Ordered to be printed
VICTORIAN GOVERNMENT PRINTER June 2012
PP No 142, Session 2010–12
Dear Presiding Officers
Under the provisions of section 16AB of the Audit Act 1994, I transmit my report on the audit Obsolescence of Frontline ICT: Police and Schools.
Dr Peter Frost
20 June 2012
Frontline information and communications technology (ICT) includes the hardware, software, and supporting network infrastructure that helps public sector agencies achieve organisational objectives and deliver services. Today, the public sector would be unable to function effectively without ICT.
Due to the very high tempo of innovation and subsequent refresh rate of technology assets, when compared to other types of assets, frontline ICT assets can quickly become obsolete if they are not carefully managed on a life cycle basis.
Inadequate management of the inevitable obsolescence of frontline ICT assets could, at best, lead to poor or degraded service delivery by public sector agencies. At worst, it could lead to widespread equipment failure and extended outages of critical public services.
Industry research shows that many public and private sector organisations do not accurately identify the costs or risks related to ICT life cycles. This may lead to the unexpected obsolescence of frontline ICT equipment, which may then become no longer ‘fit for purpose’ to meet service delivery requirements or community expectations.
The Department of Treasury and Finance’s (DTF) Asset Management Series describes the purpose and fundamental principles of effective asset management and provides a strategic framework for asset life cycle management. These principles are also applicable to frontline ICT assets in public sector agencies.
The objective of this audit was to assess whether the obsolescence of frontline ICT equipment and software is managed effectively and efficiently throughout the technology life cycle.
The audit examined DTF’s role and responsibilities in developing and managing frameworks and policy for ICT assets across the public sector, and the following agencies that deliver frontline services:
The following frontline ICT systems were subject to detailed case study examinations for the audit:
Obsolescence of frontline ICT assets is not being given adequate recognition, even though ICT assets age rapidly and are pivotal to frontline service delivery. There are major shortcomings in planning and asset management frameworks, unsustainable funding models, and a lack of oversight of frontline ICT assets. This means that effective management of frontline ICT obsolescence is very much dependent on localised expertise with good practice achieved on a case-by-case rather than systemic basis.
Whole-of-government frameworks and guidance have not kept pace with the increasingly central role of ICT in service delivery. There are no ICT-specific policies or frameworks to clearly guide the ongoing management of ICT obsolescence. Insufficient oversight by DTF means that government is not fully informed about the current capacity of, or future optimal investment for, frontline ICT assets.
A more robust funding and management model is needed to better reflect the rapid ageing of ICT assets. This would assist agencies to better plan and provide for ICT obsolescence costs across the life of their ICT asset base. Funding arrangements for frontline ICT assets should take into account all the costs involved in sustaining the existing capacity of essential services.
Secondary school student learning goals that depend on ICT assets are at risk, due to insufficient oversight by DEECD, despite it knowing that schools do not routinely take into account the life cycle costs of ICT assets. DTF and DEECD have not planned, or acted, to remedy this deficit. Further consequences, identified by DEECD, arising from the obsolescence of these assets are serious and include student, parent and teacher dissatisfaction, as well as reputational damage for DEECD.
ICT obsolescence has been effectively managed in the case of the MDN. However, because MDN relies on radio waves to transmit its data, obsolescence risks go beyond the equipment’s useful physical life span to external factors, such as radio spectrum (the frequency bandwidth occupied by radio waves) which is managed and regulated by the Commonwealth Government.
DOJ and DTF must continue to closely monitor this strategic risk to make sure that the Commonwealth is made aware of the present and future spectrum requirements of Victoria’s emergency services.
The state’s Asset Management Framework does not provide sufficient specific guidance for the management of ICT assets. Nor does DTF provide appropriate or sufficient oversight of the framework, which is delegated to departments. Whole‑of‑government policies relevant to ICT also fail to give guidance on obsolescence. DTF provides a range of ICT focused policies and instructions, but these only guide activity in areas such as procurement, information management, networks and security.
The DEECD documentation on asset management does not give adequate guidance to schools on how to manage their ICT assets, including obsolescence. Oversight by DTF and DEECD of ICT asset management in schools is also inadequate, and is compounded by a lack of funding to address the inevitable ageing of school-based ICT assets.
Risk management guidance, at a whole-of-government and departmental level, also fails to specifically address the inevitability of ICT obsolescence.
There are opportunities for DOJ to improve the rigour applied to asset management strategies and the identification and aggregation of risks that are relevant to frontline ICT obsolescence. Links between the vision and the implementation are often unclear.
On a positive note, DOJ has developed an Emergency Services Communications Strategic Framework.
However, a more deliberate approach to progressing this master planning by DOJ and emergency services agencies has meant that, in effect, the state has had few realistic options but to extend the existing contract arrangements. This is because a clear vision and specification for future frontline ICT for the emergency services sector has yet to emerge.
DEECD’s IT operations risks register identifies schools as the owner of obsolescence risks relating to ICT assets used by students. However, DEECD has not informed schools of this risk transfer.
After more than two years of Commonwealth funding for the National Secondary School Computer Fund initiative, DEECD and the audited schools have not identified alternate funding sources or developed comprehensive action plans to manage the inevitable obsolescence of these ICT assets.
This means that future cohorts of secondary students could miss out on access to computers, which jeopardises DEECD’s strategic direction to embed ICT in the school curriculum.
DEECD’s planning tools for student-based ICT assets can identify obsolescence risk but they do not assist schools with developing appropriate responses. This case study highlights an emerging disconnect between DEECD’s ICT-based learning objectives and the management of ICT assets used by students.
The Emergency Services Telecommunications Authority, within the whole-of-sector emergency services administrative arrangements, has effectively managed obsolescence risks for the MDN.
The MDN contractor has performed well against demanding performance measures, and the system has, through a range of modifications, evolved to meet changing operational needs.
Despite this positive outcome, there is limited evidence demonstrating that DOJ and DTF have formally captured any ‘lessons learned’ from the past five years of operation of public private partnerships (PPP) ICT systems, compared to traditional procurement models.
A PPP procurement model adopts a life cycle costing approach. There may be merit in DTF and DOJ examining whether PPP value drivers, such as transfer of operational risk, rigorous service delivery and maintenance standards, as well as periodic equipment refresh, could meet the stringent needs of emergency service agencies at a reasonable price.
In addition to progressive engagement during the course of the audit, in accordance with section 16(3) of the Audit Act 1994 a copy of this report was provided to the Department of Treasury and Finance, the Department of Education and Early Childhood Development, the Department of Justice, the Emergency Services Telecommunications Authority and Victoria Police, with a request for submissions or comments.
Agency views have been considered in reaching our audit conclusions and are represented to the extent relevant and warranted in preparing this report. Their full section 16(3) submissions and comments however, are included in Appendix A.
Information and communications technology (ICT) is an umbrella term for hardware, software, network infrastructure, and supporting equipment.
ICT is increasingly important in the delivery of services across the public sector and is pivotal to frontline service delivery, such as school education and law enforcement.
A better practice approach to ICT asset management involves the acquisition, use, and disposal of ICT assets to maximise service delivery over an asset’s useful life. Management of the life cycle of a particular technology mitigates risk and helps define and plan the cost of updating and replacing assets when they become obsolescent.
Life cycle management is particularly important for ICT assets, due to the high speed of innovation for information and communication technologies. Unlike other assets with relatively long life spans, ICT assets can quickly become obsolete if not managed carefully.
Inadequate management of the inevitable and recurring obsolescence of ICT assets can, at best, lead to poor or degraded service delivery by public sector agencies. At worst, it could lead to catastrophic equipment failure, and an extended outage of a critical public service.
Industry research shows that many organisations fail to accurately identify the costs or risks related to ICT life cycles. This can lead to the obsolescence of critical ICT assets, meaning that unexpectedly they can be no longer ‘fit for purpose’ to meet service delivery requirements or community expectations.
The Department of Treasury and Finance (DTF) provides guidance to Victorian public sector agencies to develop and implement good asset management practices.
DTF supports government by administering a range of financial management policies and frameworks, including the Victorian Government Risk Management Framework, the Financial Management Compliance Framework, and the Asset Management Framework.
These frameworks are in place to guide public sector performance, manage assets and mitigate risks. DTF also has a key role in helping public sector agencies manage their assets, including ICT equipment.
DTF’s Asset Management Series outlines the fundamental principles of effective asset management and provides a strategic framework for asset life cycle management. This guidance, and the principles contained within it, also applies to all ICT assets in public sector agencies.
Figure 1A shows the basic and generic asset life cycle approach advocated by DTF. However, due to the faster refresh rates for ICT assets, some elements of the model may need to be concurrent, with planning for the next generation of ICT assets often needing to commence as soon as a new ICT asset has been acquired.
Concept diagram of a basic asset life cycle
Source: Department of Treasury and Finance.
Under Victoria’s devolved funding and governance model, as defined in the Financial Management Act 1994, agencies and their accountable officers are responsible for adhering to whole-of-government policies. In addition to this broad compliance and accountability framework, they also need to develop and implement agency-level policy and guidelines for the identification and management of their own agencies’ ICT asset life cycles, and to mitigate risks arising from ICT obsolescence. DTF administers this Act and is responsible for its oversight.
This audit reviewed the application of these frameworks in DTF, the Department of Education and Early Childhood Development (DEECD) and the Department of Justice (DOJ).
In addition to the agency level frameworks, the audit examined the following two frontline ICT case studies in detail:
The Digital Education Revolution is a nationally funded program designed to prepare students to live and work in a digital world, by giving them access to ICT equipment in their learning environments. The major component of the initiative is the NSSCF.
This $2.2 billion program aimed to achieve a computer-to-student ratio of 1:1 for Years 9 to 12 in all Australian secondary schools by 31 December 2011. The program has helped improve the age of ICT assets in Victorian schools, as shown in Figure 1B.
Changes in the age of school ICT from 2007 to 2011
Source: Victorian Auditor-General’s Office based on Department of Education and Early Childhood Development information.
In early 2008, at the outset of the program, 90 per cent of government schools reported a computer-to-student (Years 9 to 12) ratio of less than 1:2.3. By the end of December 2011, not all Victorian Government secondary schools had met the 1:1 computer to student ratio due to slow purchase action by schools and/or signing of their funding arrangement with DEECD.
By January 2012, government schools had installed 83 155 devices, with a further 34 000 devices funded under the program about to be, or being, installed at the time of this audit. Of the total Digital Education Revolution-funded devices under the NSSCF (approximately 117 000) funding for 99.4 per cent had been distributed to schools and 71 per cent of devices had been installed.
The Mobile Data Network (MDN) is a wireless emergency services communications network that provides Victoria Police and Ambulance Victoria with remote access to critical information from the field.
MDN enables the dispatch of ambulance and police vehicles, provides wireless access to information systems as well as the return of data from field vehicles, and automatic vehicle location.
MDN is fundamental to Victoria Police’s operations in greater metropolitan Melbourne and Geelong. It sends secure law enforcement data between headquarters and operational police.
The Metropolitan Data Network coverage and service area
Source: Department of Justice and Emergency Services Telecommunications Authority.
MDN also has a critical personnel safety role, as it enables vehicle positioning and tracking via global positioning system satellites, as well as a duress alarm button built into the system’s screen, which can be activated quickly if a police member is under any threat.
The Mobile Data Network as deployed by Victoria Police and Ambulance Victoria
Source: Victorian Auditor-General’s Office based on Department of Justice information.
The MDN is designed, built, financed, operated and maintained by a private provider under a public private partnership contract. In August 2003, the MDN contract had a net present value of $140 million.
In late 2010, the state exercised its extension options and delayed the contract expiry date to 2014.
This audit assessed whether obsolescence of frontline ICT equipment is managed effectively and efficiently throughout the technology life cycle.
This objective was addressed by examining whether audited agencies:
These sub-objectives were examined at the central and portfolio agency levels, and specifically tested through two case studies.
The audit was conducted in accordance with Australian Auditing and Assurance Standards.
The cost of the audit was $450 000.
This report is structured as follows:
Comprehensive asset management is particularly important for information and communications technology (ICT) given its relatively short life span, the rapid rate of obsolescence and the critical role that ICT plays in frontline service delivery.
Frontline service delivery is at unnecessary risk of failure due to incomplete or absent guidance on ICT obsolescence, unsustainable funding models for ICT assets and lack of effective oversight. This means that ICT obsolescence cannot be managed in a coordinated manner, and is instead being left to local expertise. This is unacceptable, given the increasingly critical role that ICT plays in service delivery.
That the Department of Treasury and Finance:
That the departments of Education and Early Childhood Development and Justice:
Information and communications technology (ICT) assets increasingly support the delivery of customer-facing, frontline services. These frontline ICT assets include hardware and software, as well as any supporting network infrastructure.
The principles underlying sound management of traditional fixed assets—such as planning throughout the asset life cycle to maximise service delivery—also apply to ICT assets. This includes the acquisition, use, and disposal of ICT equipment, while also managing costs and risks over the asset’s life cycle.
Funding arrangements also need to take into account the rapid rate of technological advance and consequent obsolescence if service delivery capacity and capability is to be sustained. Diligent management of ICT assets drives appropriate, effective and efficient service delivery outcomes to meet community needs.
Frontline service delivery is at unnecessary risk of failure due to incomplete or absent guidance on the management of ICT obsolescence, unsustainable funding models for ICT assets, and lack of effective oversight. This means that ICT obsolescence is not being managed in a coordinated manner, and is instead being left up to local expertise. This is unacceptable, given the critical role ICT increasingly plays in public service delivery.
Obsolescence of ICT assets is not given sufficient recognition in whole-of-government guidance provided by the Department of Treasury and Finance (DTF). This also applies to ICT frameworks in the Department of Education and Early Childhood Development (DEECD) and Department of Justice (DOJ).
ICT assets and infrastructure are critical to services such as education and law enforcement, and guidance for the public sector needs to better reflect this imperative.
DTF’s oversight of DEECD’s management of its ICT assets is not sufficient. In turn, DEECD does not provide sufficient oversight of schools’ ICT asset management practices. DEECD offers very little support or guidance to assist schools to manage ICT obsolescence. These gaps mean that DTF cannot fully inform government about the state of, and appropriate investment required for, Victoria’s school-based ICT assets. This is concerning, given that more than 115 000 student computers are due to become obsolete from 2013–16.
DOJ does not have a comprehensive ICT asset management policy or framework to guide agencies within its portfolio on ICT obsolescence issues.
DTF’s Asset Management Framework is intended to guide public sector asset management, including ICT assets.
The framework consists of a policy statement, Sustaining our assets, and the Asset Management Series, in addition to an agency’s yearly Service strategy, Asset strategy and Multi-year strategy. Agencies are responsible for developing and managing their own assets, and the associated strategies and plans.
There is no whole-of-government framework providing adequate and clear guidance to departments to comprehensively manage ICT assets and their obsolescence.
Despite DTF stating that the Asset Management Framework (the framework) is appropriate for this purpose, a 2010 internal review by DTF found significant weaknesses in the framework, including that it:
A recommendation from this review was to ‘document an end-to-end set of asset policy, process and guidance materials’ to support the framework. This is particularly relevant to ICT assets as the framework offers little detailed guidance on the identification and management of their obsolescence. It does not, on its own, adequately address issues unique to ICT, such as the rapid rate of change and requirement for upgrade and replacement.
Part two of the Asset Management Series identifies technical obsolescence as a factor in reducing the service potential and utilisation of an asset. However, it does not provide guidance on how to manage this risk. Apart from this reference, the framework is silent on technical obsolescence.
Whole-of-government policies specific to ICT do not offer obsolescence guidance. The Government Services Division of DTF provides a range of specific ICT policies for the public sector, but these are only intended to offer guidance on issues such as procurement, information management, networks and security.
There is no active oversight by DTF of a department’s adherence to the asset management framework. DTF expects portfolio agencies, such as DEECD and DOJ, to develop compliant policy and guidelines for the identification and management of ICT asset life cycles.
While it is then the responsibility of agencies to manage their own ICT assets in line with the framework, there are no checks and balances in place so that departments systematically apply the framework to their assets.
This means that, under current arrangements, DTF cannot demonstrate public sector compliance with asset management principles and good practice across the state. It also means that DTF cannot have a complete understanding of the present state of ICT assets, and cannot properly advise government on frontline, ICT funding priorities.
DEECD does not give the management of student-based ICT assets and their obsolescence the focus it deserves in strategic and planning documentation, or departmental governance frameworks. This is despite the same documents emphasising the central role that ICT assets will increasingly perform in school education.
DEECD divides educational ICT assets into corporate and student-based assets. Corporate ICT assets are owned by the department, and include the administrative assets and supporting network infrastructure required by schools. Student-based ICT assets directly face the student and are owned by each school. This audit focused on the student-based ICT assets within secondary schools.
DEECD has a serious emerging exposure to obsolescence of student-based ICT equipment provided by the National Secondary School Computer Fund (NSSCF). It is now facing a wave of obsolescence of these student devices that were provided from 2009–12, with 9 000 computers to become obsolete in 2013, 23 000 in 2014, and almost 40 000 in 2015.
There is little evidence of coordinated or deliberate departmental activity or planning to address this looming challenge. DEECD could not provide any analysis of the impact of such obsolescence on school learning goals and its effect on the increasingly ICT‑dependent curriculum. The department has not adequately explored alternative funding options, nor assessed other possible contingency scenarios to replace the obsolete fleet.
Key departmental documents clearly identify the pivotal importance of ICT in education. The 2011–12 DEECD Service strategy identifies keeping pace with technological change as a key challenge. This challenge is reflected within the 2011–12 Asset strategy, which supports the department to deliver on its service obligations.
One of four areas of focus in the Asset strategy is the use of ICT to drive quality learning outcomes. This reflects the changing nature of education, where ‘virtual’ service provision and enhanced ICT capacity is increasingly being relied upon.
The NSSCF is one initiative that assists the department in achieving this objective for Years 9 to 12 students. It is a national program funded by the Commonwealth Government and provides computers and support for students in Years 9 to 12. The aim was to achieve a computer-to-student ratio of 1:1 by the end of 2011.
Management of the NSSCF is not consistent with principles of the departmental Asset strategy. The 2011–12 DEECD Asset strategy states that ‘ICT planning must be continuous, reflective and proactive’, with one of the key directions to ‘harness the full benefits of the Digital Education Revolution.’ The department could not demonstrate continuity of planning, nor could it demonstrate a reflective or proactive approach to the NSSCF.
The 2011 DEECD Asset management policy and guidance is not consistent with the whole-of-government Asset management framework, nor does it provide any instruction or information on technical obsolescence or asset life cycles. Key components of the framework, such as developing a strategy for replacement, and identifying key challenges and risks, are absent. The departmental policy and guidance is more focused on identification, recording and management of assets from a financial compliance perspective.
DEECD reports that its broad-based approach to manage frontline ICT equipment obsolescence is to replace equipment on a four-year cycle. This includes student‑based ICT assets and the corporate environment that supports teachers and administrative staff.
A February 2012 census of school computers found that this approach does not reflect reality: 10.3 per cent were more than four years old. Further, this ‘rule of thumb’ is not formalised in any policy or guidance for schools.
This means that schools do not receive clear guidance from their portfolio department on the proper management of their ICT assets. This ad hoc approach does not reflect the increasingly important role that ICT performs in school education.
The DEECD Multi-year strategy outlines the department’s proposed asset investments over a three-year forward period. The replacement or refresh of devices funded from the NSSCF program has not been assessed, unlike other ICT assets and systems. This means that a funding stream after the NSSCF program ceases has not been proposed or secured, and the risk of these assets becoming obsolete is very likely to occur.
The 2012–15 Technology and service strategy is a specific document that addresses key challenges, such as increasing service demand and information management, for education ICT services across the state. It identifies the NSSCF as one of the six challenges faced by DEECD. This strategy acknowledges that strong evidence exists that schools do not take the life cycle costs of ICT assets into account. Despite recognition of this issue, the department has not identified any targeted action plans or specific risk mitigation strategies.
There are opportunities for DOJ to improve the rigour applied to asset management strategies and the identification and aggregation of risks that are relevant to frontline ICT obsolescence.
The majority of DOJ’s ICT assets were transferred to the shared services provider (CenITex) in October 2010. CenITex is now responsible for managing DOJ’s departmental level ICT assets including refreshing servers and network equipment.
DOJ has been working with CenITex to develop a framework for an ICT refresh plan to replace DOJ ICT assets. DOJ has provided CenITex with accumulated depreciation funds to cover the end of life replacement for its transferred infrastructure assets as well as a one-off payment for accumulated depreciation.
Nevertheless, the DOJ ICT Refresh Plan 2011–12 is not clearly aligned to the department’s overall strategic direction. The rationale to implement proposed projects is not clear, and it appears that projects are being individually implemented depending on the availability of funds, rather than according to a longer-term strategic direction.
Generally, DOJ’s strategic planning for its ICT asset base has a number of areas for improvement such as:
There are a number of risks common to all assets, associated with asset ageing and obsolescence. These risks are particularly acute for ICT assets.
Assets may no longer support contemporary service delivery outcomes, leading to underperformance, decreased capacity and even asset failure and consequent service delivery risks.
DTF does not provide risk management advice on operational matters to agencies. The role of DTF is to provide risk management policy, and it does this through the Risk Management Framework.
This framework contains little guidance on ICT obsolescence, apart from references in appendices stating technical obsolescence to be a common operating risk. It is the responsibility of portfolio departments, such as DEECD, to provide guidance and oversight operational risk management to secure service delivery.
DEECD and schools are exposed to substantial risk of mass obsolescence of some 115 000 student computers from 2013–16. Neither the department nor schools could demonstrate that they are actively managing this risk.
DEECD does not provide schools with specific guidance on the management of frontline ICT equipment obsolescence risks—its risk management framework is silent in this regard. This is despite DEECD acknowledging that strong evidence exists that schools do not take the life cycle costs of ICT assets into account.
Although student computers are school-based assets, and as such are owned by the schools, it is the responsibility of the department to provide guidance on risk management.
For example, there are detailed risk control policies and procedures provided by DEECD for schools in areas such as occupational health and safety, financial issues and emergency management. There is no reason why DEECD cannot provide similar guidance for the management of ICT assets.
Depreciation is the recognition of the declining service provided by an asset over time. It is a way of accounting for the cost of an asset over its useful life. A decline in service capacity can be arrested or reversed by updating or replacing the asset with depreciation funding that is built up over the life of that asset.
DEECD reports that depreciation equivalent funding is not received for school ICT assets used by students. The typical cost of a student computer is around $700. This amount is usually expensed in the first year, with no subsequent depreciation.
However, if schools or the department cannot find funding from other sources, ICT systems remain obsolete until they are replaced after a new capital funding allocation. This places these assets at a significant risk of failure or degraded performance.
A more robust model is needed to better reflect the rapid ageing of an ICT asset. This would assist departments and schools to better estimate, and provide for, ICT obsolescence costs across the life cycle of the asset base.
The 2010 internal review by DTF of its Asset Management Framework recommended that funding arrangements should take into account the costs related to the whole of an asset’s life in order to sustain existing capacity.
The National Secondary School Computer Fund (NSSCF) aims to improve access to computers for Years 9 to 12 students, with a target computer-to-student ratio of 1:1 by the end of 2011. Due to the bulk purchase of these information and communications technology (ICT) assets, more than 115 000 student computers will become obsolete during 2013–16.
After more than two years of NSSCF funding, the Department of Education and Early Childhood Development (DEECD) and schools have no plans to replace or refresh these assets, meaning future cohorts of secondary students could miss out on access to computers in learning environments.
Planning tools are inadequate to address this risk, and schools are not universally or effectively applying them. This case study highlights an emerging disconnect between DEECD’s ICT-based learning objectives and the management of student-based ICT assets in government secondary schools.
That the Department of Education and Early Childhood Development quantify and give comprehensive advice to government on the looming mass obsolescence arising from the National Secondary School Computer Fund without delay.
Locally and internationally, information and communications technology (ICT) is taking a pivotal role in education and teaching. Rapid advances in ICT devices, and the widespread adoption of ICT has resulted in this technology being embedded in schools’ curriculum.
The Department of Education and Early Childhood Development’s (DEECD) 2011–12 Asset strategy reinforces ICT’s central role for Victorian schools by stating that ‘seamless access to ICT is increasingly essential for effective teaching and learning practice’.
State and Commonwealth Government funding over recent years has enabled the department to upgrade and expand its ICT infrastructure and computer fleet. The National Secondary School Computer Fund (NSSCF) is a national program that aimed to deliver a computer-to-student ratio for Years 9 to 12 students of 1:1 by the end of 2011.
This program is the largest ever rollout of student computers across the state, with more than 83 000 devices already in schools, with approximately 34 000 to be installed as at January 2012. DEECD’s planning frameworks for student-based computers, and four secondary schools, were assessed for their management of ICT obsolescence in relation to this initiative.
Neither DEECD nor the audited schools could demonstrate effective management of ICT obsolescence. Despite the critical role of ICT in education, DEECD does not provide adequate guidance to schools on the management of ICT obsolescence. Planning tools developed specifically for ICT assets in schools can identify obsolescence risk but do not assist schools with appropriate responses to this ongoing threat.
Further, schools are not universally or effectively applying the guidance available to them from DEECD. For example, only 36 per cent of schools have a completed and current eLearning plan, which is designed to improve outcomes through the use of ICT in the school curriculum. This reflects a disconnect between DEECD’s objectives and educational reality in government secondary schools.
A 2010 independent review commissioned by DEECD found the overwhelming majority of schools (85 per cent) had a proportion of its ICT infrastructure that was aged and/or unstable—a clear indication of obsolescence. DEECD has initiated a range of corrective actions to address the results of the School ICT Progression Strategy (SIPS) health check review. However, none of the audited schools could show that the specific recommendations for their school had been considered or addressed.
Planning for and managing ICT obsolescence in the NSSCF program is either absent or inadequate. Despite the NSSCF program facing mass obsolescence for more than 115 000 computers from 2013 onwards, the audited schools report that DEECD has not informed them of this looming challenge or the unfunded liability for this program. This is unacceptable as DEECD’s risk register identifies schools as the owners of this portfolio level risk.
Neither the department nor schools can demonstrate that they are actively or effectively managing this risk. DEECD acknowledges clear evidence that schools do not take into account life cycle costs of ICT assets.
DEECD’s eduSTAR (School Technology Architecture and Resources) provides a framework for ICT in schools. It is designed to assist schools to realise eLearning strategies, access learning resources, collaborate with the education community and provide essential support for school operations. The eLearning plan articulates each school’s strategy to improve educational outcomes using ICT. The obsolescence of student-based ICT assets puts eLearning objectives at risk.
By early 2012, only 36 per cent of schools had an eLearning plan that was completed and maintained, with 12 per cent of all schools lacking a plan altogether. This is concerning as this plan guides school-wide integration of ICT into learning and teaching, and is integral to a school’s strategic plan. School-wide documents such as the Strategic plan and Annual implementation plan do not specifically address ICT obsolescence risks.
DEECD has developed SIPS—a suite of documents, outlined in Figure 3A—to assist schools to manage their ICT assets. The aim is to make schools aware of the currency of their ICT fleet. Schools complete an annual self-assessment process, through:
The School ICT Progression Strategy
Source: Victorian Auditor-General’s Office based on Department of Education and Early Childhood Development information.
The schools ICT inventory and census are data inputs that allow the identification of current and future ICT obsolescence. However, these documents and the self‑appraisal do not provide schools with any guidance to effectively manage ICT obsolescence.
The ICT roadmap does provide a framework for managing obsolescence, as schools are required to detail ICT requirements, along with funding and milestones, which are needed for learning outcomes to be achieved. However, in April 2011, in 57 per cent of government schools, ICT roadmaps were either in progress or did not exist, while only 28 per cent of schools had complete and current ICT roadmaps.
In three of the four schools visited, the plans were not current and none of the ICT roadmaps examined contained all the required information, such as milestones for key tasks. This suite of documents is complex, and although assistance can be provided by DEECD, this is charged to the school. Either better support, or a more straightforward framework, needs to be provided to assist schools in managing their ICT assets.
Although the ICT roadmap addresses some aspects of asset management, such as acquisition, it does not cover other aspects such as disposal and risk management, as required by DTF’s Asset Management Framework.
This means that the planning framework, although adequate in identifying ICT obsolescence, is not being universally or effectively used by schools. As strategies are not required to be developed to actively manage obsolescence, the ICT roadmap, on its own, is of limited use.
In the final step of SIPS, DEECD reviews each school’s ICT inventory and ICT roadmap to determine:
This analysis should inform future ICT planning, by directing funds to refresh and rectification programs.
However, DEECD has advised that in 2011, 90 per cent of ICT inventories were complete but only 28 per cent of roadmaps were complete and current.
This raises questions about the usefulness of this review, and SIPS as a whole. Further, schools report that they do not understand what is being done with the information collected as part of SIPS.
In 2010–11, DEECD commissioned a one-off SIPS health check to examine the currency of 1 560 schools’ ICT infrastructure. It found that:
DEECD has not followed up with schools to check on whether they acted upon recommendations presented to them by the evaluators.
One of the four schools visited during the audit had not taken any action on recommendations from the report. The other three schools could not provide evidence to show that recommendations had been considered or addressed. This raises doubts about whether schools are making use of the health check results to improve school‑based ICT infrastructure.
Based on current student enrolments, DEECD estimates that to maintain a contemporary student-based ICT fleet—by replacing the asset after its fourth year of use—32 000 devices need to be replaced each year.
Over the past four years, DEECD has been funding approximately 8 750 new devices through an annual $7 million ICT grant to schools. This leaves a funding liability for the majority (73 per cent) of school computers.
To date, DEECD has not developed a comprehensive action plan or strategy to address this significant funding shortfall.
DEECD does not provide schools with specific guidance on managing ICT obsolescence. There are no school-based risk management frameworks required, such as a whole-of-school risk register or strategies to mitigate identified risks.
Formal departmental risk management policy and guidance does exist for specific risks, such as fraud, but these do not include risks relating to assets over their life cycle, including obsolescence risks.
Although student computers are school-based assets, and as such are owned by the schools, it is the responsibility of the department to provide guidance on risk management. For example, there are detailed risk control policies and procedures provided by DEECD for schools in areas such as occupational health and safety, financial issues and emergency management. There is no reason why DEECD cannot provide similar guidance for ICT.
The DEECD IT operations risks register identifies the obsolescence of student-based ICT assets as a high inherent risk. Schools report that DEECD has not informed them of this looming challenge and the unfunded liability to sustain this asset base.
This is unacceptable as the portfolio risk register identifies schools as the owner of this risk. The seriousness of this shortcoming is highlighted by DEECD’s identification of the following consequences of school ICT obsolescence:
The major challenge facing student-based ICT assets, including those funded by the NSSCF, is the uncertainty of ongoing funding. There are no DEECD or school refresh or replacement programs proposed.
Without funding, schools might not be able to keep their student-based ICT asset fleet current and realise eLearning objectives. Clear communication and guidance from DEECD is critical to school planning for 2013 and beyond. DEECD has already lost over two years to plan with schools for this shortfall.
This puts DEECD’s capacity to replace obsolete ICT equipment when and where necessary, at risk, which in turn affects future service delivery capability.
Law enforcement is a critical frontline community service requiring rapid and mobile information and communications technology (ICT) equipment and robust infrastructure. The Mobile Data Network (MDN) was chosen as a case study for this audit, as it is fundamental to Victoria Police’s metropolitan operations.
MDN is an operational ICT system comprised of 578 vehicle mounted units, radio transmission equipment, base stations and core computing and network technology.
The Emergency Services Telecommunications Authority (ESTA), within the whole of sector emergency services administrative arrangements, has effectively managed obsolescence risks for MDN.
The Mobile Data Network (MDN) is a complex and integrated operational information and communications technology (ICT) system comprised of computer devices, radio transmission equipment, base stations and towers, and core network and computing technology.
It interfaces with legacy law enforcement and emergency management ICT systems such as the Emergency Services Telecommunications Authority’s emergency call taking software, the main police database (LEAP), VicRoads’ registration and licensing database (via LEAP), the national stolen vehicle register (via LEAP), and the Sheriff’s Office warrants database.
In summary, MDN allows police to:
The MDN public private partnership (PPP) contract has produced a successful frontline ICT arrangement for Victoria Police.
The contractor has performed well against demanding performance measures, and the MDN system has, through a range of modifications, evolved to meet changing operational needs.
In 2001, Victoria launched a ten-year strategy to improve emergency services communication, using a multi-agency approach. Known as the Statewide Integrated Public Safety Communications Strategy (SIPSaCS), this was the genesis of the decision to procure the MDN as a PPP.
In 2011, the Emergency Services Communications Strategic Framework superseded SIPSaCS. This new communications strategy is intended to meet emergency services’ capability requirements for the future, drive long-term planning and ‘provide the broad vision, principles and directions that drive effective and fiscally efficient investment in long-term Emergency Service Communications’.
The Emergency Service Heads of Agencies Committee (ESHoAC) supervises the delivery of the strategies detailed in this framework. ESHoAC oversees the development, implementation and issue resolution for all aspects of multi-agency interoperability solutions.
The Department of Justice (DOJ) is a key coordinator and interface between Victoria Police, the Emergency Services Telecommunications Authority and the Department of Treasury and Finance (DTF) for MDN.
The MDN system is fundamental to Victoria Police’s operations in the greater Melbourne and Geelong metropolitan areas.
It sends secure law enforcement data to and from headquarters and operational police. It has a critical personnel safety role as it enables vehicle positioning and tracking via global positioning systems. It also builds in a duress alarm if a police member is under any sort of threat.
However, an integrated system such as MDN needs to both manage obsolescence on a system life cycle basis and consider critical components across a ‘system of systems’ that could become ‘operationally’ obsolete.
Operational obsolescence includes:
Because MDN relies on radio waves to transmit its data, obsolescence risks go beyond the equipment’s useful physical life span to external factors, such as radio spectrum, which is the frequency bandwidth occupied by radio waves.
‘Rationing’ and ‘reallocation’ of spectrum is emerging as a major concern, with the Commonwealth Government continuing to auction off spectrum that has become available due to the ‘digital dividend’ arising from decommissioned analogue transmission services for radio and television.
Network congestion, topography and surge usage need to be managed and modelled to enable the system to handle ‘worst case’ workloads without degradation of service.
Due to their critical community safety role, emergency service radio and data systems need to be robust, survivable and prioritised within public radio networks. Public radio networks, such as mobile telephone networks, are often heavily affected by outages caused by mass public usage when a major incident or emergency occurs.
The MDN contract was signed in late June 2003 after a lengthy process to procure a PPP that would design, build, fund and maintain the system. The main contractor developed the network and supporting systems, and commenced pilot operation of the system in November 2004.
The pilot phase of the project was expected to be completed on 1 February 2005. However, due to a range of technical issues, the contractor was not able to achieve the required customer specified service standards, which resulted in the initial five-year operational term of the contract commencing more than a year late.
Due to the project being procured through a PPP contract, the state was protected from the consequences of late delivery. It was able to maximise its use of the services as they became available, while maintaining its commercial position under the contract to ensure the contractor worked diligently to resolve the outstanding issues.
Failure by the contractor to do so would have placed its significant capital investment in the network at risk.
The MDN contract originally had a five-year operational service term, with two two-year options (and a full refresh of users terminals) available to the state if it wished to extend the contract rather than taking ownership of the assets. Another option was to ‘hand back’ the services at the end of the initial service term.
The state and the contractor agreed in late 2010 to exercise both of the two-year extension options simultaneously—taking the contract expiration out to 2014—in conjunction with a significant upgrade of the core network and operational equipment.
This decision provided a win-win outcome for the contract parties, as it gave the contractor certainty in its ongoing business while the state received a guarantee of the continued operation of a critical service, plus a major technology upgrade.
For Victoria Police users, MDN now deploys 578 vehicle-mounted units, 100 desk terminals for police stations, 100 ‘ruggedised’ laptops. An operational test and evaluation is also underway for 100 hand-held units for use by specialist police.
The latest equipment refresh also introduced a mobile phone data modem which enables MDN to be used beyond the UHF (Ultra High Frequency) radio coverage boundaries of metropolitan areas, as well as to provide a ‘fail-over’ if the UHF radio network is unavailable.
The MDN contractor has performed well against demanding performance measures, and the system has, through a range of modifications, evolved to meet changing operational needs.
The commercial negotiation to extend the contract implemented a full replacement of all vehicle mounted terminals, and a substantial technology overhaul by the contractor of the radio network and other core systems technology.
However, any loss of operational spectrum or a major reallocation of bandwidth could trigger mass obsolescence for any radio-based equipment that has been manufactured for specific frequency bands.
DOJ and DTF have recognised this threat to spectrum availability. They have engaged with working parties convened under the auspices of the Commonwealth’s Australian Communications and Media Authority to examine this issue.
DOJ and DTF must continue to closely monitor this strategic risk so that the Commonwealth Government is aware of the present and future spectrum requirements of Victoria’s emergency services.
As the coordinating department for the justice portfolio, DOJ needs to prioritise and equitably manage diverse ICT needs across various frontline emergency and law enforcement agencies.
Much of the ICT used in DOJ agencies supports and enables critical community frontline services.
DOJ has developed an Emergency Services Communications Strategic Framework and an ICT Infrastructure Asset (Replacement) Strategy to provide vision and strategic direction for ICT assets and their associated economic and technology life cycles.
These initiatives have been in place for more than two years to rationalise and understand future communications and technology needs.
A more deliberate approach to progressing this master planning by DOJ and emergency services agencies has meant that, in effect, the state has had few realistic options but to extend the existing contract arrangements. This is because a clear vision and specification for future frontline ICT for the emergency services sector has yet to emerge.
Further, there is limited evidence to show whether DOJ, DTF, the Emergency Services Telecommunications Authority and Victoria Police have formally captured ‘lessons learned’ from the past five years of operation of PPP ICT systems, compared to traditional procurement models.
Because a PPP procurement model adopts a life cycle costing approach, there may be merit for DTF and DOJ to examine whether PPP value drivers, such as transfer of operational risk, rigorous service delivery and maintenance standards, as well as periodic equipment refresh, could meet the stringent needs of emergency service agencies at a reasonable price.
In accordance with section 16(3) of the Audit Act 1994 a copy of this report was provided to the Department of Treasury and Finance, the Department of Education and Early Childhood Development, the Department of Justice, the Emergency Services Telecommunications Authority and Victoria Police, with a request for submissions or comments.
The submission and comments provided are not subject to audit nor the evidentiary standards required to reach an audit conclusion. Responsibility for the accuracy, fairness and balance of those comments rests solely with the agency head.
Responses were received as follows: