Auditor-General's introduction

Reflecting on our work about information.

E ngā mana, e ngā reo, e ngā karangarangatanga maha o te motu, tēnā koutou.

Information is the lifeblood of any organisation. It plays an essential role in every decision an organisation makes or expects to make. In the public sector, using and managing information well is critical to effectively and efficiently delivering public services.

The information held by public organisations1 informs decisions about service delivery, supports evidence-based policy development and decision-making, and helps measure performance and effectiveness.

During 2016/17 and 2017/18, we looked at aspects of how well the public sector uses and manages information. We wanted to provide an independent view of how well public organisations collect, store, and use information to inform good decision-making.

Our work has reinforced the need for public organisations to treat information as a strategic asset. This means that its value is recognised and there is a deliberate strategy for how information is managed and governed. We saw examples of public organisations managing information well, where they had a clear understanding of what information was needed to inform decision-making, information was collected and stored efficiently using technology and document management systems, and information was available when decision-makers needed it.

We also saw examples where public organisations struggled to manage their information well. Some did not have all the essential information available to make the best decisions about providing services to people. Others were not making the best use of the information they had.

Legacy information technology and document management systems often created inefficiencies in collecting and storing information, meaning that information was not easily accessible. The legacy systems were also creating obstacles to collaboration within and between public organisations.

Although there are obvious cost implications for information technology solutions to some of these problems, it is important that public organisations keep reviewing their systems and processes for managing information. We saw room for improvement in ensuring that systems were still fit for purpose.

To maintain trust and confidence in the public sector, people also need to know that their personal and commercially sensitive information is kept safe and secure. Legislative mechanisms allow public organisations to share information, and, where services are designed around the needs of individuals, privacy considerations are often embedded in the design process.

However, misunderstanding and confusion about privacy laws are still creating barriers to public organisations working together and sharing information. In my view, the leadership and guidance provided by the Office of the Privacy Commissioner and the Government Chief Privacy Officer are essential to the public sector sharing information in a safe and secure manner.

Strong and clear expectations have been set for the management of information security. However, we still see some basic weaknesses in security controls for information systems associated with financial and performance information that we audit. It is essential that public organisations make the changes needed to ensure that their information systems are safe and secure.

We also wanted to understand what progress public organisations were making in using digital technology to improve the services they provide to people. The ways in which people expect to access information and services are changing. Public organisations need to respond by designing digital services that allow people to access services where and when they need to.

Where public organisations provided services or information online, we saw improvements in the experience for people, as well as an improved perception of the reliability of the service or information. We also saw evidence of the challenges that public organisations continue to face, including the need to keep up with expectations as technology develops and to ensure that public sector websites and applications are useable and accessible.

Providing digital public services is not just about putting information online. It requires a different approach to designing services. We are pleased to see the public sector moving to a focus on an individual's key life events and needs, rather than on what services particular organisations are tasked with providing.

The public sector is facing a transformative challenge – to work together to design and deliver services. Services that are focused on the needs of people and businesses and that allow them to interact with the Government in a more seamless and agile way will increasingly become the norm.

Our work showed us some good examples – such as SmartStart – where public organisations were successfully collaborating to design digital services for people and businesses. There are opportunities for other organisations to learn from these projects.

The functional leadership roles of the Government Chief Data Steward and Government Chief Digital Officer are essential to provide guidance and support to the public sector to make the shift needed to consistently use information as an asset, to enable the progress and innovation that open data allows, and to create ICT-enabled digital-by-design transformation throughout government. It is important that both roles have a strong leadership mandate and that it is clear to other public organisations what those leadership responsibilities are.

The work that this report is based on was done before my term as Controller and Auditor-General began. However, I consider that this report has some essential messages about the use of information and data in the public sector. I encourage public organisations to consider the matters raised in this report and to ask themselves whether they are using and managing information in ways that allow them to best provide the public services they are responsible for.

Nāku noa, nā,

Signature - JR

John Ryan
Controller and Auditor-General

27 August 2018

1: Public organisations include, for example, government departments, State-owned enterprises, Crown research institutes, the defence forces, district health boards, city and district councils and the entities they own, port companies, schools, and universities, polytechnics, and wānanga.