Feeds

Corruption cops warn on old-school project management

NSW's Independent Commission Against Corruption issues procurement guidance

Reducing security risks from open source software

The New South Wales Independent Commission Against Corruption (ICAC) has cast its eye over the IT sector, and suspects that there's a gap between project management practise and the real world that opens the door to corruption.

The issue the ICAC is trying to address is the way that a shift from staff to contractors can open the door to cost-blowouts and even outright corruption.

Contractors are an inevitable part of the modern IT project, the corruption watchdog notes, driven by both the supply side and the customer side. Someone with saleable skills rarely wants to stagnate into system maintenance after a project is completed. On the other side, the customer organisation usually doesn't have all the skills on hand to implement a major project, and probably lacks the time to build those skills from within.

However, the ICAC states, reliance on contract specialists to deliver projects also renders obsolete traditional project controls that are taught to any professional manager: “budget, specifications, timeframe, cost and measurement of deliverables become elastic and are rendered less effective,” the commission writes. “As these controls weaken, the ICAC has seen opportunities for profiteering and corruption increase; contractors can over-service, over-price and under-deliver.”

The customer-side manager is also confronted with a dizzying array of small and micro-businesses offering specialist services, the ICAC notes: most of the country's 20,000 IT businesses have fewer than five staff, and only 500 firms have more than 20 staff. That's in addition to two thousand recruitment firms, many of which are contractor-owned.

Hence its information paper, Managing IT Contractors, Improving Outcomes, compiled after interviews with CEOs, COOs, IT managers and auditors from public and private sector organisations.

The high points of its advice are that customers should:

  • The project's business case should be linked to the controls that apply throughout the project;
  • Design and build should be kept separate – the ICAC suggests rejecting low bids that indicate an undisclosed interest (such as a low design price that the contractor hopes to recover at build time). Informal contact between contractors and internal staff should be limited during the bid, and the ICAC suggests engaging separate contractors to act as reviewers;
  • Gateway control – managing who is allowed into contracts sounds obvious, but clearly the ICAC has seen evidence of organisations engaging contractors without the proper due diligence, so it recommends background checks of contractors, as well as using recruitment firms in contest with each other.
  • Managing project managers – PMs should not be too close to contractors, the ICAC writes, and their “span of control” should be limited; and
  • Exit strategy – every project needs one, and it should include enforcing fixed limits on tenure, so that a contractor doesn't have an incentive to string-out a project to keep the money flowing.

Certainly, none of these controls would have hurt Queensland Health, whose failed payroll system rollout ended in tears, an independent inquiry, and a final bill likely to reach $AUD1.2 billion for a system that's going to be replaced anyhow. ®

Maximizing your infrastructure through virtualization

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
Major problems beset UK ISP filth filters: But it's OK, nobody uses them
It's almost as though pr0n was actually rather popular
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
MPs wave through Blighty's 'EMERGENCY' surveillance laws
Only 49 politcos voted against DRIP bill
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.