Auditor-general: legacy tech the enemy of strategic information management

Auditor-general: legacy tech the enemy of strategic information management

Legacy systems are creating obstacles to collaboration within and between public organisations

Auditor-general John Ryan

Auditor-general John Ryan

Credit: Supplied

The auditor-general is encouraging agencies to review the impact of legacy technologies on their ability to access and use information for decision-making.

Describing information as the "lifeblood of any organisation", controller and auditor-general John Ryan said in a newly released report that legacy information technology and document management systems often created inefficiencies in collecting and storing information, by making it hard to access.

Legacy systems were also creating obstacles to collaboration within and between public organisations, he wrote.

The Ministry for Primary Industries (MPI), for instance, which the auditor-general reviewed last year, was still using several legacy systems that were incompatible with the operating systems of mobile devices.

"This meant that frontline staff could not enter information directly and external contractors were required to collect handwritten information and enter it," the report noted.

MPI still used several systems dating from when it was the Ministry of Agriculture and Forestry.

"Although these systems are usable, staff described them as slow and, at times, unreliable," the report said. "Having multiple systems also means it takes staff a long time to find and use the right information.

"MPI had nine databases that intelligence staff had to search to find the information they need, which is inefficient."

In response, MPI said it was developing mobile tools for quarantine officers, and was working with other frontline workforces to introduce mobility, and had a four-year upgrade program to address the risks with legacy systems.

Ryan, who took up the role of controller and auditor-general in July, wrote that although there are cost implications for information technology solutions to some of the problems identified, it was important that public organisations keep reviewing their systems and processes for managing information.

"We saw room for improvement in ensuring that systems were still fit for purpose," he said. "To maintain trust and confidence in the public sector, people also need to know that their personal and commercially sensitive information is kept safe and secure."

The report covers reviews undertaken in 2017 and 2018.

The reviews conducted reinforced the need for public organisations to treat information as a strategic asset, with its value recognised and a deliberate strategy for how information is managed and governed put in place.

"We saw examples of public organisations managing information well, where they had a clear understanding of what information was needed to inform decision-making, information was collected and stored efficiently using technology and document management systems, and information was available when decision-makers needed it," Ryan wrote.

"We also saw examples where public organisations struggled to manage their information well. Some did not have all the essential information available to make the best decisions about providing services to people. Others were not making the best use of the information they had."


Misunderstanding and confusion about privacy laws are creating barriers to public organisations working together and sharing information.

"In my view, the leadership and guidance provided by the Office of the Privacy Commissioner and the government chief privacy officer are essential to the public sector sharing information in a safe and secure manner," Ryan added.

"Strong and clear expectations have been set for the management of information security. However, we still see some basic weaknesses in security controls for information systems associated with financial and performance information that we audit.

"It is essential that public organisations make the changes needed to ensure that their information systems are safe and secure."

The report also looks at progress public organisations were making in using digital technology to improve the services they provide.

Because the ways in which people expect to access information and services are changing, public organisations need to respond by designing digital services that allow access where and when people need it.

"Where public organisations provided services or information online, we saw improvements in the experience for people, as well as an improved perception of the reliability of the service or information," Ryan added.

"We also saw evidence of the challenges that public organisations continue to face, including the need to keep up with expectations as technology develops and to ensure that public sector websites and applications are useable and accessible."

Providing digital public services requires a different approach to designing services, such as moving to a focus on an individual’s key life events and needs, rather than on the services particular organisations are tasked with providing.

"The public sector is facing a transformative challenge – to work together to design and deliver services," Ryan added. "Services that are focused on the needs of people and businesses and that allow them to interact with the government in a more seamless and agile way will increasingly become the norm."

Efforts such as SmartStart, which provides information and support to help parents access the right services for newborns, highlight where public organisations were successfully collaborating to design digital services.

A report this year on the Overseas Investment Office found simple solutions could also be highly effective.

The OIA has provided a set of publicly available template documents outlining what and how much information is to be provided with an application.

This has improved the quality of the information the OIO receives and alleviates the need to make further requests for more information, the report said.

The auditor-general also underlined the importance of the functional leadership roles of the government chief data steward and government chief digital officer.

These were essential to provide guidance and support to the public sector to "make the shift needed to use information as an asset, to enable the progress and innovation that open data allows, and to create ICT-enabled digital-by-design transformation throughout government."

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags informationdocument managementauditknowledge managementAuditor-General



Access4 holds inaugural A/NZ Annual Conference

Access4 holds inaugural A/NZ Annual Conference

​Access4 held its inaugural Annual Conference in Port Douglass, Queensland, for Australia and New Zealand from 9-11 October, hosting partners from across the region with presentations on Access4 product updates, its 2023 Partner of the Year awards and more.

Access4 holds inaugural A/NZ Annual Conference
Show Comments