Own motion investigation into the tendering and contracting of information and technology services within Victoria Police

 

Own motion investigation into the tendering and contracting of information and technology services within Victoria Police

November 2009

Ordered to be printed

Victorian government printer

Session 2006-09

P.P. No. 241

 
 

www.ombudsman.vic.gov.au

LETTER TO THE LEGISLATIVE COUNCIL AND THE LEGISLATIVE ASSEMBLY

To

The Honourable the President of the Legislative Council and

The Honourable the Speaker of the Legislative Assembly

Pursuant to sections 25 and 25AA of the Ombudsman Act 1973, I present to Parliament a report of my own motion investigation into the tendering and contracting of information technology services within Victoria Police.

G E Brouwer

OMBUDSMAN

11 November 2009

Letter to the Legislative Council and the Legislative Assembly

 

3

 

 

 

 

 

www.ombudsman.vic.gov.au

CONTENTS

 

LETTERTOTHE LEGISLATIVE COUNCIL

 

ANDTHE LEGISLATIVE ASSEMBLY

3

1. EXECUTIVE SUMMARY

6

Previous audits, reviews and investigations

6

Lack of oversight and controls

7

Lack of due process

7

Conflict of interest

8

Confusion over public service discipline

9

Questionable investigative methods

9

Recommendations

9

2. INVESTIGATION

11

3. BACKGROUND

12

Financial management and theVictorian Government

 

Purchasing Board

12

Victoria Police

13

Business and InformationTechnology Services Department

13

4. MAJOR INFORMATIONTECHNOLOGY PROCUREMENT

15

Contracts

15

I.Towers 1 and 2: Renegotiation of terms with IBM

15

The impact of the agreement onVictoria Police

16

II. Fujistu B5 contract

18

Consultation with Fujitsu

19

The process

21

Conferral

24

Realignment of agreements with IBM

25

Subsequent payments to IBM

25

Issue Cover Sheet

26

Legal advice concerning Ms Berzins’authority

28

Victoria Police Audit Committee records

29

III.TIBCO – Enterprise Services Bus software licence

29

Background

29

The engagement process

30

Preparation of supporting documentation

32

Probity advice

33

The market scan

33

Whole-of-Victorian-Government agreement

34

The 92.6 per cent discount

35

IV. Communication facility leases

36

4Tendering and contracting of ITservices withinVictoria Police

 

www.ombudsman.vic.gov.au

Breaches

40

Victorian Government Purchasing Board Procurement Policy

 

Breaches and Remedial Action

40

Failure to disclose information

42

Conclusions

43

Recommendations

46

5. PREVIOUS AUDITS, REVIEWS AND INVESTIGATIONS

48

The Corporate Management Review Division audits

48

Blurring of roles

49

OperationTabour

52

The Hub Consulting Report

54

The Saha International Report

55

Covert recordings

58

Conclusions

60

Recommendations

62

6. KNOWLEDGE MANAGEMENT, RECORD-KEEPING

 

 AND GOVERNANCE

63

Knowledge management

63

Record-keeping

64

Contract Security Deposit Register

64

Conflict of interest and gifts

66

Policy context

66

Donation for the Business InformationTechnology Services

66

Department Christmas raffle 2007

Acceptance of hospitality

68

Anti-lobbying clause

69

A consistent approach to discipline

70

Accredited Purchasing Unit

71

BITS Board of Management

72

Private enterprise and public sector governance

73

Conclusions

74

Recommendations

77

7. FINANCIAL MANAGEMENT

 

 AND CONTRACTOR ENGAGEMENT

80

Policy and legislation

80

Exercise of delegations and the engagement of contractors

80

Inappropriate deployment of contractors

83

Conclusions

84

Recommendations

85

8. SUMMARY OF RECOMMENDATIONS

87

Contents 5

 

I received a number of complaints regarding the management and conduct of the Victoria Police BITS Department.

My investigation identified no fewer than three external reviews, five internal audits, and two criminal investigations that have been undertaken. The major findings

included a projected gap of $39 million over three years.

6

www.ombudsman.vic.gov.au

1. EXECUTIVE SUMMARY

1.During late 2008 and early 2009 I received a number of complaints, including information from an anonymous source, regarding the management and conduct of the Victoria Police Business Information and Technology Services Department (BITS).

2.One of the key objectives of BITS was to regain control of a suite of information technology (IT) services critical to the day-to-day operations of Victoria Police that were previously outsourced, a legacy of earlier agreements.

3.I decided to conduct an investigation using my own motion powers under section 14 of the Ombudsman Act 1973 (the Act) into the tendering and contracting of information technology services in Victoria Police, with a focus on the administration of BITS. The areas of particular interest to my investigation included:

Victoria Police policy, practices and procedures relating to major IT tenders, procurement, contract management, and compliance with relevant government policy

Victoria Police policy and procedures for dealing with conduct of public sector employees and conflict of interest

Financial accountability, exercise of delegations, record-keeping, governance and the response of senior management to various audits, reviews and investigations into matters relating to BITS.

Previous audits, reviews and investigations

4.My investigation identified no fewer than three external reviews, five internal audits, and two criminal investigations that have been undertaken since August 2006 into issues of contractor engagement, employee conduct, procurement, contract management, financial delegations and reporting, within BITS. The major findings emanating from these reviews, audits and investigations included:

a projected gap of $39 million over three years between BITS funding and likely expenditure as a result of contracts entered into

numerous instances of BITS Managers having breached their financial delegations

multiple breaches of the Victorian Government Purchasing Board (VGPB) procurement guidelines

a culture of BITS management accepting offers of hospitality and entertainment from IT vendors.

5.Despite these earlier findings, Victoria Police has only recently undertaken remedial action to address the concerns raised in these reports.

Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

Lack of oversight and controls

6.Since its inception in January 2005, the BITS Department was allowed a great deal of autonomy, including managing its own procurement and finances.

7.My investigation identified that oversight of BITS financial management was essentially only conducted with a ‘bottom line’ focus, and that had more attention been paid to the funding of individual contracts and projects, several anomalies and poor practices would have come to light much earlier. This would also have saved significant public expenditure.

8.Ms Valda Berzins was Victoria Police’s Chief Information Officer (CIO) between April 2004 and November 2008. Ms Berzins acknowledged that she did not closely monitor the operation of the BITS budget, which in 2008-09 was approximately $191 million. Most of this knowledge rested with Mr John Brown, by virtue of his position as Group Manager of Business and Planning.

9.TheextentofMrBrown’scontroloverknowledgeofBITSfinancesand the general lack of proper records is best illustrated by the fact that Victoria

Police’sfiguresrelatingtothefundingofacontractworthinexcessof$27 million are largely based on a handwritten note he provided to a BITS Manager in a meeting several months after his resignation.

10.By virtue of her position at the level of a Deputy Commissioner of Victoria Police, Ms Berzins was one of 26 people who reported direct to the former Chief Commissioner, Christine Nixon. Meetings between the former CIO and Chief Commissioner were generally of an informal nature and often up to six weeks apart.

11.I consider that record-keeping and file maintenance within BITS over the past three years at least, was largely inadequate. My investigation was hampered by gaps in documentation, records that were not dated, not signed or did not include author details, and a general lack of

any apparent systematic record-keeping. My investigators were often required to go to a number of sources to locate documentation, and in some instances had to make requests direct to vendors regarding key documents relating to multi-million dollar contracts that Victoria Police had not retained or could not locate.

Lack of due process

12.My investigation identified several examples of BITS management’s apparent disregard for proper procurement and contract management processes.

13.In one instance, BITS prepared the documentation for a procurement process for a $20.1 million contract in the space of twenty-four days. It was a process that many in the industry estimated would normally have required anywhere from 10 to 18 months to be done effectively and efficiently. The methods BITS employed during this procurement included:

Executive summary

Record-keeping and file maintenance within BITS over the past three years was largely inadequate.

7

 

Internal audits found 56 breaches of financial delegations by BITS employees.

My investigation identified numerous instances of accepting hospitality from IT vendors.

8

www.ombudsman.vic.gov.au

obtaining an exemption from putting the contract out to open tender on the basis that Victoria Police would receive a discount of over

90 per cent which was never fully scrutinised

enlisting the assistance of the incumbent vendor to provide competitor analysis that would form the basis of the evaluation report and market testing.

attempting to exert pressure on Victoria Police’s Accredited Purchasing Unit and the Victorian Government Purchasing Board (VGPB) to provide sign-off before a deadline that was imposed by a vendor.

14.In another example, in February 2007, BITS obtained the relevant approvals to redirect security services valued at more than $11 million from IBM to Fujitsu. In March 2007 the former CIO entered into a contract with Fujitsu to the value of $27.2 million dollars, some $15 million above the approved expenditure.

15.Internal audits conducted between July 2007 and May 2008 found

56 breaches of financial delegations by BITS employees in the engagement of contractors.

16.Victoria Police later declared to the Victorian Government Purchasing Board three breaches of the Victorian Government Purchasing Board’s Procurement Policy to a total value of $39.17 million.

17.Ms Nixon identified that the reason for the breaches regarding the

Towers 1 and 2 contracts was that Ms Berzins ‘executed this contract variation outside of established policy and procedure’ without reference to the Accredited Purchasing Unit, the Victorian Government Purchasing Board, the Chief Commissioner or the Minister.

18.In relation to the B5 contract with Fujitsu, Ms Nixon reported the breach was incurred when the former CIO executed a new contract with Fujitsu without reference to appropriate authorities including herself, the Accredited Purchasing Unit, Victorian Government Purchasing Board and the Minister.

Conflict of interest

19.My investigation identified numerous instances of Ms Berzins, Mr

Brown and others accepting hospitality from IT vendors including invitations to the Australian Open tennis, AFL Grand Finals, and the Melbourne Cup.

20.I question the need for employees of any government agency to accept gifts or hospitality, unless it can be demonstrated that it is in the public interest to do so.

21.My investigation also identified that external contractors engaged by

BITS were involved in subsequent procurement processes where their agency was a tenderer.

Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

Confusion over public service discipline

22.Through the course of my investigation I have identified that public service disciplinary matters in Victoria Police have been handled in a variety of ways, with no clear criteria to differentiate between the different approaches.

23.I have concluded that officers of the Corporate Management

Review Division acted outside their role by assisting in a criminal investigation into the actions of some BITS employees.

Questionable investigative methods

24.I identified that some police had adopted questionable practices in the use of covert recording devices, particularly in relation to a bullying and harassment complaint.

25.I am of the view that the use of covert listening devices by auditing bodies in connection with audits and general disciplinary and Code of Conduct enquiries is not appropriate and not within the spirit and intent of the Surveillance Devices Act 1999.

Recommendations

26.I made a number of recommendations, including:

Victoria Police develop and implement a policy that prohibits adjustment to any contracts over a specified monetary value without prior approval, according to Victorian Government Purchasing Board Procurement Policies.

Victoria Police establish and appropriately resource a central major projects management facility to be responsible for the procurement and major contract management responsibilities allocated to BITS, Procurement Management Division and other areas of Victoria Police.

Victoria Police take immediate action to ensure that a full disclosure of the Fujitsu B5 contract is made on the Central Register of Major Government Contracts in accordance with Victorian Government Purchasing Board Procurement Policies and Government directions.

Victoria Police review practices and procedures to ensure compliance with Victorian Government Purchasing Board Procurement Policies requiring the disclosure of major contracts in the Central Register of Major Contracts within 60 days of a relevant contract being entered.

Victoria Police review the terms of reference of the Corporate Management Review Division (or its replacement service) to ensure that the demarcation between ‘audit’ and ‘investigation’ is clearly understood and applied.

Some police had adopted questionable

practices in the use of covert recording devices.

Executive summary 9

 

Victoria Police has accepted all my recommendations.

10

www.ombudsman.vic.gov.au

Victoria Police develop and promulgate a policy and procedure for staff in relation to the covert use of listening devices to record conversations, consistent with the provisions of the Surveillance Devices Act 1999. A copy of that policy should be provided to my office within three months.

27.Victoria Police has accepted all my recommendations. The

Chief Commissioner responded, ’I acknowledge that significant improvements need to, and will be made’.

28.A full summary of my recommendations is at the end of this report.

Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

2. INVESTIGATION

29.On 6 March 2009, in accordance with section 17(1) of the Ombudsman Act 1973, I informed both the Chief Commissioner of Police and

the Minister for Police and Emergency Services of my intention to conduct an own motion investigation into the tendering and

contracting of information technology services within Victoria Police, with a particular focus on BITS.

30.My investigation identified a range of policies and procedures and other information and examples available to guide government agencies in relation to tendering, procurement and contract management. Documents reviewed by my investigators included:

the Public Sector Standards Commissioner’s Code of Conduct for Victorian Public Sector Employees of Special Bodies

Victoria Police’s Code of Conduct and Code of Ethics

Annual Reports from the Victoria Police, Office of Police Integrity,

Commissioner for Law Enforcement Data Security (CLEDS) and others

reports and reviews commissioned or conducted by a range of relevant State and Commonwealth bodies, including the Office of

Police Integrity, Auditor-General and CLEDS

Victoria Police’s and other departmental and government policies and procedures regarding tendering, procurement and contract management

Victorian Government Purchasing Board’s Procurement Policies and guidelines

interview transcripts, statements and related documentation compiled by Victoria Police during an investigation known as ‘Operation Tabour’

internal audit reports by the Corporate Management Review Division (CMRD) of Victorian Police into related matters

reports commissioned by Victoria Police, including those undertaken by Landell Consulting, HUB Consulting and Saha International

applicable legislation and legal advice

other documents held by Victoria Police, contractors and service providers.

31.My officers also conducted more than 40 formal interviews under oath or affirmation with police officers, public sector employees of Victoria Police and contractors, including representatives of

recruitment companies, IT companies and other service providers to Victoria Police.

Investigation 11

 

In 2004 the internal business and

IT governance arrangements of Victoria Police were restructured.

12

www.ombudsman.vic.gov.au

3. BACKGROUND

32.In 2004 the internal business and IT governance arrangements of Victoria Police were restructured. During 2005 Victoria Police released Requests for Tender (RFT) for the provision of goods and services

for four major IT systems. These became known as the four ‘towers’ through which Victoria Police planned to ‘refresh’ and enhance its IT services. The project was also intended to rationalise systems and result in Victoria Police having greater control over its IT and communication facilities which had been previously outsourced and

driven by private enterprise. The project committed Victoria Police to expenditure in excess of $200 million.

33.As I have observed in several reports to Parliament, including my recent report on Crime Statistics and Police Numbers1, when considering IT requirements, related policy and procurement strategies, there is much information available in the public domain to provide guidance to Victorian Government agencies. In other areas of interest to my investigation – including probity, standards of conduct, record- keeping, financial management and organisational design – there is a similar volume of information and experience available to guide Victoria Police’s decision-making. Relevant information includes:

Victorian Government Purchasing Board’s Annual Report 2005-06 and Annual Report 2007-08

Office of Police Integrity’s report titled Investigation into Victoria Police’s Management of the Law Enforcement Assistance Program

(LEAP) (2005)

Victorian Auditor-General’s report titled Contracting and Tendering Practices in Selected Agencies (2007)

Victorian Auditor-General’s Office report titled Investing Smarter in Public Sector ICT (2008)

Contemporary reviews such as the Review of the Australian Government’s Use of Information and Communication Technology

(August 2008) commissioned by the Australian Federal Government.

Financial management and

the Victorian Government Purchasing Board

34.The purposes of the Financial Management Act 1994 include improving financial administration and accountability in the public sector.

35.The Financial Management Act 1994 also established the Victorian Government Purchasing Board (VGPB). The Victorian Government Purchasing Board develops, implements and reviews policies and practices associated with procurement. It also monitors departmental compliance with whole-of-government requirements, including ministerial directions.

1 Ombudsman Victoria, Crime Statistics and Police Numbers, Melbourne, March 2009.

Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

36.Victorian Government Purchasing Board policy requires each government department to have an Accredited Purchasing Board as part of accreditation. The responsibilities of departmental Accredited Purchasing Unit include:

assessing procurement proposals in excess of $100,000 and high risk/complex purchases of lesser value

approving proposals within the department’s accreditation limit ($1 million for Victoria Police) and endorsing proposals outside that accreditation limit for consideration by the Victorian Government Purchasing Board

monitoring and reporting on the department’s purchasing processes and procedures

providing purchasing related advice to senior officers and other personnel.

Victoria Police

37.Victoria Police has a workforce of over 13,600 officers, comprised of around 11,100 sworn police members and 2,512 Victorian Public Sector (VPS) employees. Ms Christine Nixon was Chief Commissioner of Police for most of the period relevant to my investigation. Ms Nixon’s term as Chief Commissioner ended on 27 February 2009. On 2 March 2009 Deputy Commissioner Simon Overland was appointed Chief Commissioner.

Business and Information Technology Services Department

38.During 2005 responsibility for major IT account and applications management, IT business planning, IT project management, infrastructure, technical standards and architecture was centralised in BITS. Consisting of seven business groups, BITS mission was to:

Support operational policing through quality managed, cost effective information and communication technology services by understanding and partnering with customers.

39.Victoria Police’s budget for 2008-09 was in the order of $1.75 billion. Approximately 11 per cent, or around $191 million, was administered by BITS.

40.The management structure of BITS consisted of seven Group Managers directly accountable to the CIO, Ms Valda Berzins. The area that was to become most significant to my investigation was managed by Mr John Brown, Group Manager of Business and Planning. Mr Brown’s responsibilities included:

analysing, monitoring and managing IT budget and expenditure forecasts

supporting the preparation of the IT Strategic Plan

overseeing risk management issues

Background

The management structure of BITS consisted of seven Group Managers directly accountable to the CIO.

13

 

The position of CIO has been left vacant since Ms Berzins’ contract was terminated.

14

www.ombudsman.vic.gov.au

implementing IT contract administration

managing contract compliance and reporting.

41.On 19 January 2008, during an internal inquiry, Mr Brown resigned from the position of BITS Group Manager. On 24 November

2008, following notification by the former Chief Commissioner on 23 September 2008 of her intention to terminate Ms Berzins’ employment contract, Ms Berzins took early leave and ceased employment with Victoria Police.

42.The position of CIO has been left vacant since Ms Berzins’ contract was terminated. On 27 October 2008, former Chief Commissioner Nixon installed a Board of Management to govern BITS, ‘to provide leadership and governance’, and ‘ensure that strategic priorities are met on time and budget’.

43.In January 2009, Ms Nixon also established a steering committee to oversee the remediation of issues associated with IT contracts, finance and procurement identified by numerous reviews of BITS.

The ICT Remediation Steering Committee (ICTRSC) was charged with ensuring that five Victoria Police major IT contracts (‘Towers 1-4’ and ‘Fujitsu B5’) met statutory and government policy compliance requirements.

44.In 2008, the Victorian Government created a state-owned entity called the Centre for IT Excellence (CenITex). CenITex was a new shared services agency designed to centralise Information and Communications Technology (ICT) support to government

departments and agencies. I understand the responsibility for ICT support for Victoria Police will eventually be transferred to CenITex.

Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

4. MAJOR INFORMATION TECHNOLOGY PROCUREMENT

45.My investigation focused on whether procurement processes in BITS were proper, open and transparent and to what degree the systemic failures identified in previous reviews remained.

46.My examination focused on the procurement and subsequent contract management of four major contracts, and the management of a major program area.

Contracts

I. Towers 1 and 2: Renegotiation of terms with IBM

47.In February 2006, the Towers 1 and 2 contracts, worth $32.83 million and $65.69 million respectively, were awarded to IBM. The awarding of both contracts required endorsement by the Accredited Purchasing Unit, the Victorian Government Purchasing Board and the Minister for Police and Emergency Services.

48.On 16 November 2006, following several months of negotiation, BITS agreed to redefine a set of service level agreements2 and abatements3 by which IBM had been bound under the Towers 1 and 2 contracts.

In return IBM agreed to provide some additional services to Victoria Police at ‘no cost’ and to withdraw several claims emanating from the previous 1999 ‘Technology and Information Technology Services Contract’.

49.The negotiations that took place prior to the signing of the letter of agreement by Ms Berzins were primarily between a Project Executive of IBM, and Mr John Brown, then Group Manager of Business and Planning, at BITS.

50.Mr Brown said the need for the renegotiation of terms arose as a result of ‘poor contract management of IBM by the previous administration’.

51.In his statement to Operation Tabour, a criminal investigation commissioned in March 2008, IBM’s Project Executive said:

… it became apparent that the SLA [service level agreement] thresholds were impossible for IBM to meet and did not reflect the reality of IBM no longer having sole end to end responsibility for all IT services provided to Victoria Police (as was the position under the 1999 contract).

2 These establish the standards to which the contractor is required to provide the services, and the principal means by which the parties will monitor and manage the services.

3 These are penalties, usually financial, which are claimable by the customer if the vendor does not meet the specified monthly performance requirements as set out and agreed to in the contract.

In February 2006 the Towers 1 and 2 contracts, worth $32.83 million and $65.69 million respectively, were awarded to IBM.

Major information technology procurement 15

 

The IBM Project Executive raised the issue of service level agreements with Victoria Police in April 2006.

In May 2008, Hub Consulting was engaged by Victoria Police.

Hub concluded that changes to the Tower 2 service level requirements represented a

minimum net ‘value for money dilution of $2.07 million’.

16

www.ombudsman.vic.gov.au

52.Operation Tabour reported to then Deputy Commissioner Overland that it was ‘highly probable’ that Ms Berzins and Ms Brown reached the 16 November 2006 agreement with IBM ‘to avoid possible litigation’ in relation to the removal of approximately $11 million from the Tower 2 contract that was to follow in early 2007.

53.The IBM Project Executive raised the issue of service level agreements with Victoria Police in April 2006. His view of the settlement was that the service level regime was changed by consolidation of gold and bronze service levels into the one measure, which along with other changes led to a more relevant and useful agreement. From IBM’s perspective the agreement took account of IBM’s claim for payments for redundancies in application management services staff. Victoria Police agreed not to exercise its right to impose abatements incurred between February 2006 and September 2006.

The impact of the agreement on Victoria Police

54.In May 2008, Hub Consulting (Hub) was engaged by Victoria Police to conduct a value for money assessment of 12 procurements. Hub analysed the cost implications for Victoria Police for the 16 November 2006 letter of agreement and reported to the Chief Commissioner on 30 July 2008. In relation to the impact on the Tower 1 contract Hub reported:

… the cost imposition of additional DASD (Mainframe Direct Access Storage Device) and LEAP Database Support was in the order of $1.28 million. Given the budgetary constraints within BITS, it is reasonable to conclude that the SLA’s and associated abatements were traded off against these unforseen increases in scope. In essence, this agreement traded at least $4.110 million in service performance to fund $1.28 million in additional storage and application support.

Over the life of the Tower 1 Contract, Victoria Police was disadvantaged to at least $2.83 million as a result of the letter of agreement.

55.Hub also observed that none of the changes were submitted to the Accredited Purchasing Unit and Victorian Government Purchasing Board for approval and that the changes were ‘masked’ under the guise of ‘zero cost impact’, therefore not requiring higher level endorsement.

56.Hub concluded that changes to the Tower 2 service level requirements represented a minimum net ‘value for money dilution of $2.07 million’, leaving aside the value of abatements incurred by IBM from 18 February 2006 to 30 September 2006. In essence, Hub found, ‘this agreement traded at least $2.07 million in service performance to fund legacy problems associated with the hardware provided under a previous contract’.

Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

57.Asked during interview about Hub’s conclusions, Ms Berzins said she ‘never had access to the Hub report’.

58.In response to my preliminary conclusions on this matter, Mr Brown stated that Victoria Police would have been exposed to a far greater financial impact had this renegotiation of aspects of the IBM

contracts not occurred. Mr Brown said Victoria Police was exposed to a potential $13.5 million claim in relation to a previous contract that provided a Direct Access Storage Device (DASD). He stated:

DASD was a technical error … Even if your assertion was correct that it cost VicPol $M2.0 this was a much better result than an adverse $M13.5 impact that had credibility. The fact that we were able to deflect this IBM claim is testament as to how hard we fought

IBM … This in my view was a good result for VicPol.

59.Ms Berzins was asked to comment on the background to her signing the letter of agreement of 16 November 2006. She recalled some debate over whether the letter of agreement should be adopted or the original contract amended to deal with the changes. Ms Berzins said she was aware there were various issues and ‘it wasn’t a case of what did we trade, I mean there are lots of ins and outs in this … And as in any good business negotiation you try and find a situation that’s win/win for both parties as much as possible’.

60.Ms Berzins also said she ‘was aware that some [SLAs] were unworkable for IBM when they signed up’ in February 2006. Ms Berzins stated:

I had … my Project Director, query IBM about this to make sure they ‘were happy’. When they responded positively, I thought I had done all I could to make them see sense … I then thought that their naivety [sic] would come in useful somewhere during the life of the contract as a negotiating point when Vicpol had some difficulty with the contract.

61.Ms Berzins told Victoria Police Operation Tabour that the November 2006 agreement took some months to negotiate because IBM and BITS were dissatisfied with aspects of the existing contract. She said that

Mr Brown talked to Accredited Purchasing Unit members about what was required in order to make changes. Ms Berzins said:

Because what I said to John [Brown] was, now whatever we do here, of course, again it’s got to auditable and, you know, meet the requirements for this organisation … and look John was not a delinquent bloke. I know he sought advice from APU members as to how it would be done; I know he also asked [for] legal advice. Now I’m not sure whether the legal advice was within his own team, the VGSO [Victoria Government Solicitor’s Office] or somewhere else, but he certainly sought advice before the sign off of the document.

Major information technology procurement 17

 

The contract between Victoria Police and Fujitsu, known as ‘B5’, was signed by Ms Berzins on 13 March 2007.

18

www.ombudsman.vic.gov.au

62.Mr Brown said during interview with my officers on 7 May 2009 that he didn’t think the 16 November 2006 agreement resulted ‘in a financial outcome but rather a service level agreement outcome’.

He rejected the suggestion that the agreement might have been seen as offering IBM some sort of ‘sweetener’ for the fact that early the next year Victoria Police was going to reallocate disaster recovery applications from IBM to Fujitsu.

63.During interview, Mr Brown recalled being approached by IBM concerning Service Level Agreements (SLAs). He said IBM advised it was not ‘happy with the SLAs and they may look to walk away from this’. Mr Brown said:

and I said, ‘Well, I’m sorry, you’ve signed this contract. I’m going to honour the contract. If you want to take it up with the CIO, you take it up with the CIO’. And they did that ... I was then instructed, along with [the Group Manager of Technical Standards and Architecture], to come up with an acceptable solution.

64.On 3 November 2006 the Manager of Strategic IT Contracts, at BITS sent and email to Mr Brown and a Senior Manager from the Contract Management and Procurement Unit advising that to proceed with IBM contract variations by way of a Deed of Variation was not appropriate. The Manager of Strategic IT Contracts advised Mr Brown that the ‘simplest way to go was just to have an exchange

of letters that had an agreed understanding on certain issues’. The Manager of Strategic IT Contracts, recommended reference be made to potential claims that would not be pursued ‘now or at any later date’. The Manager’s view was that only one item, the direct access storage device or ‘disk’ issue, was in fact a contract variation.

65.In the same email, the Manager also advised Mr Brown that if he intended to proceed with a Deed of Variation rather than an exchange of letters, then Mr Brown should ensure the Accredited Purchasing Unit was fully briefed. He advised that Mr Brown should ‘cover himself’ because his proposed approach:

may well be seen by the other bodies such as the APU and VGPB

as being done completely outside the proper process and may well expose the CIO.

66.After the letter of agreement was signed on 16 November 2006 the

Manager of Strategic IT Contracts said he was surprised to find that ‘wholesale changes had been made to the service levels of both contracts’ which had not been included in the proposal he had advised on.

II. Fujistu B5 contract

67.The contract between Victoria Police and Fujitsu, known as ‘B5’, was signed by Ms Berzins on 13 March 2007. The B5 contract provides for a data centre and an applications disaster recovery solution at a cost of $26.202 million (excluding GST).

Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

68.During June 2006, the Manager of Strategy and Innovation, Technical Standards and Architecture Group at BITS proposed a plan to mitigate the risks associated with the Victoria Police enterprise room (A4). The plan involved building an Applications Disaster Recovery facility on level B5 at the Victoria Police Centre. This proposal was approved by Ms Berzins.

69.Previously, disaster recovery was provided via a contract between BITS and IBM. The Manager of Strategy and Innovation said at interview that IBM had proposed to relocate facilities from A4 to the Clayton Data Centre, but that he had concerns with the proposal. He said:

It’s very simple. The IBM proposal was to simply move piecemeal an entire data centre. The data centre was not documented and there were no experienced and knowledgeable staff in IBM operations who had detailed technical knowledge of how the centre operated, and it would have been a – trying to untangle a spaghetti bowl, is the simile I used.

70.The Group Manager of Technical Standards and Architecture at BITS also said at interview that IBM’s planned relocation presented extreme risks for Victoria Police. He said there was no guarantee that equipment would ‘power up’ after the move. He said there was only $500,000 available to effect the relocation, but the A4 facility was at maximum capacity; it was overheating and there had been power board failures. He said the need to move to a safer and more stable environment had become critical.

Consultation with Fujitsu

71.On 18 August 2006, Fujitsu gave Victoria Police an indicative proposal for the B5 facility. From that time until a contract was signed on 13 March 2007, Fujitsu representatives were involved with Victoria Police in developing the concept, indicative costs, inclusions and methodologies for delivery.

72.At interview on 7 May 2009, the former Client Executive for the Public Sector at Fujitsu Australia said the process that resulted in the B5 contract between Victoria Police and Fujitsu extended over some months during 2006. He said:

we were originally approached by Victoria Police, by John Brown, and a[nother] guy… to attend a meeting one morning at Victoria Police premises. And under the guise of a Non-Disclosure, … NDAs and police clearance, the Victoria Police requested, or asked for

us [sic], some assistance in scoping or a data centre, or a – yeah, basically wanted to build or implement a data centre. And that’s like – you know that’s like asking, ’How long is a ball of string?’ It’s absolutely impossible. So there were some quite interesting discussions around how that would occur. Me, as a salesperson, the first thing I wanted to do was sell some consulting in there. So the first phase would have been a paid consulting engagement ... So I, of course, mentioned that, to which John Brown perhaps thought that Fujitsu was deriving enough revenue from Victoria Police. But

Major information technology procurement 19

 

www.ombudsman.vic.gov.au

but we agreed to proceed on a pre-sales engagement where we would assist them by pulling together some numbers. Now at that stage there was no – you know, we didn’t know where this would lead. We didn’t know if it would lead to a tender, if it would lead to a project … typically clients ask for this when they need budgetary information … we would commonly assist our clients, especially government clients that maybe don’t have a consulting budget

but yet need assistance to put together some budgetary numbers

we would help them. So there were no caveats on commercial confidentiality. Anything we provided to Vic Police they could use.

73.The former Client Executive said Mr Brown never tried to achieve anything apart from a ‘good deal for Victoria Police’. He said Mr Brown ‘was robust’ and ‘drove a hard bargain’.

74.Operation Tabour and Hub concluded that the pre-contract consultation between Victoria Police and Fujitsu was not appropriate. However, the former Fujitsu Client Executive said he saw a sales opportunity for Fujitsu and also a need to precisely identify the requirements and price. He said that he suggested to Mr Brown that the process slow down to avoid the dangers associated with not scoping the project properly.

75.The former Client Executive said he became aware that a Certificate of Exemption from open market tendering was being sought by BITS. He said he was aware consideration was being given to moving funding from the existing Tower 3 Fujitsu contract, but he said BITS did not discuss with him the diversion of monies from the IBM

Tower 2 contract. He said he recalled thinking that if the Certificate of Exemption was granted then ‘Well, great, if a Certificate of Exemption gets through, this might get up. If not, we’ll face a tender process in 2007’. He said:

There was never anything from John [Brown] or [another person] saying that, ‘If Fujitsu do this, you’ve got it in the bag.’ That never occurred. It was – right up until the last moment it was all our risk and it was all, ‘Well, if it happens it happens’.

76.Due to his departure from Fujitsu for employment overseas, the former Client Executive was not interviewed by Operation Tabour.

77.The involvement of Fujitsu in the planning and development phase of the B5 contract was considered by Operation Tabour to be ‘improper’. Operation Tabour reported evidence that Fujitsu had been selected in advance by Mr Brown and Ms Berzins and that the formal approval process was then solely directed towards justifying this selection. Hub advanced a similar view.

20 Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

78.On this issue Mr Brown stated:

… it was not my decision to go to Fujitsu but the CIO’s and [the Group Manager of Technical Standards and Architecture] … The financial impact of all B5 decisions was discussed with the CIO and

[the Group of Manager Technical Standards and Architecture] and [the Manager of Strategy and Innovation]. Thus all understood the funding of B5.

79.Mr Brown said he considered the consultation with Fujitsu and his actions during the project appropriate. He said he acted in the best interests of Victoria Police, intending to secure a beneficial outcome at the best possible price. Ms Berzins also took the view that Mr Brown acted appropriately.

The process

80.Between 20 October 2006 and 12 February 2007, BITS made three submissions to the Accredited Purchasing Unit regarding the proposal to reallocate ‘security services’ from the Tower 2 IBM contract to Fujitsu. These submissions were referred to as Variation to an Approved Procurement Process Reports (Variation Reports).

81.Each of these Variation Reports provided different figures for the value of the variation to the IBM Tower 2 contract, and the subsequent new contract price with Fujitsu. The figure ranged from an initial $14.597 million to $11.136 million and then finally $11.605 million.

82.My investigation identified a number of emails where members of the Victoria Police Accredited Purchasing Unit raised concerns and sought further clarification regarding the first two Variation Reports in particular. Accredited Purchasing Unit members asked BITS to:

clarifiy and circulate the legal advice referred to in the Variation

Reports

quantify the financial exposure to Victoria Police

confirm which security/disaster recovery provisions were included in the IT contract entered with IBM

clarify whether the conferral for the Tower 2 IBM contract inadvertently included the component which ‘we now seek to extract or whether IBM has demonstrated an incapacity to perform this role’

explain the suggestion that the conferral was simply an error, noting conflicting advice provided by BITS at a later date that IBM had undertaken some work but demonstrated an incapacity to complete the work

explain the apparent contradiction involved in a change of stance by Victoria Police regarding IBM, with the Director of Business Management noting that ‘bearing in mind that the original evaluation presumably made claim that IBM were capable of this work, a fact that had not been sustained in reality’.

Major information technology procurement 21

 

www.ombudsman.vic.gov.au

83.In response to questions about the reasons for the proposed removal of the B5 services from the IBM contract, Mr Brown advised Accredited Purchasing Unit members in an email dated 23 October 2006 that:

Some $M11.1 (incl GST) is an anomaly between the Conferral and the Letter of appointment of IBM. As such IBM have not been appointed for this sector – namely Security. This is an administrative housekeeping matter.

High level discussions have taken place with IBM and the initial feedback is that IBM would welcome the opportunity to be relinquished from these tasks. As these items are Options under the Head Agreement with IBM these Options may be terminated by Victoria Police at any time after allowing for IBM’s cost to date of termination. This will not give rise to a contract breach. We have legal advice on this matter. The total of such matters is $M3.5 (incl GST).

Under no circumstances will VP end up paying for both contractors.

84.Mr Brown said at interview that his reference in this email to IBM’s willingness ‘to be relinquished of these tasks’ was based on advice received from the Group Manager of Technical Standards and Architecture. He said the Group Manager of Technical Standards and Architecture had been told by an architect from IBM that ‘IBM didn’t want, effectively, A4, or anything to do with it’.

85.At interview the Group Manager of Technical Standards and Architecture said he was not told by any IBM employee that the company did not have any interest in the project. He said he did, however, believe that the IBM proposal to relocate from A4 to premises at Clayton was impractical and unacceptable to Victoria Police, that it presented an unacceptable risk and that it could not be achieved within the contract price. He said IBM had requested and attended three or four initial planning meetings, but that meetings then ceased. As a result, he said he believed IBM had shown a lack of interest in the project.

86.Ms Berzins said she was of the view that IBM remained interested in providing disaster recovery services to Victoria Police, but that ‘they had been given plenty of time to come up with an acceptable solution, had not done so and therefore we needed to move on and find another solution’.

87.Advice provided in the second Variation Report was that an independent review had been conducted by Acumen Alliance Pty Ltd who reported that IBM ‘did not have the capability’ to deliver security services that would meet Victoria Police standards and timelines.

88.This Variation Report also stated that the transfer of security services from IBM to Fujitsu was urgent because of the need to provide maximum protection, the significant operational impact on all major operational applications if a major failure were to occur and the

fact that there were ‘unacceptable identified risks’ involved in IBM relocating facilities ‘to their expiring tenancy at Clayton’.

22 Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

89.On 13 November 2006, the Director of the Business Management Unit forwarded to the Acting Chief Commissioner an application for a

Certificate of Exemption requesting exemption from the requirements of multiple quotes, public tender and selective tender. The Director stated that BITS had sufficient funds for the new conferral to Fujitsu in ‘the existing IT Services contract funding envelope’ and that there were ‘reasonable grounds and valid arguments’ for endorsement of a

Certificate of Exemption.

90.Ms Berzins signed a document on 3 November 2006 certifying that she endorsed the application; validated the evidence presented in its support; was satisfied all probity issues had been considered and addressed; and had ‘complied with the applicable governance arrangements required within Victoria Police’.

91.The Acting Chief Commissioner signed the Certificate of Exemption on 15 November 2006.

92.On 21 November 2006, Mr Brown sought legal advice from the

Victoria Government Solicitor’s Office concerning the alleged anomaly between the Letter of Appointment and original Ministerial conferral for Tower 2. The Victoria Government Solicitor’s Office advice to Mr Brown on 28 November 2006 included the following:

the instrument of conferral is provided in reg 7 of the Financial Management Regulations(FM regulations) … Expenses and obligations may be incurred or met by a person employed in a department only within the limits conferred by the Minister administering the department

… the conferral power contained in regulation 7 of the FM regulations is not so much providing the power to be exercised by departmental officers but is a provision for limitation on the expenditure by departmental officers

… the terms of the Contract expressly allowed Victoria Police to unilaterally reduce the scope of the Services and the expenditure accordingly. We are of the view that the Conferral cannot otherwise operate to limit the rights of Victoria Police under the Contract

We are of the view that IBM has no valid claim against the State in respect of [sic] proposed engagement of Fujitsu to provide Optional Security Services and/or Initial Security Services.

93.Mr Brown was questioned at interview about why the documentation submitted to the Accredited Purchasing Unit provided varying reasons for moving from IBM to Fujitsu. Mr Brown denied any intent on his part to mislead the Accredited Purchasing Unit. He said:

If I’ve authored them, I’ve authored them, right? But this is a technical scenario. I was not responsible for technical, right? I was there to support the technical area in achievement of their aims and ends.

… there’s been – there never has been any deception. I’ve been up- front with the APU [Accredited Purchasing Unit], BMD [Business Management Department] and DOJ [Department of Justice] and the

Major information technology procurement 23

 

Ms Valda Berzins signed a contract with Fujitsu for $27.2 million, far in excess of both the expenditure authorised by the Minister and Ms Berzins’ personal financial delegation limit.

24

www.ombudsman.vic.gov.au

VGPB. I would have to say the time that they have taken to process things is, in fact, a question that needs to be addressed in all stages.

94.Mr Brown said he was led to believe by Ms Berzins that the B5 proposal was discussed with the Chief Commissioner and the Executive Committee. He also said he recalled providing an overview to and discussing the matter with the Victoria Police Audit Committee.

95.On 12 February 2007, the third and final Variation Report was signed by Mr Brown and circulated to the Accredited Purchasing Unit. The third Variation Report sought to amend the price of the security services to be transferred from IBM to Fujitsu from $11.136 million to $11.605 million. The Accredited Purchasing Unit’s recommendation that the Variation Report be approved was accepted by the Victorian Government Purchasing Board on 13 February 2007 subject to the following two conditions:

i.suitable amendment of the existing contract

ii.updating contract details on the Victorian Government Purchasing Board Contracts Publishing System.

96.Neither of the Victorian Government Purchasing Board conditions was subsequently met.

Conferral

97.On 19 February 2007, the Minister for Police and Emergency Services signed an authorisation pursuant to Direction 2.4 of the Standing Directions of the Minister for Finance and Section 8 of the Financial Management Act 1994, authorising expenditure of $56,885,000 for the Tower 2 contracts as follows:

IBM Australia for the provision of the nominated services, excluding Security Services, for the period 18 February 2007 to 12 February 2011: ($45,280,000) and

Fujitsu Australia Pty Ltd for the provision of the nominated services, including Security Services, for the period 18 February 2007 to 17 February 2011 ($11,605,000).

98.In the same conferral, the Minister also authorised the Chief Commissioner and the CIO to issue a letter of acceptance, execute a formal instrument or agreement and/or incur or meet financial obligations (including contingent liabilities and obligations) arising out of the agreement.

99.On 13 March 2007, the then CIO, Ms Valda Berzins, signed a contract with Fujitsu for provision of ‘Applications Disaster Recovery’ solutions and a Data Centre for a period of 2 years to 17 February 2009. The value of the agreement, $27.2 million, was far in excess of both the expenditure authorised by the Minister ($11,605 million) and

Ms Berzins’ personal financial delegation limit ($250,000).

Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

Realignment of agreements with IBM

100.On 6 March 2007, the Acting BITS CIO wrote to IBM to give notice of changes to the services required of IBM under the Towers 1 and 2 contracts, effective 19 February 2007. Specifically:

Victoria Police did not require Enterprise Room (A4) relocation of Unix Servers to Clayton or business continuity/disaster recovery for Unix Servers from Clayton to Knox

Victoria Police did not require the relocation of Wintel Servers, Business Continuity/Disaster Recovery and some technology refresh services relating to Wintel and Unix Servers.

101.The Project Executive for IBM told my investigators the decision to cease using IBM for some services under the Towers 1 and 2 contracts was a shock to IBM, as was the decision to award the services in question to Fujitsu. He said, ‘the notification was an announcement, not a negotiation’. He said there was never any doubt that the services were within the IBM contract scope.

102.As the IBM representative in direct contact with Mr Brown and Ms Berzins, the Project Executive said he could not recall any discussion or formal notification expressing dissatisfaction with the delivery of services by IBM, and that IBM did not express to Victoria Police a wish to cease providing the services excised from the Towers 1 and 2 contracts.

Subsequent payments to IBM

103.Operation Tabour raised concerns about the purpose of two payments made by BITS to IBM in mid 2007. Operation Tabour reported that the payments were an attempt to compensate IBM for the loss of services from the Tower 2 contract. I decided to include this allegation in my investigation.

104.At interview with both my investigators and Operation Tabour, the IBM Project Executive denied the payment to IBM for work done on the relocation of the Enterprise Room was in fact a ‘sweetener’ or benefit as a result of the reduction in scope.

105.In an email to Ms Berzins and copied to Mr Brown on 3 April 2007, he summarised a meeting from that day. In relation to the price of helpdesk services, he wrote:

We understand and thank you for your acceptance of the Year 1 Helpdesk re-price as per your letter of 30th March 2007. We took it from the conversation that Victoria Police accepts our offer of 28th March 2007 regarding Contract Years 2 and 3, and that we may consider your agreement to this as being one of the components of additional revenue that is aimed at retaining IBM’s revenues

at the expected amounts given recent decisions to remove certain obligations from the scope [of] IBM’s services.

Operation Tabour raised concerns about the purpose of two payments made by BITS to IBM in mid 2007.

Major information technology procurement 25

 

A contract had been entered into for $28 million and it had not been registered on the VGPB contract website.

26

www.ombudsman.vic.gov.au

106.Asked at interview to explain the above statement, he said:

IBM would have exercised this right [to claim extra costs for the helpdesk] with or without the announced intention by Vic Police to remove certain elements from IBM scope. Given that the reduction in scope was announced, however, this fact was included in discussions/negotiations as a leverage point in moving Victoria Police to an agreement on the revised prices for the helpdesk.

107.At interview, the Project Executive said he wished to clarify the statement he made to Operation Tabour on 17 September 2008. According to that statement, IBM and Victoria Police agreed that $601,000 would be paid to IBM in compensation for work already completed towards the relocation and wind-down costs. He said that, upon re-reading his statement on the morning of his interview with my officers, he realised the $601,000 was in fact for an increase in the service charge for the IBM helpdesk, as stated in his email of 3 April 2007.

108.He also later elaborated by email to my office on 10 July 2009 stating that the $601,000 ‘had already been collected from Vic Police as part of the monthly charges for establishment and running Unix and

Intel Disaster Recovery Services during the first year of the [Tower

2] contract’. He advised that an agreement was reached that IBM would retain the $601,000 and apply it ‘to the IBM entitlement for an increase in the helpdesk fees as the volumes of calls were well over the thresholds in the contract’.

109.The Project Executive told my investigators that IBM made a separate claim of $335,900 plus GST to Victoria Police for wind-down costs and expenses associated with work already done on the tasks removed from the scope of IBM’s contract.

110.This claim was eventually settled, with Victoria Police making a payment of $310,000 to IBM in May 2007.

111.Ms Berzins told Operation Tabour at interview on 18 September 2008 that she was sure no payment had been made to IBM for the work done prior to the removal of services from the IBM contract. She was informed during interview with my officers that a payment of $310,000 was made to IBM for work already completed in relation to B5. Ms Berzins said she did not remember the payment.

Issue Cover Sheet

112.On 19 May 2008, the Group Manager of ICT Services and Infrastructure and the Principal Legal Advisor for Victoria Police submitted an Issue Cover Sheet to Ms Berzins. The Issue Cover

Sheet identified that a contract had been entered by Ms Berzins for ‘approximately $28M’; the contract had not been registered on the Victorian Government Purchasing Board contract website; no Procurement Process Report appeared to exist for the contract; and there was ‘no record within the Accredited Purchasing Unit of any such document being presented to Accredited Purchasing Unit or issuance of a CE [Certificate of Exemption] in this regard’.

Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

113.The Group Manager of ICT Services and Infrastructure and the Principal Legal Advisor also claimed that funding details had been gleaned from a costs strategy document as follows:

Building Works (LAMP)

1.8M

Fujitsu Project Costs (Tower 3)

3.0M

Tech Refresh Hardware

8.0M

Software (Provisions)

1.8M

Managed services

[no amount provided]

Tower 2 Security

10.5M

Miscellaneous

2.1M

Total: 27.2M (contractually approx $28M (Incl GST))

114.The Group Manager of ICT Services and Infrastructure and Principal Legal Advisor wrote:

Fujitsu is not a signatory to the contract referenced as it is a separate contract. The amount of $11.6M should have been deducted from the overall amount and that funding should have formed the basis of a separate conferral for a new contract. The PPR is unclear on this hence the misunderstanding.

Fujitsu Project Costs (Tower 3) of $3M (but may be closer to $3.5M) is indicated. This has been provided by the allocation of days (year on year) from the Applications Tower 3 contract. It is unclear within the Strategy document as to the justification why circa $3M value has been taken out of the Tower 3 contract. No contract or conferral variation has been raised to officially take this funding from the Tower 3 contract and [there has been] no apparent approval from Government or APU/VGPB for us to do so …

115.My investigation confirmed that while Mr Brown and others had negotiated the Variation Report through the Certificate of Exemption and Accredited Purchasing Unit processes, secured endorsement by the Victorian Government Purchasing Board, obtained a Ministerial Conferral, and obtained authority for contract variations, this was all done on the basis of an agreement in the amount of $11.6 million.

116.At interview, Ms Berzins explained her rationale for the pulling together of funds provided under other conferrals to make up the difference between the $28 million contract value and the $11.6 million she was directly authorised to spend on the B5 project. Ms Berzins said:

my analogy is important is because if a – if a child gets given

a Myer’s voucher and he gets told to go and buy some sort of toy with it, and his parents give him that, and his grandparents give him a Myer’s voucher to go and buy some sort of different toy again – and he gets all these vouchers and they’re all Myer’s vouchers, he takes them and he puts them together and he might buy some sort of little motorway that’s a consolidated thing, and buy all that in one hit. And that’s the same sort of logic to doing this. I had a delegation with Fujitsu for this, I had a delegation for that, a delegation for that, and I wasn’t gonna use the moneys

Major information technology procurement 27

 

www.ombudsman.vic.gov.au

in any other way apart from what I had the delegations. I just happened to put a wrapper around it.

Legal advice concerning Ms Berzins’ authority

117.On 3 September 2008, the Principal Legal Advisor sought advice from the Victoria Government Solicitor’s Office regarding whether obtaining funding from various sources which were, in part, authorised through appropriate conferrals provided sufficient authority for Ms Berzins to sign one contract that consolidated the conferrals. The Principal Legal Advisor also asked, if it was not appropriate, how might the problem be rectified and what contractual obligations of the parties were under the contract.

118.The Victoria Government Solicitor’s Office advice, dated 18

November 2008, included the following:

We are unable to express a view whether there is sufficient nexus between the Amended T2 Conferral and the B5 Contract. However, we can say that either way the CIO lacked authority to sign the B5 Contract,

The Amended T2 Conferral authorised the CIO to enter a contract only up to the limit of $11,605,000. The value of the B5 Contract was $28,000,000. We note that we have some instructions that some of the other funds had conferrals relevant to security matters. We are of the view that some sort of corralling of conferrals is problematic and contrary to the FM [Financial Management] Act in general and procedure (d) of the Directions 2.4 – Authorisation in particular,

Further, any renegotiation or significant alteration of an original contract which was the subject of a conferral should be returned to the authorized person for execution, or if it exceeds the amount approved by the conferral, it should be returned to the Minister.

119.In relation to my preliminary views on the B5 procurement, Mr Brown said he sought the appropriate approval of the proposal to fund the project. Mr Brown stated:

I can clearly remember being in [the Director Business

Management’s] office with the CIO when we went through, in detail, how the funding was proposed by BITS to deliver the B5 Computer Room. [The Director’s] response was “JUST DO IT”… This comment was repeated again, to the best of my recollection when I and [the Manager of Strategy and Innovation] had [the

Director] on speaker phone in my office.

120.In response to Mr Brown’s comments, the Director of Business Management stated:

My recollection is that funding discussions regarding B5 did occur as part of the decision to transfer Security Services from IBM to

Fujitsu and included identification of other authorised funding sources that were directly related to the project on B5.

What was not disclosed in those discussions was that combined use of those funding sources would involve creation of a new

28 Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

contractual relationship (which was ultimately established outside procurement approval processes), that the funding streams would be used for purposes other than that which was originally authorised, and that the eventual scale of the B5 commitment would ultimately be greater than the funding sources that were discussed.

On no occasion in discussions regarding funding sources for B5 with John Brown, Valda Berzins or any other person did I sanction (or suggest) non compliance [sic] with procurement or contractual obligations which exist under the Financial Management Act.

Victoria Police Audit Committee records

121.The Victoria Police Audit Committee (the Audit Committee) provides independent advice and assistance to the Chief Commissioner

in regard to the systems of financial reporting, financial and organisational risk management, internal control and the adequacy of management reporting.

122.My officers examined the minutes of the Audit Committee and identified that in December 2006, February 2007 and June 2007 it was presented with opportunities to explore the reasoning that underpinned the decision to move applications disaster recovery to ‘Building 5’ and to question the adjustment of contractual arrangements and financial implications of moving from IBM to

Fujitsu.

123.To determine the extent of the detail provided to the Audit Committee regarding the B5 proposal and the engagement of Fujitsu,

I asked Victoria Police for a copy of the documents identified in the minutes of these meetings, including a ‘handout’ reportedly presented by Mr Brown. The Audit Committee Secretariat, CMRD,

advised my office that these documents, including the handout, could not be located.

III. TIBCO – Enterprise Services Bus software licence

Background

124.In early 2006 BITS management recognised the need for Enterprise Services Bus (ESB) software to support a number of applications, including the impending replacement for the Law Enforcement Assistance Program (LEAP). In general terms, ESB software provides a link between systems.

125.BITS discussed its need for ESB software with TIBCO Software Inc (TIBCO) which had, since January 2005, provided interface development, a software licence and support for Victoria Police’s

Traffic Information System.

I asked Victoria Police for a copy of the documents identified in the minutes of these meetings, including a ‘handout’

reportedly presented by Mr Brown. The Secretariat advised my office that these documents could not be located.

Major information technology procurement 29

 

www.ombudsman.vic.gov.au

126.Preliminary discussions between BITS and TIBCO extended to formal negotiations in early 2007, culminating in the signing of a contract on 31 May 2007 for the provision of an ESB software licence and ongoing maintenance of the software. The agreement was for a period of 7 years at an initial cost of $20.1 million.

The engagement process

127.On 10 July 2006, Ms Berzins wrote to the Victorian Government’s

Chief Information Officer advising of Victoria Police’s interest in engaging TIBCO to provide ESB software and proposing that TIBCO’s product be declared a Whole-of-Victorian-Government

standard product. In her reply of 30 August 2006, the Government

Chief Information Officer provided qualified support for the proposal, listing criteria that Victoria Police would have to meet for a formal Whole-of-Victorian-Government declaration.

128.In December 2006, with the abolition of the position of the Victorian

Government Chief Information Officer, BITS redirected its approach to the Whole-of-Victorian-Government Chief Technology Officer.

129.The Chief Technology Officer provided written support for a Whole- of-Victorian-Government approach on 9 May 2007. On the same day the Victoria Government Solicitor’s Office endorsed the proposed contract provisions. On 11 May 2007 BITS appointed an external probity auditor who signed-off on the certificate of exemption rationale on 15 May 2007.

130.BITS sought a Certificate of Exemption from then Chief

Commissioner Nixon to procure the TIBCO product and service without an open and competitive tender. The rationale put to the Chief Commissioner in an Issue Cover Sheet dated 14 May 2007 by Mr Brown and Ms Berzins included that TIBCO already provided a number of Victoria Police applications and the identified need was an extension of that service. The probity auditor engaged by Victoria Police supported this rationale, citing the Victorian Government Purchasing Board guidelines that allowed an exemption for:

additional delivery of goods and services that are intended either as replacement parts, extensions or continuing services for existing equipment, software, services or installations where a change

in supplier would necessitate the procurement of goods and services that do not meet the requirements for interoperability or interchangability.

131.Other reasons presented to the Chief Commissioner, the Accredited Purchasing Unit and the Victorian Government Purchasing Board for engaging TIBCO without a tender process were:

TIBCO had been providing a similar service to Victoria Police satisfactorily since March 2005 for a number of programs

TIBCO offered a discount of 92.6 per cent off its list price if a contract was signed before 31 May 2007

30 Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

Victoria Police would otherwise fail to meet Government requirements and dates for the replacement of LEAP which would attract parliamentary, media and public criticism

a technical evaluation of leading software against the requirements of Victoria Police ‘found the TIBCO product suite to be the most technically superior product set and closest fit to

Victoria Police’s known requirements’

TIBCO had been found to be the superior product set by leading industry consultants Gartner and Forrester

clauses in the agreement negotiated between TIBCO and Victoria Police would allow other Victorian Government agencies to benefit from discounts achieved.

132.On 18 May 2007, the Accredited Purchasing Unit endorsed the TIBCO procurement. Although the Victorian Government Purchasing Board documentation is not dated, it appears the Victorian Government Purchasing Board approved the procurement on 25 May 2007. On

30 May 2007 the Minister for Police and Emergency Services signed an Instrument of Authorisation for the engagement of TIBCO for $20.1 million. The contract was signed the same day by TIBCO’s management in the United States. Ms Berzins signed the contract on 31 May 2007, and her signature was witnessed by Mr Brown.

133.The negotiation process was underway from mid 2006 to 30 May 2007, although the necessary formal documentation was completed over some 24 days during May 2007.

134.Mr Brown told my investigation that the ‘procurement process for the TIBCO contract was driven by the following factors’:

The Business Case for LEDS [LEAP replacement, later renamed LINK] which was put together by an ex TAC [Transport Accident

Commission] CIO and specifically referencing TIBCO as the

Enterprise Bus Solution.

A$M10 shortfall in cash expenditure for the 2006/2007 financial year for the LEDS Project. This it was stated would have been a great embarrassment for the LEDS project, Victoria Police and the Department of Justice in the eyes of the Department of Treasury and Finance.

The TIBCO financial year end I was informed was the 31/5/07 and thus the offer was only valid till then.

Mr Brown also added:

… but I was advised … that as TIBCO was a vendor to VicPol’s

Traffic Incident Program that no tender was necessary.

Major information technology procurement 31

 

www.ombudsman.vic.gov.au

Preparation of supporting documentation

135.Hub concluded that the supporting documentation regarding this contract was contrived in retrospect, over a 24-day period, to justify a decision taken by BITS in June 2006 to engage TIBCO. Operation Tabour formed a similar view. Hub reported:

These documents, including the Probity Plan and Technical

Evaluation Report, and Certificate of Exemption were prepared as late as May 2007 in order to merge with a timetable agreed with TIBCO to have the contract in place by 31 May 2007.

136.Similarly, the Strategic IT Contracts and Procurement Manager at BITS stated at interview on 3 April 2009:

I think some evaluation documents were produced but I think they may have been produced post decisions being made and so on as a completion of documentation type of exercise.

137.Ms Berzins said that from her ‘personal perspective, the twenty-four days or so was [sic] a culmination of about 15 months worth of work’. Asked whether the engagement of TIBCO was predetermined and the necessary documentation contrived close to the end of the project, Ms Berzins responded:

There was a hell of a lot of to-ing and fro-ing between John Brown

… the CIO’s office, the CTO, looking at how to present the TIBCO procurement, and get it through the right set of signatures. And the opinions … kept changing as to the best way to handle it. And whether there needed to be short, sharp tenders to selected potential suppliers, or whether it could be shown as a standard through a technical evaluation – chopping, changing, chopping, changing, chopping, changing. And that’s why… when it was drafted up… [it] could well have looked like, ‘Well, this was done reasonably quickly’.

138.In a letter to Mr Brown dated 31 May 2007, the Assistant Director of the Procurement Management Division expressed concern about the procurement of the TIBCO product. He wrote:

The TIBCO procurement process identified a number of business practice issues between BITS, PMD, APU, VGPB and the Department of Justice that need to be addressed if we collectively are going to work effectively together going forward. From a PMD and APU perspective, the key learnings’ are planning, timing

and communication. It is essential that all parties understand the imperatives associated with the VGPB guidelines and in particular, documentation and communication protocols. It is fair to say

that many parties were exposed to significant levels of stress and anxiety through the procurement process adopted.

32 Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

Probity advice

139.Victoria Police policy now and in May 2007 states, ‘It is compulsory to appoint both a probity advisor and a probity auditor for procurement over $10M’. The contract for ESB software was worth $20.1 million.

140.On 11 May 2007, Mr Brown appointed a probity auditor for the procurement of the ESB software for BITS. On the day of the appointment, the Group Manager of Technical Standards and Architecture at BITS, and two other BITS employees met with the probity auditor at 9.30am. The probity auditor’s letter of approval regarding the justification for a Certificate of Exemption was provided four days later.

141.At interview, the Group Manager of Technical Standards and Architecture said the probity auditor told BITS that its proposed contract with TIBCO would not meet probity standards because BITS had not tested the market. He said the probity auditor also directed BITS to the Victorian Government Purchasing Board policy that allows for an exemption from public tender where there is an ‘extension or continuing services for existing equipment, software, services or installations where a change in supplier would necessitate the procurement of goods and services that do not meet the requirements for interoperability or interchangability’.

142.The Group Manager said such an exemption applied to the TIBCO contract because using any other provider ‘would mean redeveloping all of our current interfaces into something new. There would be costs associated with that, we would lose our IP [intellectual property] and experience’.

143.TIBCO representatives interviewed during my investigation also expressed the view that the ESB software was merely an extension of services already provided by TIBCO to Victoria Police.

144.The probity auditor’s report on the actual probity process for the TIBCO agreement was provided on 6 June 2007, after the contract had been signed by both parties.

The market scan

145.According to an Issues Paper submitted to the Chief Commissioner by Ms Berzins and Mr Brown on 14 May 2007, the BITS Technical Standards and Architecture Group conducted an internal product evaluation comparing five leading ESB products against Victoria

Police’s technical requirements. Several references were made in

the issues paper to a ‘market scan’ having been conducted which included the findings of a firm of consultants.

146.Evidence obtained by my investigation shows that the consultants’ report regarding TIBCO and its immediate competitors was in fact the only information relied upon by BITS for its market scan. I note the consultants’ report was not independently sourced by Victoria Police, but was in fact provided to BITS by TIBCO.

Major information technology procurement

The consultants’ report was not independently sourced by Victoria Police, but was in fact provided by TIBCO.

33

 

www.ombudsman.vic.gov.au

147.Ms Berzins advised my investigation that ‘enlisting assistance from a vendor to provide favourable competitor analysis … is certainly not acceptable and I was unaware that it had been done’. Ms Berzins noted, however, that the consultants’ views were held in high regard ‘in the business world’ and their ‘views hold regardless of how they were obtained’.

148.Documentation submitted by BITS to the Victorian Government Purchasing Board seeking approval for the TIBCO contract includes comments regarding an evaluation process. BITS made reference to discussions it had with alternative providers for ESB software, and reported that these providers could neither match the discount nor the level of service offered by TIBCO.

149.The Strategic IT Contracts and Procurement Manager was sceptical of the thoroughness of the market scan presented in support of engaging TIBCO. He said that based on his examination of the probity documentation after the agreement was signed, he believed a ‘paper evaluation’ was done rather than a proper, technical comparison of options.

Whole-of-Victorian-Government agreement

150.A reason advanced by Mr Brown for proceeding with haste in the TIBCO procurement was the prospect of securing a Whole-of- Victorian-Government agreement. On 9 May 2007, the Victorian

Government Chief Technology Officer emailed Mr Brown. He wrote:

I am pleased you have been able to leverage your negotiations with TIBCO to include attractive discounts for other Departments should they wish to implement TIBCO in the future. This appears to be a very good outcome for both Victoria Police and other Government Departments.

151.During interview, Mr Brown expressed confidence that the contract he negotiated with TIBCO secured benefits for other Victorian

Government agencies. He said:

… in effect it was kind of a standard purchase order agreement for a product called TIBCO, in that all other organisations could make themselves available of [sic] this product and gain the benefits with lower training costs, et cetera, et cetera.

152.This statement by Mr Brown appears inconsistent with the advice he provided by email to BITS Group Managers on 2 November 2007 following discussions with the Victorian Government Chief

Technology Officer. Mr Brown wrote:

Whether the contract that VicPol has with TIBCO could or should be converted into a Standing Purchase Contract (SPC) for whole of Vic Government. [The Victorian Government Chief Technology Officer’s] view is NO – as he does not believe that this could be actioned now as the horse has bolted and he should have asked us

to have the TIBCO Contract constructed as a SPC during the period we were negotiating … As such the VicPol TIBCO Contract stands

34 Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

as is and if another Vic Agency wishes to avail themselves of the

VicPol deal then they will need to raise a Certificate of Exemption and append/mirror the VicPol TIBCO Contract.

153.Mr Brown’s email to BITS Managers was commented on in an email from a Senior Manager of the Procurement Management Division on 15 November 2007. The Senior Manager wrote:

Other Agencies are bound by the VGPB policy and should in the first instance follow a normal RFT process. If they opt for a

Certificate of Exemption citing the VicPol arrangement, this would not suffice, noting they are not a party to the arrangement. I do not believe that they could avail themselves of the VicPol TIBCO contract as it is not a WoVG arrangement, however this does not preclude them from negotiating a similar arrangement with TIBCO should they choose to do so based on their own merits.

154.In his statement to Operation Tabour dated 11 December 2008,

TIBCO‘s General Counsel for Asia Pacific and Japan stated that

‘three orders have since been procured using the whole whole of government contract ordering framework’. A search of the

Victorian Government Purchasing Board’s Central Register of Major

Government Contracts website has identified two relevant contracts with TIBCO, both entered by the Office of Housing. According to the

Register, those contracts were:

arranged under the terms and conditions of the WOVG contract between the State of Victoria (through Victoria Police) and TIBCO Software Inc.

155.The stated values of the Office of Housing’s TIBCO contracts were $797,332 and $295,086.

156.I asked the Victorian Government Purchasing Board to comment on whether it considered Victoria Police’s agreement with TIBCO to be a Whole-of-Victorian-Government (WoVG) contract. The Victorian Government Purchasing Board responded:

No, this is not a Whole of Government Contract.

This is considered a Departmental Standing Offer Arrangement.

Often departments will contract for specific needs that do not apply across all of Government, but may have an application in another one or two entities. They can include in the tender and contract an allowance for other entities to access elements of the contract where needed. This does not make it a Whole of Government Contract.

The 92.6 per cent discount

157.From around June 2006, TIBCO and BITS were in discussions regarding the provision of the ESB product. In March 2007, TIBCO representatives advised BITS of a desire to reach an agreement by the end of May 2007 when the second quarter of TIBCO’s financial year closed. TIBCO made mention of ‘deepest levels of discounts available across all product lines’.

Major information technology procurement 35

 

TIBCO confirmed via email that the discount on offer was 92.6 per cent off its list price.

Interviewees told my officers of ongoing failure by management to address safety and financial issues associated with the facilities.

36

www.ombudsman.vic.gov.au

158.On 18 April 2007, TIBCO confirmed via email that the discount on offer was 92.6 per cent off its list price.

159.Mr Brown justified the urgency in securing the TIBCO contract on the grounds that this substantial discount was conditional on the signing of a contract by 31 May 2007. The contract was signed on 31 May 2007 in the amount of $20.1 million.

160.Hub noted that if TIBCO arrived at a contract price of $20.1 million after a discount of 92.6 per cent, TIBCO’s list price must be in the order of $280 million.

161.Asked during interview about the discount, the Group Manager of Technical Standards and Architecture at BITS said:

I fell off my chair. I said, ‘No, that can’t be right, John. No one gives discounts of that value’… I’m used to, without trying, achieving 25 per cent discounts, sometimes if you push you can get 40, and if you really, really push and you and the vendor need each other for whatever reason, you may even get a 60 per cent or 70 per cent discount. Beyond that, I’ve never heard of that before.

162.The rationale provided by TIBCO‘s General Counsel for Asia Pacific and Japan was that:

High discounts of this nature are not uncommon for TIBCO with government sector clients. TIBCO was prepared to offer this level of discount due to the increased presence the contract would give it in the Australian government market and the opportunity to leverage into other Victorian government departments …

163.TIBCO’s Account Director said during interview that the discount would have been taken ‘off the table after the 31 May deadline’. He said he was unable to advise what the price would have been after 31 May.

IV. Communication facility leases

164.In the course of my investigation I became aware of concerns relating to the BITS administration of leases and payments made regarding Victoria Police communication towers at several locations. Operation Tabour documentation included allegations of poor practices and inadequate management of leases. Interviewees told my officers of ongoing failure by management to address safety and financial issues associated with the facilities.

165.In a statement to Operation Tabour on 3 September 2008 the Senior Manager of Emergency Services Communications and Commercial Unit raised the history of inaction on the part of Senior Managers concerning the risks associated with communications towers. The more recent assertions drawn from that statement include:

From at least 2003 management was aware that work needed to be done regarding tower safety, site leasing and maintenance.

Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

During April–May 2008, a strategy document was prepared to deal with the backlog of work to be done to remediate tower safety and site leasing, including the need to address OH&S concerns.

Internal disputes arose in BITS regarding the assignment of staff to the task.

In May 2008, it was claimed that urgent action was required to identify towers that needed priority attention. A rigging capacity had been lost some four years previously and it was claimed that no maintenance and very little work had been done on the towers since that time.

Funding was not available and had not been sought to allow the necessary work to commence.

On 24 July 2008, the Group Manager of ICT Services and Infrastructure sent an email directive that all relevant documents were to be provided to him.

On 17 August 2008, the Group Manager of ICT Services and Infrastructure advised Ms Berzins of the risks to Victoria Police arising from the Tower Safety project.

166.The Project Manager of Base Site Facilities was interviewed on 26 June 2009. He said that in February 2009 he was tasked to undertake a review of radio base site facilities and associated matters. He undertook a review of files and found that some had not been updated since 1990. He also found that leases had expired and that Victoria Police had continued to pay lease fees.

167.The Project Manager summarised his findings which included:

Victoria Police has had a communications tower presence at [a Collins Street] address for 13 years. The last Deed of Renewal of Agreement expired in March 2005. In December 2008 agents sought clarification of Victoria Police requirements. At a site meeting in April 2009 it was decided to rationalise radio services and remove obsolete equipment. Savings $15,000 per year.

At [another Collins Street address]. Last file entry 2006. Victoria Police has had a presence at the site for 15 years. No agreement was signed with Motorola. Best estimate of site rental currently $46,000 per year. No continuing need for services and can be relocated.

[A third Collins Street address]. Current rental $164,141.95 per year. 2 years ago Victoria Police shut down 13 frequencies leaving only 3 at the site. No action was taken to correct the management agreement with the owners. The agreement expired in 2006. The expense of maintaining unnecessary services: $109,500 per year. Victoria Police failed to follow up negotiations in 2005-2007. The building owners have charged site fees, currently $164K per year and will continue to charge the fees until Victoria Police removes equipment from the site. Best estimate of a revised fee: $46K saving $117K per year.

Areview of files found that some had not been updated since 1990.

Major information technology procurement 37

 

The data was so poor that it was impossible to determine which sites were active and which were not.

38

www.ombudsman.vic.gov.au

168.The Project Manager was asked whether his review revealed any information concerning record-keeping in BITS. He said the data was so poor that it was impossible to determine which sites were active and which were not. His best estimate is that action to cease payments, where leases have expired, and adjust communication requirements will result in a saving of about $250,000 by the end of 2009. He estimated that around $750,000 could have been saved over the past two financial years had corrective action been taken in 2006.

169.The Project Manager identified further concerns including:

Victoria Police is currently paying in the order of $95,000 per year in electricity costs for 25 communications sites where it does not have a presence, although other agencies may be using the electricity.

One private communication company owes Victoria Police an estimated $250,000 for co-shared arrangements for rents not collected in the past two years.

Monies have not been collected by Victoria Police for outgoings on sub-licensed agreements with two private communication companies since 2004.

Standing maintenance costs associated with lawn mowing and other services are paid without on site checks to verify that service has been provided over many years.

170.The Project Manager told my investigation that in 2004 BITS entered a lease agreement for four years for facilities at a rural site, under which Victoria Police has paid over $81,000 in lease fees. He said Victoria Police has not had a presence at the site since 1995. The Project Manager said he visited the site and found that it consisted of an empty cabinet (see photograph on following page). He said:

The rationale was that because of the introduction of MMR [Metropolitan Mobile Radio], we should enter into a lease agreement at […] in 2004, at 11,000 and something dollars, with a five per cent increase – CPI increase, per year, rent in advance for the year. Never in use; it’s an empty cabinet … And there’s several sites like that.

Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

Illustration 1.

Empty equipment cabinet at rural communications tower site.

171.In relation to my preliminary views on the issue of communications towers, the Group Manager of ICT Services and Infrastructure at BITS stated:

As part of ‘BITS Management’, I have continually escalated the issues raised to the CIO/accountable Group Managers and only since December 2008 have I been able to achieve progression since the resignation of the CIO.

172.Ms Berzins also responded to my investigation on the issues of the management of Communication facility leases as follows:

[The Group Manager of ICT Services and Infrastructure] and his team were in charge of the towers. I was not convinced that [the Group Manager of ICT Services and Infrastructure‘s] team was being diligent in its efforts to manage the sites. In addition,

some members of John Brown’s team were responsible for paying

In 2004 BITS entered a lease agreement for four years for facilities at a rural site, under which Victoria Police has paid over $81,000 in lease fees. Victoria Police has not had a presence at the site since 1995. The site consisted of an empty cabinet.

Major information technology procurement 39

 

Ms Nixon stated that the reason for the breaches

regarding the Towers 1 and 2 contracts was that Ms Berzins ‘executed this contract variation outside of established policy and procedure’.

Key failures in existing controls which enabled these inappropriate authorisations to

occur were identified.

www.ombudsman.vic.gov.au

invoices on the towers I was not convinced that the interaction between the teams was satisfactory, particularly with respect to seeing if the services were required or had been performed.

173.In relation to the issue of monies owed to Victoria Police regarding Communication facility leases, Chief Commissioner Overland responded:

Victoria Police will take steps to recover any estimated debt owing for rental and this matter has been referred to the Director of Legal Services.

Breaches

Victorian Government Purchasing Board Procurement Policy Breaches and Remedial Action

174.On 12 February 2009, Ms Nixon wrote to the Minister of Police, the Chair of the Victorian Government Purchasing Board and the Chair of the Victoria Police Audit Committee declaring the following failures to comply with Victorian Government Purchasing Board Procurement Policies:

Mainframe and Unix Servers provided by IBM (Tower 1); estimated breach value $4.1 million of total contract value of $32.8 million

Desktop, Networking and Service Desk also provided by IBM (Tower 2); estimated breach value $2.07 million of total contract value of $65.69 million

Business Continuity and Recovery Services provided by Fujitsu; estimated breach value $33 million of total contract value of $33 million.

175.The total value of these breaches was $39.17 million.

176.Ms Nixon stated that the reason for the breaches regarding the Towers 1 and 2 contracts was that Ms Berzins ‘executed this contract variation outside of established policy and procedure’ without reference to the Accredited Purchasing Unit, Victorian Government Purchasing Board, Chief Commissioner and the Minister.

177.In relation to the B5 contract with Fujitsu, Ms Nixon reported the breach was incurred when the former CIO executed a new contract with Fujitsu without reference to appropriate authorities including herself, the Accredited Purchasing Unit, the Victorian Government Purchasing Board and the Minister.

178.The ‘key failures in existing controls which enabled these inappropriate authorisations to occur’ were identified in Ms Nixon’s notification of the breaches letter:

Knowledge of these highly complex contracts for managing day- to-day IT services was vested with a small number of individuals within BITS. As such the visibility of the contractual variations

40 Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

or redefinition of services (which were in breach of Government procurement policy) to other parts of Victoria Police was inadequate.

The authority for managing expenditure on these contracts was delegated to BITS personnel which enabled expenditure in some cases to be applied to conferrals unrelated to the expenditure.

Organisational monitoring of IT contract expenditures was at the global level and not at the individual conferral level and as such was inadequate.

179.Ms Nixon also advised the Minister and the Chair of the Victoria Police Audit Committee that she had implemented 10 broader strategies across the organisation to ensure similar situations do not reoccur. Ms Nixon stated that:

High risk/high value IT tender processes will be conducted externally to BITS by Victoria Police’s Procurement Management Division (PMD);

All high risk/high value IT contracts will be reviewed and assessed by PMD between April 2009 and the end of 2009;

Audit approved processes will be implemented to ensure that expenditure is only authorised against the relevant conferrals;

Implementation by PMD of a Commercial Practice and Procurement Compliance strategy to provide early intervention and mitigate risks associated with procurement;

Quarterly actual and projected expenditure reports against the conferral will be produced by BITS and monitored by FSD;

Implementation by PMD of a Capability Growth Strategy and Education Program to empower and support the organisation to procure goods and services in accordance with Victorian Government Purchasing Board procurement practices and guidelines;

Participants in the procurement process and contract management will attend mandated training on planning, delivering and managing procurements in accordance with Victorian Government Purchasing Board policy;

PMD will develop a long term procurement strategy for the delivery of IT goods and services including thorough market test practices;

All BITS high risk/high value procurements will be entered and tracked in a soon to be implemented Integrated Contract Management System (ICMS) by PMD. An investment of $2M over 5 years has been made by the organisation to implement an Oracle based ICMS to store, manage and track procurements.

A network of appropriately trained procurement advisors has been established within PMD. All Departments and Regions will be directed to make appropriate use of these resources.

Major information technology procurement 41

 

As at 26 October 2009, Victoria Police was yet to publish details of these contracts on the Contracts Publishing System website.

42

www.ombudsman.vic.gov.au

180.On 3 April 2009, Chief Commissioner Overland wrote to the Minister and the Victoria Police Audit Committee Chairperson advising of additional measures he had instigated in relation the breaches and the general operation of BITS.

Failure to disclose information

181.According to Victorian Government Purchasing Board Procurement Polices, each department must report summary details of all contracts in excess of $100,000 but less than $10 million on the Contracts Publishing System website. Contracts over $10 million in value are to be disclosed in full on the website, subject to exemption criteria under the Freedom of Information Act 1982. The policy requires the publishing of contracts on the Contracts Publishing System website within 60 days after the award of a contract.

182.As at 26 October 2009, Victoria Police was yet to publish details of the following contracts on the Contracts Publishing System website:

The contract relating to Tower 4, the Assessment Procurement Panel of six providers, signed 18 February 2006 at a value of $3.08 million.

The $33 million contract for the B5 Data Centre and Applications Disaster Recovery Services, signed on 13 March 2007. The Accredited Purchasing Unit advised that publication of this contract was on hold until relevant parties had signed the associated notification of breach of procurement policy.

183.The Accredited Purchasing Unit also confirmed the details of the

TIBCO ESB contract were not uploaded until 9 December 2008, although the contract was entered into on 31 May 2007.

184.Operation Tabour observed that details of the B5 Fujitsu contract were not reported in the Victoria Police’s Annual Report 2006-07 and took the view that details of this major contract were deliberately withheld from executive management by Ms Berzins.

Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

Conclusions

185.Irrespective of urgency, identified need and the availability of funds

(in this case in the order of $200 million), the procurement process of a public entity must be approached diligently and with due regard for proper planning and sound administrative practices. Accountability and working within an established policy framework are also obvious requirements.

186.The outcome for Victoria Police as a result of the agreement of 16 November 2006, for Tower 1, was that Victoria Police traded away $4.110 million in service performance over the life of the IBM contract against an increased commitment of $1.284 million to fund additional DASD and LEAP support (leaving aside the value of any annulled abatements). This resulted in a reduced value for money outcome for Victoria Police of approximately $2.826 million over the life of the Tower 1 contract.

187.The outcome of new arrangements for the Tower 2 contract with IBM was that Victoria Police traded away $2.07 million in service

performance guarantees over the life of the contract also (leaving aside the value of any annulled abatements and maintenance of hardware provided under previous contracts that had been traded away).

188.I do not accept the argument advanced by Mr Brown that the agreement did not result in a financial outcome but rather a service level agreement outcome for Victoria Police. It fails to recognise the value for money impact on Victoria Police, and as such I believe consideration should be given to making a further breach declaration to the Victorian Government Purchasing Board with regard to this variation.

189.The agreement of 16 November 2006 with IBM represents a failure by Ms Berzins and Mr Brown, as the senior BITS executives with carriage of these matters, to comply with procurement policy and sound administrative principles.

190.I do not agree that the agreement of 16 November 2006 was intended to compensate IBM for loss of income upon the adjustment of security services that was to follow in March 2007.

191.I consider that the procurement of the Victoria Police B5 capacity was not subject to the full tender and procurement process required by Victorian Government Purchasing Board Procurement Policies.

192.I am satisfied that BITS management did have some preliminary discussions with the Director, Business Management in relation to the proposed funding of the B5 contract, and on this basis considered that approval was provided. However, I consider that approval would not have been provided had it been made clear that the proposed funding arrangements would have resulted in Ms Berzins’ signing of an agreement some $15.6 million above the amount authorised by the Minister.

Victoria Police traded away $4.110 million in service performance over the life of the IBM contract.

The agreement represents a failure by the senior BITS executives with carriage of these matters to comply with procurement policy and sound administrative principles.

Major information technology procurement 43

 

BITS management encouraged, or at least tolerated, a ‘just do it – at any price’ approach.

44

www.ombudsman.vic.gov.au

193.The legal advice obtained regarding the B5 contract by Mr Brown in November 2006 provided a clear warning that obligations may be incurred or met only within the limits conferred by the

Minister administering the department, and is in fact a limitation on expenditure.

194.This advice appears to have been ignored by Mr Brown when the $27 million contract with Fujitsu was signed by Ms Berzins on 13 March 2007 and witnessed by Mr Brown. Mr Brown was also directly

involved in, and central to, the identifying of further funds from other sources to meet the increased commitment. I consider that Ms Berzins and Mr Brown failed to exercise due diligence and attention to policy and administrative requirements, and so fell well short of fulfilling their employment responsibilities with Victoria Police.

195.It would appear that senior BITS management encouraged, or at least tolerated, a ‘just do it – at any price’ approach to the ‘tech refresh’ from 2004 onwards. A number of Victoria Police employees and some private sector service providers said that this approach underpinned many of the decisions taken by Victoria Police during procurement and contract management.

196.I note that the former Chief Commissioner’s advice of 12 February 2009 to the Minister, the Accredited Purchasing Unit and the Victorian Government Purchasing Board concerning broader strategies to ensure similar situations do not reoccur simply repeated many previous undertakings.

197.I am satisfied that payments made to IBM of $601,000 for the helpdesk price adjustment and $310,000 for works undertaken in respect to the Enterprise Data Room Relocation Project were not made as compensation to IBM for the loss of what would become the B5 project as has been alleged.

198.The failure of BITS to publish details of the Tower 4, Fujitsu B5 and TIBCO contracts on the Contracts Publishing System website within the required 60 days has only added to suspicion about the process, and in my view also represents a breach of the Victorian Government Purchasing Board guidelines.

199.It is clear that during 2006 a decision was reached by Mr Brown and Ms Valda Berzins, in consultation with the Technical Standards and Architecture Group, that the Victoria Police requirement for an ESB service would not be put to open tender and that TIBCO would

be contracted to provide the service. The process was driven by expediency on the basis that a substantial discount would have been secured if the contract was signed by 31 May 2007. The prospect of securing a Whole-of-Victorian-Government contract was advanced as further reason to engage TIBCO at the discounted price and to add urgency to the process.

Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

200.The lack of meaningful market testing meant Victoria Police was never in a position to properly determine whether value for money was likely to be achieved from the $20.1 million expenditure of public monies.

201.BITS reliance on a market scan provided through the preferred vendor represents a clear breach of responsibilities, judgement and probity requirements.

202.Despite various assertions, notably by Mr Brown, that Whole-of-

Victorian-Government benefits would flow from the Victoria Police contract with TIBCO, it seems that there is still some confusion as to whether this has been achieved. I am of the opinion that the flow-on effects were overstated by BITS and that the opportunity to negotiate a proper Whole-of-Victorian-Government contract was missed due to a compromised procurement process that was largely dictated by the vendor.

203.I am also satisfied the discount offered if the contract was signed by 31 May 2007 was over-stated to add urgency to Victoria Police’s desire to engage TIBCO. BITS management, the Accredited Purchasing Unit and the Victorian Government Purchasing Board appear not to have given close consideration to what the stated ‘92.6% off list price’ actually meant. As noted by Hub, a 92.6 per cent discount off a list price is somewhat meaningless without any comparative competitor analysis.

204.Had there been greater questioning and challenge at any of the key decision points in the TIBCO procurement, better financial and administrative outcomes for Victoria Police may have resulted. I am also satisfied that there was a failure to undertake the necessary planning and timely preparation of documentation required to comply with Victorian Government Purchasing Board Procurement Policies.

205.Over the past 8 years, BITS management and its predecessors have failed to adequately address issues brought to their attention

concerning communication tower facilities. I am of the view that, as a result, public funds have been wasted.

206.The contrasting views expressed by Ms Berzins and others with regard to who was ultimately accountable for the state of the Communication Tower Lease arrangements is in my view, indicative of an uncoordinated approach to project management in BITS.

That significant financial savings have been recently identified in addressing many of these leases only further highlights the relative ease with which this issue could have been addressed years ago.

207.I consider that the financial management of communication facilities requires immediate investigation and audit to determine whether public monies have been misused.

The lack of meaningful market testing meant Victoria Police was never in a position to properly determine whether

value for money was likely to be achieved from the $20.1 million expenditure of public monies.

BITS reliance on a market scan provided through the preferred vendor represents a clear breach of responsibilities, judgement

and probity requirements.

Had there been greater questioning and challenge at any of the key decision points, better financial and administrative outcomes for Victoria Police may have resulted.

Major information technology procurement 45

 

www.ombudsman.vic.gov.au

Recommendations

I recommend that Victoria Police:

Recommendation 1

Develop and implement a policy that prohibits adjustment to any contracts over a specified monetary value without prior approval, according to Victorian Government Purchasing Board Procurement Policies.

Victoria Police response:

Recommendation accepted.

Recommendation 2

Establish and appropriately resource a central major projects management facility to be responsible for the procurement and major contract management responsibilities allocated to BITS, Procurement Management Division and other areas of Victoria Police.

Victoria Police response:

Recommendation accepted.

Recommendation 3

Remind the Victoria Police Audit Committee that its role extends to critically appraising and challenging information it receives with a view to providing the Chief Commissioner with informed advice about financial and organisational risk management and internal controls.

Victoria Police response:

Recommendation accepted.

Recommendation 4

Remind the Accredited Purchasing Unit of the need to arrive at evidence based decisions.

Victoria Police response:

Recommendation accepted.

Recommendation 5

Review the arrangements and viability of all communication tower facilities.

Victoria Police response:

Recommendation accepted.

46 Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

Recommendation 6

Commission an independent audit of expenditure committed to communication tower facilities over the past five years to determine if public monies have been improperly expended.

Victoria Police response:

Recommendation accepted.

Recommendation 7

Take immediate action to ensure that a full disclosure of the Fujitsu B5 contract is made on the Central Register of Major Government Contracts in accordance with Victorian Government Purchasing Board Procurement Policies and Government directions.

Victoria Police response:

Recommendation accepted.

Recommendation 8

Take appropriate remedial action to address the failure to declare all major contracts in its Annual Reports.

Victoria Police response:

Recommendation accepted.

Recommendation 9

Review practices and procedures to ensure compliance with Victorian Government Purchasing Board Procurement Policies requiring

the disclosure of major contracts in the Central Register of Major Contracts within 60 days of a relevant contract being entered.

Victoria Police response:

Recommendation accepted.

Major information technology procurement 47

 

My investigation examined the validity of a number of these reviews, audits and investigations.

48

www.ombudsman.vic.gov.au

5. PREVIOUS AUDITS, REVIEWS AND INVESTIGATIONS

208.My investigation is the latest in a series of reviews, audits and investigations, both internal and external, conducted into matters relating to BITS since August 2006. Each has identified numerous examples of:

poor and non-compliant procurement practices and exercise of financial delegation

breaches of internal and external policies

questionable value for money from multi-million dollar contracts

poor financial decision making.

209.My investigation examined the validity of a number of these reviews, audits and investigations and the action taken by Victoria Police in response to them.

The Corporate Management Review Division audits

210.The Standing Directions of the Minister for Finance require that Public Sector Agencies establish, maintain and resource an internal audit function. The work is to be carried out by suitably qualified staff, independent of management and free of operational duties.

211.Internal audits for Victoria Police are undertaken by the Corporate Management Review Division (CMRD). The Victoria Police’s Annual Report 2007-08 identifies the areas of responsibility of CMRD as:

business continuity

financial auditing

governance and audit executive

IT auditing

operations assurance

risk management.

212.CMRD undertook three reviews of BITS contractor engagement and exercise of financial delegations between July 2007 and May 2008.

213.The first CMRD audit, conducted during July 2007, recommended a full review of the engagement of contractors by BITS; that the Chief Commissioner approve the establishment of a steering committee, chaired by a Deputy Commissioner, to consider the recommendations and oversee implementation; and that financial delegation breaches be brought to the attention of the Chief Commissioner, Victoria Police

Audit Committee, the Victoria Police Chief Finance Officer (CFO), the

CIO and the Accredited Purchasing Unit.

Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

214.In November 2007, the second CMRD audit, undertaken largely because it appeared that BITS and Victoria Police executive management had not effectively responded to the findings of the first audit, made 68 further recommendations.

215.In February 2008, CMRD commenced a third audit because it considered breaches of financial and procurement policies continued unabated. The third CMRD audit, completed in May 2008, reported a ‘culture within BITS of subverting Victorian Government Purchasing Board guidelines’ and found it was still common practice for contractors to be engaged at a cost ‘just under $100,000’, without due regard for cumulative expenditure. This was a practice that had been identified during the first CMRD audit 10 months earlier.

216.CMRD reported in its third audit that the Accredited Purchasing Unit had ‘failed to provide governance and clear unambiguous guidance to BITS, allowing the breaches to continue unchallenged’.

Unacceptable file management practices were said to be ongoing, confusion remained regarding the engagement of contractors and a lack of accountability and defective management continued within BITS.

217.CMRD also identified the need to refer possible conflict of interest issues and breaches of the Victoria Police Manual (VPM) for criminal investigation and an urgent need for an independent audit of the performance and structure of the Accredited Purchasing Unit.

218.It is clear that over 10 months the CMRD audits brought to the attention of Victoria Police executive management details of alleged administrative deficiencies. These included possible breaches of the

Code of Conduct for Victorian Public Sector Employees of Special Bodies, the Chief Commissioner’s Code of Conduct, Victoria Police’s policies and procedures, Victorian Government Purchasing Board Procurement Policies and in CMRD’s view, the possible commission of criminal offences.

219.The minutes of the Victoria Police Audit Committee meeting of 28 October 2008 include a status report concerning a total of 85 recommendations from the first and second CMRD audits of BITS.

The officer in charge of CMRD, Commander Terry Purton, reported to that meeting that there were then 84 completed recommendations and one outstanding which could take a year to implement, pending new software becoming available.

Blurring of roles

220.Several interviewees said CMRD exceeded its charter, became directly involved in ‘investigative activity’ and engaged in practices unsuited to the role of an audit and review area, particularly in relation to its second and third audits. At interview with my investigators on 17

March 2009, Commander Purton said CMRD had a lot of difficulty conducting the audits. He said:

Previous audits, reviews and investigations

The second CMRD audit was undertaken largely because it appeared that BITS and Victoria Police executive

management had not effectively responded to the findings of the first audit.

CMRD exceeded its charter, became directly involved in ‘investigative activity’ and

engaged in practices unsuited to the role of an audit and review area.

49

 

www.ombudsman.vic.gov.au

and on, I think, two – at least two separate occasions we tried to engage the services of ESD [Ethical Standards Department] to assist, and we were unable to do so. They didn’t come on board

But as I sort of stressed to my people all the time, that it’s not our role to tell the Chief Commissioner how to run Victoria Police.

It’s our job to actively report on our findings, and any action to be taken against Valda [Berzins] would be a decision made by the

Chief Commissioner of Police. But we certainly recommended that all the matters should be fully investigated and Valda should be interviewed and then it was up to Dave [Sprague], and I think the Director of Public Prosecution will make a decision whether or not there were any criminal charges involved …

221.Commander Purton also said there was a lot of conjecture regarding the BITS audit concerning audit versus investigation and that if ‘in an area there are pretty severe sorts of problems and monies going missing, or this or that, well see that’s an investigation, which is done by ESD [Ethical Standards Department], and there’s a fine line’.

Commander Purton said:

and you know we did a lot of soul searching after the BITS

review where, in future, if we reach a point with some things – because we went sideways to ESD, where probably in reality we needed to go direct to the Chief Commissioner and [say] ‘It’s time for us to stop. There’s criminality here, there’s huge problems’. And then Christine [Nixon] would direct the AC [Assistant Commissioner] ESD, ‘You better pick this up’. Or conversely, there’s an agreement between us and ESD that we would finish the audit, we wouldn’t do the investigation, and then just give

it all to them. But we are a separate entity. In early January 2008 Commander David Sprague, the investigator appointed to undertake Operation Tabour, was briefed by members of CMRD in relation to the BITS Phase 2 audit. Two specific issues were identified relating to payment for an ICT Christmas function and payment for a meal using a Victoria Police purchasing card where a meal claim was also made. This information concerning the origins of Commander Sprague’s investigation was included in his investigation report dated 29 February 2008 to Assistant Commissioner Cornelius, ESD.

222.One issue referred by CMRD to Commander Sprague’s criminal investigation was the drawing of a Victoria Police cheque in the amount of $2,712.50 to pay for a BITS end of year function.

223.Commander Purton said at interview on 23 June 2009 that he briefed then Chief Commissioner Nixon regarding the issues identified in the first two CMRD audits, adding that he nominated an experienced investigator, Commander David Sprague to undertake an investigation of the issues identified by CMRD. Commander Purton said that at Commander Sprague’s request CMRD provided initial assistance to the criminal investigation, including assisting with

the gathering of evidence, taking of statements and interviewing of witnesses.

50 Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

224.My investigators asked both Assistant Commissioner Cornelius, the officer in charge of ESD, and Commander Purton to comment on whether the CMRD charter included taking witness statements concerning alleged criminal and disciplinary allegations in

circumstances where an investigation had been instigated on the basis of CMRD’s findings.

225.At interview, Commander Purton spoke of the difficulty sometimes experienced in distinguishing between audit and investigative activity, and where the role of CMRD ended and an investigation was required into possible disciplinary or criminal activity. He said he was aware of concerns expressed in this regard by management, employees involved in the audit process, and external reviewers

of the role and functions of CMRD and CMRD staff. Similarly, Commander Purton said that on occasions it may be appropriate for CMRD staff to undertake broader enquiries and take formal

statements. He said that this had been done in the matter investigated by Commander Sprague to assist the process and in view of the lack of resources available to the Commander.

226.Assistant Commissioner Cornelius stated that ESD was not approached to assist in the conduct of Commander Sprague’s investigation or the CMRD audit. He said at interview that he had not been involved in Commander Purton and the Chief Commissioner’s decision to refer the investigation to Commander Sprague. He said that process was not consistent with policy, which would have seen the matter referred to ESD for assessment and, if warranted, allocated for investigation.

227.Commander Sprague’s view of how he came to be tasked with conducting the criminal investigation and the circumstances that led to his seeking of assistance from CMRD differs from that of Assistant Commissioner Cornelius. Commander Sprague said he understood ESD had indicated it did not have the resources to conduct the required investigation and that the Assistant Commissioner also wanted to retain his independence knowing that he would be eventually called upon to consider the subsequent criminal brief. Commander Sprague advised:

I was firmly of the view that an independent body of investigators should be available to take immediate action once audit anomalies are discovered. In this case it should have been the Ethical Standards Department but they refused to take the investigation.

228.Victoria Police policy provides that ESD has carriage of the assessment of allegations or complaints concerning possible disciplinary breaches by VPS employees of Victoria Police, alleged breaches of the Code of Conduct and related possible criminal conduct. ESD is given responsibility for determining appropriate action, monitoring progress and, generally, determining outcomes.

ESD was not approached to assist in the conduct of Commander Sprague’s investigation or the CMRD audit.

Previous audits, reviews and investigations 51

 

www.ombudsman.vic.gov.au

229.In relation to CMRD’s role, in April 2009 Deloitte consulting presented findings of a Strategic Review of the Corporate Management Review Division commissioned by CMRD. Deloitte found there were clear opportunities for further improvements to be made to the CMRD operating model. CMRD did not support the report’s recommendation that sworn positions be converted to unsworn positions in order to increase the focus on IT auditing.

230.Deloitte also recommended that, in future, applications for the Commander CMRD role should be sought from both internal and external candidates to select the optimal mix of professional auditing, risk management and commercial skills applicable to a public sector organisation like Victoria Police. Deloitte observed that CMRD is ‘one of 21 operational units directly reporting to the CCP [Chief Commissioner of Police]’ but that while the reporting line suggested a degree of independence, ‘the frequency and efficacy of this reporting relationship, and the predominance of the reporting to Victoria Police Audit Committee and various of the six Standing Committees, means that the independence may exist more in form than in substance’.

Operation Tabour

231.Operation Tabour was a criminal investigation led by Commander David Sprague which commenced in April 2008. Its initial terms of reference included breaches of discipline, Code of Conduct issues, and possible criminal conduct arising from the management of a number of BITS projects and procurements, including:

Airlie Leadership Development Centre contract

Fujitsu B5 contract

The Thin Blue Line funding process

Contractor engagement.

232.These were matters raised by the first two CMRD audits and it was

Commander Purton’s recommendation that Commander Sprague be tasked to conduct the criminal investigation into these matters.

233.CMRD provided assistance to Operation Tabour to interview witnesses and take statements in relation to a BITS Christmas function, which has also been the subject of CMRD’s earlier audit activities.

234.Despite the inclusion of disciplinary matters in his original terms of reference, Commander Sprague stated he was directed to focus solely on criminal matters. Commander Sprague advised:

I was advised by the then Deputy Commissioner to ascertain if any criminal offences had occurred. It was made quite clear to me on more than one occasion that any disciplinary matters were to be referred to the Assistant Commissioner Ethical Standards Department at the completion of the investigation.

52 Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

235.My investigation identified that the assigning of the investigation of possible criminal behaviour of Victoria Police employees to Operation Tabour was not consistent with established practice, and that ESD generally undertook such enquiries. Assistant Commissioner Luke Cornelius said:

An adverse audit finding if it touches on alleged serious misconduct or criminal conduct should of course be reported to us. … I agreed that it was appropriate for Dave Sprague to lead a small team to take that investigation forward, with a view ultimately

to David [Sprague’s] investigation findings being reported to me and then obviously any brief of evidence which might arise out of the investigation also being provided to me for consideration and potential authorisation in keeping with Victoria Police policy.

236.While acknowledging that the tasking of Commander Sprague to undertake this investigation was ‘outside normal policy’, Chief Commissioner Overland responded that the Police Regulation Act 1958

‘enables the Chief Commissioner to appoint any officer to undertake an investigation’.

237.At interview, Mr Overland said that at the time of commissioning Operation Tabour he was concerned for a variety of reasons. He said:

I was very strong, from the outset, that it needed to focus on the criminal allegations and that was because of a couple of reasons. This whole process had been going on for a long time; the audit and everything else. I was trying to balance a couple of things. One

is to deal with what seemed to be, at least in the minds of some, a clear perception of criminality. And the only way to deal with it was to have an investigation, but at the same time somehow try and keep BITS running, because it provides critical services to the organisation.

238.Operation Tabour produced two investigation reports. On 11 December 2008 a report and brief of evidence concerning ‘allegation of improper behaviour committed by former Business Information Technology Services Department Senior Managers Ms Valda Berzins CIO and Mr John Brown at Melbourne during period 2006 to 2008’ was submitted to the Deputy Commissioner by Commander Sprague. Commander Sprague’s report and the brief of evidence were passed to the Assistant Commissioner Ethical Standards Department and referred for legal advice.

239.The second Operation Tabour report, dated 24 December 2008, dealt with ‘Allegations of engagement of contractors by circumventing approved Victoria Police process’. These allegations related to ‘contractors, unsworn member(s) and or sworn member(s) of Victoria

Police’ concerning possible ‘misconduct in public office, deception, conspiracy, falsifying documents and serious misconduct related to contractor engagement BITS’. As a result of the investigation Operation Tabour found that:

Previous audits, reviews and investigations 53

 

My officers located a large volume of documents, records and material retained in the office formerly occupied by Ms Berzins.

Hub consultants said they examined a number of unsigned documents that,

in their view, would have been signed had proper accountability been applied.

54

www.ombudsman.vic.gov.au

… the correct practices and policy for procurement of contractors within BITS were blatantly disregarded by senior managers

and employees, who were involved in unethical, dishonest and deceptive practices.

240.Soon after Mr Brown ceased employment with Victoria Police in

January 2008, his former office was sealed and access to records was limited to Operation Tabour staff and persons approved by Operation

Tabour. My investigation has identified that no such action was taken in relation to the office and work area utilised by Ms Berzins, despite her status as a person of interest to the investigation.

241.On 28 and 29 May 2009 my officers located a large volume of documents, records and material retained in the office formerly occupied by Ms Berzins. Cabinets in an adjoining area also contained indexed files and less formal records. Purchase order books, accounting records, contractor engagement records, handwritten notes, including records of matters discussed at meetings with the former Chief Commissioner and other original documents were located. Relevant disks and electronic records were also examined.

The Hub Consulting Report

242.Hub was engaged in April 2008 to undertake a value for money and governance review of 12 major Victoria Police contracts. After an initial report to the Assistant Director of the Procurement

Management Division, which highlighted limitations resulting from lack of access to documents, Hub was given supervised access to documentation held in the office used by the former BITS Group

Manager, Mr John Brown, after his departure.

243.The final Hub report was submitted on 30 July 2008. The methodology used by Hub centred on compliance regarding documentation, governance, contract management, and an assessment of risk and value for money.

244.The principal consultants of Hub said they examined a number of unsigned documents that, in their view, would have been signed had proper accountability been applied.

245.The Hub consultants also identified that the original letter of settlement of 16 November 2006 signed by IBM and Ms Berzins (which was to become important to the Hub review and Operation

Tabour investigation), was not on file and could not be located.

246.In relation to this particular record Mr Brown told my investigation that he was confident that he knew of the location of the document at the time of his resignation but could not ’speak for what happened’ thereafter.

247.Chief Commissioner Nixon referred the Hub report to Operation Tabour. It was not distributed more widely within Victoria Police at that time because it named a number of people in connection with recommended further enquiries.

Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

248.Hub provided advice to Operation Tabour so that investigators might better understand the commercial and technical aspects of IT procurement and contract management. Many of the assertions and recommendations in the Hub report became central themes in the subsequent brief of evidence and findings generated by Operation

Tabour.

249.While Ms Berzins still occupied the position of CIO, Hub had a number of discussions concerning where documentation might be located in BITS. Hub said at interview:

… almost without exception everybody said to us John Brown’s office is where the documentation is. Valda [Berzins] has a very hands-off approach to managing the contract function. She let John [Brown] do it all and he was the key mover and shaker behind running that function within the BITS organisation … we didn’t make any requests of her and that was primarily because her executive confirmed to us that she doesn’t have copies of documentation that they sat in John [Brown’s] office.

250.Hub found that BITS documentation management system was ‘almost non existent’. It referred to a lack of capacity to trace payments against milestones and it was identified that BITS considered projects from a technical point of view rather than from a disciplined and methodical project management perspective.

251.I note that after receiving the Hub report Victoria Police amended BITS procedures. It required that the Procurement Management Division oversee procurement practice and introduced other control measures. At interview, one principal of Hub expressed the view that:

Victoria Police [needs to set up] a specialist project management organisation, not what they’ve got there at the present moment. They’ve got an organisation in BITS called PMO and all that is, is a process. So what they’re doing is pushing in reports, paperwork goes in there but it has no material substance. What they need to do is to set up a group or an organisation in there, specialist project management organisation and they can form the core for all of these larger type programs. And then you pull in you know, from the matrix management type regimes, pull in the specialists that you require.

The Saha International Report

252.In September 2008, Saha International (Saha) undertook a gap analysis of BITS expenditure versus conferral in relation to a number of major IT contracts, including those discussed in this report. Based on information provided by Victoria Police, Saha estimated the resulting ‘additional conferral required’ to be around $89.5 million including GST.

Previous audits, reviews and investigations 55

 

The Saha report became the starting point for Victoria Police’s further assessment of the financial impact arising from the Towers contracts.

56

www.ombudsman.vic.gov.au

253.In response to the Saha report Ms Berzins stated:

Unfortunately, SAHA did not take into account that from the period between Feb and June of the year that the contracts expire, that a new contract and funding is in place. They assumed nothing is in place – no contract and no money, making their analysis of limited use and their conclusion re additional conferral incorrect. It also put great doubts in my mind re the other assumptions they had used to do their calculations as the one I could see that they got wrong was so fundamental.

254.The Chief Finance Officer and Acting Group Manager of Business and Planning at BITS both accepted the methodology applied by Saha as valid. It was based on the information provided by Victoria Police.

Nevertheless, both senior officers took the view that some projections in the Saha report were based on incomplete financial assumptions.

As a result, the Saha report was subjected to a Victoria Police internal re-work which resulted in Saha’s estimate of the difference between budget and likely expenditure of $89.5 million being re-calculated by Victoria Police to be in the order of $39 million. I note that this re-working took place after Ms Berzins’ departure.

255.I asked the Acting Group Manager to comment on the re-working. He said:

We found the Saha methodology really good. It’s pretty simple. It says you start here and you make some assumptions, you end up here and there’s a gap in the middle. There’s nothing wrong with the methodology, but the assumptions and the numbers hadn’t been worked through, and that’s what we did over the three months coming into March was to then test the assumptions and get some real robustness around them. Saha did a lot of work at that time, which was asking people who didn’t have the answers, or made the wrong assumptions, and as good consultants they built it in and out popped a number at the end …

256.The Saha report became the starting point for Victoria Police’s further assessment of the financial impact arising from the Towers contracts.

The Acting Group Manager said, ‘[there’s a] dearth of corporate memory, so we went back and we have re-structured the entire thing and gone back, as I said, from virtually day one and tried to do a reconciliation and then built as part of this, saying “Well, you can’t do everything, otherwise you will have a significant blow out in the region of what Saha had indicated”, which was around $90 million’.

257.I note that Victoria Police is conducting a further audit of the remaining 74 IT contracts managed by BITS and that this audit is due to be completed by the end of the 2009 calendar year.

Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

258.The Chief Finance Officer was asked if there was any concern regarding expenditure recorded by BITS. He responded that there was nothing coming through documentation or the ‘bottom line’ that caused any concern. The only concern raised with BITS was that it was not reporting as required in relation to funding for individual IT contracts. He said:

For example, an annual amount for those contracts may have been say $50 million. They have had only 45 against that and some were located in a different area. So the bottom lines were all matching up but the expenditures weren’t actually being recorded against the allocations and we were trying to get them – for better reporting, get them to line those particular issues up.

259.Despite the services provided by the Chief Finance Officer, charters of the Victoria Police Audit Committee and the Finance and Physical Resources Standing Committee, and relevant individual responsibilities, it was not until around September or October 2008 that a substantial overspend by BITS became apparent. The Chief

Finance Officer was asked why Victoria Police’s systems of financial oversight did not recognise that a financial problem was emerging until that time. He responded:

Well, in July and August, we’re probably not concentrating as much on that year, it’s more finishing the year before, so we do our first review as – that’s in the quarter … and that’s where we raised the issue in the documentation that goes to the Finance Committee, the Audit Committee and then obviously that’s the reason why

we asked, as we did, for more investigations, we had some of our people working upstairs in the BITS area to try to get a better understanding of what was happening in that area, to do some

analysis work and as we went through the month we became more aware it didn’t appear to be just a one-off issue, it was an ongoing issue and that’s when we requested Valda to come to the meeting and then we got more of our people involved in doing some of the analysis at that period of time.

260.In response to the suggestion that BITS overspent, Ms Berzins stated:

I disagree that the expenditure ‘spike’ was largely caused by decisions made by John Brown and myself. Firstly, John and I are both qualified senior accountants. Secondly, after John’s departure, many in the BITS executive team blamed John Brown for most problems, whatever they were. Now with my departure, it looks like it is easy to blame the one who isn’t there.

Thirdly, I have been a CIO or equivalent title for over 15 years. In all that time I have lived within budget.

261.Mr Brown also responded on this issue, stating:

All my recommendations were referred to the CIO for decision. I was not a decision maker I analysed and recommended. Further the CIO was employed for a longer period of time than I was at Victoria Police and as such should have been more familiar with Victorian State Government policies and procedures.

Despite the services provided by the Chief Finance

Officer, charters of the Victoria Police Audit Committee and the Finance and Physical Resources Standing Committee, and relevant individual responsibilities,

it was not until around September or October 2008 that a substantial overspend by BITS became apparent.

Previous audits, reviews and investigations 57

 

The Surveillance Devices Act 1999 prohibits the use of a listening device to record a conversation to

which the person is not a party.

58

www.ombudsman.vic.gov.au

Covert recordings

262.The Surveillance Devices Act 19994 prohibits the use of a listening device to record a conversation to which the person is not a party, without the express or implied consent of each party to a conversation. Exemptions exist regarding the ‘use of a listening

device by a law enforcement officer’ to record a private conversation to which he or she is not a party if at least one party to the conversation consents to the recording; the law enforcement officer is acting in the course of his or her duty; and it is reasonably believed that it is necessary to record the conversation for the protection of any person’s safety. Exemptions also exist regarding the communication or publication of a record of a private conversation without consent.

263.Operation Tabour utilised covert recording equipment to record conversations with potential witnesses, a subject of the investigation and other persons during its investigation without the knowledge or consent of the other parties to the conversation.

264.In one covert recording with a subject of the investigation, Commander Sprague attempted to encourage the person to provide information and make admissions. He assured the person that the conversation was not ‘on the record’. Transcripts of covert recordings were subsequently prepared, copied and attached to files.

265.In responding to my concerns about covert recordings, Commander Sprague stated:

The practice of covertly recording witnesses is not illegal and in fact is widespread within Victoria Police and other investigative bodies … This can be very useful in rebutting incorrect statements and complaints at a later date. The fact that this transcript was included on the Criminal brief shows that this procedure was open and transparent. The actual legal position of whether or not this information was admissible is a matter for the Office of Public

Prosecutions.

266.CMRD members also provided a digital recorder to a VPS employee from BITS and instructed the employee in its use and how to conceal the recorder from the other party to the intended conversation. The employee then recorded a conversation with a BITS manager away from the Victoria Police workplace with the intention of gaining evidence against that person. CMRD attached a transcript of the covert recording to files and copied it without the knowledge or consent of the other party to the conversation.

4 Surveillance Devices Act 1999, Part 2 – Regulation of Installation, use and maintenance of surveillance devices, section 6(2).

Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

267.My investigating officers interviewed the VPS employee who covertly recorded the conversation. The VPS employee related a telephone conversation with a CMRD officer when the officer is alleged to have said:

Yeah – ‘After the information that I provided and the trouble that we’d stirred up for them [the manager] was out to get me. Don’t trust [the manager] as far as you can throw [him/her] … I’m pretty sure that they’re looking at your emails, things like that. You really need to probably record this because either [the manager is] going to tell you something that, you know, [he/she] doesn’t want you to – you know, tell you something that might be helpful to us or [the manager is] going to try and bully you or something like that, in which case you need to have hard evidence that that’s what [he/ she] is doing’.

268.The witness also said:

They gave me a brief rundown on how I needed to, you know, initiate the tape conversation, I suppose. I had to go and stand in the parking garage just outside of the café and go through my

name, date, time, all that sort of thing, and then walk through into the café.

and the general principle behind it was that if any of us were going to a meeting that might impact on what they were looking at we should take it [the recorder].

269.A second meeting, this time with two other employees, was also recorded using the device provided by CMRD. The recording was then allegedly played to a further two employees not attached to CMRD and not parties to the conversation.

270.When asked to explain the CMRD involvement in the use of the covert recorder, Commander Purton said it was provided for the protection of an employee whose welfare and career CMRD had become concerned about.

271.The Commander said he thought that police could use covert recorders without the knowledge of the parties to the conversation and said:

from my understanding it wasn’t to be used for investigative purposes and investigation, it was just to be used for the purpose to say if this is an accurate, this is an account of what was said to protect [the employee] …

272.In relation to my preliminary views on this matter, Commander Purton wrote on 5 August 2009:

The witness was provided with a covert tape recorder as this person believed he could have been threatened/intimidated. It was important to record this. From memory it did in fact occur. There were veiled threats made …

Previous audits, reviews and investigations

There was no directive on the use of ‘covert taping’ other than the general expectation that employees comply with the Surveillance Devices Act 1999.

59

 

Victoria Police executive management did not respond

adequately or in a timely fashion to the issues raised or the recommendations made by CMRD.

This has resulted in inefficiencies, duplication of effort

and the misdirection of public funding.

I consider that Victoria Police management permitted an environment to develop where two senior BITS staff committed Victoria Police to unfunded multi-million dollar IT projects.

60

www.ombudsman.vic.gov.au

273.Assistant Commissioner Cornelius said there was no directive on the use of ‘covert taping’ other than the general expectation that employees comply with the Surveillance Devices Act 1999. In

circumstances where ESD identifies the justifiable need to use a covert recording device then, the Assistant Commissioner said, application for approval of the use of a listening device is made.

Conclusions

274.It is clear that, from at least October 2006, Victoria Police executive management was alerted to the need to focus on best practice IT procurement and Accredited Purchasing Unit/Victorian Government Purchasing Board procurement policy. Yet the underlying issues

in a number of 2006 recommendations re-emerged in later years, unresolved and accompanied by more serious financial and administrative consequences. The issues included the need for attention to detail in financial record-keeping and strict compliance with delegated authority, authorisations and conferrals.

275.I consider that Victoria Police executive management, particularly Ms Berzins, did not respond adequately or in a timely fashion to the issues raised or the recommendations made by CMRD.

276.The expenditure ‘spike’ largely caused by the decisions taken by former BITS Managers, Ms Valda Berzins and Mr John Brown, should have been identified by executive management earlier than

September–October 2008.

277.Victoria Police had the opportunity to be guided by the experience of like agencies and access to a wide range of information when considering the procurement and management of major IT contracts

and systems. This information was readily available to Victoria Police, yet my officers were repeatedly told at interview that inadequate direction and guidance was provided by management. This has resulted in inefficiencies, duplication of effort and the misdirection of public funding.

278.I consider that Victoria Police management permitted an environment to develop where two senior BITS staff committed Victoria Police to unfunded multi-million dollar IT projects.

279.In response to my preliminary conclusion in this regard Ms Nixon stated:

The behaviour may have exposed Victoria Police to potential unfunded liabilities, but this exposure was never realised.

280.I do not believe that the action taken to date or planned by Victoria

Police in relation to BITS is sufficient to provide the dedicated, concentrated focus that is required to ensure compliance with policy and provide a professional procurement and contract management service.

Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

281.Once tasked to undertake the investigation of possible criminal and disciplinary matters, Commander Sprague should have been made more clearly and directly accountable to ESD and investigative resources should have been made available by ESD command. Operation Tabour’s focus on potential criminal matters only meant that potential breaches of the Code of Conduct were not investigated.

282.I also consider that CMRD officers became involved in an investigative process outside the audit role of CMRD. I consider that the audit and reporting functions currently allocated to CMRD should be outsourced to an external service provider. Victoria Police would be better served by the resulting specialist expertise, independence, added transparency and clarity that outsourcing would bring to the audit role.

283.Victoria Police does not have in place adequate guidance to staff concerning the use of covert recorders/listening devices and the subsequent publication and communication of recordings. I am of the view that the use of covert listening devices in connection with audits and general disciplinary and Code of Conduct enquiries is not appropriate and not within the spirit and intent of the legislation.

284.The Chief Commissioner informed me on 24 September 2009 that the ‘Assistant Commissioner ESD has now considered the brief of evidence’ presented by Commander Sprague in relation to Ms Berzins and Mr Brown and that the brief will not proceed.

285.I am of the view also that there is no evidence to support the allegations of criminal conduct on the part of BITS senior management.

I consider that the audit and reporting functions currently allocated to CMRD should be outsourced to an external service provider.

Victoria Police does not have in place adequate guidance to staff concerning the use of covert recorders/listening devices.

Previous audits, reviews and investigations 61

 

www.ombudsman.vic.gov.au

Recommendations

I recommend that:

Recommendation 10

Victoria Police review the functions performed by the Corporate Management Review Division to determine if its functions should be outsourced to enhance the professionalism, capacity and independence of the role.

Victoria Police response:

Recommendation accepted.

Recommendation 11

Victoria Police review the terms of reference of the Corporate Management Review Division (or its replacement service) to ensure that the demarcation between ‘audit’ and ‘investigation’ is clearly understood and applied.

Victoria Police response:

Recommendation accepted.

Recommendation 12

Victoria Police develop and promulgate a policy and procedure for staff in relation to the covert use of listening devices to record conversations, consistent with the provisions of the Surveillance Devices Act 1999. A copy of that policy should be provided to my office within three months.

Victoria Police response:

Recommendation accepted.

62 Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

6. KNOWLEDGE MANAGEMENT, RECORD-KEEPING AND GOVERNANCE

Knowledge management

286.Numerous witnesses, including BITS Managers, Victoria Police’s

Chief Financial Officer and Mr Brown, confirmed that after Mr Brown ceased employment with Victoria Police in January 2008, Victoria

Police employees experienced difficulty tracking previous financial transactions relating to the Towers contracts and understanding the rationale applied to fund ongoing commitments.

287.For example, because of ongoing difficulty understanding the IT

Towers expenditure and BITS budgetary position, the Manager of the Business Reporting Unit at BITS, met with Mr Brown after Mr Brown had left Victoria Police. Mr Brown made some notes for the benefit of the Manager of the Business Reporting Unit. In his statement to Operation Tabour, the Manager said, ‘Based upon this document

it is my understanding that the initial funding was expected to be $27.2 million, although this differs to [sic] the $26.6 million quoted in section 7 [pricing model] of the Fujitsu contract’. The following document contains the notes Mr Brown made for the Manager of the Business Reporting Unit, which became the primary Victoria Police record concerning the expenditure of some $28 million.

Illustration 2.

John Brown’s handwritten notes regarding B5 funding

Knowledge management, record-keeping and governance 63

 

Numerous documents were located in unregistered and informal files.

A number of decisions that were taken at a

committee level were not documented in signed records.

64

www.ombudsman.vic.gov.au

288.In response to the inclusion of the document in my report, Mr Brown stated:

This partial document should not be taken as typical of records maintained by BITS and particularly myself.

Record-keeping

289.During my investigation, numerous documents were located in unregistered and informal files and interviewees said that files they knew had been raised could not be located. Important documents were stored in suspension files and, where file covers had been created, many lacked appropriate descriptions or movement records.

290.Hub made similar observations, noting also ‘a number of decisions that were taken at a committee level’ were not documented in signed records.

291.While conducting an internal audit, the Procurement Management Division advised that a complete set of documents did not exist for most BITS contracts.

292.Mr Brown said he did not accept that his own records were incomplete. He said the CIO was ‘amazed many times’ at his ability to find the information she sought. Mr Brown also said:

In respect to record-keeping I basically kept everything including draft versions of contracts … My filing was generally behind and it was my PA’s role to keep it up-to-date but the workload seemed always to get in the way. Thus my filing could have been better but with limited staff available to me my filing was the victim. I do not accept that the documents retained by me in the course of my work were incomplete. I cannot speak for what occurred following my departure in relation to those documents.

Contract Security Deposit Register

293.Hub examined corporate guarantees (security deposits) held by Victoria Police in the form of Bank Guarantees or cheques required to be lodged under the terms of various contracts. It found there was no clear authority designated for the management of security deposits and many employees did not know who was responsible for security deposits. Hub also reported that several relevant Victoria Police employees were unaware of the existence of the Contract Security Deposit Register which appeared to be the only record of such deposits. Of 38 deposits recorded as received in the Contract

Security Deposit Register, 21 were more than five years old and 28 had no recorded date for return or clear statement as to their status. Hub found:

original instruments [bank guarantees or cheques] were not secured in a safe or other secure environment

administration of these legal documents is poor and there is no certainty that all such documents have been registered:

Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

the storage and control of the documents themselves is not consistent with good practice for documents of such legal and financial importance

the state of the register and the confusion as to the management of such documents should be addressed as a matter of priority.

294.My officers inspected the Register on 1 May 2009 and found that while there was an employee assigned to the safe-keeping of the register, there had been no employee responsible for its management since September 2008.

295.Until recently, the Contract Security Deposit Register consisted of an exercise book containing handwritten details, notes and attached papers. The first entry is dated 1993. The exercise book was recently replaced by an electronic spreadsheet.

296.The most recent entry in the Contract Security Deposit Register is dated 19 November 2007. The most recent recorded return of a security deposit occurred in March 2008. The last employee

responsible for the Register confirmed that it remained in essentially the same condition as it was when Hub inspected it in May–June

2008. He said that in the previous week or so a project officer had been identified to review the Register. This appears to have occurred after my officers interviewed the Assistant Director PMD, with whom the matter of the Contract Security Deposit Register was raised.

297.My investigators were told that the Contract Security Deposit Register did not record all contract security deposits received by Victoria Police. A Victoria Police employee said:

The only ones that I see are the ones that go through our area here, the Procurement Management Division. Now if someone is doing it in another department, we don’t get to see those and the Contract

Manager himself may hold onto the security deposit on the file or keep it secure there and we may never see it and that’s something the Project Officer here is looking at. Perhaps our – I don’t know,

APU Secretariat who monitor contracts, they might be the best people to look after it because they know when the contract’s expiring …

298.On the basis of this advice, the retention, timing and return of security deposits was clearly problematic and in large part dependent upon ad-hoc advice from individuals or follow-up by service providers.

299.Chief Commissioner Overland has since informed me that the Contract Securities Deposit Register is ‘under review and will eventually be incorporated in the Integrated Contract Management Solution’.

The retention, timing and return of security deposits was clearly problematic.

Knowledge management, record-keeping and governance 65

 

www.ombudsman.vic.gov.au

Conflict of interest and gifts

Policy context

300.The Code of Conduct for Victorian Public Sector Employees of Special Bodies which is binding on all VPS employees of Victoria Police notes that:

… sometimes even a perceived conflict of interest could jeopardise an employee’s reputation and that of Victoria Police. Employees are encouraged to develop and maintain professional relationships with individuals and groups in the community and the Code notes the need to be conscious these relationships could sometimes impair an employee’s ability to remain impartial. Where doubt exists, the policy provides, a possible conflict of interest must be resolved in favour of the public interest.

301.Both the Code of Conduct and the Victoria Police Manual provide that a personal gift or benefit may only be accepted if certain conditions are met, for instance if no reward or favour is expected in return and if the gift is not money and cannot be readily exchanged for money.

302.The Victoria Police Manual identifies that conflict of interest principles include circumstances where ‘employees allow their personal beliefs, associations or financial interests to interfere with the impartial performance of their duties’ and that ‘employees not directly or indirectly solicit or demand from any person or business a reward, commission (‘kickback’), loan, favour or other advantage or consideration’.

303.My investigation identified a ‘Donations and Sponsorship Register’ (donations register) held within Victoria Police’s head offices. A senior police officer from the area responsible for this register, the

Corporate Communications Division, told my investigators that the sponsorship and donations register does not contain details of all sponsorship or donations to Victoria Police. The senior officer said the completeness of the donations register depends upon each area of Victoria Police being aware of the requirement and submitting details to the Corporate Communications Division. The senior officer said compliance with the policy was at best patchy and inconsistent, and the use of the donations register was under review. Assistant Commissioner Cornelius of ESD expressed similar views.

Donation for the Business Information Technology Services

Department Christmas raffle 2007

304.The Phase 3 CMRD Audit of May 2008 identified that:

Around this time (December 2007) a number of vendors donated electrical equipment, including mobile phones, iPod, Microsoft product hamper, cameras, one monitor, external hard drives and gift vouchers. These gifts were to be used as raffle prizes at the BITS

Christmas party …

66 Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

305.CMRD found these gifts raised concerns given the vendors donating them were or had been involved in tendering for contracts of significant value with BITS. CMRD recommended conflicts of interest and breaches of the Victoria Police Manual be investigated by Operation Tabour.

306.Operation Tabour did not make any findings regarding alleged criminality or breach of discipline or the Code of Conduct concerning the receipt and disposal of gifts by BITS staff.

307.My investigation identified that prior to the BITS 2007 Christmas function, BITS staff contacted certain vendors and asked them to provide items that could be raffled with the proceeds going to the

Blue Ribbon Foundation. The Foundation is a community-based organisation incorporated in 1998 to perpetuate the memory of members of Victoria Police killed in the line of duty.

308.Ms Berzins said during interview that she had supported the idea and provided a list of vendors who could be approached. Ms Berzins said she also advised her Executive Assistant not to approach certain companies because ‘we were in contract negotiations with them’.

309.My investigation located a detailed set of documents recording the donations solicited for the 2007 BITS Christmas party. This included a schedule listing all vendors, the donations received, a record of which employee subsequently won each item following

the raffle, photographs of the items being presented to winning staff, photographs of each item on display at the function, and photographs of a poster displayed at the event to record each item and each donor organisation.

310.The money received for raffle tickets was counted and banked on the day of the Christmas function and a cheque for $1,586 was drawn and passed to the Blue Ribbon Foundation on 17 December 2007 with a covering letter from Ms Berzins asking that the Foundation thank the vendors for their donations. Ms Berzins provided a list of donors for that purpose.

311.The above evidence was corroborated at interview by the donors of the items and other Victoria Police staff.

312.Ms Berzins’ Executive Assistant was not interviewed by Operation Tabour. The facts and documentation generated surrounding the receipt of the donations could have been quickly established by an enquiry after the concerns were raised by CMRD in May 2008.

313.One employee alleged that concern had been expressed by a vendor that an item donated did not appear for raffle. That claim was disproved by my investigation and found to be based on rumour.

BITS staff contacted certain vendors

and asked them to provide items that could be raffled.

Knowledge management, record-keeping and governance 67

 

The two most senior staff in BITS with direct carriage

of procurement, negotiations and contractual

arrangements with service providers, jointly or separately attended numerous functions as the guests of IT vendors.

68

www.ombudsman.vic.gov.au

Acceptance of hospitality

314.Both Ms Berzins and Mr Brown, the two most senior staff in BITS with direct carriage of procurement, negotiations and contractual arrangements with service providers, jointly or separately attended numerous functions as the guests of IT vendors.

315.Functions included various dinners and events hosted by IBM, Fujitsu, TIBCO, and KAZ, as well as those listed in the table below:

Table 1.

Offers of hospitality and entertainment accepted by Valda Berzins and/or John Brown

Date

Event

Host

January 2006

Australian Open tennis

IBM

 

 

 

September 2006

AFL Grand Final

IBM

 

 

 

2006-07

Two AFL matches

IBM

 

 

 

2006-07

Two dinners

IBM

 

 

 

January 2007

Australian Open tennis

IBM

 

 

 

June 2007

Celebratory lunch to mark

TIBCO

 

contract signing

 

 

 

 

September 2007

AFL Grand Final

IBM

 

 

 

November 2007

Lunch

IBM

 

 

 

November 2007

Melbourne Cup

TIBCO

 

 

 

316.I also note that on 26 November 2007, Fujitsu apologised to Mr Brown by email for not including two senior BITS staff members on a river cruise. It was explained that places were limited and that the company had arranged for the two staff to be hosted at a cricketers’ luncheon. Numerous other examples of hospitality offered to and accepted by BITS staff were identified during my investigation.

317.There is some evidence that prior to accepting invitations, Ms

Berzins, Mr Brown, the former Chief Commissioner’s office and others on occasions sought advice if any tenders or negotiations were underway which might impact on acceptance. However, during the period 2005-08, I note that Ms Berzins, Mr Brown and other BITS staff were involved in contract variation negotiations with IBM while accepting gifts and hospitality from IBM. They also attended a number of lunches and dinners with TIBCO and Fujitsu representatives while contract negotiations were underway.

318.In response to my preliminary conclusions regarding the acceptance of hospitality, Ms Berzins said:

other government IT department heads also accepted [offers of hospitality and entertainment] as I met up with them at various vendor events. Some suppliers tried to group all the government

Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

people together and there were times when I said I had spoken to enough government IT people lately at functions and that I would be seeking out non government IT people to talk to so that I had a good balance of ideas.

319.Mr Brown also provided a response to my views in relation to the issue of gifts and hospitality, stating that ‘On every occasion that I was offered hospitality by an IT vendor I sought my supervisor’s [Mr Berzins’] permission to attend’.

320.In relation to corporate hospitality, the response of the IT companies interviewed – IBM, TIBCO and Fujitsu – was that invitations of hospitality are extended to further the interests of the company and to increase their range of contacts when dealing with government agencies. Rarely, if ever, were Victoria Police employees offered hospitality in a private capacity.

321.At interview, Assistant Commissioner Cornelius accepted that a revised policy could make it clear that hospitality was not to be accepted by employees in a contract management role or where the authority existed to authorise relevant expenditure.

322.At interview, Chief Commissioner Simon Overland spoke of the difficulty confronting Victoria Police regarding practical and workable policy concerning conflict of interest and the receipt of gifts or benefits. Mr Overland was of the view that gifts above a notional value should either not be accepted or, if accepted, fully declared and recorded and become the property of the organisation. He said he believed gifts or benefits from major contractors, where other issues arise, should not be accepted.

Anti-lobbying clause

323.As part of my investigation I examined the tender documentation relating to Victoria Police’s recent LINK project. The LINK project was put forward as an example of current best practice, and I was interested in identifying whether the expression of interest or request for tender documents contained any clause to specifically alert tenderers not to lobby Victoria Police employees.

324.Although the LINK documents contained useful guidance regarding probity, the use of information and consistency of advice to prospective tenderers, they did not contain a clause cautioning against the practice of lobbying.

325.My investigation also noted that the completion of conflict of interest declarations by persons involved in procurement, assessment

of tenders and evaluations was inconsistent, with a variety of declaration forms used.

In relation to corporate

hospitality, the response of the IT companies interviewed was that invitations of hospitality are

extended to further the interests of the company and to increase their range of contacts when dealing with

government agencies.

A revised policy could make it clear that hospitality was not to be accepted by employees

in a contract management role or where the authority existed to authorise relevant expenditure.

Knowledge management, record-keeping and governance 69

 

www.ombudsman.vic.gov.au

 

 

A consistent approach to discipline

 

326.

The Public Sector Standards Commissioner’s Managing Poor

 

 

Behaviour in the Workplace sets out an approach for dealing with

 

 

possible breaches of the Code of Conduct, with emphasis on

 

 

treating employees fairly and reasonably while meeting agency

 

 

responsibilities. It includes:

 

 

• a preliminary assessment to determine whether there is sufficient

 

 

evidence to proceed to the formal disciplinary process

 

 

an explanation to the employee where it is determined that

 

 

disciplinary action is the most appropriate course of action

 

 

where an investigation is undertaken, advice to the employee of

 

 

the specific allegation(s), explanation of the process, the right to

 

 

representation, the opportunity to respond, acting in good faith and

 

 

without bias, record-keeping and the application of natural justice

 

 

consideration of appropriate and lawful outcomes

 

 

procedural issues: ‘the purpose of a formal disciplinary

 

 

investigation is to examine and evaluate all relevant facts, and to

 

 

determine whether the alleged behaviour took place’.

 

327.

The Public Sector Standards Commissioner’s guide encourages a

 

 

process that conforms with natural justice prior to a final decision

 

 

being made.

 

328.

At interview Chief Commissioner Overland said the investigation

 

 

of possible disciplinary and Code of Conduct breaches should be

 

 

similar across agencies and that Victoria Police policy and procedures

 

 

should reflect that universal approach. The Chief Commissioner also

 

 

recognised that there had been a tendency within Victoria Police

 

 

of attempting to deal with VPS employees in a way that reflected

 

 

the formal regulatory and disciplinary approach applied to police

 

 

members.

 

329.

Assistant Commissioner Cornelius also acknowledged the

 

 

fragmented and often contradictory processes used by Victoria Police

 

 

for dealing with VPS employee performance and misconduct. He

 

 

spoke of the current proposal before Parliament to amend legislation

 

 

covering police disciplinary procedures.

With appropriate

330.

The Assistant Commissioner said that with appropriate legislation, it

legislation, it may

 

may be possible to align more closely the disciplinary procedures for

be possible to

 

police members with those that apply to VPS employees. Mr Cornelius

align more closely

 

elaborated in his response to my preliminary views, stating:

the disciplinary

 

It is far too often the case that police managers police their

procedures for police

 

workforce, rather than manage their workforce.

members with those

 

If Victoria Police is to become an organisation which manages its

that apply to VPS

 

workforce, rather than polices it, our approach to discipline and

employees.

 

the statutory framework which regulates it, must be changed to a

 

 

framework and approach which is aligned to the wider public sector.

70

Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

331.The Assistant Commissioner also stated that since 1 July 2009 ‘the Enterprise Agreement which covers VPS staff now provides a framework for dealing with the discipline of VPS staff, and that as a result ‘with effect from 12 August 2009, we have changed the discipline policy as it applies to VPS staff, so that it meets the

requirements of the new VPS Enterprise Agreement and so mirrors arrangements which apply to the wider VPS’.

Accredited Purchasing Unit

332.During my investigation, Victoria Police provided a copy of an Accredited Purchasing Unit Management Plan dated 28 July 2003, signed by the Accredited Purchasing Unit Accountable Officer. In that document the Accredited Purchasing Unit Accountable Officer expressed his confidence that the procurement capability of Victoria

Police would expand through appropriate ‘access and training to procurement information and specialists’, enhanced monitoring and auditing procedures and processes, establishing structures that support continuous improvement and investing in a ‘robust contract management process which allows for tracking and early warning of expenditure issues’. I note that the 2003 Accreditation Management Plan included the following commitment:

Contract Expenditure Management System: Aflexible and robust data management system shall be established in order to ensure the information needs of external and internal customers are

met in a timely and efficient manner. The Contract Expenditure Management System shall be interlinked with the financial system of Victoria Police so that current financial expenditure can be linked and matched against the approved sum.

The Contract Expenditure Management System will enable monitoring of contracts to determine where approval for variations are required but have not been sought, enabling APU [Accredited Purchasing Unit] Secretariat to contact the personnel involved to initiate proceedings.

Aseries of ‘issue identification’ audits will be undertaken every quarter to identify areas for further review or policy reform.

333.A proposal was developed by the Victoria Police Accredited Purchasing Unit in February 2008 for submission to the Victorian Government Purchasing Board for Tier 2 accreditation which would have increased the authorisation of the Accredited Purchasing Unit from Tier 1 (accreditation limit up to $1 million) to Tier 2 (up to

$10 million) had the application been submitted by the Accredited Purchasing Unit and approved by Victorian Government Purchasing Board. The draft included the following comment:

Victoria Police has a custom built extension to Oracle Financials to record, monitor and report on contracts and transactions against contracts. Oracle Financials is uses [sic] continuously to gauge:

Knowledge management, record-keeping and governance 71

 

www.ombudsman.vic.gov.au

Levels of expenditure against approved procurement initiatives

Status of vendors as per contractual commitments

Performance against contracts

Degree of compliance (by delegates) against established contracts or state purchase contracts.

334.The Victoria Police Accredited Purchasing Unit advised that the application for Tier 2 accreditation was deferred in early 2008, but that the draft plan reflects current procurement management activity and reform priorities.

335.At interview, my investigators were informed by an officer of the

Accredited Purchasing Unit Secretariat that the Secretariat uses an Excel spreadsheet, referred to as the Accredited Purchasing Unit ‘database’, to record transactions and documentation to and from business units, the Victorian Government Purchasing Board and the Minister’s Office. The method for reporting and monitoring

relevant matters was said to be presently under review, with business requirements and specifications written for a new system.

336.My investigators were told that the deficiency in the system ‘database’ is that it is not mandatory for a contract number to be entered, and invoices may be paid to a vendor without being referenced against a specific contract.

337.On this issue the Director of Business Management advised that:

Victoria Police has funded and is in the final stages of developing an Integrated Contract Management System (ICMS) linked to the

Victoria Police financial system. The ICMS is scheduled for roll-out in November 2009.

BITS Board of Management

338.The BITS Board of Management was established in October 2008 and had five members: the four Group Managers and a Chief

Superintendent. Former Chief Commissioner Nixon also appointed Victoria Police’s Acting Executive Director, as mentor to the Board.

The Chair has additional responsibilities of financial delegation for expenditure up to $250,000 and the authority to sign conferrals. These responsibilities were previously held by the CIO.

339.Emails located by my investigators provide evidence that a number of BITS staff have expressed frustration with the effectiveness of the BITS Board and its membership. One such email is as follows:

The present management of BITS speak of surprise at current discoveries of deficiencies in other parts of BITS functioning; which begs the question – where were they as members of the senior management team in the past two years? The same management speaks of difficulties and surprises arising from the previously re- negotiated IBM, etc. contracts. This is a disingenuous claim given the huge involvement available to all these senior BITS Managers

72 Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

during the re-negotiation process. At all stages, all documentation was made available to each of BITS’ senior management, their selected technical staff and the Re-Tender Steering Committee. I understand that the BITS management team is also expressing ignorance at various failures in systems and policies of recent times arising under the previous leadership. These people were involved in all those matters closely through regular management meetings, off-site meetings, sub-committees and so forth.

340.Chief Commissioner Simon Overland confirmed at interview that he was currently reviewing the use of Boards of Management and the appointment of a Senior Executive to have responsibility for BITS. He said he was keen to re-establish direct accountability and clear reporting lines.

Private enterprise and public sector governance

341.In 2005, in an effort to bring new skills to BITS at a critical stage of refreshing the IT environment and re-establishing agency control of systems, BITS recruited a number of new Group Managers and Project Managers. Several of these managers who were recruited

from the private sector acknowledged that they did not immediately understand and appreciate the differences between the private enterprise approach to procurement, contract management and administration and the public sector approach.

342.One BITS Senior Manager said that, although well intentioned, Ms Berzins’ determination to hire from the corporate sector, combined with lack of adequate instruction, led to problems. The manager said:

You can’t actually take a bunch of corporate people and plonk them into the public service sector. And you especially can’t do it if you do it with a complete management team … We’re strangers to the very strict disciplines around anything you care to name, whether it’s procurement, recruiting, resourcing, contracts, the petty cash tin, … every single day I’m faced with something I know nothing about. And not only do I know nothing about it, I don’t know to ask because I’ve had no orientation … So it was a real stumbling exercise, go as you – learn as you go. And typically we learnt by default.

… Victoria Police doesn’t understand IT. And you can argue, ‘Well we didn’t understand Victoria Police when we all first started here’ so there’s a combination of poor understanding of one another, lack of induction, poor management processes within BITS and now we have to fix it.

Knowledge management, record-keeping and governance 73

 

Record-keeping and file maintenance within BITS over the past three years at least, was largely inadequate.

It is of fundamental importance that Victoria Police ensure proper standards of record- keeping.

74

www.ombudsman.vic.gov.au

343.The suggestion that BITS staff recruited from the private sector were unaccustomed to the disciplines and processes of the public sector or less able to perform their duty has not been universally accepted. In an interview with my investigators, a representative of Hub stated:

Certainly the government procurement process has much more focus on probity and due process … But equally the commercial process has strong focus on accountability and commercial outcomes that are visible and justifiable within the group, and the sorts of things that went on within the BITS organisation would not be acceptable in large commercial organisation procurement groups either.

344.Ms Berzins’ management style was described by a number of BITS employees as one which created a competitive, results-driven environment. A consequence of this approach, whether intentional or not, it was said was that process and procedures were not given the required priority and attention.

345.In relation to the views outlined above, Ms Berzins responded that she ‘deliberately had a mix and match policy to ensure there was a good blend of public and private sector’ amongst her management team, but that ‘senior managers need to find out what is going on. It is not handed out on a plate’.

Conclusions

346.Ms Nixon was of the opinion that breaches of Victorian Government Purchasing Board policy arose, in large part, from the actions of two former employees acting ’without authority and outside of established policy and procedure’. Ms Nixon acknowledged that knowledge of complex contracts was vested with a small number of individuals and that organisational monitoring of IT contract expenditure was flawed.

347.I consider that record-keeping and file maintenance within BITS over the past three years at least, was largely inadequate. My investigation was hampered by gaps in documentation, records that were not dated, signed or did not include author details, and a general lack of any apparent systematic record-keeping systems.

My investigators were often required to go to a number of sources to locate documentation, and in some instances had to make requests direct to vendors regarding key documents relating to multi-million dollar contracts that Victoria Police did not appear to have retained, or could not locate.

348.It is of fundamental importance that Victoria Police ensure proper standards of record-keeping. I have found that accountability for decisions, directions and financial expenditure has been disputed between senior staff and departments. Assertions have been made based on conversations and approvals that, had a record been kept, would have been easily resolved. Some unrecorded decisions or allegedly missing paperwork related to multi-million dollar IT contracts.

Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

349.Little or no change appeared to have occurred to the Contract Security Deposit Register since Hub’s examination in the course of its July 2008 report and my investigations inspection in May 2009.

350.For BITS senior staff to consider that hospitality might properly be accepted provided there is no tender process on foot, is of concern. It is clear from the ongoing negotiations and re-negotiations of terms that occurred in relation to a number of major BITS contracts that the potential for important financial decisions to be compromised remains present even after a contract has been signed and supposedly finalised.

351.I am satisfied that the items collected from vendors and raffled at the BITS Christmas function were accounted for. Nevertheless the rumour about missing items and suspicions that arose as to the possibility of criminal conduct or breaches of the Code of Conduct serve as examples of the inherent dangers that flow from agency involvement in the receipt of gifts and donations from contractors.

352.I consider that transparency and full disclosure need to be key policy requirements regarding the receipt of gifts and hospitality. A register of approvals regarding the acceptance of hospitality, gifts, donations or any other benefit or advantage to Victoria Police members or employees should be introduced. I question the need for employees of any government agency to accept gifts or hospitality, unless it can be demonstrated that it is in the public interest to do so.

353.In relation to the B5 contract, my concern is that despite having visibility of and approving the process that led to the Ministerial Conferral of 19 February 2007, providing for Tower 2 expenditure of $45.2 million to IBM and $11.6 million to Fujitsu, there was no follow- up or proactive action taken by Victorian Government Purchasing Board or Accredited Purchasing Unit to determine any action taken as a result.

354.I consider that Victoria Police has not complied with Victorian Government Purchasing Board requirements to upload the details of the Fujitsu B5 contract within 60 days of the contract being entered on 13 March 2007. That contract was also not disclosed in Victoria Police’s Annual Report 2006-07. Victoria Police should take action to correct these shortcomings; make full disclosure regarding the B5 contract with Fujitsu on the Central Register of Major Government Contracts and by way of an addendum to an Annual Report; and provide the reasons for the failure.

355.I consider that details of the Fujitsu B5 contract were not uploaded to the Central Register of Major Government Contracts because of the lack of attention to detail rather than the deliberate intent to withhold information, as suggested by Operation Tabour.

356.Victoria Police has not yet, despite repeated statements of intent and undertakings over recent years, established an appropriate IT based recording system to assist the Accredited Purchasing Unit to acquit its responsibilities under the Victorian Government Purchasing Board

Knowledge management, record-keeping and governance

The potential for important

financial decisions to be compromised remains present even after a contract has been signed and supposedly finalised.

Transparency and full disclosure need to be key policy requirements regarding the receipt of gifts and hospitality.

Victoria Police has not yet established an appropriate IT based recording system to assist the APU to acquit its responsibilities under the VGPB Procurement Policies.

75

 

www.ombudsman.vic.gov.au

Procurement Policies. Such system would add value to procurement and financial management. I note the advice that such a system will be introduced in November 2009. Until that action is taken I consider that corporate financial recording and reporting systems will be at risk.

357.As I observed in my report of an investigation into the Office of

Housing,5 it is important to apply all reasonable measures to reduce the risk of attempts to exert influence on the outcome of government tender processes. Wider use of a specific anti-lobbying clause and greater awareness by tenderers of the consequences that arise can only benefit public administration. I consider that the following clause, or similar, should be included in all Victoria Police request for tender documentation:

Any attempt by any tenderer to exert influence on the outcome of the assessment process by lobbying, directly or indirectly, Victoria Police employees or Members of Parliament, will be grounds for disqualification of the tender from further consideration.

358.Having a Board of Management whose membership consists of BITS

Group Managers who were present during the issues identified by my investigation may limit the effectiveness of subsequent remediation efforts, and may further dilute administrative responsibilities and accountability of the area.

359.I consider that the present policy of rotating Chair responsibilities amongst members serves no useful purpose, especially given that Board membership has been primarily drawn from those persons responsible for managing BITS over the past four years. In this regard, I note the Chief Commissioner’s intention to not utilise boards of management in the future.

360.In response to my draft report, Chief Commissioner Overland stated:

I have moved to discontinue all boards across the organisation … while it is accepted that the adoption of the Board of Management approach has not been ideal for the management of BITS, it is

not accepted that on the evidence contained in this report that the Board has further diluted responsibility and accountability. In fact with the work of the Contract Remediation Committee in assisting the Board, I have no doubt that the position of Victoria

Police has significantly improved in terms of disclosure of breaches, identifying financial liabilities and identifying best value for contract opportunities within Victoria Police.

5 Ombudsman Victoria, Investigation into the Office of Housing’s tender process for the Cleaning and Gardening

Maintenance Contract – CNG2007’, Melbourne, October 2007.

76 Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

Recommendations

I recommend that Victoria Police:

Recommendation 13

Provide me with a report on the actions taken to implement the Chief Commissioner’s instructions as reported to the Victorian Government Purchasing Board on 3 April 2009, within three months.

Victoria Police response:

Recommendation accepted.

Recommendation 14

Implement a review of file and record-keeping standards and practices within BITS to ensure they comply with Government and archival requirements and best practice.

Victoria Police response:

Recommendation accepted.

Recommendation 15

Ensure that BITS procurement and contract management documentation be retained at a central location, properly recorded and maintained to a professional standard.

Victoria Police response:

Recommendation accepted.

Recommendation 16

Finalise the review of the procedures and practices relating to the receipt, safekeeping and disposal of all Contract Security Deposits and report the outcomes to my office within three months.

Victoria Police response:

Recommendation accepted.

Recommendation 17

Develop and implement a policy that requires formal approval and recording of all hospitality, gifts and donations accepted by Victoria Police members and VPS employees.

Victoria Police response:

Recommendation accepted.

Knowledge management, record-keeping and governance 77

 

www.ombudsman.vic.gov.au

Recommendation 18

Review and amend Victoria Police Manual 210-4 concerning the outdated guidelines to remove reference to the Deputy Ombudsman (Police Complaints).

Victoria Police response:

Recommendation accepted.

Recommendation 19

Seek a review of its recent changes to VPM 211-4 from the Public Sector Standards Commissioner to ensure that these policy and procedures for handling VPS employee discipline and conduct are consistent with that of other Victorian Government agencies.

Victoria Police response:

Recommendation accepted.

Recommendation 20

Undertake a performance audit and review of the Accredited

Purchasing Unit in light of the concerns identified in this report.

Victoria Police response:

Recommendation accepted.

Recommendation 21

Ensure that its Request for Tender documents include a specific ‘anti- lobbying’ clause to alert tenderers to the risk of disqualification as

a consequence of any attempt to influence the outcome of a tender process or any subsequent negotiations.

Victoria Police response:

Recommendation accepted.

Recommendation 22

Adopt a standard declaration of interests pro-forma and ensure that procurement polices in that regard are applied.

Victoria Police response:

Recommendation accepted.

Recommendation 23

Appoint a Senior Executive with the responsibility of managing BITS as soon as possible.

Victoria Police response:

Recommendation accepted.

78 Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

Recommendation 24

Review the responsibilities of BITS and profile of each executive management position in BITS to determine if the current structure and staffing best serves the management of its information technology.

Victoria Police response:

Recommendation accepted.

Knowledge management, record-keeping and governance 79

 

The first CMRD audit identified 47 breaches of financial delegations.

80

www.ombudsman.vic.gov.au

7. FINANCIAL MANAGEMENT AND CONTRACTOR ENGAGEMENT

Policy and legislation

361.The Financial Management Act 1994 requires Victoria Police and other Victorian Government agencies to ‘ensure that proper accounts and records of the transactions and affairs of the department are kept and that the records sufficiently explain the financial operations and financial position of the department’.

362.The Standing Ministerial Directions of the Minister for Finance (June 2003 – Updated July 2008), issued by virtue of the Financial Management Act 1994, require a financial code of practice that states the agency’s internal processes to ensure probity in financial management. The code is to cover tendering, procurement, conflicts of interest, personal relationships with the agency’s customers and providers, integrity, accountability and fair dealing.

363.The Victoria Police Financial Code, which predates the current Ministerial Directions, contains a brief general statement of intent, warnings that disciplinary procedures may be applied concerning breaches of the code, an acknowledgment regarding public funds, reference to Victoria Police policy regarding declarations of financial interests, gifts and hospitality, secondary employment, purchasing cards, the use of property, facilities and equipment and confidentiality.

364.The Standing Ministerial Directions require Public Sector Agencies to conduct an annual review of their obligations under the Directions and identify and rectify any failure or deficiency. The Chief Financial Officer advised that the last such review, for the 2007-08 financial year, found Victoria Police was fully compliant with the Standing Ministerial Directions..

Exercise of delegations and the engagement of contractors

365.The first CMRD audit identified 47 breaches of financial delegations.

Four breaches arose from the exercise of a single delegation above the delegate’s financial limit. All four examples related to the engaging of contractors for amounts over the manager’s $100,000 delegation. The remainder resulted from the accumulation of purchase orders through the re-engagement of contractors under purchase orders that were ‘rolled over’ just under $100,000 thus allowing BITS to remain under the reporting limit to the Accredited Purchasing Unit. Mr John Brown signed off on many of the contractor engagements.

Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

366.One contractor engagement process examined by CMRD and then

Operation Tabour related to the re-engagement of five contractors from one agency on 29 June 2007. On 26 June 2007 Ms Berzins provided a minute to Mr Brown intended to confer the authority to exercise her delegation:

TO WHOM IT MAY CONCERN

Due to illness on my part, I hereby authorise John J. Brown, Group Manager of Business and Planning to be given my Financial Delegation from 26th June 2007 to 29th June 2007 inclusive to be able to act on my behalf.

367.On 29 June 2007, Mr Brown signed off on the re-engagement of five agency contractors.

368.Sub-section 6(A) of the Police Regulations Act 1958 provides the authority for the Chief Commissioner to delegate any power, discretion, function, authority or duty ‘other than this power of delegation’. Accordingly, Ms Berzins’ minute to Mr Brown had no effect in law. Clearly Mr Brown could not exercise Mr Berzins’ delegation on ‘her behalf’. This example illustrates a lack of understanding by Ms Berzins with regard to delegations. In any event, the contracts signed by Mr Brown were within his financial delegation.

369.In responding to my views on this matter, Ms Berzins advised that Mr Brown had sought advice regarding this arrangement from Victoria Police’s Business Management Division and that to ‘allow that to happen seemed sensible as organisations must keep going despite an individual being ill’.

370.CMRD made the following observations in its Phase 2 audit regarding the 29 June contract renewals by Mr Brown:

It was clear to the BITS Tenders and Procurement Unit that the contracts were hastily prepared. They were incomplete, including not specifying the rate of pay per day, the total value of the contract and position descriptions were not attached. Some of the dates were not valid or not completed.

It should be noted that the daily rates of pay were later inserted into the purchase order contracts in the first week of July which is almost a week after the original contracts were signed. These alterations were inserted and backdated to the 29th July [sic] 2007.

371.Operation Tabour raised similar concerns regarding the engagement of the contractors by Mr Brown.

372.My investigators examined the ‘contracts’ signed by Mr Brown on

29 June 2007 for the five contractors. They are pro-forma documents with handwritten notes regarding daily rates and the duration

of the contract. The start dates for two re-engagements are also retrospective, one of which was backdated by nearly two months.

Financial management and contractor engagement 81

 

www.ombudsman.vic.gov.au

373.On 1 July 2007, two days after Mr Brown signed off on the re- engagement of the five contractors, after its application for re- inclusion was unsuccessful, the agency was removed from the e-services panel, from which Victoria Police drew contractors. When interviewed by my investigators, the agency’s Professional Services Manager said:

it was the end of the contract – the e-Services contract that [the agency] was on and it was the end of the contracts that the people [contractors to BITS] were working under, so they needed to be resolved before they expired. But certainly if they’d rolled into the next year then we could not have supplied those people.

374.His recollection of the reasoning for the re-signing of these five contractors was supported by a Victoria Police employee, who said:

their contracts were actually due to expire at the end of that financial year as well … they expired the night before, so the first was the Saturday … and there was this mad rush to get the remainder five of the – of the contractors renewed. If they weren’t

done that night, come Monday – well, (1) they couldn’t come back; and (2) they’d have to go to somewhere – another agency and come back via that agency.

375.In response to my preliminary conclusions regarding re-engaging the five contractors, Ms Berzins stated:

I agree that the renewals should have been done in a timely fashion. Unfortunately, there was so much chopping and changing of views about what should be documented in the renewal paperwork, and so many rewrites together with proposed documentation sitting unattended both in the BITS Tenders and Procurement Unit, and at APU on occasions, that the timeliness did not occur.

376.Despite an unsuccessful bid for re-inclusion onto the Whole-of-

Government e-Services panel for the 2007-08 financial year, the

Professional Services Manager of the agency told my investigators that the agency was still able to provide contractors to Victorian Government agencies for positions, including Victoria Police.

377.It is clear therefore that there was a process via which the agency could continue to present its contractors for selection by Victoria Police despite not being on the e-Services panel. At interview the agency’s Professional Services Manager denied that there was any agreement between his organisation and Victoria Police, or any individual employee, outside the terms and conditions of the

agency’s inclusion on the Whole-of-Government e-Services panel and formal arrangements.

378.Whilst acknowledging that she had previously used the agency contractors at her previous place of employment, Ms Berzins also denied any special relationship or other consideration existed, instead saying that the use of the agency contractors by Victoria Police was simply driven by value for money:

82 Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

I went out to [the agency], [...] and [...] asking for a contractor. [The agency] came back, and the contractor was roughly $1000 a day for a person who had been in fact equivalent to a partner status

at [a company] at some stage. [Another vendor] came back with a person not as well experienced, at one and a half thousand dollars a day. And [a third vendor] came back with someone at two and a half thousand dollars a day. Guess who got the work?

379.Mr Brown originally came to Victoria Police as a contractor through the agency. However no evidence has been located by any of the previous reviews, audits, investigations, or my investigation to support a view that the agency was given preferential or favoured status by Mr Brown.

Inappropriate deployment of contractors

380.The CMRD audits reported a number of instances where the involvement of contractors engaged by BITS in recruitment and procurement activities constituted conflicts of interest.

381.I also became aware of concerns about the involvement of an external agency contractor engaged by BITS in the evaluation of a tender submitted by her own agency.

382.According to the CMRD report, four companies were invited to submit quotes in April 2007 for the Airlie Leadership Development Centre. The quote from the agency was accepted and ‘reported as the most competitive’. However, while the evaluation summary indicated the agency provided the lowest quote, CMRD reported that a further examination showed this quote doubled, with further recurring costs which exceeded competitors’ quotes. The CMRD was also concerned that the agency did not meet the full scoring requirements for reporting. The CMRD reported:

… the agency employee provided advice that there was need for a software solution that had to be built as there was not an ‘off the shelf’ software package available. Advice was later received that there is in fact an ‘off the shelf’ software package which is approximately a third of the cost of the original quote provided by the agency.

383.The matter was considered by Operation Tabour but was not investigated further, in part, because of a statement by the Group Manager of ICT Project Management. She said the role of the Business Analyst from the agency was to record the evaluation process, not to participate in the scoring, but noted that the contractor would have been exposed to the scores and could have, had she wished, provided advice to the agency. The Group Manager stated she had no reason to suppose the contractor had done so.

384.The Group Manager also observed that companies often had service streams as well as recruitment and resource provision arms, and that during recruitment it may not be known that their agency will later tender for work.

The CMRD audits reported a number of instances where the involvement of contractors engaged by BITS in recruitment and procurement activities

constituted conflicts of interest.

Financial management and contractor engagement 83

 

Victoria Police needs to substantially enhance the attention given to financial reporting systems, risk management, internal control

and the adequacy of management reporting particularly in relation to BITS.

84

www.ombudsman.vic.gov.au

385.In response to my preliminary views on this matter, Ms Berzins stated:

After I found out that some of them had used contractors to manage the sourcing of more contractors, I told them that such a practise was totally unacceptable. I was surprised considering their seniority that they could have engaged in this. They told me it was a time issue … [the Senior Manager] was under a lot of pressure

to deliver new systems but I said that some things cannot be compromised (or words to that effect). Worse still, some other BITS staff allowed the contractor to participate where their agency was a tenderer. Again, this was without my knowledge and after I had explained to my reports the unacceptability of the practice.

386.In another example, the CMRD found that an employee of the agency and long-term contractor with BITS performed various functions in contractor engagements where his primary employer was involved, including:

being nominated as the chair of the evaluation team;

having signed off on the “Request For Quotation” (RFQ);

being nominated as the person to whom “invoices” should be addressed; and

at times the nominated referee for the [the agency] applicant.

Conclusions

387.I consider that Victoria Police needs to substantially enhance the attention given to financial reporting systems, risk management, internal control and the adequacy of management reporting particularly in relation to BITS activity.

388.The Victoria Police Financial Code of Practice created on 3 October 2006 falls short of the requirement that it provide ‘a cohesive statement of the agency’s internal processes to ensure probity in the agency’s financial management’. The Code is more directed towards warning employees concerning their non-compliance with policy. The opportunity, and requirement, to set out a comprehensive framework to guide internal financial management processes has been lost. The

Code should be an important document used to inform that process. As it presently stands, it is not.

389.I am concerned that the procurement process for the inclusion on a Whole-of-Government e-Services Panel can be circumvented by an unsuccessful applicant, and indeed vendors who did not tender.

390.No evidence has emerged to support the allegations that former Senior BITS Executives were receiving ‘kickbacks’ for employing contractors from a particular agency. The person who advanced such claims in a statement to Operation Tabour had no evidence to offer other than describing the information as something heard on the ‘grapevine’. The person could not recall the source of the information

Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

and said it was something that ‘someone told someone who told someone, but everyone suspected it almost as common knowledge’. The interviewee conceded that people ‘jumped to conclusions’ and that the rumours got bigger and better.

391.I consider that Victoria Police executive management did not respond in a timely way when advised of breaches of delegations and ongoing concerns surrounding the engagement of contractors. It is apparent that Senior BITS Managers did not understand the legislation and policy underpinning delegated authority.

392.I consider that the re-engagement of contractors should have been dealt with in a reasonable time before the expiration of contracts. The manner of the re-engagement, the inadequate nature of the supporting documentation, together with the backdating of commencement dates is further evidence of a lack of strategic planning, attention to detail and due process within BITS.

393.Allowing a contractor to become involved in a recruitment or procurement process where that contractor’s employment agency is submitting an applicant or tender is a clear conflict of interest.

Contractors employed by, or through potential tenderers should be excluded from involvement in any procurement process.

394.Quite apart from the responsibilities of managers and supervisors to ensure situations of this type do not arise, the induction process should alert all Victoria Police employees and contractors to Victoria

Police to the damage which actual or perceived bias and conflict of interest can cause an agency and individuals.

Recommendations

I recommend that Victoria Police:

Recommendation 25

Review financial governance policies and procedures to ensure that they are consistent with the Standing Directions of the Minister for Finance.

Victoria Police response:

Recommendation accepted.

Recommendation 26

Commit to a policy of requiring full disclosure by contractors engaged through the Whole-of-Government e-Services Panel and vendors to ensure that the e-Services process is not circumvented.

Victoria Police response:

Recommendation accepted.

No evidence has emerged to support the allegations that former Senior BITS Executives were receiving ‘kickbacks’ for employing contractors from a particular agency.

Allowing a contractor to become involved in a recruitment or procurement process where that contractor’s

employment agency is submitting an applicant or tender is a clear conflict of interest.

Financial management and contractor engagement 85

 

www.ombudsman.vic.gov.au

Recommendation 27

Instruct employees to cease the practice of backdating employment agreements of contractors.

Victoria Police response:

Recommendation accepted.

Recommendation 28

Review the instructions and guidance provided to all employees and contractors at the time of appointment to ensure that adequate guidance, reinforced by case examples, is provided regarding the concept of actual and perceived bias, conflict of interest and probity issues.

Victoria Police response:

Recommendation accepted.

Recommendation 29

Ensure that on appointment, each employee and contractor be required to sign an acknowledgement that they have been instructed in the meaning and concept of actual and perceived bias, conflict

of interest and probity issues and understand Victoria Police requirements in this regard.

Victoria Police response:

Recommendation accepted.

Recommendation 30

Develop a policy that prohibits the involvement of contractors employed by, or through potential tenderers in any formal procurement process.

Victoria Police response:

Recommendation accepted.

86 Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

8. SUMMARY OF RECOMMENDATIONS

I recommend that Victoria Police:

1.Develop and implement a policy that prohibits adjustment to any contracts over a specified monetary value without prior approval, according to Victorian Government Purchasing Board Procurement Policies.

2.Establish and appropriately resource a central major projects management facility to be responsible for the procurement and major contract management responsibilities allocated to BITS, Procurement Management Division and other areas of Victoria Police.

3.Remind the Victoria Police Audit Committee that its role extends to critically appraising and challenging information it receives with a view to providing the Chief Commissioner with informed advice about financial and organisational risk management and internal controls.

4.Remind the Accredited Purchasing Unit of the need to arrive at evidence based decisions.

5.Review the arrangements and viability of all communication tower facilities.

6.Commission an independent audit of expenditure committed to communication tower facilities over the past five years to determine if public monies have been improperly expended.

7.Take immediate action to ensure that a full disclosure of the Fujitsu B5 contract is made on the Central Register of Major Government Contracts in accordance with Victorian Government Purchasing Board Procurement Policies and Government directions.

8.Take appropriate remedial action to address the failure to declare all major contracts in its Annual Reports.

9.Review practices and procedures to ensure compliance with Victorian Government Purchasing Board Procurement Policies requiring the disclosure of major contracts in the Central Register of Major Contracts within 60 days of a relevant contract being entered.

10.Victoria Police review the functions performed by the Corporate Management Review Division to determine if its functions should be outsourced to enhance the professionalism, capacity and independence of the role.

11.Victoria Police review the terms of reference of the Corporate Management Review Division (or its replacement service) to ensure that the demarcation between ‘audit’ and ‘investigation’ is clearly understood and applied.

Summary of recommendations 87

 

www.ombudsman.vic.gov.au

12.Victoria Police develop and promulgate a policy and procedure for staff in relation to the covert use of listening devices to record conversations, consistent with the provisions of the Surveillance Devices Act 1999. A copy of that policy should be provided to my office within three months.

13.Provide me with a report on the actions taken to implement the Chief Commissioner’s instructions as reported to the Victorian Government Purchasing Board on 3 April 2009, within three months.

14.Implement a review of file and record-keeping standards and practices within BITS to ensure they comply with Government and archival requirements and best practice.

15.Ensure that BITS procurement and contract management documentation be retained at a central location, properly recorded and maintained to a professional standard.

16.Finalise the review of the procedures and practices relating to the receipt, safekeeping and disposal of all Contract Security Deposits and report the outcomes to my office within three months.

17.Develop and implement a policy that requires formal approval and recording of all hospitality, gifts and donations accepted by Victoria Police members and VPS employees.

18.Review and amend Victoria Police Manual 210-4 concerning the outdated guidelines to remove reference to the Deputy Ombudsman (Police Complaints).

19.Seek a review of its recent changes to VPM 211-4 from the Public Sector Standards Commissioner to ensure that these policy and procedures for handling VPS employee discipline and conduct are consistent with that of other Victorian Government agencies.

20.Undertake a performance audit and review of the Accredited

Purchasing Unit in light of the concerns identified in this report.

21.Ensure that its Request for Tender documents include a specific ‘anti- lobbying’ clause to alert tenderers to the risk of disqualification as

a consequence of any attempt to influence the outcome of a tender process or any subsequent negotiations.

22.Adopt a standard declaration of interests pro-forma and ensure that procurement polices in that regard are applied.

23.Appoint a Senior Executive with the responsibility of managing BITS as soon as possible.

24.Review the responsibilities of BITS and profile of each executive management position in BITS to determine if the current structure and staffing best serves the management of its information technology.

25.Review financial governance policies and procedures to ensure that they are consistent with the Standing Directions of the Minister for Finance.

88 Tendering and contracting of IT services withinVictoria Police

 

www.ombudsman.vic.gov.au

26.Commit to a policy of requiring full disclosure by contractors engaged through the Whole-of-Government e-Services Panel and vendors to ensure that the e-Services process is not circumvented.

27.Instruct employees to cease the practice of backdating employment agreements of contractors.

28.Review the instructions and guidance provided to all employees and contractors at the time of appointment to ensure that adequate guidance, reinforced by case examples, is provided regarding the concept of actual and perceived bias, conflict of interest and probity issues.

29.Ensure that on appointment, each employee and contractor be required to sign an acknowledgement that they have been instructed in the meaning and concept of actual and perceived bias, conflict

of interest and probity issues and understand Victoria Police requirements in this regard.

30.Develop a policy that prohibits the involvement of contractors employed by, or through potential tenderers in any formal procurement process.

Victoria Police has accepted all of my recommendations.

Summary of recommendations 89

 

Ombudsman’s Reports 2004-09

2009

Brookland Greens Estate - Investigation into methane gas leaks

October 2009

A report of investigations into the City of Port Phillip

August 2009

An investigation into the Transport Accident Commission’s and the Victorian WorkCover Authority’s administrative processes for medical practitioner billing

July 2009

Whistleblowers Protection Act 2001

Conflict of Interest and Abuse of Power by a Building

Inspector at Brimbank City Council

June 2009

Whistleblowers Protection Act 2001

Investigation into the alleged improper conduct of councillors at Brimbank City Council

May 2009

Investigation into Corporate Governance at Moorabool Shire Council

April 2009

Crime statistics and police numbers

March 2009

2008

Whistleblowers Protection Act 2001

Report of an investigation into issues at Bayside Health

October 2008

Probity controls in public hospitals for the procurement of non-clinical goods and services

August 2008

Investigation into contraband entering a prison and related issues

June 2008

Conflict of interest in local government

March 2008

Conflict of interest in the public sector

March 2008

2007

Investigation into VicRoads driver licensing arrangements

December 2007

Investigation into the disclosure of electronic communications addressed to the Member for Evelyn and related matters

November 2007

Investigation into the use of excessive force at the Melbourne Custody Centre

November 2007

Investigation into the Office of Housing’s tender process for the Cleaning and Gardening Maintenance Contract - CNG 2007

October 2007

Investigation into a disclosure about WorkSafe and Victoria Police handling of a bullying and harassment complaint

April 2007

Own motion investigation into the policies and procedures of the planning department at the City of Greater Geelong

February 2007

2006

Conditions for persons in custody

July 2006

Review of the Freedom of Information Act

June 2006

Investigation into parking infringement notices issued by Melbourne City Council

April 2006

Improving responses to allegations involving sexual assault

March 2006

2005

Investigation into the handling, storage and transfer of prisoner property in Victorian prisons

December 2005

Whistleblowers Protection Act: Ombudsman’s Guidelines

October 2005

Own motion investigation into VicRoads registration practices

June 2005

Complaint handling guide for the Victorian Public Sector 2005

May 2005

Review of the Freedom of Information Act: discussion paper

May 2005

Review of complaint handling in Victorian universities

May 2005

Investigation into the conduct of council officers in the administration of the Shire of Melton

March 2005

Discussion paper on improving responses to sexual abuse allegations

February 2005

2004

Essendon Rental Housing Co-operative (ERHC)

December 2004

Complaint about the Medical Practitioners Board of Victoria

December 2004

Ceja task force drug related corruption - second interim report of Ombudsman Victoria

June 2004