Information and communications technology (ICT) shapes service delivery and workforce productivity in the modern public service. The public and private sectors often outsource ICT services in various configurations, to reduce costs and better manage risks.
In July 2008, the Victorian Government created Cenitex, a state-owned enterprise responsible for delivering defined customer ICT services to its departments and agencies.
The government envisaged that a single ICT shared service provider would:
- reduce resource duplication
- provide broad in-depth expertise
- increase collaboration capabilities
- harness the power of aggregated buying.
Cenitex combined two government ICT service providers—the ICT Shared Service Centre and the Information and Technology Group—with an initial mandate for all government departments to transition their ICT services to Cenitex.
Cenitex is governed by a board of nine directors and sits in the Department of Treasury and Finance (DTF), reporting to the Assistant Treasurer.
Cenitex has faced many challenges. It first had to integrate disparate technologies and infrastructure across agencies, which varied in age and levels of support. From 2011 to 2014, the Victorian Government considered selling it. In 2015, the Victorian Government reaffirmed Cenitex's role as the ICT shared services provider but removed its mandate for all government departments to use Cenitex.
While it is not mandatory for government agencies to use Cenitex's services, 35 Victorian Government departments, portfolio agencies and government entities have chosen it as their provider for specific ICT services.
Customers can choose which of Cenitex's business applications and services they use. They may also provide some ICT services themselves or use other ICT providers.
Service level measure—service measurement metric (for example, availability of service).
Service level target—performance standard for each service level measure (for example, the network is available for use by the customer 99.8 per cent of the time).
Cenitex provides services based on memorandums of understanding (MoU) arranged with each customer. The MoUs set out the terms and conditions and the service level measures, targets and standards customers can expect. These focus on service availability, service centre requests, and restoration of services following an incident.
Cenitex's present challenges include changes in the delivery and consumption of modern technology, lack of automation, and slow delivery processes. In addition, Cenitex has ageing and unreliable technology and assets, some of which are determined by customer needs.
In March 2018, Cenitex began Program Fortify, with the aim of improving its service reliability and responsiveness.
We examined whether Cenitex's performance meets customer needs, expectations and service levels targets for service availability and ICT support; and if it is effectively identifying and managing current and future challenges.
Cenitex has not met its own or its customers' service level expectations. It is not yet efficient because, while it has data to suggest its fees are competitive, it does not meet its service targets.
Cenitex's uncertain future as an ICT shared service provider between 2011 and 2014 hampered its ability to plan for the future. It did not invest in its technology platforms and services during this period to keep pace with accelerating change in the ICT industry, impacting its customers' service delivery and workforce productivity.
Cenitex has started to upgrade its old technologies, increase service automation, redesign its structure and business processes, and improve the skills and capability of its staff. To complement this, it needs to improve how it understands and addresses customer needs and expectations, and how it measures and reports on performance.
Measuring service level performance
Service level measures and targets establish customer expectations and are a key element of Cenitex's performance management framework. Many were set more than 10 years ago and despite changing ICT and customer environments, Cenitex has not updated them to match contemporary expectations.
Cenitex sets its own service level measures, but has no documentation outlining the basis for the associated targets or their alignment with ICT infrastructure, service requirements or funding. Consequently, not all the service level measures are relevant or reflect current customer expectations.
Cenitex's peer group comprises five Australian ICT shared services organisations.
The ability to process information in a way that is useful and easy is an aim of the Victorian Government Information Technology Strategy 2016–2020 (the Victorian ICT Strategy). A peer group review found that real-time processing of data is one of the top needs of customers. In line with this, more than 80 per cent of Cenitex's peer group's service level measures focus on service availability and incident management. However, less than one in five (17 per cent) of Cenitex's service level measures relate to these.
Cenitex's measures instead focus on service provision and requests, which are less important. Cenitex does not have some key service availability and incident management measures, which would help it prioritise what is important for customers. For example, its peers have measures that assess the number of recurring incidents, and availability measures that are based on the criticality of customer systems.
The benchmark assessment measured the service level targets against a market comparative peer group.
An October 2018 benchmark assessment, commissioned by Cenitex's board, found that only 37 per cent of its service level targets were equal to or better than the peer group. This improves to 47 per cent if regional services are removed. Comparative ICT service providers have set more challenging service level targets, enabled by adopting more innovative approaches, including automating processes.
Cenitex met its monthly service level targets on average 68.8 per cent of the time from 1 January 2016 to 31 December 2018. Its performance across different areas varied significantly. While it met its service availability and request for service targets more than 70 per cent of the time, it met its restoration of service and call centre targets less than half of the time.
Restoration of service
The frequency of significant incidents is a core indicator of Cenitex's performance. However, many incidents are outside Cenitex's control.
Cenitex classifies incidents by their severity. Severity 1 incidents are the most serious and involve a department-wide/site outage. Severity 2 incidents involve issues such as minor network outages affecting customers or network printing issues.
Severity 1 and 2 incidents decreased between January 2016 and December 2018, from a monthly average of 24 and 66, to 10 and 63 respectively. This is because Cenitex implemented a targeted program of initiatives to assess root causes and systemic issues. However, intermittent network access, internet slowness and a power outage at a data centre during the second half of 2017 led to a spike in severity 2 incidents.
Despite the downward trend in incidents, Cenitex has not consistently resolved severity 1 and 2 incidents within its monthly service level targets. It met these only in two months and six months respectively over the 36‑month period. These incidents also took longer on average to resolve—increasing from 2017 to 2018 by 2 hours (28 per cent) for severity 1 incidents and 2 hours and 27 minutes (37 per cent) for severity 2 incidents.
The service centre provides a single point of contact to help Cenitex's customers with their workplace technology needs. Service level targets set the expectation that Cenitex will quickly answer and resolve requests and reported faults.
Cenitex has consistently exceeded its target to resolve 70 per cent of common/recurring problems received via phone and email within 2 hours. However, it has regularly missed two service level targets—to answer 95 per cent of calls within 30 seconds, and that less than 5 per cent of callers abandon their calls after 15 seconds. Cenitex met these service level targets in two months and 19 months respectively over the 36-month period.
A ghost call is a phone call for which, when the recipient of the call answers, there is no one on the other end of the call.
Cenitex advised that their telephony system creates 'ghost calls', which affect these results. For example, our analysis of call data for 2018 shows one call lasting for more than 6 hours and another five calls lasting between 1 to 3 hours. Cenitex cannot determine the cause of the ghost calls and is unable to identify their origin.
To address these issues, Cenitex developed a Service Centre Strategy in 2018, which aims to modernise its service centre by updating its phone system and providing customers with more self-serve options and other channels, such as web-based chat options. Cenitex expects to fully implement the strategy by mid‑2020.
Cenitex analyses and periodically reports its service performance to its board and its customers.
Cenitex has improved reports to its board by removing unnecessary detail and having consistent reporting fields. This allows board members to compare the same information from month to month and focus on key performance issues. Despite these improvements, the reports do not align with key service level targets in the corporate plan, hampering the board's ability to assess Cenitex's performance in meeting service requests and restoring services following an incident.
As part of its MoUs with departments and agencies, Cenitex agreed to supply a set of reports to its customers at predefined intervals. These reports have limitations that hamper customers' ability to fully comprehend Cenitex's performance, such as:
- insufficient detail on actual performance. The traffic light rating system for service availability and project status provides a good snapshot. However, the absence of service availability data, project costs and progress data make it hard for customers to determine the extent services are available or if projects are on track and on budget
- presenting trend data over only a three-month period, which is insufficient to identify trends.
DTF also found limitations in its November 2018 internal audit, >Governance and Performance Management of Cenitex, which assessed the design and effectiveness of its governance of Cenitex. In audit interviews, chief information officers (CIO) expressed dissatisfaction with the quality of reporting. CIOs consider the reports too high-level to be meaningful. CIOs we interviewed said the reports do not allow them to understand the root causes that prevent Cenitex from meeting its service targets or what it is doing to address these issues.
Understanding customer needs
To understand its customers' needs, Cenitex engages with them through various forums and stakeholder committees, account management processes and customer satisfaction surveys. In addition, since 2015, Cenitex's board has included customer representatives. However, these practices are not effective, limiting Cenitex's ability to identify customer needs and make timely changes to its services.
The Stakeholder Advisory Committee (SAC)—a key forum for customers to discuss service provisioning, pricing, and levels—is poorly attended. CIOs told us that it is used more to disseminate information to customers, rather than to seek input on current and emerging needs. Cenitex also does not update account management plans, which are crucial to maintain good client relationships, as customers' ICT needs and expectations change.
Cenitex conducts an annual customer satisfaction survey, but its usefulness is limited due to its low response rate and the difficulty respondents have distinguishing between services provided by Cenitex and those provided internally. Additionally, without customer satisfaction targets, it is difficult for Cenitex to determine an appropriate satisfaction level.
The Department of Premier and Cabinet's (DPC) 2015 Business Support Services Strategic Review recommended that the Victorian Government make Cenitex's board mostly comprise customer representatives from departments and agencies, while retaining appropriate expertise through existing members. The government accepted this recommendation, and the Assistant Treasurer appoints the board members.
However, customer representatives have not made up the majority of Cenitex's board. Customer representatives made up four of the nine board members from 2015–16 to 2016–17 and three of eight board members in 2017–18. DTF now advises that the addition of two further customer representatives, on 17 September 2019, ensures that Cenitex's customers make up the majority of its board.
Cenitex board members also have a consistently lower attendance rate at board meetings. The average attendance rate from 2015–16 to 2017–18 for customer board members was 76 per cent, compared to 90 per cent for non-customer board members.
Cenitex advised that customer board members' contributions are not limited to their attendance at board meetings. For example, the board benefited from contributions from a former Secretary who attended strategy sessions and advocated for Cenitex at senior levels. The addition of customer members to the board has also helped Cenitex better understand customer needs.
Key challenges facing Cenitex
Cenitex faces significant challenges to stay relevant to its customers. These include changes in the way technology is delivered and consumed. Cenitex hosts most of its business in managed data centres on old technology. This has created major resiliency issues, resulting in failures affecting service availability.
In March 2018, in response to these challenges, Cenitex's board approved Program Fortify, which aims to improve the reliability of services and its responsiveness to customer needs. This includes upgrading technologies and removing dependency on its data centres. Program Fortify aims to deliver four key technology initiatives, as well as increase service automation, redesign the organisation's structure and business processes, and improve staff skills.
Business case for Program Fortify
The approved business case for Program Fortify detailed funding of $17.3 million. In July 2019, Cenitex varied this by more than $7.8 million to include internal staffing costs omitted from the original business case. This brought the total approved budget for the project to around $25.1 million.
Good practice requires the business case be continually updated with current information on costs, risks and benefits. The significant increase (around 45 per cent) to the original business case budget raises questions about whether the benefits of Program Fortify still outweigh the costs.
Organisations need to consider how to assess and monitor benefits for any ICT project. However, Cenitex has not developed a benefit management plan or equivalent. This means it has no objective baseline from which to assess whether Program Fortify has succeeded. Measuring and reporting on benefits is an important accountability mechanism, allowing Cenitex to demonstrate that the investment was a good use of funds.
Cenitex charges its customers for the services it provides. Because departments and agencies could choose another ICT service provider, it is important that its services align to market offerings and that its pricing is competitive.
Unlike the broader ICT market, which allows customers to control and customise their consumption of services, Cenitex until recently grouped its services into bundles, resulting in customers often paying for products or services they did not need. However, in 2018, Cenitex changed its model to allow customers to choose the specific services they need.
In November 2018, Cenitex commissioned an assessment of its efficiency (price) and effectiveness (quality of services) following its unbundling of services, to test its cost competitiveness with similar service organisations. The review benchmarked Cenitex against five shared services organisations and six ICT service vendors. The review showed that Cenitex delivers services:
- 8 per cent cheaper than the selected shared services organisations and 10per cent cheaper than selected IT managed services vendors
- 11 per cent more effectively than selected vendor peer organisations.
However, a key limitation with the benchmarking review was its assumption that the shared services organisations, ICT service vendors and Cenitex were meeting their service level targets. This is an incorrect assumption. Improving Cenitex's performance will require changes in how it delivers services, which will impact on its service costs.
We recommend that Cenitex:
1. strengthen its performance framework by:
- agreeing service level measures and targets with customers that are relevant and appropriate to contemporary performance expectations
- monitoring and reporting performance against these, including assessing performance trends over time
- periodically reviewing and resetting service level measure and targets where necessary
- documenting the basis for service level targets (see Section 2.2)
2. review and update all memorandums of understanding with customers to clarify reporting and reflect contemporary service needs (see Section 2.4)
3. improve the quality of information and communication provided to the board by aligning reports with key service level targets in the corporate plan (see Section 2.4)
4. review its current practices for understanding customer needs by:
- working collaboratively with chief information officers to better define, or refine, the operation of the Stakeholder Advisory Committee to encourage more participation and input from customers on emerging and future needs
- periodically reviewing and updating customer account management plans to ensure they remain current
- working with customers to increase the response rate to the annual customer satisfaction survey (see Section 3.2)
5. develop a benefits management plan for Program Fortify and regularly report on the achievement of benefits to its board, executive management and the Department of Treasury and Finance (see Section 3.3).
We recommend that the Department of Treasury and Finance:
6. work collaboratively with Cenitex in setting service level measures and targets in Cenitex's Corporate Plan (see Section 2.4)
7. establish monitoring arrangements that include ICT expertise for assessing Cenitex's performance in meeting service level targets (see Section 2.4)
8. provide advice to the Assistant Treasurer on any movement in customer representation on the Cenitex board to encourage a majority, in line with recommendations in the Department of Premier and Cabinet's 2015 Business Support Services Strategic Review (see Section 3.2).
Responses to recommendations
We have consulted with Cenitex and DTF and we considered their views when reaching our audit conclusions. As required by the Audit Act 1994, we gave a draft copy of this report to those agencies and asked for their submissions or comments. We also provided a copy of the report to DPC.
The following is a summary of those responses. The full responses are included in Appendix A.
Cenitex and DTF accepted our recommendations and have developed action plans.