Panel could be more "robust".
Australia's national auditor has told the Digital Transformation Agency to improve its procurement practices after basic Commonwealth Procurement Rules (CPRs) were bypassed to establish the Digital Marketplace.
The Digital Marketplace is an open platform designed to bring government buyers and digital sellers together. In an audit of three IT procurement arrangements released on Monday, the Australian National Audit Office said the DTA could not “fully demonstrate” the marketplace “supported the achievement of value for money outcomes”.
It put this down to “planning deficiencies” when the interim Digital Marketplace was created in August 2016, with the DTA failing to reference value for money assessments or any requirement that potential suppliers provide price information in its request for proposal.
“DTA’s planning and approach to market for the establishment of its Digital Marketplace panel did not comply with all of the CPR requirements but did demonstrate the adoption of a number of key sound practices identified in Finance guidance,” the report [pdf] states.
The issue appears to have originated from what can only be described as confusion over what constitutes a procurement, with the DTA’s own planning documents specifying that the process to establish the panel was not deemed to be a procurement.
The DTA instead considered that a procurement would only be completed “when an entity approached the Digital Marketplace with an opportunity and suppliers responded” - a definition that more closely resembles a multi-use list (MUL).
“Nonetheless, DTA thought of the Digital Marketplace as a panel ... without it meeting the requirements of a panel,” the report states.
“In effect, DTA had created a list of prequalified suppliers or a multi-use list rather than a panel and this impacted DTA’s approach to market … and the evaluation of suppliers.”
MULs, which are now defunct, were lists of suppliers who had applied for inclusion on the list and satisfied a set of conditions, however were not the result of a procurement process and involved no value for money assessment like for a panel.
The audit also notes that there was no “probity plan, risk management plan or tender evaluation plan in place prior to establishing the Digital Marketplace panel in February 2017”.
The ANAO said the DTA rectified the issue of CPR non-compliance in 2018, when it refreshed the Digital Marketplace and introduced a new requirement to provide information on price and referencing the need to conduct a value for money assessment.
But when it did so, some IT suppliers such as those on the Australian Taxation Office’s IT MUL - which were offered the option to transfer when MULs ceased in 2018 - were “able to join the Digital Marketplace panel without a value for money assessment”.
This meant that the “DTA did not treat all potential suppliers equitably, as required by the CPRs, as suppliers were able to join the panel via different means”, something that the audit says has continued.
“While DTA’s new process is sufficient to achieve compliance with the minimum requirements of the CPRs, DTA’s consideration of price, quality and risk could be more robust to better demonstrate that its evaluation of suppliers achieves value for money outcomes,” the audit notes.
The ANAO has recommended the DTA ensure that "suppliers are treated equitably and are appointed on the basis of a value for money assessment" when establishing any future procurement panels.
It has also told DTA to school officials undertaking complex procurements to ensure they have "sufficient understanding of the procurement requirements, the nature of the arrangement being established and procurement related risks".
The DTA has agreed to both recommendations.
Risking value for money, competition
The audit also raised concerns with aspects of the Digital Marketplace construct, including only providing government buyers with a “summary of the range of daily rates sellers have been awarded for roles in each category”.
“Buyers do not get to see the approved maximum prices of individual suppliers but can ask DTA to provide this information,” the audit states.
“This means that buyers who do not ask DTA for the specific price information can only use the summary of daily rates on the Digital Marketplace to guide their decision-making regarding which panelists to approach.”
There is also no requirement for Digital Marketplace buyers to “obtain more than one quote for services, which has the potential to reduce competition”.
Data provided by the DTA showed that “the number of approaches made to one supplier was as high as 61 percent for [the Department of] Home Affairs” and “as low as 3.4 percent for DTA”.
“Approaching only one supplier eliminates competition and reduces the ability of entities to demonstrate the achievement of value for money,” the audit states.
“Approximately 67 percent of all approaches made to suppliers by the audited entities was to five or more suppliers, and DTA approached all suppliers on the Marketplace 90 percent of the time - a much higher percentage than the other entities.”
The other two panels assessed as part of the audit included the $1 billion whole-of-government IBM arrangement, which is also owned by the DTA.
While the DTA was found to have “largely complied with the requirements of the CPRs ... and supported the achievement of a value for money outcome”, it didn’t get off scot-free.
The ANAO said the DTA initially treated the “process as a ‘project to establish a contractual framework’ rather than a procurement”.
“As a result, some processes usually adopted for a procurement of this size and scope, such as first for purpose management and probability arrangements, were lacking,” the report states.
It also noted that the DTA “lacked capability in terms of engaging effectively with IBM in negotiations”, which the DTA put down to a “lack of understanding of IBM’s business structure”.
The report also looked at the Department of Infrastructure, Transport, Regional Development and Communications’s IT service panel, which expired in February 2020.
The audit found the department complied with the CPRs and adopted related guidance when it established its IT services panel.
However, it could have “adopted a more robust approach to the consolidation of price, quality and risk”, leading the audit to conclude that it “could not fully demonstrate the arrangements supported the achievement of value for money outcomes”.
“Had Infrastructure established stronger thresholds in terms of price, quality and risk and included details in the request documentation, it would be have been in a better position to undertake a more robust assessment of value for money at the evaluation stage,” the report said.
FOR ANY DIGITAL MARKETING SERVICES CONTACT OUR TEAM TODAY TO HELP. info@Vissicon.com #cybersecurity #hacking #security #technology #hacker #infosec #tech #ethicalhacking #programming #linux #hackers #cyber #kalilinux #cybercrime #malware #python #privacy #it #iot #cyberattack #coding #dataprotection #hack #ethicalhacker #networking #informationsecurity #cybersecurityawareness #programmer #datasecurity #itsecurity #informationtechnology #software #business #cloud #computerscience #computer #internet #cloudcomputing #network #windows #bhfyp #data #phishing #hacked #cybersecuritytraining #coder #ai #artificialintelligence #cisco #anonymous #code #ransomware #encryption #networksecurity #java #digital #training #bigdata #machinelearning
Originally published : https://www.itnews.com.au