The management of the Biometric Identification Services (BIS) project, which was awarded to NEC Australia in April 2016, was found to have been deficient in "almost every significant respect".
That's according to findings of the Australian National Audit Office report into the Australian Criminal Intelligence Commission’s (ACIC) administration of the BIS project.
As previously reported, the $52 million contract awarded to NEC was terminated in June 2018.
The report found that the total expenditure on the project was $34 million and none of the project’s milestones or deliverables were met.
"ACIC did not effectively manage the BIS project with its approach characterised by: poor risk management; not following at any point the mandated process in the contract for assessing progress against milestones and linking their achievement to payments; reporting arrangements not driving action; non adherence to a detailed implementation plan; and inadequate financial management, including being unable to definitively advise how much they had spent on the project," stated the report.
One of the many problems found in the report included that ACIC agreed to more than $12 million in additional work to be provided by NEC, however, the documentation showed that some of this work may have been unnecessary and already covered under the existing contract.
In response to this, ACIC said it had accepted the need for extra work in "good faith" as most of the staff involved in the email chain were no longer with the department.
This is because after the contract had been awarded, CrimTrac agency, the Australian Crime Commission (ACC) and the Australian Institute of Criminology (AIC), merged to create ACIC.
There was also a $2.9 million 'goodwill’ payment made by ACIC to NEC, which was neither linked to the achievement of any contract milestone, nor was ACIC able to explain how it calculated this value.
"The Australian Criminal Intelligence Commission (ACIC) found the Australian National Audit Office’s audit of its Biometric Identification Services Project to be thorough and comprehensive," ACIC's summary response stated.
"It has revealed significant failures in the management and delivery of the project, and has identified opportunities for the ACIC to refine its practices in order to improve its delivery of information and intelligence services to law enforcement and national security agencies in Australia."
Records show that CrimTrac found 68 issues requiring clarification with NEC, this was at a later phase of the project reduced to 32 issues.
None of the issues were resolved by the time authorised officers signed the contract. In addition, the contract did not reflect every agreed negotiation issue.
Outstanding items related to acceptance certificate payment, remote access, hardware milestones, and security clearances for personnel.
The contract milestones were originally set so NEC would have completed the solution design by 30 June 2016 and all contract requirements by 20 October 2017. The ‘support and maintain’ phase would continue to 30 November 2022.
However, in April 2018, two months before the project was terminated, known risks to delivery of BIS included:
- data migration on a critical path;
- solution design documents still not endorsed;
- unfitness and misalignment of certain requirements and documents;
- slippage of testing cycle;
- physical and personnel security;
- NEC had no approval to operate in the Systems Acceptance Test environment;
- inadequate mitigation of cyber intrusions;
- resourcing constraints after departure of experienced NEC staff;
- patchy and inadequate communication between PwC and ACIC BIS teams; and
- absence of a register to capture risks to delivery
The report also found issues such as the lack of documentation during the project which required NEC to provide a milestone completion certificate for each milestone, a process not followed by NEC or ACIC.
Other issues during the project included the inadequacy of BIS staffing resources, with three project manager leaving the position in the eight-month period between June 2017 and February 2018.
Security clearance for NEC personnel was also questioned as there were 76 staff listed in the contract but 200 actually working on it.
In June 2018, ACIC officially terminated the contract with NEC Australia. Prior to that, ACIC extended the existing National Automated Fingerprint Identification System (NAFIS) contract with Morpho for a further year, with an option to extend it for a further year.
The contract awarded to NEC was to replace the existing NAFIS and to add facial recognition capabilities.
ARN has contacted NEC for comment.