Corrupt IT security consultants have taken a number of NSW organisations for a costly ride, the Independent Commission Against Corruption (ICAC) has revealed.
The revelation comes just one month after ICAC warned the NSW public sector against outsourcing project responsibility to IT contractors.
Among others, the University of Western Sydney (UWS) and the Sydney Ports Corporation have fallen victim to hired-in IT project managers and advisors exploiting their positions of influence.
In 2007 UWS contracted Kings Security to install an automated LAN-based system for managing and monitoring building access on its Bankstown campus, in a deal worth more than $500,000.
A subsequent ICAC investigation found the consultant hired by the university to advise on the tender process, including vendor selection, was a good friend of the Kings director and the recipient of a $13,000 cheque after the deal was closed.
The Commission also retrieved emails which showed the consultant, Daniel Paul, had used his insider knowledge of UWS’ budget ceiling to prompt Kings to push up its prices to the tune of nearly $20,000.
The same company was involved in a compromised tender process at the Sydney Ports Corporation (SPC), which was also planning to upgrade its security systems.
ICAC found systems integrator Austek had intentionally submitted a “dummy quote” for the work when it became apparent that it didn’t have the hardware capability to complete the project.
It obtained Kings' pricing intentions prior to formalising its own bid to ensure that it would be the more expensive option. Kings went on to win the deal.
The Commission concluded that “the effect of the submission of the dummy Austek quote was that SPC was deprived of a truly competitive tender process.”
Paul was also hired to work on the SPC project, but failed to disclose his relationship with the successful bidder to the agency.
The cases add to a growing body of evidence suggesting that an imbalance of IT knowledge between the government and the technology sector makes agencies hand over much more responsibility and accountability for major projects than they should.
“Unlike the private sector, the government agencies in this investigation did not have a repertoire of industry knowledge to inform projects. Mr Paul was able to exploit this situation to his own advantage,” the ICAC report stated.
“In practice, the security experts were handed end-to-end control over the projects as public sector managers effectively outsourced accountability.
“A key lesson from this investigation is that a government agency cannot transfer its responsibility for the integrity of government procurement and project delivery to an external source,” it said.
The Commission advised “procurement processes for the provision of highly specialised security and IT services pose serious corruption risks”.
It made a number of recommendations for tightening up buying arrangements, including the recruitment of in-house project managers to have the final word on project budgets and vendor selection, the division of tasks between several major vendors when it comes to major security projects, and a blanket ban on gifts from prospective contractors.
It also concluded that the security industry, including hardware and software providers, systems and integrators and consultants, had a “reputation for questionable practices” and thus should become the subject of particular scrutiny in its dealings with government.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
