Public sector managers need to be aware of potential corruption risks for the significant benefits of information technology development to be fully realised.This is a theme showing consistent concern in Britain but this time the warning has come from New South Wales.
A piece of academic analysis there has shown that government departments, agencies and local governments require new collaborative efforts to increase corruption resistance.
The analysis was revealed at a symposium, The Need to Know: eCorruption and Unmanaged Risk, in Sydney.
The Independent Commission Against Corruption (ICAC), created to protect the public interest in public sector affairs, has specific powers to expose and prevent corruption. One of its key prevention tools is to hand out advice on developing resistance to corrupt practices.
The analysis prepared for the ICAC followed a survey of more than 1,000 senior information technology managers and senior line managers throughout the public sector.
Among other things, the analysis found IT security safeguards generally poor – such as infrequent testing of firewalls, data audit trails not sufficiently scrutinised, frequent disregard of proper password protection, e.g., written on the side of computers or given to others when staff are on leave.
It also found a knowledge gap amongst senior managers who appear to think such issues are the concern of IT staff only, and that most corruption affecting their technology is likely to come from outside.
However top managers are not complacent, and in the survey voiced fears about potential corruption. The four main areas of concern raised among chief officers in New South Wales are: database and information misuse, eProcurement, e-mail and internet abuse.
In a separate IT Managers’ Survey, only 14% said there was a comprehensive fraud control plan associated with IT systems.
The survey also pointed to what IT managers are doing to check up on IT use and abuse, including monitoring email and web use.
The conclusion on the results is that while some systems are in place, the risk management of IT is still at a very ‘novel’ or initial phase, and there are insufficient guides based on experience.
Sharing experience of what works is seen as important, as well as the possible establishment of a co-ordinated approach from central government.