The Controller and Auditor General has called on the Government Chief Information Office (GCIO) to work with public sector organisations to produce a set of measures for its shared information and communications technology services and to use these to monitor and report on the effectiveness, efficiency and benefits of these services.
That recommendation is the main outcome of an audit of government agencies' use of infrastructure as a service (IaaS) offerings, reported in Infrastructure as a Service: Are the benefits being achieved? tabled in Parliament today.
IaaS allows public sector organisations to buy virtual servers, storage services and backup services from private providers. Use of the service started in 2012/13.
The Controller and Auditor General says it found only about a quarter of the organisations that could use IaaS were doing so.
“We saw some promising signs that those using IaaS consider it worthwhile, and are achieving benefits. The GCIO’s measures show that these organisations are achieving benefits, such as: consolidation of ICT infrastructure; reduced prices for ICT services; business savings from avoided procurement costs; and cumulative price savings over time.”
However, it said: “The GCIO needs to do more to fully assess and report on all its shared services, including the benefits of IaaS. By doing so, the GCIO will be better prepared to support organisations to take up IaaS.”
The report calls on the GCIO to “ensure that the information it collects about all shared ICT services gives as thorough an understanding of their benefits as practical,” saying: “It is likely that this framework would also provide the GCIO with evidence of benefits that it could use to encourage other organisations to use shared ICT services.”
It said the audit showed that GCIO had clearly communicated the benefits of IaaS because “Organisations using IaaS, ICT providers, and the GCIO told us that IaaS is worthwhile and meeting expectations [and] people we talked to, including those from organisations not using IaaS consistently understood why it was introduced, how it works, and what it is expected to achieve.”
Nevertheless, the report said GCIO needed to do more to communicate the benefits of IaaS because, “some organisations that are required to use IaaS are not using it. This is because they believe it would not benefit them, it is not relevant or fit for their purposes, and it was not affordable.”
It added: “It is not clear what action the GCIO is taking to ensure that all organisations required to use IaaS will either use it or get an exemption. At the time of our audit, the GCIO had not issued any exemptions.”
In 2016 the GCIO commissioned an external review of the more than 20 shared ICT services that it manages, including IaaS and considered that the Government’s target of $100 million in annual savings would be achieved in July 2017.
The report said that target had been exceeded by March 2017. However, according to Greg Schollum deputy controller and auditor-general in his foreword to the report, the GCIO did not measure the other benefits realised from using IaaS.
He said the GCIO now planned to use the results of the audit to help it prepare a framework to measure the benefits of all shared ICT services
“We recommend that the GCIO ensure that the information it collects about all shared ICT services gives as thorough an understanding of their benefits as practical,” Schollum said.
“It is likely that this framework would also provide the GCIO with evidence of benefits that it could use to encourage other organisations to use shared ICT services.”