Corruption cops warn on old-school project management
NSW's Independent Commission Against Corruption issues procurement guidance
The New South Wales Independent Commission Against Corruption (ICAC) has cast its eye over the IT sector, and suspects that there's a gap between project management practise and the real world that opens the door to corruption.
The issue the ICAC is trying to address is the way that a shift from staff to contractors can open the door to cost-blowouts and even outright corruption.
Contractors are an inevitable part of the modern IT project, the corruption watchdog notes, driven by both the supply side and the customer side. Someone with saleable skills rarely wants to stagnate into system maintenance after a project is completed. On the other side, the customer organisation usually doesn't have all the skills on hand to implement a major project, and probably lacks the time to build those skills from within.
However, the ICAC states, reliance on contract specialists to deliver projects also renders obsolete traditional project controls that are taught to any professional manager: “budget, specifications, timeframe, cost and measurement of deliverables become elastic and are rendered less effective,” the commission writes. “As these controls weaken, the ICAC has seen opportunities for profiteering and corruption increase; contractors can over-service, over-price and under-deliver.”
The customer-side manager is also confronted with a dizzying array of small and micro-businesses offering specialist services, the ICAC notes: most of the country's 20,000 IT businesses have fewer than five staff, and only 500 firms have more than 20 staff. That's in addition to two thousand recruitment firms, many of which are contractor-owned.
Hence its information paper, Managing IT Contractors, Improving Outcomes, compiled after interviews with CEOs, COOs, IT managers and auditors from public and private sector organisations.
The high points of its advice are that customers should:
- The project's business case should be linked to the controls that apply throughout the project;
- Design and build should be kept separate – the ICAC suggests rejecting low bids that indicate an undisclosed interest (such as a low design price that the contractor hopes to recover at build time). Informal contact between contractors and internal staff should be limited during the bid, and the ICAC suggests engaging separate contractors to act as reviewers;
- Gateway control – managing who is allowed into contracts sounds obvious, but clearly the ICAC has seen evidence of organisations engaging contractors without the proper due diligence, so it recommends background checks of contractors, as well as using recruitment firms in contest with each other.
- Managing project managers – PMs should not be too close to contractors, the ICAC writes, and their “span of control” should be limited; and
- Exit strategy – every project needs one, and it should include enforcing fixed limits on tenure, so that a contractor doesn't have an incentive to string-out a project to keep the money flowing.
Certainly, none of these controls would have hurt Queensland Health, whose failed payroll system rollout ended in tears, an independent inquiry, and a final bill likely to reach $AUD1.2 billion for a system that's going to be replaced anyhow. ®
Sponsored: 2016 Cyberthreat defense report