DIA accused of being soft on vendor who delivered faulty software – SecurityBrief New Zealand

Intelligence systems meant to back up investigations into identity fraud, money laundering and other threats became so degraded at the Department of Internal Affairs that most staff avoided using them.
But attempts to fix the systems came unstuck to the point data integrity was at risk.
This is revealed in documents newly released under the OIA.
One part of the attempt to create an overarching intelligence system between 2013 and 2020 eventually worked, but another part was abandoned – not least because the department did not spell out what it needed.
The documents also show officials managed to claw back $351,000 in a settlement with an unnamed company that failed to deliver the full system.
The case of the $2 million system is another in a long history of IT upgrade woes for government agencies, many of them far more costly, stretching from the $100m failed Incis police computer system] to education's massive Novopay headache.
An internal DIA review in 2019 says that, in 2013, the department's units had "poor intelligence tools".
These units investigate and regulate identify fraud, anti-money laundering and countering financing of terrorism, gambling, and community and charity organisations.
"The department's intelligence systems were no longer fit for purpose, and most teams were not using the systems due to integrity and usability concerns," it said.
The DIA lacked any case management tool for investigations, which led to "a limited ability to trust reported data".
Instead, teams were getting by with manual procedures and using spreadsheets.
An aborted start was made on an upgrade, then delayed, then restarted in 2016.
But two years later, in 2018, the project that was meant to deliver a "robust and efficient investigation process" was in such a state it was judged too high a risk to deploy it.
Reviews show fundamental flaws.
"The vendor did not understand the requirements fully, meaning the solution was never going to meet DIA's needs," one said.
"This should have been picked up during multiple stages."
A review found the department was too soft on the vendor.
"When the vendors go wrong, DIA has tendency to fill in the gaps for them," a review said.
"DIA needs to be able to make decisions to stop paying earlier and push back more when deliverables aren't being met."
Part of the outlay was to buy licences to use the system, before it was even shown to work – and it did not work. DIA got back $116,000 of those licence costs.
Defects popped up again and again, from early on.
"The high frequency of issues being discovered means that testing has been in constant cycles of retest", a report in March 2017 said.
This forced compromises so the system was hard to use – and worse, data integrity "may not be as expected", the report warned.
This carried on into late-2018.
Data integrity was at risk from a glitch that was duplicating cases, and a failure to automatically provide a report on errors.
There also were typos in the software code.
"Attachments to entities… were not working.
"Compulsory fields… not validating."
The department pushed the vendor company to provide evidence of testing but "there was a general pushback that issues will be fixed as they arise rather than making sure it is right the first time".
The system "could not be rebuilt from scratch", DIA was told.
Its own oversight had been lacking, and its legal advice was not good enough.
"Risk escalation to the board was too slow and the information provided did not give the board a full enough picture to make effective decisions quickly," a review in February 2019 said.
"There was a lack of ability to remedy issues via the contract as it lacked robustness.
"Better legal advice at contract creation and during the ongoing issues should have been supplied."
DIA had assumed the main vendor had a partnership with another supplier; instead this "was later revealed to be a sub-contract type relationship which started to break down during testing and implementation".
Meanwhile, pressure was piling on to specialist staff whose "time commitments were heavily impacted by the project".
The investigation case management system – which had been so vital as a single place to store case information "in an evidentially sound manner", and to improve reporting and oversight – was written off by the board in early 2019.
The project's budget had been exhausted.
There was on consolation with the intelligence part of the system working. Two of the four key benefits expected in 2016 were met, one was partly met, and one – automated and standardised processes – was not met.
The new system should safely record, capture, analyse, search for and share intelligence information, the reviews showed.
But managers are back to relying on spreadsheets, in part, for security and auditing, and staff are still having to input a lot of data themselves.

This story was originally published on RNZ.co.nz and is republished with permission.


288 thoughts on “DIA accused of being soft on vendor who delivered faulty software – SecurityBrief New Zealand”

  1. It’s actually a great and helpful piece of information.
    I’m glad that you simply shared this helpful information with us.
    Please stay us informed like this. Thanks for sharing.

  2. I was wondering if you ever considered changing the
    structure of your blog? Its very well written; I love what youve
    got to say. But maybe you could a little more in the way of content so people could connect with it better.

    Youve got an awful lot of text for only having one or two
    pictures. Maybe you could space it out better?

  3. We stumbled over here by a different web address and
    thought I should check things out. I like what I see
    so now i’m following you. Look forward to going over your web page repeatedly.

  4. you are in reality a just right webmaster. The website loading speed is amazing.
    It seems that you’re doing any unique trick. Furthermore, The contents are masterpiece.

    you have done a excellent process in this matter!

  5. You really make it seem really easy together with your presentation however
    I in finding this topic to be actually one
    thing that I think I would by no means understand.
    It kind of feels too complicated and extremely huge
    for me. I am taking a look ahead in your next post, I will try to get the grasp
    of it!

  6. It’s actually a cool and useful piece of information. I am satisfied that you shared this useful information with us.
    Please stay us up to date like this. Thanks for

  7. Wish I’d thought of this. Am in the field, but I procrastinate alot and haven’t written as much as I’d like. Thanks.

  8. Appreciation for taking the time to discuss this topic, I would love to discover more on this topic. If viable, as you gain expertise, would you object to updating the website with further information? It is tremendously beneficial for me.

  9. I like the helpful information you provide in your articles. I’ll bookmark your blog and check again here frequently. I am quite certain I’ll learn many new stuff right here! Best of luck for the next!

  10. Thanks for some other great post. Where else may anybody get that kind of information in such an ideal method of writing? I’ve a presentation next week, and I am at the look for such information.

  11. What’s Happening i’m new to this, I stumbled upon this I’ve found It positively useful and it has aided me out loads. I hope to contribute & help other users like its aided me. Great job.

  12. I would really like to appreciate the endeavors you cash in on written this article. I’m going for the similar best product from you finding out in the foreseeable future as well. Actually your creative writing abilities has urged me to begin my very own blog now. Genuinely the blogging is distributing its wings rapidly. Your write down is often a fine illustration showing it.

  13. However, it is virtually all done with tongues rooted solidly in cheeks, and everyone has absolutely nothing but absolutely love for his or her friendly neighborhood scapegoat. The truth is, he is not just a pushover. He is basically that special variety of person strong enough to take all of that good natured ribbing for exactly what it is.

Leave a Comment

Your email address will not be published.