FST Government NSW Conference: ICT risk management under spotlight


Managing risk for ICT procurement is an ongoing challenge, especially in the cloud and virtualisation space, according to senior executives at the FST Government NSW Conference held 18th May in Sydney.

Managing ICT procurement risk before this becomes “front-page fodder news” is a perennial challenge for government, according to executives that attended the FST Government NSW Conference held 18th May in Sydney.

ICT spend represents a large proportion of operational costs, noted Glenn Archer, a former Australian government CIO (GCIO) and chair at the forum. He said that big-ticket spending agencies often circle back to the costs, more specifically around the G-cloud.

While the G-cloud has influenced procurement choices in Australia and internationally, this model requires a rethink around how services are used. There are broader ramifications around access arrangements, cross-border cloud services, and integration with legacy systems.

One challenge is managing service level agreements, according to Syd Griffith, chief information officer with NSW Police. The analogy is with placing furniture in storage, and ensuring owners have full access to their belongings. This access factors in clearly-defined access arrangements, together with data sovereignty and security planning.

The cloud remains one of the most ill-defined terms, noted Dr Vladas Leonas, chief information officer with Sydney Motorway Corporation. “When asked to define the cloud, we can get 7 answers to one question.” Moreover, the cloud is not a panacea to all procurement decisions. This includes the infrastructure-as-a-service, platform-as-a-service, software-as-a-service, or more recently, telecoms-as-a-service models.

Dr Zoran Bolevich, chief executive with eHealth NSW, said the cloud is a means to an end. This platform fully supports this peak agency’s e-health initiatives. “We see the cloud as an important strategy,” he said.

“We started our journey by focusing on the G-cloud. The focus is to leverage the hybrid and as-a-service models.” However, authentication, interconnections, and interconnectivity issues need to be addressed. 

On the procurement front, Angela Donohoe, the Office of State Revenue’s chief information officer, noted that investments in new technology may be inherently risky. This is especially if something crashes and burns.  “But we need permission to fail in terms of risk management.”

ICT risk management involves avoiding becoming front-page fodder news. Risk management is to plan proactively for the unknowns, tackle security in the virtual space, and manage assets in the nascent as-a-service economy.