Alex, could you start by telling us about the origins of your department?
We’re quite a new department which was formed when three other departments merged in January 2015. I’ve been here since August 2015 and one of the particular challenges I’ve noted is forming a strong and cohesive operational service systems base. It’s a massive department, even bigger than we expected as there are five major business units and 46 agencies and portfolio entities, some of which are large organisations in their own right.
When three individual departments are brought together, they all have their own processes, systems and resources. There is duplication at certain points and there are other things that nobody is doing at all. Shaping all of this into an effective and functioning operation is a challenge. This goes for the entire corporate structure of the department, of which the ICT function is only a part. In ICT, we implement systems, support operations and the technology vision for all the departments, like HR, finance, procurement and others. They are trying to work off multiple systems and trying to come up with a single process that’s effective for the whole department and for all the people within the department who might not be familiar with each other’s processes.
I think that’s been a learning experience for the department as a whole. It sounds really simple: “Let’s all get onto one system”, but in reality it’s quite challenging. It implies internal change management for everybody in the department and they have to adapt to new ways of working. There is an enormous amount of systems activity required just to get everybody trained and logged on and to get everything consistent. That’s the background to what the department has had to deal with. Of course, technology in any organisation and in government as much as any industry, is a big source of opportunity in terms of innovation. So the other aspect of the ICT function is to try and look for these opportunities and to turn them into investments, and then ultimately to deliver them.
What projects are you focused on now in your department?
We are doing two kinds of projects at the moment. The first is establishing a strong operational base for the organisation, in some cases from scratch. In that we’re nearer to the end than the beginning, but I wouldn’t say we are there yet.
Then there’s the ongoing agenda to deliver new technologies which is the fun and interesting part. We cover government functions that are related to economic development. But sometimes what those functions actually do is very, very different across the different parts of the department. We have an economic development and innovation group which deals with overseas trade missions, small business and grants. It also provides industry support so it’s like a Chamber of Commerce for government.
There’s also agriculture and resources. For farm services, we have 80 regional offices across Victoria. Their work ranges from genetic research to the dairy industry, from biosecurity to forestry. We also provides services and support to the agriculture industry right across the state. A lot of their innovations are globally significant and we’re doing some really strong research work in Australia across a number of different areas of agriculture. A lot of that is underpinned and made possible by technology. Then there is the Transport group. Public transport in particular is huge and that is part of this department. PTV, VicRoads, all of these agency organisations ultimately roll up under the Ministers that our department serves. Some of those organisations like VicRoads, on their own are bigger than this department.
We also have Creative Victoria. That’s museums, galleries, the film industry and the cultural plan for the state. We are trying to make the state a contemporary, cultural destination. It also involves supporting the tourism industry for Melbourne and for Victoria more broadly. Finally we’ve got the coordinator general, that’s affiliated to transport. It includes the level-crossing removal authority and the Melbourne metro rail authority. Those organisations have budgets in the billions, they’re growing their staff base rapidly as they ramp up massive projects that are run for over a decade. So when you look at what this department actually does and you think about how to apply technology to this, one of the answers you come up with is, well we cannot possibly be the central experts in farm services technology, public transport network planning, the film industry and economic development.
The diverse applications of technology across the types of activities the department undertakes are very broad. The challenge for a central IT function is to think about what we can do to enable the department to get the greatest benefit from the technology that it needs in all of these areas.
What we can’t do is the old school kind of centralised model where anybody who wants something out of IT has to go through us and we have to project manage it. We have to be the architects, because the specialisation or the expertise required is far too great to try to jam it into one corporate function. It’s also quite inefficient to do so. To have a single corporate function attempt all those different things wouldn’t allow cohesion within the business unit and IT will become a roadblock. Unfortunately in other organisations, there are stories of this happening all too often.
We try to find a balance between driving capability and technology and driving efficiency in the sharing of investments that we’ve already made.
There are a lot of examples of two or three different parts of the department all trying to buy the same piece of software and we centralise this.
The other thing we’ve been trying to do is to put some government structures in place behind this like the Portfolio Management Office (PMO). I’ve set up a PMO from scratch, which started operating from January 2016. Already we’ve a full picture of every IT or every IT-related project that’s going on within the department. It might sound really simple and people might ask, how can we not have such a thing, but again you bring three departments together with no PMO – and you’ve got no visibility at all over what range of projects are being carried out. A PMO is a standard function within a corporate IT team but in our case, we’ve set it up particularly because the portfolio of projects is so diverse.
So has the merger in terms of IT, been successful in terms of integrating the three onto a single system? Is the process complete now and what have the benefits been?
That’s a massive question. We talk about it a lot at the higher-executive level of the department. The whole point of bringing them together was to drive consistency and derive benefits. You wish that it would come immediately but it takes time to realise. We can see the signs of it being realised. From an organisational point of view, just things like aligning cultural events with transport facilities or tourism facilities, where you’ve got different parts of the department who previously worked in totally different organisations now are better able to collaborate. On the corporate side, the IT teams from different parts have somewhere to go to now. A significant number of these sub-groups came with little IT teams of their own. But the executive parts of those departments didn’t necessarily understand exactly how to plan for and run their IT functions. Nor was it advisable for all of those IT teams to be sucked into a central corporate group, which is a mistake organisations have made in the past and will probably make again. They talk about this thing called shadow IT, where any IT-related work being done in the organisation that doesn’t report directly into the CIO, is somehow called shadow IT and should be stopped. If we try to do that in this department, everything will just come to a complete standstill.
So instead we provide services, we provide forums for them to come together and talk about the things that they’re doing and find out if they can help each other. So we play a facilitative role. We tell them, “If you want to run a project, here are some templates, here’s a methodologies and we can find you a project manager. We can help you with your budgets and the vendor management.” Things like aligning licenses between different parts of the department who originally purchased them independently wouldn’t happen without the existence of this corporate group.
The real trick, I think, is in having the right approach to what you try to bring together and what you allow to happen independently. That’s the tricky judgment call and at the moment, I’m quite happy with how it’s going though.
How do you juggle the various needs of the department and in particular, the legacy technology that’s in place with the new technologies are coming about? Everyone wants something new but you’ve already got such a big infrastructure of existing IT so how do you balance the needs of everybody?
I will say the great majority of budget and the effort that goes into our IT is on legacy systems. Legacy could mean 30 years old at worst or it could mean only 3 years. By legacy we just mean systems that are already there and need to keep running or be enhanced because every year, you’ve got new policies, new processes, new requirements so you’ve got this kind of multiple enhancement processes on your existing systems. I would guess that many government departments and many private sector organisations are in the same situation, where the majority of the work they’re doing is keeping the infrastructure they’ve got running and refreshed. Sadly it doesn’t leave a lot of bandwidth for the exciting new technology that everybody wants to get hold of.
In many cases, we’re years behind. We’re just trying to get a consolidated, active directory standard operating environment on a supported version of Windows and email for the department. I think that’s one of the hardest conversations for a CIO. It’s trying to get that balance between what you can do with new technology (today’s new technology is tomorrow’s legacy) versus how much you need to spend on actually keeping your legacy going and to what extent is it really fit for purpose?
Again, given such a broad department and many subsets, how do you use technology to create the workplace of the future?
We’ve done a lot of work during last year on improving our video conferencing facilities. Now the software that supports it is bundled into most major packages and you don’t have to go out to buy bespoke software. A lot of it is just about actually installing the facilities so that people can have meetings and utilise it. It helps our remote offices around the region and internationally to communicate effectively. We are also working on a project we call ‘Business Mobility and Collaboration’, which is the very simple sounding matter of you can access your document from anywhere and any device. You can also share it with anyone and it has proper security behind it. It’s compliant with records management and all of the other standards that you need to apply to often sensitive documents.
We don’t have that where we want it yet but within six months, we should have a much improved setup. We had an explosion of mobile devices in the department over the last year and a half. We’ve got a couple of thousand of them now, and everybody wants to access their material from those devices. We need the technology to catch up with that and I think this could be a good productivity driver. It’ll also help people to collaborate better than they can today.
Are you happy with the current level of your security and how much of your budget do you allocate to security and is it enough?
Security is a bit of a cops and robbers thing, I believe. No matter what you do, somebody comes up with something to find a hole in it. So you have to do it again, like you buy a better security device, somebody wrecks it, you buy more. It’s a never-ending undertaking and I think it will always be that way. Security is like an insurance policy – we certainly cannot have the strategy of “Let it be”. Just don’t spend anything and see what happens. Not many organisations do that, but again if you are lucky, nobody will do anything to you. On the other hand, you can spend gazillions and still have security problems.
The judgment call is to go how far in security, I don’t know if there is a formula for it. We take it seriously in the department. At the same time as we’re trying to improve our security, the privacy and data protection legislation is also evolving. They are trying to come up with more sensible constructs that allows us to use the frameworks for what we protect and how. That at least give us some standards for what we should be protecting against or shouldn’t. Having standards everyone can sign up to provides consistency. Then you try to implement technology that complies to those standards but there could be complications. To take an example there is a lot of migration to the cloud, although many organisations still have on-premise legacy systems. So what’s the difference in terms of security for cloud vs on-premise? Many people argue that the cloud is more secure because the organisations that are running it have dedicated effort and capabilities specifically to make themselves secure as opposed to on-premise where it’s up to you. I think that’s quite a compelling argument actually and I think that’s the trend everybody’s going to go to eventually.
I think all of the tools that are needed for security exist and you just have to decide how far to go because the more secure you want to make something, the less easy it is to collaborate.
What does success look like for you in three years’ time?
Our strategic vision for IT is a workplace environment and public services enabled by effective modern ICT. We have to maximise the amount of benefit that the organisation can get from technology. There are productivity type tools available that will uplift the performance and efficiencies of the department as a whole. I would like to sort these collaboration, desktop mobility kind of areas within a couple of years. We’re already on the way. We have to do something about our backend systems. The Victorian government IT strategy as a whole is looking towards consistency across financial and HR procurement systems. I think that’s going take some time, It would involve large scale ERP improvements which for something as diverse as the whole government could really take quite a long time. I think we need to resolve something for this department in the 3-year timeframe. We are working on a strategy now and we’ll start implementing that probably in the new year.
Getting the backend systems sorted out so we don’t have to keep refreshing them every three years, could possibly mean cloud in the end. The promise of cloud is that it releases you from legacy. Maybe it could upgrade itself in the future. Hopefully that kind of infrastructure transformation that’s happening in the industry as a whole now will actually put us in a place, where maybe we will spend less time focusing on legacy five years from now than we have to today. Though it doesn’t sound sexy, in terms of a long-term investment, reducing the proportion of time we have to spend on refreshing legacy would provide a huge and lasting benefit.