## 2008/11/30

### Finance, FMAA & ANAO and Good Management: Never any excuse for repeating known errors

In light of the Sir Peter Gershon's Review of the Australian Government’s use of Information and Communication Technology, here's an email I sent to Lindsay Tanner (Finance Minister) prior to the 24-Nov-07 election of the Rudd ALP government. Edited lightly, formatting only.

Date: Sun, 11 Nov 2007 15:02:40 +1100From: steve jenkin To:  lindsay.tanner.mp@aph.gov.auSubject: Finance, FMAA & ANAO - Good Management: Never any excuse for repeating known errors

Here is something very powerful, but simple to implement & run, to amplify your proposed review of government operations and can be used to gain a real advantage over the conservative parties. On 8-Nov I wrote a version via the ALP website.

The Libs talk about being Good Managers, but they have been asleep at the wheel for the last 10+ years.

It's not "efficient, effective or ethical" to allow public money to be wasted by repeating known mistakes.

Nothing new needs to be enacted - only the political will to demand Good Governance from bureaucrats and the 'ticker' to follow through.

In the 60yrs since WWII, how many defence purchases and projects have been abandoned, failed or over-run??

What about other large, important projects?
[Nobody has a list or a number. That in itself is a failure.]

If managers within the public service were properly held to account, how could there be so many 'surprises' still?
The situation is so dire, that there isn't even a list of what projects are currently underway, let alone their outcomes.

There is a simple, direct solution to solving the lack of Good Governance perpetrated by the Howard Government:
• direct consequences for managers repeating known errors, and
• Lessons Learned (good & bad) documented for all large projects and demanded on all later projects.
This works spectacularly well for Aviation [ATSB + CASA].
For the whole of Federal Government it would be ANAO + Finance (FMAA).

There is every reason to differentiate your administration from the laissez-faire approach to Governance of the current 'conservatives'. And it's both cheap and effective.

The Sea Sprite is a current debacle, the Collins class submarines were recent. The new RAAF aircraft is an unfolding drama. The Army had bad press over gear & boots not performing. But it isn't just Defence, it's endemic.

And the ANAO is aware - but is powerless to enforce change, only gently encourage.

Joe Hockey, when at Centrelink, had conniptions over the 'EDGE project' firstly failing, then no manager being accountable.
His 20-Apr-2005 press club speech contains:
The Auditor-General’s report released last week into the failed EDGE project in Centrelink indicates an urgent need for increased and more careful management attention to major projects. I expect constant vigilance and clear governance structures.
But after all the hot air, soul searching and endless consultants reports what is different? Where is the on-going change?

The Auditor General address to the Institute of Project Management on 7-October-2007 mentions just a few projects of interest (on the front page of ):
• 1979 - JCPA review of the cancelled MANDATA
• 1983 - Audit report on Defence major capital acquisitions
• 2005 - Centrelink EDGE project
• 2005 - Defence PMKeyS Project
• 2006 - Customs ISS review
• 2007 - Defence HF Comms Systems Modernisation Project
Balanced with two only shining examples of successes:
• 2000 - Construction of the National Museum of Australia
• 2004 - Defence acquisition of ‘Wedgetail’ Airborne Early Warning and Control Aircraft
The ANAO address talks of 'Good Leadership' and 'A culture of discipline' to solve Project Management problems - and annunciates clearly that Senior public sector managers are not 'asking the right questions' - but the only remedy suggested is more training and guidelines.

Clearly is that was effective, it would've worked 30 years on from the MANDATA report.

A 2005 KPMG project management survey is quoted as saying:
• Govern to achieve,
• Hold to account
And a lot of theory, reporting, process and causes are mentioned including the new Finance 'Gateway Review Process' - but it entirely misses the mark, the important practices of the Aviation industry are:
• independent, detailed 'root cause' analysis of all incidents - applicable across the entire jurisdiction
• strict accountability for all incidents, not just obvious accidents, by the enforcement/regulation agency
In the 1994 an important study by researchers at Warwick Business School of firms in New Zealand found the single predictor of high-performing IT departments(*):
• Lessons Learned (good & bad) - documented and acted upon.
That's simple, cheap and effective.
And you'd think it would be obvious Good Management...

The ANAO Poject Management comments, while true up to a point, will cost a huge amount to implement, will entail massive reporting & Governance costs and will only further entrench the current practices:
• there are never serious personal consequences for underperforming public service managers such as discipline, demotion or even firing.
The managers responsible for the whole chain of disasters cited by the Auditor General, and many more, are teflon-coated.
Nothing in the current ANAO proposals & programs changes the one thing that will cause real change: Personal Accountability.

The ANAO paper confuses:
• Outcomes with Process
• Reporting with Responsibility
• Accountability and Assessment
As Finance Minister you can cause fundamental change in the public service by a radical cultural change that the bureaucrats cannot gainsay nor counter:

• require every 'Gateway' project to lodge a Lessons Learned statement.
• require a detailed "root cause" analysis, with remedial actions, for every failed/over-run project
• via the FMAA, enact direct, personal consequences for those repeating known errors or failing to act on documented "Lessons Learned."
• this needs to include firing senior Public Service managers, and
• excluding companies and certain employees for any future government work.
To counter the problem of "mates rates", the FMAA review panel needs to be handled like ASIC:
• external to the object of examination,
• staffed by 'outsiders', and
• limited tenure for those enacting outcomes.
A side effect is that it gives 'whistle blowers' a safe, legal and legitimate place to make their reports.
Currently their only option outside the department is the media - which only makes bureaucrats defensive and causes embarrassment for their political masters.

This is simple and obvious "Good Management".
It is entirely within the powers of the FMAA, and a very strong point of distinction between your government and the current conservatives who've had 10+ years of not promoting Good Governance.

It fits in with, and amplifies, your proposed review of the Public Service.

The direct political benefit to the elected members and ministers is:
• Ministers can legitimately divorce themselves from bureaucratic stuff-ups,
• Embarrassing projects can avoid the media and be handled internally - and the investigation turned into a positive.
• The government can reliably & credibly promise to the electorate:
• That won't happen again", and
• "If anyone does that again, heads will roll".
• Ministers won't normally fire or demote underperforming managers, but the FMAA bureau would - improving the relationship and trust between departments and ministers.

(*) Martin, A. and M. Chan (1996). Information Systems Project Redefinition in New Zealand: Will We Ever Learn? Australian Computer Journal, 28 (1)

## 2008/11/29

### Gershon Report - Review of Australian FedGovt ICT

The Gershon Review is good solid stuff that doesn't rock the boat, doesn't challenge current methods & thinking, nor show deep understanding of the field.

It has a major omission - it addresses ICT inputs only.
ICT is useful only in what it enables others to do or improve - measuring & improving ICT outputs is completely missing from 'Gershon'.

It doesn't examine the fundamentals of ICT work:
• What is that we do?
How is Computing/IT special or different to anything else?

• Why do we do it?
Who benefits from our outputs and How?
Here are my partial answers to these questions:
1. Computing is a "Cognitive Amplifier" allowing tasks to be done {Cheaper, Better, Quicker, More/Bigger}.

2. IT is done for a Business Benefit.
Like Marketing, defining how outputs & outcomes are measured and assessed - both in the macro and micro - is one of the most important initial tasks.

Gershon doesn't address outstanding issues of the IT Profession:
• improving individual, organisational and general professional competence and performance.
• Reducing preventable failures, incompetence/ignorance and under-performance.
• Deliberate, directed & focussed effort is required to institute and maintain real Improvement of the Profession. (vs 'profession-al improvement' of practitioners)
After ~60 years of Commercial Computing:
• Are there any new ways to stuff things up?
• Is it "efficient, effective, ethical" to allow known Errors, Mistakes, Failures to recur without consequences? [see FMAA s44]
It isn't like the Government isn't aware of the processes and instruments needed to avoid repeating Known Errors, nor the benefits of doing so.

Aviation is controlled by ATSB (Australian Transport Safety Bureau, previously Bureau of Air Safety Investigation [BASI]) and CASA (Civil Aviation Safety Authority). The USA's FAI publishes hard data on all aspects of Aviation - and mostly they improve on every measure every year. This isn't just due to the march of technology - the figures for 'General Aviation' (as opposed to Regular Passenger Transport) plateaued decades ago... This is solid evidence that Aviation as a Profession takes itself seriously - and that commercial operators in one of the most competitive and cut-throat industries understand the commercial imperative of reducing Known Errors.

Aviation shows that profession wide attention to Learning and Improvement isn't just about Soft benefits, but translates into solid business fundamentals. You make more money if you don't repeat Know Errors/Mistakes.

ATSB investigates incidents and looks for Root Causes.
CASA takes these reports and turns them into enforceable guidelines - with direct penalties for individuals, groups and organisations. CASA is also responsible for the continual testing and certification of all licensed persons - pilots, Aircraft Engineers, ...

There are 4 specific areas Gershon could've included to cause real change in the IT Profession - to start the inculturation of Learning & Improvement and the flow-on business gains.
Federal Government accounts for 20% of total Australian IT expenditure. It is the single largest user and purchaser of IT - and uniquely positioned to redefine and change the entire IT profession in Australia.
• Lessons Learned - Root Cause Analysis of Failures/Problems
Dept. Finance 'Gateway Review Process' on Projects.
Needs equivalent of CASA - inspection and enforcement of standards plus penalties/sanctions - Not just reviews and suggested guidelines.
Not just ICT staff, not just FedGovt but their suppliers/vendors/contractors as well.
Without real & timely (personal and organisational) consequences, nothing changes.

• Standish 'Chaos Report' equivalent - real stats on IT Projects.
Without solid numbers, nothing can change.

• Operational Reviews.
How well does an IT organisation do its work?
Critical Self-assessment isn't possible - exactly the reason work needs to be cross-checked for errors/mistakes/omissions/defects.
C.f. Military Operational Readiness Reviews - done by specialist, impartial experts.

• Individual Capability Assessment - equivalent of on-going Pilot etc recertification.

• Research: Quantifying & standardising metrics and models for "Effectiveness".
DCITA/DBCDE on macro-economic results.

The ACS describes Gerhon's recommendations as "all aimed at addressing the efficiency of ICT":
• governance,
• capability,
• ICT spending,
• skills,
• data centres
• sustainable ICT
Note the issue of Reducing Faults/Failures/Errors/Mistakes doesn't make the list.
Nor does the idea of institutionalising the building/improving the Profession of IT and increasing the Capability/Performance of IT Professionals.

By the DCITA/DBCDE own reports, ICT contributes 75% of productivity improvements: ICT is still the single greatest point of leverage for organisations reducing costs and improving output.

Does getting IT right in Federal Government matter?
Absolutely.

Gershon delivers 'more of the same' and could conceivably achieve its targets of 5% & 10% cost improvement