Description of Figure 33
Survey response: Have you experienced any unexpected or unintended consequences from using SSAs? (64 responses)
- Yes 22%
- No 78%
Description of Figure 14
The figure shows the coordinated procurement pathway as related to SSAs, which is:
- SSA is established
- SSA is recognised by Finance as a Coordinated Procurement
- Buyer must use the Coordinated Procurement per 4.11 and 4.12 of the Commonwealth Procurement Rules
- SSA seller contracted by buyer.
Deaf or hard of hearing
Use interpretation technologies
Where available, consider how you can take advantage of best practice and leading technologies for Auslan interpretation (i.e. PiP solutions)
OffFurther details about these thresholds and the relevant policies can be found in Appendix C: Procurement policy environment.
3.60 It is noted this is an inherent risk of all Coordinated Procurements (e.g. panels), and the Digital Transformation Agency (DTA) is actively working with buyers to manage this risk. In particular, the DTA is actively encouraging buyers to use established marketplaces as a mechanism to efficiently and effectively obtain competitive quotes from the market.
3.61 Another example is that the SSAs are automatically exempted from the upper limits imposed by the Contracts Limits and Reviews Policy.
3.62 The combination of greater contracting efficiencies, and longer term and larger contracts, means the SSAs can extend more competitive pricing (i.e. better discounts) than non-SSA sellers. Further, the desire for longer contracts was echoed by the SSA sellers, who noted that enabling this extended time enabled them to further improve discounts or other benefits. This can result in the SSA sellers’ ability to be more competitive in procurement processes.
3.63 From the perspective of transparency, there is room to make clearer how SSA sellers are being engaged. The review noted that it is not a requirement that all purchases under the SSAs must go through BuyICT, which limits the availability of data on the use of the arrangements.
3.64 The issues described above need to be balanced with the reality that the proliferation of the SSA sellers’ technologies stems from their proven reliability and efficacy. These sellers have invested extensively in the development, support, and refinement of systems that underpin critical government operations. This track record of performance has positioned them as the logical choice of technology for governments and businesses globally.
Key mitigations
3.65 The below key mitigations were identified:
- Strengthen DTA education efforts regarding the most appropriate use of SSA sellers as a Coordinated Procurement.
- Maintain competitive tension during buyers’ procurement activities, inviting multiple sellers.
- Establish CAIP Plans to support the growth of sovereign Australian industry technological capability.
- Implementation of the framework outlined in the Clarity through a framework section of this report will support setting clear expectations for seller qualification for SSAs.
- Distinguish within the CPRs whole of Australian Government digital contracts from Coordinated Procurements to address the risk of SSAs being utilised as a procurement pathway.
- Review the existing Contracts Limits and Review Policy to ensure competitive neutrality between sellers.
Buyer locked into seller
Assessed risk rating
Likelihood | Impact | Risk rating |
|---|---|---|
Unlikely | Moderate | Low |
Description
3.66 Buyers are locked into a seller when the buyer is prevented from being able to switch to another seller if they choose to.
3.67 The review found the risk the SSAs lock a buyer into a seller is low. SSAs themselves do not drive dependency on a specific seller. Rather, the nature of technology and the costs to exit drive lock-in and challenges with switching providers. SSAs have historically reflected pre-existing buyer needs and prior competitive technology decisions. In essence, by the time a seller has an SSA, technology reliance had already occurred.
3.68 SSAs simply increase the benefits of engaging major sellers of technologies already chosen by a large portion of government agencies.
3.69 The reality for many organisations including government agencies is, it is the technology choice, not the length or size of the contract, that creates the lock-in. Once a technology choice is made, what follows is a series of decisions that create mutual dependencies in architectural alignment, integration and interoperability with other systems, data sharing, as well as a range of organisational and operational design choices made to ensure the system works. All of these can make it difficult and expensive to move away from any technology choice, regardless of the contractual mechanism in place.
3.70 In addition, policy settings of the Australian Government more broadly can have the unintended consequence of lock-in. For example, the Australian Government’s Corporate Services Investment Moratorium (issued June 2016) halted investment by agencies in ERP platforms except for GovERP, a SAP solution, thereby locking in agencies to their ERP platform. This moratorium was subsequently lifted in late-2023. In February 2020 SAP announced the end of life of ECC6, aligned with a commercial strategic decision to move to a cloud-based model of delivery recognising the organisational benefits for customers in modernising their systems. This established a timeframe by which agencies using SAP will be required to transition from ECC6 by 2030, which could be either a SAP or other ERP product. Rather than the SSA creating lock-in, it was the 2016 decision of the Australian Government to implement the moratorium which created the lock-in between 2016 and 2023.
3.71 Further, technology often forms the foundation of operations and management of organisations. This makes significant changes or removal of technology complex, challenging, risky and costly, all of which are often prohibitive. As such, any choice of technology creates some level of lock-in, to both the product being used and the seller supplying the product.
3.72 Another factor raised as contributing to lock-in is the inadequate consideration of transition requirements and associated costs at the conclusion of a contract (or SSA more broadly). Sellers are sometimes seen as discouraging easy migration from their technology, rather than relying on the quality of their product to maintain market position and relevance. To not do so will provide opportunities for new products to outperform and replace the SSA seller. Furthermore, as strategic partners, they have a responsibility to exhibit good corporate behaviour by prioritising the interests of their customer base.
3.73 For instance, egress charges - specifically fees applied for removing data from instances - can create resistance to change due to their financial implications. The European Union has prohibited such charges to ease data movement between sellers, highlighting the need for similar protections within the Australian context. Whilst beyond the scope of this review, if an SSA was not willing to voluntarily extend the European requirements to Australian buyers, the DTA could consider engaging with the Treasury and the ACCC to determine if it is appropriate to implement similar legislative protections in Australia.
3.74 Further, while buyers benefit from free trials of innovative technology and other ‘value-adding’ services, sellers broadly use a range of tactics to secure additional market position, thereby further entrenching themselves, such as:
- Offering heavy discounts to deploy products, which then enables price adjustments to be made later once the buyer has already architecturally committed.
- Running pilots and proofs of concept to demonstrate ‘must have’ capability.
- Bundling products together, making it more difficult or more costly to purchase the respective products desired by the seller, and can make it difficult to remove unwanted products.
3.75 The choice of technology introduces an additional risk associated with lock-in, by creating a dependency such that it weakens the Australian Government’s bargaining position. By opting for a specific technology en masse, the Australian Government forfeits much of its negotiating leverage as the associated technology becomes integral to government operations. This is particularly relevant where the technology is critical infrastructure, and cannot be easily replaced competitively. This dependence not only reduces the Australian Government’s ability to seek alternative providers but also places it at a disadvantage in future contract negotiations, potentially leading to price gouging, inflated costs or reduced flexibility. Careful consideration must be given to balancing the benefits of an SSA with the strategic risks posed to the Commonwealth's long-term autonomy and negotiating power.
Key mitigations
3.76 The below key mitigations were identified:
- Maintain competitive tension during buyers’ procurement activities, inviting multiple sellers.
- Contractually exclude egress charges, or similar, to support data transitions and flexibility.
- Include exit and transition requirements in contracts, with clear provisions to address changes initiated by sellers as discussed in the Building in an exit plan section of this report.
- Enable contractual and usage flexibility as discussed in the Ensuring flexibility section of this report.
- Where technology is critical infrastructure, and cannot be easily replaced competitively, implement multi-year rolling contracts and negotiate annually the next out-year (e.g. in a 5-year contract, the 6th year is negotiated annually).
Single seller vulnerability
Assessed risk rating
Likelihood | Impact | Risk rating |
|---|---|---|
Rare | Catastrophic | Medium |
Description
3.77 The Buyer locked into seller risk section of this report considered the risk of the Australian Government being locked into a seller through the SSA. In examining that risk, the review identified that the extensive use of one or a few single sellers for critical technology across the Commonwealth poses a risk to maintaining critical services if one of these sellers fail.
3.78 Although rare, large global product and service sellers can fail, with potentially catastrophic impacts without viable alternatives, especially given the barriers to shifting technologies. Diversity within the SSA portfolio and ongoing access to broader market players can help mitigate this risk.
3.79 No seller is immune to global forces, which can result in large, multi-national corporate collapse (e.g. Enron, Lehman Brothers, Nortel Networks, Carillion, and Wirecard). For example, as an outcome of Defence’s efforts to consolidate their technology environment, Defence signed a 10-year lease agreement with GlobalSwitch for data centre services. However, in 2016, its parent company, London-based Aldersgate Investments, accepted $4 billion for a 49% stake from the Chinese consortium Jiangsu Shagang Group. This was increased to almost full ownership in 2019. Due to this ownership change, Defence and other Australian Government agencies had to re-evaluate their data centre strategies, incurring significant costs as a result.
3.80 Vulnerability can also be experienced at a product level. A recent example of this is CrowdStrike’s global IT outage in 2024, which caused major disruption to key infrastructure worldwide, including to several of Microsoft’s products.
3.81 Although these examples demonstrate that over-exposure to a single, large multi-national risks catastrophically affecting the capability to deliver core government services, there are commercial realities to consider (e.g. intellectual property rights and copyright). The Australian Government cannot simply carve up ownership of these products to address this risk. Given this, Australian Government agencies can limit their exposure by pursuing diverse, strong market relationships wherever realistic.
3.82 There is also a role for the DTA in identifying and understanding seller and product concentration risk across the Australian Government, and supporting buyers with determining appropriate strategies to mitigate this risk, without infringing buyers' autonomy of choice or limiting capability.
Key mitigations
3.83 The below key mitigations were identified:
- Work with buyers to identify areas of concentration risk with specific SSA sellers to determine potential exposure.
- Maintain competitive tension during buyers’ procurement activities, inviting multiple sellers.
- Continue to mandate transparency regarding changes in company structure or ownership, alongside mechanisms to protect buyer operations during such transitions.
Insufficient flexibility
Assessed risk rating
Likelihood | Impact | Risk rating |
|---|---|---|
Likely | Moderate | Medium |
Description
3.84 There is a medium level risk that SSAs, due to their scale, become too standardised and hinder full utilisation of products, services and value-adds (e.g. discounts, investments). In other words, there is a risk that SSAs lack flexibility to cater for everyone’s needs - this was echoed by buyers of all sizes.
3.85 The effectiveness of SSAs is limited where buyers cannot utilise the products or services on offer. The common barriers to using what was purchased cited by buyers were:
- Contractual commitments made by the DTA did not reflect respective buyers' strategic technology or business intent.
Description of Figure 16
The figure lists facts, features, and commonalities (including common benefits sought and common challenges) for the United States of America, United Kingdom, New Zealand, and Canada in relation to their whole of government technology arrangements.
Off4.9 Further information on the key commonalities and points of difference with other jurisdictions is provided below.
While all governance boards have important roles and responsibilities, the design, composition and operation should be fit-for-purpose – customised to the organisation’s context, strategy and risk profile. Good governance is both an art and a science—and cannot be prescriptive or one-size-fits-all solutions. For this reason, we explain the purpose and design principles that are important when designing digital project boards, and how these boards are necessarily different from other governance forums.
Positioning
To better understand the reasoning behind digital project boards, it is helpful to consider differences to other governance forums.
Digital project boards operate in unique environments and face distinct challenges compared to other governance structures. This section outlines how their attributes differ from corporate governance boards, non-digital project boards, and boards in non-government entities.
Comparison to Corporate Governance Boards
Project boards have similarities to corporate governance boards but have several material differences. In contrast to corporate governance boards, project governance boards are:
- Bounded by time: a project board is part of the temporary organisational structure established to deliver a project and is dissolved on project closure. The board will need to reflect on its structure and capability as a project moves through different aspects of its lifecycle.
- Bounded by scope: a project has a remit to deliver a particular outcome or result. The
actions of the board are limited by reference to the scope approved in the project business case and change procedures. - Bespoke: the board composition needs to be designed for the purpose of the project. The board capabilities will need to reflect applied technologies and stakeholder groups. There can be challenges when the organisational capability and structure the project needs are not yet in place, for example in cross-agency management forums.
- Dual accountability: board members will often have both organisational accountability and project accountability. Their organisational role may be accountable for mitigating risks, resolving tensions and removing roadblocks that impact project delivery. This can also lead to “conflicts of duty” which need to be recognised and managed, where an individual can be both the supplier and recipient for a project.
Comparison to non-digital projects
Digital project boards need to cater for the ways that digital projects are different to non-digital projects. In contrast to non-digital projects, digital project governance boards typically feature:
- High connectivity – Many digital projects involve rich interdependencies, including from people to systems, system to system, data to system, development to operations, vendors to the organisation. Project governance needs to consider how interdependencies affect the
critical path. There needs to be a high emphasis on stakeholder engagement and the importance of relationship with vendors. - Intangible outputs and outcomes – The intangibility of many digital deliverables and outcomes can make it harder for non-specialist board members or stakeholders to understand and articulate the underlying business logic, the intended benefits or the implications of change, and the required outputs resulting in increasing chance of goal ambiguity and misunderstanding.
Comparison to non-government entities
Government digital project governance boards have different considerations to non-government boards. These include the:
- Authorising environment – There is a high level of obligation to administrative law, including decision-making accountability, with implications for attention to delegations of decision-making authority and the need for transparency in record keeping.
- Relationship between the government and public sector – Policy directives, policy changes, the machinery of government changes, political risk need to be considered in decision-making.
- Public value and impact – Government boards need to consider the implications for public value, acting as stewards of public funding, instead of an exclusive focus on revenue and costs.
Principles
Principles to guide effective digital project boards
While all governance boards have important roles and responsibilities, their design and operation should fit the organisation’s unique context and strategy(16). Good governance is both an art and a science—combining evidence with practical judgement(17). Because every situation is different, this guidance focuses on key principles rather than one-size-fits-all solutions.
Project governance principles
- Active decision-making: Boards are active decision-making bodies optimising value of the investment for the public and agencies involved.
Implications:- use of the term Project Board rather than Steering Committee.
- active verbs in Board Terms of Reference (ToR), for example, decide, sanction, own.
- Integrates with corporate governance: Project governance should be integrated with the agency's authorising environment, as well as its corporate governance and enterprise risk systems, and its policies, standards and architecture.
Implications:- The ToR should articulate this positioning, and how reporting between governance structures will be conducted and discuss relevant delegations.
- Can vary over lifecycle: SROs and boards need to regularly reflect on whether board composition is still relevant and effective, and adapt if necessary.
- Distinct from stakeholder management: Separate committees or groups may need to be established to communicate and engage with stakeholders, for example, reference groups, working groups.
- Commensurate with risk and delegations: Project boards need to be at a level sufficient for making decisions and spanning the functional boundaries impacted by the change. Board composition and assurance activity needs to be commensurate with the project's risk profile and enterprise risk appetite.
- Optimise value, minimise negative impact: Emphasis is placed on achieving optimal value of the investment through effective project outcomes. Approval decisions are driven by alignment with project and strategic objectives. Quick wins and early value delivery is encouraged (e.g. not waiting until the end of the project to realise benefits) (25).
Board members need to "Ask the hard questions and make the hard decisions"
Interviewed Assurance Provider
- Members suspend self-interest: Board members may be chosen for their experience in a particular area of the business, but should suspend self-interest for the project to achieve its outcomes.
- Navigate tensions: Digital projects are rife with tensions and project boards are the interface between the permanent organisation and temporary project. As such, the board needs to align diverse stakeholders and navigate opposing forces and tensions (20).
- Constructive culture: Digital project boards need to set a culture of transparency, humility and courage so that risks and issues can be effectively mitigated, value optimised and impact minimised (20).
Governance tips from an experienced SRO
Lifecycle considerations:
There are several considerations in running an effective project board throughout a project’s lifecycle. This section provides guidance on the project board duration, inducting board members, review processes and dissolution
Project Lifecycle and Duration
Project boards should commence at a project’s inception. Different skills, capabilities and focus may be required at different stages of a project, and consequently the board composition may need to change. For example, architectural expertise may be more necessary in the design phase, procurement in the planning phase.
In addition, certain events can trigger changes to the project and/or Board. This can include a change in government, turnover of the SRO, handover of project between phases (e.g. after business case approval). These events should also trigger a review of the business case, board charter and composition.
Induction and On-Boarding
The following activities are recommended when standing up a project board, or after significant change [14-SRO, 1-SRO].
- Explain why the project is needed, the outputs and outcomes it is intended to deliver, and high- level project plan
- Provide clarity on roles, positioning of this board with other governance mechanisms and expectations on behaviour
- Understanding of baseline plan so the board know what they are measuring against
- Build capability in the core literacy areas. For example, an agency providing a Managing Successful Projects (45) course so that board members would have common understanding of project principles.
Reflection and Review
There should be a regular reflection and review on the effectiveness of a digital project governance board, as:
- Organisational needs can vary over the project lifecycle
- The external context might have changed, impacting the project’s feasibility
- Practices and processes can develop over time, and the board may need to manage reporting impost and regularly ‘de-clutter’
- The bespoke nature of digital project governance boards means it may need adjustment to be effective.
Participants for this research recommended having an item on the agenda (quarterly) to review the agenda and papers and remove lower value items. It might also be necessary to change the board composition, meeting cadence or address any cultural issues. The Self-Assessment provided in this document can also be helpful for providing a snapshot of board effectiveness.
Dissolution
Closing down the project board should be aligned with the project benefits being realised or accountability transferred to an operational role, rather than the technical output delivery. It should
also align with DTA’s Closure reporting standard for digital and ICT-enabled projects.
Any lessons learned, for example from post- implementation reviews, should be integrated into project management disciplines in the agency.
There should be a formal handover of any remaining risks and benefits to be realised.
Adopting Artificial Intelligence (AI) to deliver for Australians
Adopting AI to deliver for Australians
The APS AI Plan sets out how the Australian Public Service will harness artificial intelligence to deliver better services faster, for all Australians.
The plan provides the platform for every public servant to have the foundational training and capability support, access and the guidance needed to use AI tools safely and responsibly, supported by leadership from Chief AI Officers working to promote adoption.
The plan is built on three pillars:
- Trust: transparency, ethics and governance
- People: capability building and engagement
- Tools: access, infrastructure and support
By uplifting AI maturity across government, the APS will improve service delivery, policy outcomes, and productivity, while ensuring public trust is maintained.
When and how to apply
When to apply
Apply Criterion 10 during Beta and Live phases to test the effectiveness of your improvements with users.
Consider this criterion across the Service Design and Delivery Process to ensure your service remains fit for purpose.
How to apply
Questions for consideration:
- what is outdated or needs improving?
- what is and isn’t working?
- what feedback has been received?
- how will changes be communicated?
- how do improvements align with the performance indicators set?