Modern technology systems are essential to efficient and productive businesses, helping to strengthen service delivery, security, and operational efficiency.
However, many public sector entities in Queensland are challenged by legacy and ageing systems that pose significant risks. In some cases, these systems are performing critical roles supporting daily operations, despite being decades-old.
Investment in critical government digital and information and communications technology (ICT) systems was a focus of the recent state budget, with a new Queensland Government Digital Fund announced. The fund is aimed at driving a coordinated whole-of-government approach to investment in digital and information technology systems across the public sector over 4 years.
In this blog, we outline some of the key risks for public sector entities to consider when presented with legacy systems and some strategies that can help to mitigate them.
What are the biggest risks?
Queensland public sector entities face 5 key areas of risk in relation to legacy or ageing technology systems.
1. Security vulnerabilities
Legacy systems are built on outdated software and hardware, which make them vulnerable to cyber attack. They can be a target for hackers because those systems do not have the latest security patches and updates or could be using operating systems that are no longer supported by vendors.
2. Reduced productivity
Legacy systems can be inefficient to run, resulting in lost productivity for staff using and maintaining them.
They can also be expensive to maintain, with high costs from increased security risks and the fact that the systems may not meet the contemporary needs for service delivery.
These high costs can also make it more challenging for entities to modernise their systems and invest in new or replacement systems. But without this investment, productivity remains reduced.
3. Service continuity
Disruptions such as cyber attacks can have significant consequences on service delivery and continuity. Legacy systems are more vulnerable to cyber attacks, and have a higher possibility of failure.
4. Staffing
It can be difficult to find staff with the skills to maintain legacy systems as they are built on older technologies and programming languages. This scarcity of required skills can in turn lead to high contractor costs.
5. Meeting service delivery needs
Legacy systems may not have the adaptability required to meet current and emerging needs for service delivery.
3 tips for managing your legacy system risks
Know and understand the risks
Identifying vulnerabilities and potential threats is the key. Ask the following questions to obtain a big picture view and inform your mitigating actions:
- How do your entity’s current systems affect security, compliance obligations, and operational efficiency?
- Has management identified vulnerabilities and potential threats with the current systems?
Develop your modernisation plan
Entities should be thinking about how they plan to update or replace outdated systems, which could include moving to a cloud-based solution. This should involve considering the costs, the length of time it will take, and the resources that will be required.
A strong understanding of your entity’s requirements for these systems should inform this process.
As you develop your plan, it’s a good idea to manage your risk by not trying to do everything at once. Implementing changes in segments provides more opportunity to review, learn, and assess risk.
Another pitfall can be avoided by defining the contract deliverables up front. This can help you avoid a misalignment between the vendor and entity’s expectations and subsequent change requests and contract variations, which cost time and money.
Boost your cyber security
There are a range of actions that can enhance your system’s cyber security. These include applying security patches, updating software that supports the systems, and putting in place strong user access controls.
Investing in cyber security training for staff can also help ensure they are aware of best practice and potential threats.
Overcoming the fear of failure
While new technology projects are complex and challenging, entities should ensure they don’t delay implementing them through fear of failure. Putting off necessary projects can increase risk and impact on service delivery.
Past system implementation failures can create a sense of fear and anxiety, making new system implementations seem daunting. However, modern technology projects can be transformative – supporting productive and efficient businesses.
See our blog post on Setting up technology projects for success, which explores 5 key factors that can make a difference when implementing new systems and increase confidence.
Related material
Reports to parliament
- Delivering successful technology projects (Report 7: 2020–21)
- Monitoring and managing ICT projects (Report 1: 2018–19)
- Effectiveness of the State Penalties Enforcement Registry ICT reform (Report 10: 2019–20)
Better practice guides
- QAO better practice guide—Delivering successful technology projects
- QAO better practice guide—Learnings for ICT projects
Blogs
- Tips on implementing a new ICT system
- Evolving digital services in government
- Learnings for ICT projects
- Lessons learned: Project steering committees for digital transformation projects
- Effectively monitoring and managing projects and programs
- How you can manage the risk of your legacy systems
- Setting up technology projects for success
Related article
Technology is essential for delivering modern government services – but technology projects can be complex and costly to deliver.