Auditor blames Australian agency mismanagement for cancellation of biometric services contract
The Australian National Audit Office (ANAO) has slammed the Australian Criminal Intelligence Commission’s (ACIC’s) AUD $52 million (US$38.6 million) biometrics identification services (BIS) project, reporting a mess of management failures and an uninspired industry response to the tender in a review, according to an article on iTnews.com.au.
The ANAO review says that following the completion of the procurement process, the agency’s project management was “deficient in almost every significant respect.” It found that no project milestones or deliverables were met, and estimated the total cost of the canceled effort at $8 million higher than the $26 million the ACIC claimed it had spent before pulling the plug. The ACIC said at the time it would have cost an additional $47 million to complete the project.
Much more damning for the biometrics industry is the lack of choice among qualified service providers bidding on the contract.
The ACIC’s predecessor, CrimTrac, began the procurement process in 2015 to replace a legacy system provided by Morpho (prior to becoming IDEMIA), and received 12 responses. Only those from Morpho and NEC met the procurement requirements, iTnews reports, and the agency agreed to an 800-page contract with NEC in April, 2016. The project design was to be completed by July, 2016, and all requirements were scheduled to be met by late November, 2017. The ANAO says ACIC did not require the appropriate documents, activities, or tests that should have accompanied each milestone, and the project was reported to governance bodies as earl as August, 2016.
The contract was finally cancelled in June, 2018, after the completion target had been rescheduled three times. NEC responded to the cancellation, claiming that the BIS was ready to begin testing when the ACIC canceled it, and denied any breach of obligations.
The auditor says that the project’s administration did not follow the mandated process for assessing progress and linking it to payments, did not adhere to the implementation plan, did not effectively use the risk registers established for the project. The ACIC also allegedly had such poor financial management that it spent $12 million on work which was already covered or unnecessary, and could not definitively say how much had been spent.
The legacy NAFIS contract with Morpho was extended at a significantly increased cost, according to the audit. The auditor also said that while the procurement process itself was relatively effective, requirements for assumed identities and witness security were overlooked, and would have added $10 million to the project cost.
ACIC eventually engaged PwC to help deal with NEC, but several NEC program managers subsequently left or were removed from the project, and staffing issues remained.
The audit suggests that the merger which created the ACIC may have created governance challenges for the project.