Report 4: 2020–21

Queensland Health's new finance and supply chain management system

Report objective

The objective of this information brief is to identify the facts relating to Queensland Health’s implementation of SAP S/4HANA, the new finance and supply chain management system, and the subsequent actions the Department of Health has undertaken.

Overview

On 1 August 2019, after several delays, Queensland Health launched SAP S/4HANA, its new finance and supply chain management system. While the system operated as implemented, Queensland Health experienced significant issues and staff and vendors soon encountered problems. How Queensland Health addresses the system issues is of particular importance during the COVID-19 pandemic, as S/4HANA is also the core inventory system it uses to manage the critical supplies and distributions of personal protective equipment for frontline doctors and nurses. 

Tabled 23 September 2020.

Elim Beach

Summary

On 1 August 2019, after several delays, Queensland Health (the Department of Health and the 16 hospital and health services (HHSs)) launched a new financial and supply chain management system—SAP S/4HANA. Queensland Health experienced significant issues with S/4HANA after go-live, however it indicated little to no adverse impact on patient care. The post go-live experience showed that Queensland Health underestimated the compounding delivery risks.

Hourglass icon
The lead up to go-live
  • The project team’s key challenge was a complex environment that included 17 entities and a complex project overlay.
  • Queensland Health refreshed its program board to improve decision making, oversight and program reporting.
  • Entities reported low completion rates for user training. Users had poor understanding of their responsibilities and the system’s processes. This exposed defects in entities’ change management processes.
  • Entities did not properly reengineer their processes in readiness for the new system.
  • Chief executives endorsed their entities’ readiness to go live, with caveats, although none had fully completed their readiness activities.
  • The board endorsed that the system should go live based on the entities’ and the program team’s risk mitigation strategies.
Magnifying glass icon
Issues at go-live
  • Vendors were not always paid on time.
  • Hospitals had trouble ordering supplies in the right quantity.
  • Users did not fully understand the system capabilities and processes.
  • System performance affected productivity.
  • Configuration data errors in role mapping, delegations and inventory management affected user experience and processing efficiency.
  • HHSs put in extensive effort and resources to find workarounds to mitigate disruptions.
  • Deficiencies in information technology (IT) controls increased the risks of unauthorised or unintentional data manipulation.
  • Our 2019–20 financial audits found deficiencies in S/4HANA’s information technology controls, which led to an alternative, but more costly audit approach.
Wrench and screwdriver icons
Current status and progress to date
  • Queensland Health has made progress addressing the issues it experienced with S/4HANA.
  • The issues and solutions have come at a significant cost in time, resources, and dollars. Not all costs can be quantified, but an extra $33.5 million was spent to go live and to provide heightened support to entities over the four-month hypercare and transition period.    
  • S/4HANA has improved Queensland Health’s supply chain management capability but the functionality needs to be extended in hospitals to provide better and more timely insights into stock levels. Work arounds are in place to give stock managers relevant information.
  • Queensland Health’s response to COVID-19 affected its S/4HANA stabilisation project. Two workstreams continued—supply chain management and purchase to pay.
Lightbulb icon
Our recommendations
  • We made two recommendations. One is directed at future whole-of-Queensland Health information and communication technology projects and one is on the inventory management module. These will be important considerations when Queensland Health restarts the Hospital Based Corporate Information System (known as HBCIS) replacement project.
1
Elim Beach

1. Recommendations

As a result of our 2019–20 financial audits, we provided a series of recommendations to the Department of Health and the hospital and health services (HHSs) to address deficiencies in system security, application controls, and work processes. These are not reproduced in this information brief.

All entities should also consider our recommendations in our reports Effectiveness of the State Penalties Enforcement Registry ICT reform (Report 10: 2019–20), and Digitising public hospitals (Report 10: 2018–19), and lessons learned from the upcoming Auditor-General’s insights report on Delivering successful technology projects.

Department of Health and the hospital and health services

We recommend that the Department of Health and the hospital and health services:

1. redesign the project governance and accountability frameworks to ensure clear and unequivocal accountability for project delivery

The framework should ensure all designated parties take ownership of:

  • completing project readiness activities in a timely manner and to a specified quality (Chapter 4)
  • understanding change implications to their entities and updating local guidance (Chapter 4)
  • correctly identifying user roles and ensuring the right staff are trained at the right time (Chapter 4).

The framework should clarify that a senior executive from the department should be the senior responsible owner throughout future whole-of-system projects. The department needs to take a governance-leadership role and should continue to include the HHSs in the design and implementation of whole-of-system projects (Chapter 4).

2. undertake a cost-benefit analysis to determine when and how to progressively convert appropriate inventory storage locations to fully managed inventory locations, to provide real‑time insight into stock level and consumption (Chapter 5).

This should include facilities to be utilised for the newly established state clinical stock reserve.

Elim Beach

2. About this information brief

This brief provides the key facts relating to Queensland Health’s implementation of SAP S/4HANA. The Department of Health and all 16 hospital and health services use S/4HANA as their new business, finance, and logistics system. S/4HANA is managed and maintained by the department.

S/4HANA replaced the 22-year-old finance and materials management information system (FAMMIS) used by Queensland Health, which was an early generation SAP product. The project that developed and implemented S/4HANA, the Financial System Renewal (FSR) program, commenced in December 2016. S/4HANA went live on 1 August 2019. A program timeline is included in Figure 2A below.

FIGURE 2A
Financial System Renewal program timeline
Financial System Renewal program timeline_report 3 2020-21_Figure 1A

Queensland Audit Office from Financial System Renewal program information.

1

Queensland Health experienced significant issues with S/4HANA after go-live.

Prior to go-live, we highlighted to the accountable officers of Queensland Health entities that there were significant risks around the completeness and accuracy of financial information contained in S/4HANA, with these risks being a focus of our 2019–20 financial audits. 

Media reports and concerns received directly by the Queensland Audit Office in November 2019 questioned Queensland Health entities’ ability to pay vendors in a timely manner and to manage inventory to deliver health services. These concerns, coupled with our early financial audit work, resulted in us undertaking a preliminary enquiry to better understand the risks.  

Based on the outcome of our enquiry and the level of public interest, we decided this information brief is warranted to present information about the program to parliament. This is consistent with the foreword in our report on the Effectiveness of the State Penalties Enforcement Registry ICT reform (Report 10: 2019–20), which tabled in February 2020. 

The objective of this information brief is to identify the facts relating to the S/4HANA implementation and the department’s subsequent actions. The areas we focused on were:  

  • key processes informing the go-live decision 
  • the immediate outcomes of the program and impacts on Queensland Health 
  • the projects taken to stabilise and manage the system. 

We have not examined earlier phases of the program. Appendix B contains details of our methods.

Elim Beach

3. What happened at go-live

S/4HANA went live on 1 August 2019. While the system operated as implemented, deficiencies in managing staff training and system customisation resulted in staff and vendors of Queensland Health soon encountering problems. Staff and vendors both experienced an adjustment period as they became familiar with S/4HANA. This is not uncommon for an organisation of the size and complexity of Queensland Health.

Figure 3A illustrates some of the key problems after go-live.

Queensland Health did not identify any adverse patient care outcomes arising from post go-live issues.

The Department of Health (the department) has made progress in addressing the significant issues but still has work to complete this.

FIGURE 3A
Snapshot about problems after go-live
Snapshot about problems after go-live

Note: HHSshospital and health services. Hypercare was a period of heightened user support.

Queensland Audit Office from Financial System Renewal program information and Queensland Audit Office survey of hospital and health services.

1

Vendors were not getting paid on time

A significant backlog of payments to vendors arose following the go-live date. Figure 3B shows large amounts of past due vendor invoices for Queensland Health entities post go-live, compared to 12 months prior. The late payment amount peaked in October 2019, with $335 million vendor invoices paid past their due date. The situation has improved since then and in June 2020, Queensland Health had $124 million of vendor invoices that were past their due date for payment.

FIGURE 3B
Queensland Health overdue vendor payments: August 2019 to June 2020

Note: excludes payments between hospital and health services and the department. Queensland Health’s payment terms range from seven to 30 days; Queensland Audit Office used payment terms of 30 days for all vendor invoices for ease of analysis. The number of days past due is calculated using the payment date and invoice date recorded in S/4HANA or finance and materials management information system (FAMMIS), subtracted by the assumed payment terms of 30 days.

Queensland Audit Office from FAMMIS and S/4HANA data.

1

The backlog was caused by a number of factors, including the invoice scanning software not reading invoices correctly, vendors sending duplicates of the same invoice in an attempt to be paid, early issues with slow system speed, a lower than anticipated use of purchase orders, and the enforcement of controls that could be bypassed in the old system. These contributing factors are discussed in the sections below.

The Queensland Government has mandated payment to all small business suppliers within 20 days from 1 July 2020. The department advised it has recently implemented system enhancements in S/4HANA to capture small business vendor status to apply appropriate payment terms.

The system did not read vendor invoices correctly

S/4HANA allows invoices to be processed quickly through invoice scanning technology that reads a supplier’s invoice to automatically extract relevant payment information.

Subsequent to go-live, the department identified that the invoice reading software was not able to capture critical invoice information consistently and correctly, including vendor Australian business number (ABN), invoice number, and purchase order number. The invoice reading software did not receive sufficient training to enable it to read different types of invoices or handle the required volume of invoices at the desired accuracy. As a result, staff had to manually check and record the correct information in the system, which delayed the payment of invoices.

The software relies on vendors’ invoices containing all the required information. Prior to go-live, the department held information sessions, sent vendors an information sheet and set up a vendor information webpage to explain the invoice format and content requirements. However, not all vendors chose to format their invoices in the required manner. Between go-live and mid‑August 2020, approximately 481,768 invoices were rejected by the system as being duplicate, in invalid file format, or non-invoice documents.

The department has configured the invoice reading software and allocated resources to continue training to improve scanning accuracy. In addition, the department has developed reference material to guide staff who check invoice data for accuracy.

Vendors submitted a large number of duplicate invoices

The department received a larger than usual number of invoices post go-live. Some suppliers sent duplicate invoices to different areas to ensure they were paid. This, in turn, required additional manual checks to remove duplicate invoices and avoid duplicate payments.

The department has a control to identify duplicate payments and has performed further analysis to identify missed duplicate payments, though the analysis has not operated effectively. Duplicate payment checks were not undertaken to detect invoices that were paid in the old system, finance and materials management information system (FAMMIS), and again in the new S/4HANA system. In early August 2020, the department reported that 13,351 suspected duplicate payments had been identified since go-live, which presented around one per cent of the total number of invoices processed in S/4HANA. Of these invoices, the department found 1,836 duplicate payments totalling $6.5 million. Queensland Health has started to recover the over payments.

In mid-September 2019, the department launched an accounts payable service desk to provide vendors with a single point of contact and ensure invoices were processed in a timely and accurate manner. The department also communicated with vendors about the proper way to submit invoices and the risk of resubmitting invoices causing duplicate payment and delays.

Delegation setup had errors and was not updated enough

Delegates are those who are authorised to approve transactions. Corporate policies specify the nature (for example, spending money) and amount of a transaction that a delegate can approve. The delegation setup in S/4HANA determines how the system workflows the transactions for approval.

Prior to go-live, delegations were uploaded into the system in accordance with entities’ approved delegation schedules. However, some entities identified errors in their delegations post go-live. For example, one entity omitted a business unit of 120 people from the system. These errors have created the perception to some users that the system was not reliable.

Queensland Health is large, with frequent staff and position changes. Some hospital and health services (HHSs) were frustrated that delegation changes were not being updated frequently enough. This meant incorrect delegations might be assigned to someone, which prevented them from actioning a request or resulted in their workflow going to someone else. Stakeholders agreed for the central service desk to update delegations during the hypercare period (a period of heightened user support) until the HHSs became familiar with the delegation framework.

The department has now deployed functionality to allow selected users within each HHS to upload delegation changes without assistance from the service desk.

Different system workflows caused confusion

At go-live, 14 of the 16 HHSs felt the workflows in the system were not operating as expected. Following the conclusion of the hypercare and transition periods at the end of November 2019, four HHSs still found workflows were not operating as expected, while three HHSs had seen improvements. The delegation data errors and low user training resulted in ineffective workflows, which increased the risk of fraud and errors not being detected early in the system, and the risk of delays and duplications. This is shown in Figure 3C.

FIGURE 3C
HHS feedback on workflow delegations

Queensland Audit Office from HHS survey feedback.

1

S/4HANA supports automated workflow functionality to allow transactions to be processed quickly with little manual intervention.

Report 3 2020-21_Box1

Entities did not properly understand the new system processes, nor did they fully appreciate the need to reengineer their business processes to fit the system.

1

However, the workflow escalation in S/4HANA works differently from the workflow in the invoice processing sub-system, and this caused confusion for staff. The invoicing sub-system does not automatically escalate all invoices for staff to action. This resulted in workflows being blocked in the system, which requires an administrator to manually assign the invoice to an available staff member. Some staff reported they were not aware of the differences between the two systems and did not understand the actions needed for different scenarios. The department has identified a new escalation process as a desired system enhancement.

There were delays to manually process invoices

Following go-live, a substantial number of invoices remained with coding staff or approvers at HHSs for correction and manual processing. This created a backlog and contributed to an increased number of invoices not being paid. 

Coding groups were established for each entity to assign invoices to the correct account codes and cost centres. However, delays resulted because:

  • several entities had not correctly nominated their coding groups
  • some users were not aware of their roles and rejected assigned invoices, resulting in invoices being released without being actioned
  • direct invoices were not automatically escalated in the system
  • it took time to identify the correct vendor where the vendor was set up with multiple vendor numbers (some vendors have multiple bank accounts and therefore multiple vendor numbers)
  • some staff were not aware of or familiar with the new compliance tasks required (for example, acknowledging receipt of goods before an invoice could be processed).

Outstanding invoices impacted on monthly reporting

Ten of the HHSs reported that the high balance of outstanding invoices had an impact on their monthly reporting and budget management. HHSs lacked an understanding of outstanding invoices pending approval or coding in the new system, affecting HHSs’ ability to report total monthly expenditure and perform effective budget monitoring. Some HHSs had low trust in the data and made estimates based on historical data.  

These concerns were mostly addressed when dashboard reports were introduced in late 2019. The external dashboard reporting draws on S4/HANA data. This helps HHSs to identify invoices being processed, or if any payment delay is caused by untimely coding, approval, or goods receipting.

Vendor exception reports were not used to identify anomalies

Exception reports are a powerful tool to identify anomalies for investigation. We reported to the department in May 2020 that some exception reports relating to vendor details had not been generated since go-live. The department had technical difficulties with the reporting tool external to S/4HANA. The department had been unable to produce the following reports:

  • vendors charging goods and services tax (GST) but were not registered for GST
  • vendors with bank account changes
  • regular vendors who also have Queensland Health employee bank account details
  • duplicate vendor master records.

The absence of monitoring controls increases the risk of fraudulent and inappropriate changes to vendor details, such as bank account changes, not being detected.

The department advised it has since been generating and reviewing more exception reports.

Users experienced inventory order errors and delays

HHSs and distribution centre staff experienced difficulties in adopting the changed inventory processes of S/4HANA, which resulted in ordering errors and delays.

Staff did not understand how the system measures quantity

Report 3 2020-21_Box2

Change management did not adequately teach and inform staff how the system would operate.

These examples reflected deficiencies in entities’ readiness activities pre go‑live (see Chapter 4).

1

HHSs reported that deliveries from the department’s distribution centres were sometimes inconsistent with the orders they had placed. This was due to S/4HANA specifying quantity using a base unit of measure, compared to the units of issue used in the previous system. For example, an order for a box of 100 gloves is specified as ‘100 EA’ in S/4HANA, compared to ‘1 box’ in the previous system. When HHSs placed an order for ‘1 EA’ gloves, the system tried to deliver a single glove when the HHS expected a box of 100.

This change caused confusion among HHSs and warehouse staff. As a result, HHSs received more or less stock than what they believed were ordered, and experienced delays in receiving the quantity required. Distribution warehouse staff also observed significant variances during stocktakes and had to undertake multiple stocktakes to verify their stock on hand.

Health Support Queensland (HSQ) is the shared service provider within the department responsible for supply chain management. While HSQ ran education sessions prior to go-live to explain the changes, staff were used to ordering inventories the old way. Training is discussed in Chapter 4.

To correct this issue, the department implemented system changes in March 2020. HHSs can now configure how they measure quantities, but they do not always get it right. In those instances, distribution centre staff are required to liaise with HHSs to correct their configurations.

Staff were not familiar with new system processes and data requirements

Some staff were not familiar with the new system processes, causing delays or errors in ordering and distributing inventories. For example, the system blocked future orders from being processed when HHS staff did not record goods received in the system upon delivery; this inbuilt control was to avoid doubling up. In another example, when distribution centre staff did not perform real-time stock replenishment in the system, this affected HHSs’ ability to reserve stock, even when there was sufficient physical stock in the warehouse.

S/4HANA offers inventory management functionalities that are completely new to users. Some supply staff were not familiar with how to set up material requirements for individual storage locations. This meant that users at a particular storage location may not be able to place orders for their location.

The compounding effect of inventory-related issues has caused HHSs to over-order to counter perceived system errors and delivery delays, which in turn caused inflated throughput and stock reservations at distribution centres.

Warehouse scanners did not work properly

S/4HANA introduced a high level of automation, with three types of scanners used at distribution warehouses. Staff experienced problems with the handheld scanner units, causing delays in inventory picking, despatching, and stocktaking. Problems included scanners not connecting with computer servers and scanner units going to sleep after a short period of inactivity. HSQ has taken steps to fix these scanner problems.

Some scanner problems were due to staff not being familiar with scanner functions, resulting in staff pressing the wrong keys and executing the wrong transactions, not exiting the stocktake screen properly when interrupted by other tasks, or forgetting log-in details for scanner access. These incidents have decreased over time as staff get used to operating the scanners.

HHSs implemented manual workarounds

The user-adoption issues discussed above affected HHSs’ confidence in the department’s supply chain. As a result, 15 of the 16 HHSs reported they adopted manual workarounds to address issues that occurred soon after go-live, including:

  • placing direct orders with suppliers to bypass the need for inventory to go through the centralised distribution warehouses, despite warehouse stock being available for order
  • placing urgent off-system orders via email or telephone instead of through S/4HANA (the department had to restrict this practice due to its misuse for non-urgent orders)
  • using corporate credit cards to pay outstanding invoices to reduce the risk of vendors withholding supplies. While this addressed the delay in payments to suppliers to some extent, it increased the risk of duplicate payments because the original invoices were not removed from the workflow process in S4/HANA in a timely manner.

System performance affected productivity

Post go-live, the end users of S/4HANA experienced frequent system freezes, long task running time, and slow system response time. Delays often occurred during peak office hours when many users logged into the system. Between go-live and mid-April 2020, the Queensland Health S/4HANA support team logged 29 high-urgency, high-impact system incidents with SAP that had a number of different impacts, including an inability to access the system on eight occasions. Other impacts included more general issues around configuration and data clean-up which were addressed while the system continued to be available to most staff. These incidents are different to day-to-day support requests received by the Queensland Health S/4HANA support team. Queensland Health was able to address most of the root causes relating to system outages during the four‑month hypercare and transition period.

Staff lost productivity while they waited for the system to become available or operate at optimal speeds. This has the potential to hold up other areas of the business due to the integrated nature of Queensland Health. For example, HHSs rely on distribution centres for inventory and rely on service centres for transaction processing. Delays mean potential interruptions to services.

During March 2020, the S/4HANA system was re-platformed to double its memory and processing capacity. The department reported that this change appears to have resolved the ongoing performance issues.

HHSs incurred unbudgeted costs post go-live

Queensland Health had anticipated an elevated level of effort to manage local changes at hospitals for six to 12 months post go-live. However, HHSs reported higher-than-expected costs in managing system issues.

Report 3 2020-21_Box2a

Entities should consider our recommendation in Digitising public hospitals (Report 10: 2018–19) regarding identifying full cost of implementing and operating complex whole-of-system information and communication technology solutions.

1

For the period between 1 August 2019 and 30 November 2019, 12 HHSs estimated having incurred a combined $3.1 million managing post go‑live issues. From this total, four HHSs each incurred costs of more than $200,000, with Metro North HHS experiencing the largest outlay of around $1.4 million.

The costs incurred were related to hiring additional staff or consultants to address localised training needs and inventory and accounts payable issues (including implementing manual workarounds, such as processing manual inventory orders).

Some of these costs are continuing, and not all the costs were quantifiable, including staff down time due to system performance issues, unrecorded staff time resolving issues (including opportunity costs), and loss of discounts due to late payment of invoices.

HHSs continue to incur some of these costs while Queensland Health resolves manual workarounds and system issues. This has limited the HHSs’ ability to direct resources to better use. 

Service desk experienced support issues

A dedicated service desk was in place to provide an elevated level of support to system users during the hypercare period post go-live.

Hypercare ended on 23 October 2019. A transition period of four weeks followed to facilitate knowledge transfer from the program team before Health Support Queensland took over the business-as-usual support function on 25 November 2019. Health Support Queensland is a business unit within the department, providing a range of statewide shared services to Queensland Health entities.

The service desk received over 17,181 requests during the hypercare and transition periods, with 782 remaining open at the end of the transition period. The average time to close a request was 4.3 days. 

The program and support teams facilitated multiple avenues to allow HHSs to track and monitor all request tickets raised and closed, and any issues escalated for system enhancements. However, HHSs reported difficulties obtaining accurate and timely responses from the helpdesk. At times, HHSs did not receive any responses at all, or the helpdesk did not act on the requests properly before closing them.

In other cases, HHSs felt the helpdesk did not provide adequate information for completed requests. For example, in some instances the helpdesk did not provide updated delegation tables to the requesting user to verify that changes were made correctly. This led to additional requests being lodged unnecessarily to obtain extracts of the delegation tables.

The department was not aware of any instances of requests being closed without resolution. However, several HHS staff reported to us that repeated closure of their requests without satisfactory resolution resulted in them giving up, rather than re-raising their issues.

Information technology general controls had deficiencies

Information technology (IT) general controls are the controls that govern change management, user access, and security to the relevant application and its data.

Effective IT general controls help entities manage data integrity and develop reliable reporting.

IT general controls were not effectively documented

The department did not effectively document IT general controls for S/4HANA for the first four months following go-live. The department expected the program team to effectively document the system controls and processes, and incorrectly believed they did not own the system until it transitioned to the business-as-usual support unit within the department.

As a result of the insufficient documentation, system configuration issues, and user access deficiencies, we were unable to rely on expenditure controls for all Queensland Health entities when auditing their 2019–20 financial statements. Accordingly, we changed our audit strategies to undertake more detailed transaction-level audit testing to obtain sufficient appropriate audit evidence. This came at an increased audit cost of approximately $0.5 million to Queensland Health entities.

S/4HANA was not locked into production mode

Each Queensland Health entity is individually set up in S4/HANA. In March 2020, we found that the department had not locked the system into production mode, which would have protected each entity’s financial data from unauthorised or unintentional manipulation by privileged users.

Following our advice, the department fixed the issue on 20 March 2020. The department has investigated whether this weakness was exploited. They concluded there was a low risk of data deletion or inappropriate amendment. Subsequent to their investigation, we agreed the risk was low.

System access for privileged users was improperly set up

Privileged users are those who have greater access to system functionalities in S/4HANA than general users. For example, they have the authority to assign users access to various business roles in S/4HANA and can undertake system administration tasks.

Report 3 2020-21_Box4

There was a risk of undetected unauthorised changes to system data by privileged users who were given inappropriate levels of access.

1

We found that some general users have access normally reserved for privileged users and that the department did not implement appropriate controls to prevent privileged users from altering their own level of access.

This means privileged users could bypass the embedded system rules applicable to general users. This increases the risk of privileged users performing unauthorised activities and transactions without being detected. For example, a privileged user could provide themselves access to modify vendor bank details and delete records of this activity from the system’s audit logs. Queensland Health’s monitoring process over changes to vendor master data would, therefore, not detect this unauthorised change. The department has now fixed this weakness.

We also found that some privileged users with no system configuration roles were given access to alter master data set up within the system, affecting data integrity. In other instances, privileged users were given access inconsistent with their roles. Users with more advanced system administrator access could make changes to scheduled system background tasks (for example, batch payments). This increased the risk of privileged users performing activities without proper authorisation and not being detected.

The department has resolved the issues relating to access to the core and master data governance systems. Inactive accounts have been reviewed and removed where required. The department has now fixed the weakness associated with the use of generic accounts.

Elim Beach

4. What happened in the lead up to go-live

During January to July 2019, the Financial System Renewal (FSR) program board shifted its focus to entities’ readiness for system go-live. During this period, the board met regularly, in some instances weekly, and tracked entities’ readiness progress against set business readiness assessment processes and criteria.

The program team informed the board that chief executives of all Queensland Health entities had approved their entities’ readiness to go live, despite none of them having completed all required go-live activities. Entities reported their readiness was dependent on them completing certain activities, statewide shared services and the program team completing their work prior to go-live.

Not all entities’ concerns and gateway review recommendations were resolved prior to go-live.

Program governance leadership changed

Queensland Health initiated the FSR program in late 2014. The program commenced in December 2016 after funding was approved. Following a governance review in December 2017, the Department of Health’s (the department) Deputy Director-General for Corporate Services became the senior responsible owner and chaired the program board. The board was previously led by a hospital and health service (HHS) chief executive and supported by board members, including the department’s representative. The governance review found ambiguity in the governance leadership roles, and that the program governance structure did not support rapid and agile decision making. Program reports to the board did not give members sufficient information.

In May and June 2018, there was a short pause of the program and a change to the board membership and program leadership.

The refreshed governance structure (see Appendix D) maintained active HHS participation, strengthened the accountability of the senior responsible owner for the ultimate success of the program, and incorporated more streamlined decision making and more comprehensive program status reporting. A new program director was appointed to lead the program in the direction set by the board, rather than being absorbed in operational tasks.

In addition to its board membership, Metro North HHS retained the program administration role, which included providing accommodation to the program team and undertaking procurement, contract, and financial management functions.

Go-live day extended

Go-live was initially set for 1 November 2018. There were two go-live extensions before the system went live on 1 August 2019.

The first extension was on 31 January 2019 when the board confirmed a go-live day of 1 July 2019. This followed a program review undertaken in mid-2018, which found the program was not ready for go-live. The program had experienced significant delays in key activities on the critical path, including system interfaces, data cleansing and migration, change management, training, and local implementation planning.

The second extension was at the board meeting on 24 May 2019, when the board endorsed an extension of go-live day to 1 August 2019. The extension was due to:

  • entities being underprepared for go-live, based on limited exposure to the program materials, gaps in understanding, and lack of defined processes
  • role mapping and training needs assessment being delayed, incomplete, or changed, resulting in a reduced pre go-live training window and core users’ readiness
  • cutover processes being at unacceptably high risk (due to the above readiness issues), which could impact on business continuity.

Queensland Audit Office’s limited-scope review prior to go-live highlighted outstanding actions

Between March and July 2019, we performed a limited-scope review of the proposed S/4HANA control environment and business processes to prepare for the 2019–20 financial controls audit.

In the month prior to go-live, we reported to the program’s leadership and the department’s director-general that we were unable to complete our testing before system go-live, because:

  • the information technology (IT) general controls and application-level controls were not finalised and tested
  • documentation that clearly outlined the control objectives, control activities, and expectations on the HHS for processing transactions were not developed
  • HHSs had not tailored process flow maps, the core S/4HANA system process maps did not include expected off-system manual controls, and had not addressed an internal review’s recommendations
  • testing of stacked roles (an individual with more than one role within S/4HANA) and resolution of conflicting roles were not complete, and conflicts remained unresolved
  • mapping roles to users was not finalised, which meant we could not test the system’s segregation of duties
  • the testing of financial delegations was not thorough and was not based on expected real-life scenarios.

These deficiencies were not resolved prior to go-live and contributed to the vendor management, accounts payable, and IT general controls issues post go-live.

Final independent review identified delivery risks

The final third-party independent assurance review (the Gate 4 review) was conducted in July 2019 and presented to the board on 15 July 2019. The board held a closed session with the independent assurance team, without the program team present, to quiz them on the report.

The review assessed the delivery confidence for going live on 1 August 2019 as amber/green. This assessment meant that, while successful delivery appeared probable, Queensland Health needed to closely manage several delivery risks.

The review made 24 recommendations that had varying levels of priority, with 12 requiring completion before go-live. As of 26 July 2019, seven of the 12 pre go-live recommendations had been completed or closed, with actions to address the five remaining recommendations in progress. The effect of some of the outstanding actions became more apparent post go-live. For example, the ongoing changes in role mapping increased the risk of incorrect role allocations in the system and increased the volume of service desk requests to update roles.

Actions to address recommendations did not always achieve the desired actions. This was evidenced by the issues that arose post go-live. For example, the program team communicated and provided training to users to explain how S/4HANA measures inventory quantity differently from the old system. Post go-live, however, staff were still confused by the measurement differences, which led to inventory ordering and distribution errors.

Entities endorsed their readiness with caveats

In January 2019, entities began providing monthly readiness status information to the program team for reporting to the board. All entities, including departmental business units who provide shared services, completed their readiness certificates between 9 and 17 July 2019. The certificates covered 30 readiness activities across nine categories of criteria to explain how prepared entities were for system go-live.

Report 3 2020-21_Box5

Chief or senior responsible executives endorsed their entities’ readiness to go live, despite none of them being fully ready.

1

Figure 4A shows that most entities reported a small portion of readiness activities as ‘completed’, with many identified as ‘on track for completion’ by the go-live date. While the readiness certificates were not formally updated at go-live, the program team monitored issues raised in the certificates, undertook rectifications, and reported status to the board (refer to the sections below discussing caveats and conditions raised in certificates and the final go-live decision). Not all criteria were completed at each HHS by go-live.

FIGURE 4A
Informing go-live—Entity readiness certificate status by criteria
Informing go-live—Entity readiness certificate status by criteria__report 3 2020-21_Figure 4A

Notes: HHS1–16 are presented in a random order; Health Support Queensland (HSQ) had two additional readiness categories due to its statewide shared services responsibilities. Separate certificates for statewide shared services are discussed later in Chapter 4. DeptDepartment of Health. eHealth—a business unit within the department that supports the information technology needs of the department and the HHSs.

Queensland Audit Office from entity readiness certificates.

1

Caveats and conditions were raised in certificates

The program team noted that 17 of the 19 Queensland Health entities provided their readiness endorsement conditionally upon statewide shared services being ready or the program team delivering on their assigned tasks prior to system go-live. The readiness certificates for statewide shared services and the program were subsequently approved by the responsible executives. However, some HHSs were concerned that no independent assurance was provided over the readiness of statewide shared services.

The program team identified 128 caveats or conditions raised in entities’ readiness certificates, with the majority coming from three HHSs and the department. The program team grouped these caveats into 19 key themes, such as training, role mapping, and functional readiness. The program team reported the status of these caveats back to the entities on 25 July 2019, including actions undertaken or proposed by the program team. On 27 July 2019 at the board’s final meeting before go-live, the program team reported that, of the 128 caveats raised in the readiness certificates, 55 were addressed, 29 were for noting, and actions to address the remaining 44 were in progress.

Some of the key issues raised in the certificates are discussed below.

There were errors in mapping users’ business roles in the system

Role mapping is critical for determining what a user can do or approve in the system. Role mapping also informs how controls are implemented to manage role conflicts to ensure segregation of incompatible duties. For example, a user with banking responsibilities should not have access to modify accounts payable data. Individual entities were responsible for mapping end users to one or more business roles in the system, based on their functions.

Report 3 2020-21_Box6

Errors in entities’ role mapping meant that some users did not receive the right training needed to do their jobs properly.

1

While entities commenced role mapping activities in November 2018, by mid-July 2019 only six HHSs felt they had completed their role mapping accurately. Only one HHS felt they understood and had controls in place to manage role-based conflicts, and had documented the controls to mitigate the risks within their entity. The remaining HHSs reported they were on track to finalise role mapping and segregation of duty controls by go-live. Changes in key personnel in HHSs late in the life of the FSR program contributed to program knowledge loss and delays in completing readiness tasks.

Entities continued to update their role mapping in the lead up to go-live as they gained a better understanding of the new process. However, late role mapping changes added pressure to the role-based training, which had 137 training modules across 12 functional areas. During April and May 2019, over 2,000 user records required removal and 1,500 records required changes or updates. This large scale of data amendment affected data integrity, with records missing key personnel information. Some users found they were mapped to roles they rarely perform and were sent to training sessions that were not relevant. Others did not receive all the training required prior to go-live due to the late changes.

While the program team conducted regular validation of entities’ role mapping prior to go-live, entities were responsible for considering the suggested changes based on their local business processes and requirements. Through their experience post go-live, some HHSs felt the role descriptions developed by the program team were not clearly defined and had affected their understanding and accuracy of role mapping. Some users reported to us that they were not aware of all the roles they were assigned to due to late changes, or they did not know how to perform their roles due to incomplete training.

User training completion rate was low prior to go-live

The overall statewide training completion rate remained low in the final weeks leading to go-live. As of 21 July 2019, the training completion rate was 39 per cent, with a 35 per cent completion rate for eLearning and 50 per cent for instructor-led training. The program team routinely reported the low attendance rate to the board and, through weekly attendance reports, to chief executives and chief financial officers (CFOs) of HHSs.

Report 3 2020-21_Box7

The majority of users did not attend sufficient training prior to go-live; some found the training not as useful as it could be after reflecting on their post go-live experience.

1

Superusers also had low attendance rates. Superusers are those who have greater knowledge of system and internal processes, with responsibility at go-live for providing first-line support to their peers by accessing the right support tools and frameworks without contacting the central helpdesk. In July 2019, the program team held six information and training sessions over three weeks, but 41 per cent of superusers did not attend any session.

All HHSs reported in their readiness certificates that training was on track for completion by go‑live. HHSs reported challenges in ensuring staff were provided with enough practical training to use the system at go-live. HHSs’ feedback to us was:

  • Some staff felt their learning pathways were not delivered in sequence, and they struggled to understand key concepts and workflow processes. This was largely due to late changes to user role mapping affecting individual users’ training scheduling and learning progress. With a total of 23,000 role-based training places offered across 30 different modules, an orderly learning pathway was difficult for the program team to achieve at a statewide scale.
  • Some staff found the training too theoretical or based on examples of simple scenarios, because the training material was designed to suit general and common processes across all HHSs. There were some examples of good practice where HHSs ran localised training tailored to their circumstances.
  • Not all training modules were delivered in a simulated system environment. For those that were, the simulation environment used at the earlier stage of training was different from the final production environment. As a result, some staff felt training did not reflect the real practices they encountered.
  • While the program team collected feedback after each training session, some HHSs felt the learning outcomes were not assessed in a way that could determine whether staff understood and could apply their learning in practice.
Not all entities had achieved functional readiness for go-live
Report 3 2020-21_Box8

Most entities did not understand the system processes well enough to reengineer critical local processes to fit the new system.

1

To demonstrate functional readiness prior to go-live, entities were required to capture and test critical day‑one business processes and update key documentation, policies, business rules, work practices, and guidelines to account for process changes. This was one of the criteria in their readiness certificate. This involved improving users’ understanding of S/4HANA and changes in how their business role and functions would be performed post go‑live.

At the time when HHSs submitted their readiness certificates, none had completed all the activities to achieve functional readiness. Of the 16 HHSs, 15 reported they were on track for completing those activities and one had concerns about getting ready by go-live.

The program team held functional deep-dive sessions in April 2019 to provide step-by-step walk throughs of key system functionality across critical business scenarios. Participants included 230 nominated key staff from across HHSs and the department. Following these sessions, the program team established communities of practice to help ensure knowledge sharing of readiness activities and documentation. HHSs told us they felt these were useful but happened too late in the lead up to go-live.  

Readiness certificates for statewide shared services highlighted concerns

The department provides accounts payable, supply chain, and payroll support functions to HHSs through several statewide shared services. On 10 July 2019, the department approved the readiness certificate for these services.

None of the readiness activities in the accounts payable certificate were marked as complete. The department reported that most of the activities for accounts payable were on track for completion by go-live, but was not confident that key documentation and policies would be ready for go-live.  

Health Support Queensland identified just over half of the supply chain service activities as being completed, with the remaining on track for completion by go-live.

Health Support Queensland reported it had met all seven criteria for the statewide payroll integration.

The board endorsed these certificates on 15 July 2019. On 19 July 2019, the program team provided a summary certificate to all entities stating the overall readiness for statewide shared services. This meant that HHSs did not see the original readiness certificates, which had more detailed assessment against individual criteria.

Final go-live decision

The program’s readiness assessment process involved five checkpoints during the six-month period leading up to go-live, with the final go/no-go checkpoint at one week prior to go-live requiring the:

  • chief executives and CFOs of individual entities, including shared services units, to sign off on their readiness assessment
  • FSR program team to make a recommendation to the program board
  • FSR program board and senior responsible owner to make a recommendation to the director‑general
  • director-general’s approval to proceed.

On 18 July 2019, the Director-General of Queensland Health approved the S/4HANA go-live date of 1 August 2019, following endorsement by the FSR program board. In its recommendation to the director-general, the board noted that continued effort would be required to ensure a successful go-live and, based on the risk mitigation strategies identified by entities and the program team, the board was confident to proceed.

Report 3 2020-21_Box9

The program board endorsed system go-live based on risk mitigation strategies identified by entities and the program team, despite the number of outstanding items.

1

Following the approval, the board continued to monitor progress of entities’ readiness activities and mitigation strategies. At its meeting on 29 July 2019, the board confirmed its final go-live endorsement after considering the latest update of entity and shared services readiness, the status of the action plan to address Gate 4 review recommendations, and outstanding issues relating to identified focus areas.

The program team presented the final program readiness certificate at the meeting. Of the 50 readiness activities, 26 were marked as complete with the remaining 24 on track for completion before go-live day.

Recommendations

Recommendation

The Department of Health and the hospital and health services (HHSs) should redesign the project governance and accountability framework to ensure shared accountability for project delivery.

The framework should ensure all parties take ownership of:

  • completing project readiness activities in a timely manner and to a specified quality
  • understanding change implications to their entities and updating local guidance
  • correctly identifying user roles and ensuring the right staff are trained at the right time.

The framework should clarify that a senior executive from the department should be the senior responsible owner throughout future whole-of-system projects.

The department needs to take a governance-leadership role and should continue to include the HHSs in the design and implementation of whole-of-system projects.

1
Elim Beach

5. Managing personal protective equipment during COVID-19

Capabilities of S/4HANA are not fully utilised to manage inventory

S/4HANA has significantly improved Queensland Health’s supply chain management capability compared to the previous system. It provides increased visibility into stock movements and collects more data that can be used to inform demand management. However, Queensland Health has not been fully utilising S/4HANA to manage its inventory, including personal protective equipment (PPE), across significant storage locations. Most of the hospital and health services (HHSs) did not choose to implement the full inventory management module due to resourcing and cost concerns.

S/4HANA needs to be extended to track real-time stock movements by configuring appropriate storage locations to operate as fully managed inventory sites. There are 100 fully managed inventory sites, including the distribution centres and some service centres, out of the 4,230 storage locations across Queensland Health. It would require a large-scale change-management exercise to convert most sites into fully managed inventory locations and train staff. Metro South HHS is the only HHS that is progressively converting its facilities to fully managed sites.

For partially managed sites, S/4HANA can only track to the point when goods are receipted by HHSs, without visibility of stock level or consumption at storage rooms, clinics or wards within individual hospitals.

During COVID-19, HHSs with partially managed inventory sites increased their frequency of stocktaking. For example, during the peak of the outbreak, a South East Queensland HHS was undertaking daily stocktakes across 15 storage locations and providing weekly updates to the Department of Health (the department) to inform centralised purchasing decisions.

On 25 June 2020, the Deputy Premier, Minister for Health and Minister for Ambulance Services announced that the Queensland Government would establish a clinical stock reserve to ensure sufficient supplies and equipment are available to frontline health services.

Without having fully managed inventory sites across the state, Queensland Health will continue to experience difficulties having real-time insight into stock level or consumption within individual hospitals.

Recommendations

Recommendation

The Department of Health and the hospital and health services should undertake a cost-benefit analysis to determine when and how to progressively convert appropriate inventory storage locations to fully managed inventory locations, to provide real-time insight into stock level and consumption.

This should include facilities to be utilised for the newly established state clinical stock reserve.

1

Dashboard reporting helps manage PPE

S/4HANA is not designed and was not implemented as a business intelligence reporting tool; therefore, it cannot provide the comprehensive information required to project PPE demand.

However, compared to the previous system, which relied heavily on paper records, S/4HANA captures more data, which can be used for end-to-end tracking of inventory movement. The department has established dashboard reporting and an allocation model to manage PPE demand. Outside of the distribution centres, the current reporting is not real time and is labour intensive to produce as it relies on a manual data feed. The department is investigating options to automate the reporting process.

Elim Beach

6. Where to from here

Improved HHSs’ direct purchasing from the department

Figure 6A shows that hospital and health services (HHSs) have increased purchasing through the Department of Health (the department) since the implementation of S/4HANA. Purchasing centrally and utilising strategic procurement functions can achieve cost savings and efficiencies. It also allows for better demand management and reduces the risk of HHSs competing against each other for resources. If this trend continues, this will be a positive outcome from implementing S/4HANA.

Purchasing centrally through the department allows for system-scale savings and the use of standard agreements with vendors, ensuring value for money. The Queensland Health policy recognises HHSs’ discretion to purchase directly from vendors if needed.

FIGURE 6A
Percentage of HHSs purchasing from the Department of Health
Percentage of HHSs purchasing from the Department of Health_report 4 2020-21_Figure 6A

Queensland Audit Office from S/4HANA and FAMMIS data.

1

New business integration project

Queensland Health established the S/4HANA business integration project (the project) following the conclusion of the hypercare and transition periods on 25 November 2019.

The project aimed to design and implement changes to processes and practices that optimise the use of S/4HANA and better meet Queensland Health’s needs. The project had five priority workstreams, including some of the key residual risks and issues from implementation, such as inventory management, purchasing, and data quality.

Most major information and communication technology (ICT) solutions have post-implementation integration and optimisation projects. However, this project would not have needed to address residual risks and issues to the extent that it did, if the change management and pre go-live activities (such as improving configuration data) had identified and mitigated the key delivery risks earlier.

COVID-19 has slowed down resolving system issues

The COVID-19 pandemic has put significant pressure on the public health system. In March 2020, the department suspended the oversight committee for the business integration project due to competing COVID-19 priorities and resource constraints.

In late April 2020, the department established a new COVID-19 Supply Chain Surety Division. Following reprioritisation and replanning, the division took over from the project on two priority projects with direct impact on the Queensland Health’s COVID-19 response efforts, including supply chain management and purchasing.

The objectives of the two priority projects are:

  • distribution and supply management—to upscale operations within distribution centres, regional warehouses, and hospitals to meet high demand throughout the pandemic period
  • procure to pay—to stabilise the end-to-end procurement-to-payment cycle within S/4HANA to enable effective purchasing practices and timely payments for vendors.

Independent review of program learnings

The department is undertaking a lessons learned review over the implementation of S/4HANA that can be used in future projects. The scope of the review includes identifying key activities that should be undertaken to finalise the rollout of S/4HANA and complete any remaining enhancements. The review was not complete at the time of drafting this report.