Queensland Health Payroll Project IT Governance - A Case Study

1. Case Study Introduction

The Queensland Government faced a phenomenal payroll system implementation failure after spending $181m with multiple unsuccessful attempts to make the Queensland Health (QH) Payroll system go-live. The project was overrun for an approximate two years, and its functional deficiencies resulted in financial damage which QH accumulatively overpaid staff $112.3m at the end of May 2012 (KPMG 2012, p. 5), as well as impacted on the state public health services (Chesterman 2013, p. 16).

This report will provide an overview of QH Payroll Project and AS ISO/IEC 38500:2016 Standard. It will also highlight and discuss significant IT governance issues occurred during the project, and relevant applications of the standard will be introduced to remediate the circumstances.

2. QH Payroll Project Background

To deliver low cost and optimal quality of corporate functions for the whole-of-government, in 2003 Share Service Initiative (SSI) was established by the Queensland Government. It was considered the largest State Government organisational reform, and QH Payroll system implementation was a part of the project. A Share Service Solution Program was designed by CorpTech, a newly created technology centre under Queensland Treasury, and assisted by four other service providers including Accenture, Logica, SAP and IBM for human resource and finance solution. SAP ECC 5 and Workbrain systems were selected for the solution.

In March 2006, QH Payroll system maintenance responsibility was transferred to CorpTech. After being aware of QH’s legacy system, LATTICE, was close to the end of its life cycle (end of June 2008), CorpTech urgently prioritised QH Payroll system implementation.

Reported in March 2007, a review conducted by Service Delivery and Performance Commission,   the project was expressively behind its schedule and analyst foresaw that additional budget input was required (Chesterman 2013). So, organisational structure reform was proposed to make a more effective and efficient project outcome. The reform led a change from multi shared service providers to prime contractor model. IBM was chosen after the tender process for its proposed lowest cost and delivery commitment, 31 July 2008.

After the go-live on 14 March 2010, critical system errors still existed, and the inconsistency between the system and business processes disrupted payroll personnel from completing the payroll on time and correctly. Thus, the QH employee received incorrect wage-payments including over-paid, under-paid and not getting paid. The issues were carried on for months costing the Government more to fix the system and handle the public chaos.

3. Overview of the Australian IT Governance Standard

AS ISO/IEC 38500:2016 is an Australian Information Technology (IT) Governance Standard providing high level principles to guide organisation owners, senior executives and others who are responsible for governing the IT related processes and decision making (Council of Standards Australia 2016). The six principles of this standard aim to ensure the use of IT in an organisation is producing its most effectiveness, efficiency, and acceptability for the business. To achieve the three objectives, governing bodies should carry out evaluation, direction and monitoring the IT resource and activities adhering by the six principles.

3.1.  Responsibility: personnel in an organisation must understand and accept their responsibilities of assigned role(s), and they are also provided the authority to complete their actions.

3.2.  Strategy: IT plans and strategies of the use of IT resources satisfy the current and future needs of business strategies, and their risks are managed.

3.3.  Acquisition: IT acquisitions are balanced between costs and benefits, opportunities and risks in short term and long term.

3.4.  Performance: IT operations are for the purpose of supporting organisation business and offering services required to suit current and future business’s requirements.

3.5.  Conformance: the use of IT resources and activities are complied with mandatory regulations and legislations.

3.6.  Human Behaviour: all IT related aspects show respective actions toward people involved in IT processes.

From the prescriptive level of the standard, it provides high judgemental approaches to governing bodies to employ the six principles. This needs resources, motivation to be able to choose a right approach to accommodate the principles. A study conducted by  Alreemy et al. (2016) found that many success factors are required to achieve an effective IT governance including management support, financial support, IT structure, internal and external effects. So, adopting the standard is difficult and required a great effort from all stakeholders in an organisation. However, it would not always guarantee good governance.

4. Discussion and Recommendations

Key issues engaging the severe system failure are discussed in different aspects based on the six principles of the AS ISO/IE 38500:2016, and applicable remediations are provided within each section below.

4.1. Responsibility

The failure under this project responsibilities is associated with scope of work and milestone delivery. It was uncertain that who was in-charge of scoping after IBM became the prime contractor. Neither the State nor QH did provide detail system requirements for IBM, so on 28 January 2008, Statement of Work 8 was signed by the State, which gave all assumptions made by IBM (Chesterman 2013, p. 101). Furthermore, Chesterman also highlighted that six months after the project was kicked off, the issues with the scope was still not settled. This illustrated that the Project Directorate did not monitor the progress of IBM, which mean their accountability was not controlled.

It is implied that Project Board might have not assessed whether the appointed Project Directorate was competent to lead the project and did not monitor and evaluate the ongoing performance of such large-scale project. It is recommended that work progress update should be periodically reported from each level of stakeholders to ensure that their responsibilities are being fulfilled. This can be evaluated to provide feedback to underline stakeholders of what should be improved to deliver what they are accountable for.

4.2. Strategy

The IT strategic plan for the project was vague. LATTICE system vendor (Talent2) had informed QH about the system obsolescence since 2005 before the system maintenance responsibility was transferred to CorpTech (Chesterman 2013, p. 60). However, the project stakeholders did not seem to treat the information as an influential factor to the SSI project. In addition, a key observation reported by an independent reviewer emphasised that the vision and order of the SSI was not widely accepted, and thus insufficient commitment was input by whole-of-Government (PwC 2010). It was noticeable that the implementation for QH was initially scheduled in 2006, yet it was delayed since there was another project delivery for Department of Justice (Auditor-General of Queensland 2010, pp. 2, 56). Thus, it indicated IT strategic plan of the SSI was not adequately developed before its commencement.

The second principle of the standard was critically violated since the strategic plan was not thoroughly developed. As stated earlier, the legacy system outage was not fully aware by the project lead (CorpTech) prior to the plan of adopting new system for QH. Subsequently, CorpTech could not manage to plan the implementation according to the time constraint. It is recommended that Executive Director of CorpTech who was appointed by Treasury Department as a Shared Service Provider of SSI should direct CorpTech to understand and evaluate the business processes and needs of all relevant Queensland State’s Departments to provide an IT strategic plan to the SSI as the whole. Control over the progress should be monitored to ensure that adequate information is gathered, and its insight is obtained.

4.3. Acquisition

The balance between risk and opportunity, and cost and benefit were not being assessed when choosing the prime contractor. The decision making during the Invitation for Tender (ITO) stage was obscure for two reasons. At the final stage of the evaluation, it was Accenture scoring higher than IBM which later became the successful tender (Chesterman 2013). The revaluation was performed after the interference of a private IT consultant, Terence Errol Burn, who was a former IBM employee for 13 years (Horton & Nicholas 2013). Claimed by a Program Direct of CorpTech, Bond (2013), Burn convinced the Evaluation Panel to consider other aspects, particularly his pressure was affecting the integrity of the evaluation as he was not a senior level of public servants. As a result, the influential persuasion interrupted the sceptical assessment during the evaluation.

This principle is to achieve the minimal risk of IT investment. QH project stakeholders who were involved the acquisition process should be aware of everyone’s matter of interest. During the ITO process, additionally, the Evaluation Panel should ensure that a genuinely independent decision is made by delegating independently different evaluation criteria to different people avoiding pressures put by a central evaluation.

4.4. Performance

The IT solution did not support the continuity of the payroll process while adding more cost after the Go-Live. The system was supposed to provide more effective and efficient fortnight payroll for the QH employees. However, it produced significant deficiency and discrepancy. This happened because of the miscarried go-live decision made by the Project Broad. The decision was sorely relied on the Project Directorate’s report which alternatives were not considered besides committing to Go-Live (Chesterman 2013, p. 143). After the Go-Live, Chesterman also added that the payroll processing performed by SAP system was slow and delayed the payroll run for employee while the attendance information transferred from Workbrain system was also incorrectly complied. The deficiency made the payment backlogged for approximately 20,000 cases and unprocessed adjustments, so it took around eight months to solve the issues (KPMG 2012, pp. 4, 12). It concludes that the system was completely incapable to perform as it had been expected.

According to Principle 4, the decision made by the governing bodies including the Project Directorate and Board was not the right option. The Project Directorate should perform further risk assessment and understand the circumstances of the continuing use of LACCITE system with CorpTech support after vender support ended. Illustrated in Payroll Systems Risk Assessment (2007), CorpTech had fully understood the risk of in-house maintaining and the system limitations. Moreover, since then CorpTech started to support the system in-house during the new system implementation project. This could have helped the Project Board revaluate the alternatives to ensure the sustainable business process rather than to give the permission for false go live.

4.5. Conformance

When the Conflict Register which was to obligate the Financial Administration and Audit Act 1977 (Qld), was completed, it wasn’t thoroughly performed. Terence Errol Burn untruly declared himself as not having conflict of interest with IBM during the ITO process. His prior professional experience could have caused him disqualified from the ITO involvement while he did not declare himself (Chesterman 2013, p. 76). This results the non-compliance to the regulatory requirements.

QH Payroll project tried to comply with the State Procedure Policy where the Conflict Register was created. However, there was still a lack of monitoring process to ensure the effectiveness of the registration. Control over the assessment of the participants’ prior work history should be in place to avoid false declaration of the integrity check.

4.6. Human Behaviour

The failure of the QH payroll provided consequences to every employee. Payroll officers expected the new systems (SAP and Workbrain) to perform the same way as the legacy system. However, the payroll was originally run by regional areas where payroll officers were familiar with workers’ different work arrangements (Chesterman 2013). When the system got centralised, it became unfamiliar to the users, and so the work delays accumulated payroll backlog. 200$ underpaid in fortnight payments were made to 11,000 workers, and rallies were held by hundreds of nurses (Nurses rally over payroll bungle  2010). This showed the utmost consequences of the public health system in Queensland when human behaviours were not considered in IT activities.

To remediate the negative outcome from the QH Payroll project, the Project Board should ensure that Project Directorate and public servants consider the alignments of current business and system processes. All system users should be provided a proper training so that they can use the system correctly after it is rolled out. Moreover, it is necessary to have a rollback plan to recover business continuity from any unforeseen event during the cut-off period of the system.

5. Conclusion

From the discussion of the key aspects addressed from the QH Payroll project, it is identified that the QH project IT governance was miscarried in accordance with the AS ISO/IEC 38500:2016 across the six principles. Each produces a correlative impact to the project, from directing improper IT strategic plan which affecting the IT performance and relevant internal and external people, to insufficient evaluating and monitoring of IT resources responsibilities, acquisition, and compliance with regulations. Preventive, detective and corrective measurements should be established to safeguard strong IT governance. 

---

Reference List

Alreemy, Z, Chang, V, Walters, R & Wills, G 2016, 'Critical success factors (CSFs) for information technology governance (ITG)', International Journal of Information Management, vol. 36, no. 6, Part A, pp. 907-916.

 Auditor-General of Queensland 2010, Information systems governance and control,  including the Queensland Health  Implementation of Continuity Project, Auditor-General of Queensland Queensland Audit Office Level 14, 53 Albert Street, Brisbane Qld 4000 GPO Box 1139, Brisbane Qld 4001 1834-1136 Financial and Compliance audits

Bond, DJ 2013, Statement for Health Payroll System Commission Inquiry, 4243568, GPO Box 149, Brisbane QLD 4001, viewed August 14, 2019, <http://www.healthpayrollinquiry.qld.gov.au/__data/assets/pdf_file/0003/179328/BOND,-Darrin-signed-statement.PDF>.

Chesterman, R 2013, Queensland Health Payroll System Commission of Inquiry, Department of Justice and Attorney-General GPO Box 149 Brisbane QLD 4001, PO Box 13674 George Street QLD 4003

Council of Standards Australia 2016, Information technology—Governance of IT for the organization SAI Global Limited, Standards Australian Limited, GPO Box 476, Sydney, NSW 2001, Australia.

Hey, N 2007, Queensland Health Enterprise Solutions Transition, Commercial in Confidence

Horton, J & Nicholas, A 2013, Statement of Witness - Terence Errol Burn, QCPCI Reference: 2128011, GPO Box 149, Brisbane QLD 4001, viewed August 14, 2019, <http://www.healthpayrollinquiry.qld.gov.au/__data/assets/pdf_file/0007/179359/BURNS,-Terence-signed-statement.PDF>.

KPMG 2012, Review of the Queensland Health Payroll System.

Nurses rally over payroll bungle 2010, ABC News (Australia), Australia, August 5, 2019, YouTube database, <https://www.youtube.com/watch?v=OptVZj8x6vk>.

PwC 2010, Shared Services Review - Review of the Model for  Queensland Government PricewaterhouseCoopers Riverside Centre, 123 Eagle Street, BRISBANE QLD 4000 GPO Box 150, BRISBANE QLD 4001 DX 77 Brisbane Australia