Some government organisations have opted out of the Government Chief Information Offcer's Infrastructure-as-a-Service (IaaS) supplier panel without any exemption being granted - and the Auditor-General is taking note.
In a report released today, deputy Auditor-General Greg Schollum found the GCIO had not taken a "structured approach" to identifying lessons from implementing IaaS.
"Organisations using IaaS, ICT providers, and the GCIO told us that IaaS is worthwhile and meeting expectations," the report said.
"People we talked to, including those from organisations not using IaaS, consistently understood why it was introduced, how it works, and what it is expected to achieve."
While this showed that the GCIO had communicated the service's expected benefits, some organisations that were required to use IaaS are not.
"This is because they believe it would not benefit them, it is not relevant or fit for their purposes, and it was not affordable," the report said.
At the time of the audit, about a quarter of the organisations that could use IaaS - which is supplied exclusively by Datacom, Revera and IBM - were actually using it.
Since the period covered by the report, GCIO Colin MacDonald has been retitled Government Chief Digital Officer (GCDO), still within the Department of Internal Affairs.
"It is not clear what action the GCIO is taking to ensure that all organisations required to use IaaS will either use it or get an exemption," Schollum said. "At the time of our audit, the GCIO had not issued any exemptions."
The GCIO also needed to do more to fully assess and report on all of its shared services, including the benefits of its IaaS programme.
The GCIO has also not systematically asked organisations for information about their experiences in using IaaS to make improvements or share useful practices, including identifying and addressing any barriers to uptake.
"It is likely that this framework would also provide the GCIO with evidence of benefits that it could use to encourage other organisations to use shared ICT services."
However, the GCIO thinks generic scenarios and case studies would not help because each organisation's circumstances are unique, the report said.
"Instead, the GCIO uses a relationship management model to work with organisations individually, at the organisation's request,"
In 2010, the GCIO started work on Infrastructure as a Service (IaaS), which allows public sector organisations to buy virtual servers, storage services, and backup services from private ICT providers without having to buy physical infrastructure.
The IaaS supplier panel was launched in 2012/13.
In 2016, the GCIO commissioned an external review that found there have been measurable financial benefits from the more than 20 shared ICT services that the GCIO manages - including IaaS.
The scale of the benefits has increased over time and the review considered that the government’s target of $100 million in annual savings would be achieved in July 2017. That target was exceeded by March 2017.
The Auditor=General also considered that, as the functional leader for public sector ICT, the GCIO could monitor and report opportunities and risks for ICT infrastructure throughout the public sector and proactively support organisations to move from traditional ICT models to as-a-service models.
"Over time, the GCIO could identify those organisations that have started using IaaS to advance their strategic goals and share the benefits this approach is delivering.
"This would help other organisations understand how IaaS can help to provide easy access to public services online."