What prevents large IT projects from being successful?
Table of contents
- 2.1.1 Lack of dedicated leadership is a cause of project failure
- 2.1.2 Inappropriate governance structure represents a major risk
- 2.1.3 Weak performance management can negatively impact the achievement of objectives
- 2.1.4 Weak risk management can cost millions of dollars
- 2.2.1 Insufficient planning results in failing IT projects
- 2.2.2 Inadequate or inappropriate organizational capacity is a recurring risk
- 2.2.3 Negative business relationships with suppliers or unforeseen procurement needs are a risk
- 2.2.4 Overly optimistic funding estimates can result in cost overruns and failure to achieve expected benefits
- 2.2.5 Inadequate management of contractor performance can result in project failure
- 2.3.1 The absence of service level agreements can negatively impact project success
- 2.3.2 Not understanding the needs of the client can lead to project failure
This report is a synthesis of the findings from 19 audits and reviews of major information technology (IT) projects in Canada and internationally. The objective of the synthesis was to identify and summarize common risks to success for large IT projects in the public sector.
What we examined
We reviewed 19 reports related to large IT projects from 11 jurisdictions (provincial, federal and international) in five countries. The approximate value of the projects reviewed is $19 billion.
Why it’s important
Large IT projects are inherently complex, expensive and risky. IT failures cost millions and, more importantly, they affect the project’s capacity to deliver expected benefits to users. The audits reviewed have generated robust, credible and empirically-based conclusions on a range of material risks facing managers charged with implementing large IT projects.
What we found
The general conclusions drawn from our review of the reports are that the risks to success for large IT projects are related to governance, project management and client service. Multiple examples involving millions of dollars were identified.
The governance framework allows objectives to be achieved by establishing the correct IT management structure, as well as appropriate levels of oversight of performance and risk management. Weak governance invariably impedes success in the audits reviewed. Performance measurement, a key element of governance, was found to be a fundamental condition of success.
Project management can encompass various components, including planning, organizational capacity, procurement, funding and contractor performance. A weakness in any of these components can result in long delays, cost overruns, scope creep and ultimately project management failure.
The value-added of large IT projects in the public sector is reflected in the degree to which its clients are satisfied. Overlooking the importance of client service can result in a failed project. Delivering a product on time and on budget is of no value if it does not meet the needs of the client. Service level agreements defined by the accountability of both parties in achieving client satisfaction are vital to achieve success.
Overall, we found that a change management approach is key to ensuring that the above risks to success are dealt with.
This report is a synthesis of the findings from 19 audits and reviews of major information technology (IT) projects in Canada and internationally. The objective of the synthesis was to identify and summarize common risks to success for large IT projects in the public sector.
In 2011, the Office of the Auditor General of Canada (OAG) examined large Canadian IT projects to assess their approval and management processes. The OAG concluded that large IT projects were inherently complex, expensive and risky. The evidence coming from the private sector is consistent with
A study of 163 companies found that 37% of IT projects were at risk. This meant that for these companies, of the $200 million in IT projects managed annually, $74 million was at riskFootnote 1.
Large IT projects, such as the creation of common services or data centre consolidations, are not new. Many jurisdictions worked on large IT projects and conducted audits on these projects, including:
- Western Australia centralized common ‘back office’ corporate functions such as finance, human resources and procurement through their Shared Corporate Services initiative;
- British Columbia made a transition to a portfolio management approach to find synergy among its information technology investments;
- The Canadian federal and provincial governments, along with health care organizations and other constituencies, started a pan-Canadian initiative to develop and implement a compatible electronic health record (EHR) system to provide health care professionals with secure and private lifetime records for patients;
- The United States Department of Veterans Affairs (VA) tried to achieve information technology realignment by implementing a centralized management structure under the Chief Information Officer’s (CIO) authority to create versatile new ways for veterans to obtain services and information. This enabled the VA to initiate major IT projects such as outpatient scheduling and sharing electronic health records with the Department of Defense;
- The State of Oregon’s legislature approved funding for the Computing and Networking Infrastructure Consolidation project which aimed at consolidating twelve state agency data centres into one facility to reduce future costs while maintaining or improving service levels.
These are only a few examples of the many efforts that have taken place or are in the process of being deployed. The Canadian federal government has also undertaken a number of major IT projects. With the creation of Shared Services Canada (SSC), these efforts will intensify. The SSC mandate to consolidate, streamline and improve IT infrastructure services across the federal government will inevitably entail a range of risks similar to those faced by the above jurisdictions.
The Office of Audit and Evaluation (OAE) at SSC performed this synthesis to identify the common risks to achieving success for large IT projects. The methodology was inspired by the evaluation synthesis framework developed by the US Government Accountability Office (GAO). A synthesis approach was chosen as the most efficient and cost-effective method of obtaining results. A synthesis has the ability to provide relatively inexpensive, comprehensive and timely information compared to the time and money associated with a study to gather primary information.
A project does not succeed when it is late, over budget or doesn’t deliver all of the business value expected (or delivers the wrong thing). Of course, the magnitude of the failure to attain these goals has to be taken into account.
We reviewed 19 reports from 11 jurisdictions (provincial, federal and international) in five countries. Appendix A contains the list of the reports reviewed, most of which were audit reports. Audit findings are useful and revealing because they focus on actual results. The other reports selected were also based on results of IT projects. The approximate value of the projects reviewed is $19 billionFootnote i.
A review of a variety of sources and jurisdictions enables us to identify risks that are common to large IT projects. This co-validation of the results will allow us to draw robust, credible and empirically-based conclusions for a range of material risks facing managers charged with implementing large IT projects.
Three main themes emerged as risks from the reports reviewed: governance, project management and client service. This synthesis presents each of these themes, along with examples that demonstrate how these risks may contribute to the failure of large IT projects.
2.0 Risks to large IT projects
Most of the audit reports reviewed cited governance as a significant risk in the IT projects.
ISACA (previously known as the Information Systems Audit and Controls Association) defines governance as ensuring that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring performance and compliance against agreed-on directions and objectives. In most enterprises, governance is the responsibility of the board of directors under the leadership of the chairperson.
Governance-related risks were found in four specific areas: leadership, the governance structure, performance management and risk management.
2.1.1 Lack of dedicated leadership is a cause of project failure
Projects need leadership that is visionary, decisive and dedicated. The GAO stated that “it is important that top leadership supports and sustains major change initiatives through to completion”. They also noted that a key factor for successful transformation was ensuring that top leadership drives the effort.
One report noted that most projects facing significant challenges involved major business transformation and those problems were rarely due to IT alone. In its review of 21 large IT projects, the report found leadership of major business transformation lacking. Raising business transformation to the same level as policy and operational issues was considered critical. The report recommended the creation of a new deputy minister position (at the provincial level) to oversee projects with major business transformation. Another key factor was the mobility of public servants, which affects the continuity of a project. This results in diffused accountability and responsibility for the project, and it also has an impact on the overall governance of the project.
Senior level engagement and commitment is considered crucial for success. In Western Australia, the lack of strong sponsorship and leadership affected the success of shared services reform. In the UK, the lack of clear senior management and Ministerial leadership was identified as a cause of project failure.
2.1.2 Inappropriate governance structure represents a major risk
Governance should be transparent, accountable and independent. Management must establish a governance structure that represents the entire stakeholder community and reflects clearly defined roles, responsibilities and decision-making authority among the different levels of leadership.
Many of the reports we reviewed found that establishing an effective IT management structure was the starting point for coordinating and communicating the continuous cycle of information and for defining roles and responsibilities. In a centralized management structure, the CIO is responsible for ensuring existence of fiscal controls over the department’s IT appropriation and overseeing capital planning and execution. As such, the CIO would have control over the IT budget by:
- designating organizations with specific roles and responsibilities for controlling the budget reporting directly to the CIO;
- implementing an IT governance structure that assigns budget oversight responsibilities to specific governance boards; and
- developing and implementing IT portfolio management and financial management processes in the new organization.
Weak Governance Causes Delays
Between June 2006 and May 2008, the U.S. Department of Veterans Affairs did not provide oversight of the Scheduling Replacement Project even though the department had become aware of significant issues indicating that the project was having difficulty meeting its schedule and performance goals. Specifically, in June 2006, the project team found that a delivery of software included over 350 defects, leading the office to delay the system deployment by 9 months, from October 2006 to July 2007, to mitigate the defects.Footnote 2
The absence of a dedicated management structure that is responsible for governing overall consolidation efforts represents a major risk to success. The Oregon Secretary of State audit report found that the lack of a dedicated management structure contributed to a major data centre consolidation project’s inability to meet all of its objectives.
Reports also found that ineffective governance could cause projects to expand beyond their original scope (scope creep). The OAG of Canada audit of the Electronic Health Records in Canada reported that inadequate oversight of project expenditures and deliverables and significant scope creep have occurred in the province of Ontario. The province lacked clear leadership and direction from a central authority, which resulted in ineffective oversight and unclear accountabilities.
While it is important that the governance structure represent the stakeholder community, it must not be overly cumbersome. Too much oversight can lead to projects expanding just for the sake of satisfying many gatekeepers. Increasing the number of gates a project must pass through forces the organization to make unrealistic commitments. The Ontario Special Task Force on Management of Large-scale Information and Technology Projects stated that “sometimes a government project is like a barge. Everyone throws everything on it and soon it is unable to leave the dock”.
The National Audit Office in the UK had identified governance arrangements as a key theme for IT project failure. In response, the Department for Work and Pensions in the UK established a governance and escalation framework to which all projects must comply.
One review noted that, although they could not conclude that increased oversight by the state legislature would have prevented or even reduced the project failures, it would be appropriate to revisit the level of oversight and public accountability that could be made available.
Achieving a balanced governance structure with clearly defined roles and proper decision-making authority is a critical factor in the success of a large IT project.
2.1.3 Weak performance management can negatively impact the achievement of objectives
Performance management is a cycle of managerial activities that includes planning and measuring results. The data generated is used to reflect on the accomplishment of objectives, explore performance problems or opportunities, and make changes to improve both operational and strategic outcomes.
Sometimes an excessive portion of the oversight committees’ attention is spent on cost management and too little time is devoted to project performance. For example, in 2008, the US GAO pointed out that the VA’s lack of management processes was increasing the risk to the department’s ability to achieve effective IT accountability and oversight. A focus on developing the department’s IT budget strategy caused the department to fail to provide oversight of the Scheduling Replacement Project and to conduct milestone reviews.
In 2010-2011, the Auditor General of Quebec reported that 59% of the completed IT projects they reviewed did not respect at least one of their initial targets. Although projects may meet certain targets, this may be at the expense of the other targets. For example, one project met the deliverable but had an increase in costs of $1 million and a delay of 40 months.
Inadequate performance measurement prevents project completion
A review of the Veterans Affairs scheduling system project found that an estimated $127M over 9 years was expended without delivering any of the planned capabilities. The project was hindered by weaknesses in performance and risk management elements such as: planning of application acquisition, incomplete requirements, concurrent testing (vs. incremental), unreliable management data and ineffective identification, mitigation and communication of project risks.Footnote 3
In the example from Western Australia, one of the most important missing project management tools, service level agreements (SLA), could have mitigated the issue of agency resistance. An SLA is a simple and effective way to elicit commitment and support from agencies for shared service provision agreed to prior to implementation. The lack of an SLA hindered the agencies from participating in determining the type or level of customer service and establishing performance indicators that could have been monitored to determine the efficiency of service delivery. The central service provider did not acknowledge that there were major service delivery or operational problems. They placed the responsibility for these issues on the agencies. Without an SLA, there was no agreed-upon method to settle this dispute.
2.1.4 Weak risk management can cost millions of dollars
Treasury Board of Canada Secretariat (TBS) defines risk management as a systematic approach to setting the best course of action under uncertainty by identifying, assessing, understanding, making decisions on and communicating risk issues.
The absence of review mechanisms at key points can result in projects continuing despite questions regarding their viability. This was the case with Western Australia’s failed attempt at creating a shared services model. A review found there was substantial agency resistance to the shared services program from its inception, but costs associated with such resistance could not be estimated. The department did not account for any risk of disruptions to its associated roll-in schedule for agencies.
Large projects tend to be riskier than smaller projects, due to their transformational nature and the governance challenges they present. Due to their greater time span, it can also result in the benefits, or even the whole project, being obsolete by the time the project is complete. One audit reported that the oversight committee did not consider risk information in a consistent and meaningful way when making decisions on which projects would proceed.
Ignoring risk is expensive
In Western Australia, one review recommended continuation of the under-performing project. It gave little consideration to decommissioning the project in spite of indications that no net benefits would be achieved over the next ten years. It took a total of $401 million and seven years before the program was decommissionedFootnote 4
Effective risk management, thorough benchmarking and mitigation of risks are crucial in ensuring that projects are under control.
2.2 Project management
A project management framework ensures the correct prioritization and co-ordination of projects. It should include a master plan, assignment of resources, definition of deliverables, approval by users, a phased approach to delivery, quality assurance, a formal test plan, and testing. A post-implementation review should also be conducted after installation to ensure project risk management and delivery of value to the business. A project management framework reduces the risk of unexpected costs and project cancellations, improves communications and involvement of the business and end users, ensures the value and quality of project deliverables, and maximizes their contribution to IT-enabled investment programs.
The TBS states that project management is normally reserved for focused, non-repetitive, time-limited activities with some degree of risk, and for activities beyond the usual scope of program (operational) activities.
Our review of audit reports yielded the following findings regarding project management:
- large IT projects undertaken in Canada which had weak project management practices experienced long delays and large cost overruns;
- inadequate oversight of project expenditures and deliverables and significant scope creep of projects was reported;
- the lack of established criteria for work that was considered “done” at all levels of the project resulted in each development team having its own definition of “done”;
- a business case is the foundation for sound investment and it must define what constitutes success in order to measure the project’s success. Most business cases do not clearly identify and measure the benefits; and
- pressure to get a project completed can force project tasks that should be done sequentially to be done concurrently. For example, concurrent testing is in some cases performed where testing should be incremental. Inadequate testing increases the risks of deploying future releases containing defects that may require rework or delay functionality.
Large IT projects represent complex change management challenges resulting from the significant changes to business processes. However, often these projects are treated exclusively as IT initiatives and leadership of business transformation is lacking. A lack of organizational resolve, dedicated political-level sponsorship and adequate project oversight are central causes of project failure.
2.2.1 Insufficient planning results in failing IT projects
Approximately half of the reports reviewed indicated that planning was insufficient and lacked critical elements to guide the initiatives to completion. This results in difficulty in managing the project. It also distracts project leaders from dealing with other important issues because they must address planning shortfalls.
One report found that the absence of project plans in the project management framework defining how, when and to what degree project objectives would be achieved contributed to consolidation issues.
Good planning could have saved millions
A review in the State of Wisconsin found that a project to replace existing software was inadequately planned. Due to significant concerns about the project’s scope, cost and timeline, the project was suspended after having spent five years and $21.7 million.Footnote 5
Ontario’s Special Task Force report stated that “current project planning practice is biased toward giving generous amounts of time for development and implementation. As a result, up-front planning work gets short-changed.” The report recommended that project sponsors should invest a greater percentage of the project budget in up-front planning to ensure more robust business and project plans.
One large IT project determined that the initial project plan would not fully meet its needs. As a result of underestimating the complexity of the project, there was an implementation delay of more than one year, a doubling of the costs and a decrease in the service levels.
Insufficient planning has resulted in failed or problematic large IT projects. The OAG of Canada reported unsatisfactory overall progress in placing more attention on the planning of large IT projects.
2.2.2 Inadequate or inappropriate organizational capacity is a recurring risk
Organizational capacity is the technical and managerial ability to deliver an IT project as well as the ability of an entire organization to improve the way it does business by using all of a system’s capabilities.
Efficient use of resources is essential to an organization that is operating with limited budgets. Successful project delivery in such an environment requires the ability to move staff easily into positions where they can best be used. Large IT projects require highly skilled individuals in key leadership roles and these individuals are scarce. Organizations that proceeded without the appropriate expertise to manage them experienced delivery problems.
Lack of an adequate skill base is a challenge
The lack of available project managers has been an ongoing challenge for the public sector. Most public sector organizations have low levels of IT project management experience. An organization must retain control over the project management rather than outsourcing this function.Footnote 6
Strategic workforce management is necessary to ensure that an organization has the human resources capable of developing and delivering the services required. Selecting individuals based on their competencies, and not where they previously worked (such as when groups are being consolidated), increases the success of major change initiatives.
Audit findings from various sources regarding organizational capacity included:
- in one audit, four of seven projects undertaken by departments lacked the appropriate skills and experience to manage the projects or lacked the capacity to use the system to improve the way they delivered their programs;
- not filling vacant positions with experienced and qualified people prevented the Department from achieving its goals;
- one project reduced staff before consolidation was complete (based on projected completion dates and staffing needs) although they were required to maintain the current status; and
- 48% of rolled-in agencies in Western Australia found there were insufficient resources to deal with their requirements.
Lack of skill, experience and/or resources are seen as recurring risks to the success of IT projects.
2.2.3 Negative business relationships with suppliers or unforeseen procurement needs are a risk
Procurement is planning and acquiring goods and services, and carrying out construction through Crown procurement contracts. In 2000, the OAG of Canada reported that the acquisition phase and related procurement activities were factors in project failure. During this review, we confirmed that procurement issues had a negative impact on the success of the projects.
Negative business relationships with suppliers or unforeseen procurement needs were a barrier to success. The Report on the Ontario Special Task Force indicated that large IT projects that had gone off track often had poorly defined business plans. These weak business plans resulted in weak request for proposals. A clearer definition of success for the government’s partners would have helped alleviate the adversarial relationship that developed between the government and private sector vendors. In addition, vendors with little prior experience with government procurement might inadequately plan or not take into account aspects such as consensus building or complexity in decision and execution, which differ from those found in the private sector.
Another report indicated that the project was hindered by the inadequate planning of the acquisition of an application and by not obtaining the benefits of competition. When a contract does not include procurement time as part of the key performance measurements, delays can go unchallenged. One audit report found that operations in 81% of the agencies involved in a consolidation project were negatively affected by the procurement process. In addition, almost all of the procurement requests sampled for that audit exceeded the timeframe allowed for by the contract.
2.2.4 Overly optimistic funding estimates can result in cost overruns and failure to achieve expected benefits
Funding in the context of large IT projects involves determining sources and amounts of funding, adherence of investments to governance processes to align with the department’s strategic plan, budget formulation, approval against the IT business plan and monitoring of budget execution.
Several reports indicated that overly optimistic funding estimates in the original business plan was one of the main causes of cost overruns and failure to achieve expected benefits. Funding shortfalls cause delays in developing activities and supporting ongoing operations. In such instances, further reviews tend to recommend increases in funding as a first corrective measure, leading to time delays until the additional funding is received, and implementation of temporary stop-gap measures and systems which further complicate the scope of the large IT project.
A project may succeed in meeting the objectives set in the project rollover schedule in a timely fashion, yet be a failure due to non-delivery of intended benefits and deterioration of service levels. Incorrect funding estimates and overstated benefits can leave the project managers with no choice but to request additional funding and resources. Exceptional costs or infrequent periodic costs can easily be overlooked in a business plan, such as system upgrade costs or funding to ensure nationwide compatibility.
The State of Wisconsin did not have standardized methodology in place for the preparation of the detailed project cost estimates. The auditors applied a standard used by the GAO which stipulates that a project’s final cost should be within 110% of the initial projection. Only 6 of the 13 projects considered met the standard.
Wrong cost estimates can jeopardize projects
A review of 13 large IT projects (costs of more than $1 million) in Wisconsin found that 7 of the 13 projects exceeded their initial costs projections by more than 10%. This was an additional $14.9 million in unexpected costs. One project significantly changed its project plan but the cost estimate was not revised; therefore, based on the original projected costs, the final cost was 100% more than the estimate.Footnote 7
Another issue was accountability and centralized management of funding. When top tier project managers, such as the CIO, only control a small percentage of the budgeted amounts for a large IT project, they lack the operational power to control investments and manage ineffective spending. In such cases, ensuring certain elements of the project were respected prior to engaging in an expense was significantly more difficult.
2.2.5 Inadequate management of contractor performance can result in project failure
The use of contractors, or vendors, in IT projects is common. Contractors provide knowledge and expertise that does not exist internally - usually at a much higher cost. The Auditor General of Quebec reported that external resources accounted for 52% of resource costs in IT projects for 2008-2009.
The performance of these contractors has an impact on the success of the project. The Annual Report to the Discharge Authority on internal audits carried out in 2011 by the European Commission reported that “particular attention was given to the management of sub-contracted activities, where outsourced services might exacerbate the inherent risks of failure to meet business needs, budget overrun and breaches in the security of the systems”.
One report reviewed 19 contracts of which nine included penalties to discourage poor performance; however, they were rarely used. For example, one contractor was paid triple the contracted amount even though the firm had neither completed the implementation within one year nor provided four years of support services. Another audit reported that although the contractor had not met 16 of 21 key measurement service levels during a specified period, a contract requirement to submit an improvement plan was not enforced.
Mismanagement of contractors can result in expensive failure
In Texas a contractor was paid $276 million after having completed only 11% of the contracted work. The contract was cancelled three years later, and reissued to two new suppliers, after having spent an additional $502 million.Footnote 8 Footnote 9
One audit found errors in the calculation of monthly service levels by the contractor. There was no formal procedure in place nor was there evidence of management review; further, there were errors in the process followed as well as weaknesses in the data collection. The Department was found to be lacking effective procedures for monitoring the reporting by the contractor.
Making ineffective use of the contractors is also a risk to an IT project. Because a project lacked detailed project specifications, one contract did not link payments to the contractor with specific deliverables. Even after a subsequent contract, and additional payment, the work was not completed. This project was suspended.
Terminating a contractor during a project can also have an impact on the success of the project. Once the contract is terminated, the internal staff must assume the work to be completed. This may cause a conflict with other internal priorities due to the unexpected demand on resources; additionally, consolidation plans need to be scaled back, resulting in a longer time line for project completion.
2.3 Client service
Client service and client satisfaction apply to all public service employees and represent a mindset, an attitude, a value framework for the way work is performed. All public service employees are service providers who produce outputs intended to serve clients. The two parties, provider and client, are engaged in a service delivery transaction. The value added by the public service is reflected in the degree to which the outputs satisfy its clients.
2.3.1 The absence of service level agreements can negatively impact project success
A barrier in achieving proper client service is the lack of meaningful and formalized SLAs, service standards and performance monitoring. A technology project may succeed in delivering the intended system yet fail to provide improvements in client service quality, which is often one of the intended benefits of the IT project.
Inadequate capacity can reduce efficiency
An audit of a shared services initiative in Western Australia found that 65% of the sampled agencies reported requiring workarounds for the processes that had been rolled out and 82% reported that the new system was less efficient than the legacy systems.Footnote 10
Five of the nineteen reports reviewed indicated that client service and satisfaction levels actually deteriorated compared to the pre-project period.
A common reason for the absence of formalized client service standards was the focus on achieving the technological transition on time and within budget, and a lack of resources to develop service agreements. An example of the impact of this lack of client service standards was found in the case of Western Australia’s Shared Corporate Services integration. The report found that 91% of the sampled rolled-in agencies reported a deterioration of service quality upon transition to shared services, while 48% of rolled-in agencies found there were insufficient resources to deal with their requirements. In addition, medium-sized agencies reported that the cost per employee increased from $99,000 pre-roll-in to $114,000.
2.3.2 Not understanding the needs of the client can lead to project failure
A clear understanding of who the client is within the service delivery transaction is crucial. Keeping in mind the final beneficiaries for which the project is intended, along with their needs, is a cornerstone of assessing the success and scope of the project.
The needs of the client and the particular time constraints have to be considered throughout a project; otherwise, there is a risk of creating strained relations and resentment from the client toward the service provider. In the example of Western Australia, agency resistance probably made roll-ins and operation more difficult than it otherwise would have been. A key point in any shared service arrangement would be to have commitment and support from agencies for shared service provision. A simple and effective way to elicit such commitment would be through a functional SLA, agreed to by agencies prior to implementation.
Any actual or perceived shortcoming in the level and quality of service can have negative consequences on the success of an IT project.
Awareness of client needs is essential
The EHR project was to provide Canadians value by making 100% of their health records available to their authorized healthcare professionals by 2016.Footnote 11 However, 80% of patient encounters with doctors take place outside an institutional setting and only a limited number of doctors use computerized systems in their offices. Therefore, the potential benefits of the EHR solution may not be fully realized.Footnote 12
Two striking points emerge from this synthesis assessment of audit reports covering a wide range of jurisdictions across the public sector (including areas of direct concern to the federal government – the creation of shared IT services and accompanying data centre consolidation).
The first point which the synthesis underlines is the widespread nature of the problems identified. Serious weaknesses were noted in virtually all of the jurisdictions examined, and on a very significant scale. In parallel, these shortcomings were accompanied by substantial materiality from impacts as a result of serious delays in project completion and cost overruns, frequently amounting to millions of dollars. Given the prevailing budgetary challenges across the federal government as a whole and the emphasis on the need for improved efficiency, these are important considerations.
The second, and equally important, point is that this audit synthesis has resoundingly demonstrated that projects rarely fail due to IT factors. As the Summary Table (following page) clearly identifies, the problems involved are management related, more specifically, change management. The synthesis findings confirm that large public-sector organizations frequently encounter major challenges in responding to conditions of rapid change, which technological adaptation and technology upgrades involve.
The Summary Table points to major problem areas across jurisdictions related to leadership, weak performance-management practices, and inadequate planning, along with poor business case assessments and accompanying risk analysis. The critical need for strong, effective results-management accountability regimes and reliable, relevant and timely performance measurement is also underlined, as is the importance of clientele satisfaction, based on well-defined service-level agreements and established service standards.
A further key factor relates to widespread evidence of a lack of appropriate technical HR skills and experience within public sector organizations to manage such developmental project investments in a change-management context. Exhibit 1 summarizes the overall findings in a change-management framework.
However, beyond the detailed empirical evidence developed by this synthesis lay important lessons on how to lay the foundation of a successful change-oriented organization. When viewed in the context of a sound understanding of how to implement change, people and processes should be viewed as enablers to success rather than barriers.
Any transition period to bring about such a re-orientation must, of necessity, be an adjustment process which proceeds on an incremental basis, proceeding in parallel with the regular day-to-day activities of the business of government. Consequentially, such a re-orientation process must proceed in stages, leading from one step to the next as progress occurs.
As a point of departure, three initial steps appear to be important and require particular emphasis in the context of due diligence: strengthened business case analysis; strengthened risk analysis; and strengthened performance measurement. The last item merits particular attention in the context of strengthened results-management accountability. Given the major budgetary cost requirements and long-term nature of IT systems investment projects, there is a strong case to be made for reorienting operational performance measurement towards a new paradigm involving the development of predictive (lead) indicators of long-term success. In this way, where project management is under-performing, lead indicators enable the possibility of undertaking mid-course corrections with a view to avoiding, or at least minimizing, later problems of project delays and cost overruns, and the like.
Summary Overview – Audit Synthesis Findings
|Theme||Key Problem Areas Identified
by Audit Findings
|Materiality / Impact|
Summary of audit-synthesis findings against the three components of a classic change-management approach
Text Version of Exhibit 1: Risks to Success Identified in SSC Audit Synthesis
The exhibit displays the audit synthesis findings against the three components of a classic change-management approach: management processes, people and culture, and technology. The risk areas identified in the report as governance, project management and client service are each demonstrated within one of these components. The three components then point towards, or contribute to, the notion of change.
Appendix A: Resources
Canada - Provincial
Chapitre 8: Projets d’affaires lies aux ressources informationnelles et encadrement gouvernemental, Vérificateur général du Québec, 2010-2011
Management of the Information Technology Portfolio in the Ministry of Attorney General, Office of the Auditor General of British Columbia, 2001/2002
Report of Ontario’s Special Task Force on the Management of Large-Scale Information & Information Technology projects – July 2005
Canada - Federal
Chapter 2: Large Information Technology Projects, Status Report of the Auditor General of Canada to the House of Commons, 2011
Chapter 3: Large Information Technology Projects, Report of the Auditor General of Canada, November 2006
Chapter 23 – Information Technology: Acquisition of Goods and Services, OAG of Canada, December 2000
Electronic Health Records in Canada: An Overview of Federal and Provincial Audit Reports, Office of the Auditor General of Canada, April 2010
An Audit Report on the Department of Information Resources and State Data Center Consolidation, State Auditor’s Office (Texas), August 2009
Annual Report to the Discharge Authority on internal audits, European Commission, September 2012
A Review: Information Technology Projects, State of Wisconsin Legislative Audit Bureau, April 2007
CIO Analysis: Why 37 percent of projects fail, CIO.com, March 15, 2011
Department for Work and Pensions: Information Technology Programmes, Memorandum by the National Audit Office, November 2008
Department of Administrative Services: State Data Center Review, Secretary of State Audit Report (Oregon), July 2008
Delivering successful IT-enabled business change, National Audit Office (UK), November 2006
Information Technology: Department of Veterans Affairs Faces Ongoing Management Challenges, United States Government Accountability Office, May 2011
Information Technology: VA has taken Important Steps to Centralize Control of its Resources, but Effectiveness Depends on Additional Planned Actions, United States Government Accountability Office, February 2008
Information Technology: Progress Made in Centralizing Information Technology Management, but Challenges Persist, United States Government Accountability Office, September 2007
Inquiry into the Benefits and Costs Associated with the Provision of Shared Corporate Services in the Public Sector – Final Report, Economic Regulation Authority, Western Australia, June 2011
Management of DHS’ Data Center Consolidation Initiative Needs Improvement, Department of Homeland Security Office of Inspector General, September 2010
The Evaluation Synthesis, US Government Accountability Office, March 1992
Veterans Affairs: Continued Focus on Critical Success Factors is Essential to Achieving Information Technology Realignment, United States Government Accountability Office, June 2007
Appendix B: References
Free PDF download
To access the Portable Document Format (PDF) version you must have a PDF reader installed. If you do not already have such a reader, there are numerous PDF readers available for free download or for purchase on the Internet:
Report a problem or mistake on this page
- Date modified: