Heed lessons of NSW LifeLink debacle, auditor says

An audit of NSW's law and order and emergency services agencies has recommended that lessons from state's 'LifeLink' project be taken on board by the Department of Justice.

The LifeLink System project began in 2002-03 with the aim of replacing the paper-based Life Data system employed by the Registry of Births, Deaths and Marriages with an electronic system.

The first two attempts to build a new system failed. Work on the third attempt to implement LifeLink began in December 2010.

The system went live in June 2014.

The original budget for the final LifeLink project was $11.4 million. However, the project went $5.9 million over budget and delivered over seven months late.

As a result of implementation woes, the Department of Justice was forced to carry out 60,000 free transactions (equivalent to $1.9 million).

In addition, in the 2014-15 financial year the department had to shell out $3.7 million to address system issues and deal with the LifeLink transaction backlog.

The Department of Justice commissioned a post-implementation review of the system, which found LifeLink's the project timeframe, cost and resources were under-scoped.

"[T]he decision to go live on 23 June 2014 was regarded as non-negotiable, rather than as a true decision point," a report released today by the Audit Office of NSW states.

"Greater strategic input should have been sought by the Project Steering Committee, with acknowledgement of the realistic project status and risks."

Problems unearthed by the post-mortem include a need for greater independent quality management over the project together with contract and performance management and better procurement and change management processes, the audit states.

Other findings in the two volumes on NSW's law and order and emergency services agencies released today by the Audit Office include:

• As of 30 June the Crown Solicitor's Office did not have a documented disaster recovery plan to restore financial systems.

• Overall SAP user access management has improved since last year.

"As part of the initial system implementation, agencies should design and configure SAP user access to achieve appropriate segregation of duties," the report states.

"Some agencies are trialling the SAP Governance Risk and Compliance (GRC) solution. This offers real-time monitoring and detection of segregation of duties issues and other compliance violations.

"Agencies need to be proactive and timely in identifying and resolving segregation of duties violations, to ensure no one person has sole control over the lifespan of a financial transaction."