Opinion: Are the ATO and Census failures just the tip of the iceberg?

Since August last year, two prominent government organisations – the Australian Bureau of Statistics (ABS) and the Australian Taxation Office – have had very public IT system failures. Both incidents occurred on systems that run internet-enabled self-service functions.

We have been told these types of systems are the way of the future for a smart country such as Australia and digitally transforming legacy processes will ultimately increase productivity.

The only problem is that these systems have to actually work. They need to work in such a way that the public have confidence in them and can access them at any time.

The Census failure was comprehensively reviewed and most of the important information was made public. This type of public disclosure is a first and the government should be given kudos for doing that.

The review found that there were several causes for the failure, all culminating in an unplanned outage that, in the end, the ABS actually implemented itself. In a subsequent inquiry, IBM appeared to shoulder some of the blame for the technical and project management failures.

This left the ABS realising that it cannot outsource risk and needed to communicate better in a time of crisis. The main recommendation from the review was that agencies should take responsibility for system operations and perform independent reviewing and testing using technically qualified people so they have a better chance of knowing if a system is “good to go”.

With those lessons learnt, taxpayers could have assumed that ATO management would have taken on board recommendations from the inquiry and independently checked their systems to ensure they would work as planned.

One critical system which you would expect would be tested thoroughly and regularly would be the backup system, right? Wrong! It doesn’t appear that the ATO did this testing because the agency had a subsequent failure of its backup systems.

How can this be? The ATO would have to be compliant with various IT management standards which all prescribe regular testing of backups.

It is unfortunate that the ATO had a major failure in its storage system and I am sure they will find out what happened with the aid of HPE. But to not have tested their recovery mechanism is something which cannot be easily overlooked.

The public really needs to know what is happening and it begs the question: ‘Is this type of problem endemic within the ATO’s systems or indeed other major systems in government?’

The ATO this week published an announcement on its website ‘Planned weekend outage 14-15 January 2017.’ This is one of several planned and unplanned outages since the main outage on the 12 December, 2016.

The information provided by the ATO has not been expansive but it seems strange that with over a month of work, there are still problems to be resolved.

The ATO said it will engage an ‘independent expert’ to undertake an end-to-end review into what happened and why, and what needs to happen to ensure the incident doesn’t occur again. I asked the ATO yesterday who the expert is, when will they report, and will the report be made public? The agency declined to provide those details.

In contrast, one of the good things to come from the ABS failure was the public were fairly quickly informed about the nature of the problems and what will be done in the future to avoid them. I am not getting any sense from disclosures by the ATO this is going to happen for their outages.

If the inability to recover from this storage system failure can happen to the ATO, an agency that operates sophisticated IT infrastructure servicing millions of Australians, within one month, what chance do smaller agencies have?

The governments vision of a digitally smart country where government is dealing with citizens through online transactions will only happen if the public trust the systems and they are reliable.

There is no point putting “lipstick on a pig” by implementing online transactional systems using tired backend infrastructure, which was designed to support 9 to 5 operations, 5 days a week. The type of back end system that is needed to support around-the-clock online transactions needs to be built with all the requirements of reliability and availability addressed up front.

Given the extent of the ATO outages and the time taken to recover, it may be appropriate for Angus Taylor, who is responsible for the Digital Transformation Agency, to reassure us that the backend systems upon which our digital future will be reliant, are fit for purpose. I question whether the ATO’s are and wonder if these failures are a sign of more pain to come.

Ian Brightwell is principal consultant at DH4. He was previously director of information technology and CIO at the NSW Electoral Commission.