of IT activity in DWI that carry risk. These are:
- Management and operation of DWI applications including SWIFTT, SOLO, TRACE, SAL (Student Allowances and Loans) together with other applications providing Corporate functions
- The Consolidated Network System operated and managed by the Ministry of Social Policy serving DWI applications (and those of other public sector organisations )and maintaining a longitudinal data base. The integrity of the data collected through the Information Analysis platform is critical for government social policy planning and for fiscal forecasting in this sector.
- Development of FOCIS (Fast On-Line Customer Information System)
All of these systems and the related applications must have highly efficient and regularly tested disaster recovery capability. A brief comment on this aspect of the IT activity is made in paragraph 4.
3.1 Management of current DWI applications
3.1.1 By any standards the DWI IT operation constitutes one of the largest "IT shops" in New Zealand. The system consists of large mainframes and carries a huge volume of transactions. There are 170 locations that use the systems and applications. All depend on system reliability, continuity and integrity. The network operates upwards of 6500 PCs and 700 printers. The SWIFTT application alone carries 1.2million transactions a day and creates $377M in payments per fortnight. There are some 46 applications utilising the system. The 1999/2000 information systems capital budget amounts to $30.264m (of which FOCIS projects accounts for $18.834m). The operating outturn for 1999/2000 for information systems amounts to $62.532m. There are currently 66 IT related contracts with 40 external contractors under management by DWI. The risks to the Minister and Government are considerable in both operational and fiscal terms.
3.1.2 A copy of the "Core Strategies" for DWI IT activity is attached as Attachment A. As a statement of management intent there can be little argument with these. Effective and efficient management to ensure that these strategies are turned into efficient operational reality is the real issue. Coupled with the need for high quality management of the IT technology, is the requirement for sound financial management systems and processes and experienced and competent contract management within the IT environment. All of these management functions must be pulled together at the Chief Executive level. It is the CE who is ultimately accountable for the quality of those functions and for the proper management of the considerable risks that attend those functions. In the context of DWI with the IT systems playing a linchpin role in the day to day operation of the organisation the CE must, and be seen to be, intimately concerned and involved with the management of the systems and in ensuring that the systems are stable and maintain a very high level of integrity. It is the CE who must provide the lead in developing appropriate and functional relationships with the other key players and ensure that other staff who are involved in IT operations and development, establish and maintain productive relationships in their respective areas.
3.1.3 The Chief Executive has informed us that she considers the IT activity of the Department, ie the operational applications functioning through the Consolidated Network such as for the payment of benefits and the control of debt together with the FOCIS development, as the primary risk that the Department must manage. As this paper indicates the Review Team certainly holds to that view.
3.1.4 There is considerable dissatisfaction among staff at the work face with IT services. This is identified in the information gained from the Focus Group meetings conducted by the Review Team, the Staff Survey undertaken by the Review Team and reinforced by comments in DWI own staff feedback survey.. Any failure in computing systems - even for a relatively brief time and however explainable - is frustrating for staff having to deal with a pre-arranged diary of "customers" and results in bad customer relations. As we have identified, many case managers have a high caseload. Computer downtime adds to the stress of maintaining output. Resulting from this is an inevitable reduction in quality and performance and, as a consequence political, public and "customer" dissatisfaction that results in a loss of confidence in the overall performance of DWI.
3.1.5 We have obtained information about downtime from MSP as the manager of the coordinated network and from DWI as manager of the applications identified in paragraph 3 above. Reasons for computer or system failure occurs within the Consolidated Network System managed by MSP and within the applications and systems operated and managed by DWI. This also involves EDS as contract manager of the mainframes. It is accepted that in an IT operation as large and complex as that involving DWI there will be failures. It is the role of management across the involved organisations to ensure that downtime is kept as low as is practicably possible. Downtime is a legitimate measure of the efficiency of the technology and the infrastructure, including management who has responsibility for the systems standards and its efficient operation.
3.1.6 We would not want to convey an impression that the IT systems are not operating adequately. Indeed the level of access and availability of the systems overall is, for its size and complexity, remarkably high. Nevertheless "eternal vigilance" coupled with strong and balanced management, is essential to improve the level of access and availability. Coordination, good relationship management and a very high level of cooperation and communication between MSP, DWI and contracted providers is an essential requirement if a higher level of reliability, access and availability is to be achieved. We see no point in identifying how and who might have been responsible for the various IT failures resulting in outage. We do however note that DWI and MSP have contributed in some greater or lesser degree to the failures in the systems that have resulted in a breakdown in the IT system and the provision of an essential tool to front line staff.
3.1.7 Changes in the business relationship between providers and users to improve the overall management of the various systems is in our view a critical issue. This will be discussed in the next section of this paper.
3.1.8 We have examined the organisational structure for IT management in DWI. This appears to be appropriate and consistent with good practice and with arrangements in other organisations operating large and complex IT shops. There is a comprehensive Business Technology Plan (June 1999). This Plan indicates that DWI is taking a very conservative, risk averse, position in respect of the management and development of its core transaction based processing systems. Accepted integration techniques and technologies are utilised. There is still substantial reliance on the use of consultants and contractors but we have been assured that the Chief Executive and the management of the IT business are acting proactively to enhance the in-house capability of IT staff. The employment and retention of competent IT staff must be part of the risk management strategy of the Chief Executive. As in most public sector organisations the remuneration rates paid to very competent IT staff in the private sector is a difficulty. Nevertheless the Chief Executive must see this as a priority and work with the State Services Commission to ensure that competent staff are recruited and appointed by DWI and that, so far as is practicable, appropriate conditions for retention are developed.
3.1.9 Within the DWI there is a clear need to ensure that there is a high level of understanding and communication between the IT Business Unit and the other Business Units that rely on the provision of IT services to carry out their functions. One approach could be the establishment of a more formal arrangement between the IT Business Unit and the user components of DWI. This is a matter upon which Treasury could proffer advice.
3.2 The Consolidated Network System and the business arrangements between MSP and DWI
3.2.1 The Consolidated Network which proves the gateway to all of the applications servicing the DWI operations is managed under the arrangements specified in a service level agreement dated 11 August 1998. The signatories to this SLA are EDS (NZ) Ltd and the (at that time) Director General of Social Welfare. The (then) Business Units of the Department of Social Welfare that separately executed acceptance of the SLA were Income Support, Children, Young Persons and their Families Service, New Zealand Community Funding Agency, the Social Policy Agency as well as corporate units of DSW who were at that time considered the "owners" of various systems. This SLA has been applied as a schedule (3.1) to an agreement dated 30 June 1997 between the Department of Social Welfare and EDS (New Zealand) Ltd. The agreement relates to the outsourcing of Tritec (at that time the business unit of DSW managing and operating the Department's IT systems). This SLA was executed close to the establishment date of DWI ie 1 October 1998, and certainly during the time the Interim Transition Team (ITT) was preparing for the establishment of the new Department. The CE designate had been appointed and was in place at the time the SLA was executed. The SLA document however makes no mention whatsoever that a new user will come into existence shortly after the signing of the SLA. There has been no review of the SLA since the establishment of DWI.
3.2.2 Under this arrangement MSP controls the quality of changes to the network and the systems depending on that network. MSP as the "owner" of the system is the Party to the 11 August 1998 Service Level Agreement with EDS (New Zealand) Ltd. The Outsourcing Agreement of 30 June 1997 between the then DSW and EDS was amended by deed executed on 16 June 1999 ( some 81/2 months after the establishment of DWI). The parties to this agreement are DSW, DWI and EDS (N Z) Ltd. The effect of the Deed is to separate out the respective responsibilities in terms of systems and applications as between DSW and DWI. The Deed also establishes that, in respect of the Consolidated Network System, and in respect of the SLA dated 11 August 1998 EDS (NZ) Ltd will deliver services to DWI as that organisation's agent. The purpose or effect of this construction in respect of the arrangement between DWI as a purchaser and MSP as a provider of services through the Consolidated Network System is unclear. It seems to create a further complication in an already complex arrangement. Additionally there is an extant Service Level Agreement dated 31 March 1998 that is part of Schedule 3.1 of the Outsourcing Agreement dated 30 June 1997. This commits Income Support (then a business unit of DSW) and now DWI to certain commercial and technical arrangements with EDS as the Outsourcer. We have been advised that developments now render this agreement out of date.
3.2.3 The decision that DSW (now MSP) was to retain, on behalf of the Crown, ownership of the Consolidated Network following the migration of Income Support to the new organisation DWI, appears to have been taken by the Chief Executives of MSP and DWI with the involvement of the State Services Commission. There is no record of the matter having been referred to Ministers in any formal way nor of any Cabinet decision that this was to be the arrangement following the establishment of DWI (although we understand it is consistent with the then portfolio Minister's views). We have seen correspondence between the State Services Commission and the Chief Executives of the Department of Social Welfare and the Department of Work & Income dated 15 and 19 April 1999 (some 6 months after the establishment of DWI) stating that the SSC does not support a change of ownership of the IT infrastructure (presuming this means the Consolidated Network and associated contractual arrangements). The letter also states that the SSC does not support DWI developing its own infrastructure . The letter goes on to say:
"... the Commission is of the view that the existing IT infrastructure arrangement should continue to operate until such time as any review shows conclusively that a change of existing infrastructure arrangements would benefit the interests of the Crown as a whole, rather than those of a particular department."
3.2.4 We have no reason to question the merit of this decision. Indeed given the speed technology is evolving, and with strategic decisions about the development of eGovernment systems now under active consideration, the decision makes good sense. No doubt the future location of the Consolidated Network System will be considered in the relatively near future as the eGovernment development issues are examined and the best interests of the Crown considered.
3.2.5 Because of the centrality of the IT systems to the efficiency of the DWI operation and the fulfillment of Government policy, the Crown's legal obligations and the very significant risk to the Crown revolving around the IT systems, it is surprising that the matter was not formally put to Ministers for consideration and decision as a significant matter during the integration process when other issues of less importance were raised with them. Had that been done then there would probably have also been consideration of, and decisions made, in respect of the arrangements for the operation and management of the Consolidated Network System vis-à-vis those who would be dependent on the system and to whom DSW would become a service provider. This would have included appropriate service level agreements between DSW (now MSP) and DWI and possibly a review of the 31 March 1998 SLA that DWI became committed to on its establishment.
3.2.6 We have observed elsewhere in this report that the public service organisational arrangements surrounding and involving DWI is complex and unique. As is apparent from the preceding paragraphs the arrangements relating to the use and control of IT systems is equally so. Papers we have seen and discussions we have had indicate that during the transition discussions, issues surrounding the management of IT were the most contentious. It seems that there were some issues that were not in fact resolved and still remain unresolved. Such complex organisational arrangements require interaction, communication and decision making structures that are open, understood, unambiguous, fair and all parties abide by them.
3.2.7 There are two committees involving the relevant CEs that deal with integration and inter-departmental arrangements for IT. Given the management autonomy of Chief Executives we do not think it appropriate to suggest any overarching advisory or other management group. There is however a need for the various departments to make progress in resolving whatever issues remain outstanding following integration and to ensure that there is a cooperative relationship in dealing with current complex and difficult issues in the IT environment. The careful monitoring of outages throughout the total system ie DWI applications, MSP's Consolidated Network, is one of important functions that requires regular reporting, analysis and action by the appropriate CEs committee. (It is essential that if there are problems over outages or any other malfunctions that these are raised promptly in committee). We also mention the important role that the central agencies must play in undertaking their monitoring function in the IT area.
3.2.8 The letter from the SSC of 15 April 1999 referred to in paragraph 3.2.2 also says:
" It is our understanding that DSW (now MSP) is happy to incorporate DWI IT standards into its own provided that they do not compromise the security of the DSW infrastructure and have no adverse impacts on DSW. We expect that DSW and DWI will continue to work towards arrangements around the use of the DSW infrastructure which will enable both DSW and DWI to deliver their respective outputs. The issue of ownership should be clearly separated from what is required by DSW and DWI in this regard." (Emphasis added)
3.2.9 It is clear that there is still considerable tension around the arrangements between MSP and DWI as to their respective roles in the management of the comprehensive IT system and, more particularly, the relationship in respect of the dependency of DWI on the Consolidated Network System. As we have pointed out there are considerable operational imperatives and substantial risks to the Crown should these systems fail or even operate at less than an acceptable level. There is also a risk to the Crown and to the contributing departments, should the consolidated network system be prejudiced in any way. It is difficult to identify the reasons for these tensions. The situation this creates however is one of considerable concern. We note that the CE of DWI has made particular reference to this issue in her report to the Minister of Social Services of 4 April 2000. This letter is a response to the Minister's letters of expectation of 22 December 1999 and 23 February 2000. We have already commented on the need for the CEs committees to be effective sounding boards and to resolve these critical issues.
3.2.10 The status of MSP is twofold. On the one hand it is, by the decision referred to above, the "Owner" of the Consolidated Network System. DWI is required, by virtue of the architecture of that system and the direction given, to use that system as a gateway for all of its applications. On the other hand MSP via the Consolidated Network System becomes a provider of services to DWI. DWI should be able to expect a high level of provision to ensure that the critical applications such as SWIFTT, SOLO etc have maximum access and availability. Any failure here is, as we see it, a major risk to the Crown and may have a very detrimental effect on DWI "customers" and the Department's credibility. Again we would not want to infer that the operation of the Consolidated Network is inadequate. Indeed it is considered to be well managed. There are however instances where the relationship between the two organisations has been less than satisfactory. On the one hand MSP is properly concerned to protect the integrity of the System and ensure that the quality of the data migrated to applications within the system eg the data warehouse IAP, is appropriate and accurate. This is a very important planning resource for government. On the other hand DWI is driven by operational imperatives that require a high level of access and availability and knowledge that any enhancements or additions to the System have been appropriately tested and have operational credibility.
