Response from the Department of Internal Affairs

Response to our recommendations about Strategic suppliers: Understanding and managing the risks of service disruption.

01 June 2023

45 Pipitea Street
Thorndon
PO Box 805
Wellington 6140
www.dia.govt.nz

Ethan McKenzie
Performance Audit Lead
Office of the Auditor-General

Tēnā koe Ethan

Follow up on Performance Audit of Strategic Suppliers

Thank you for your letter dated 3 April 2023 to Paul James, Government Chief Digital Officer (GCDO), regarding the 2021 Performance Audit of Strategic Suppliers: Understanding and managing the risks of service disruption. Your correspondence has been passed to me for response in my capacity as Deputy Government Chief Digital Officer.

The Office of the Auditor-General (OAG) made one formal recommendation (recommendation 2) regarding Te Tari Taiwhenua - Department of Internal Affairs (DIA) following the Performance Audit.

OAG recommended that the Ministry of Business, Innovation and Employment, DIA, the Department of the Prime Minister and Cabinet, the Treasury, the National Emergency Management Agency, and other agencies as appropriate:

  1. consider how the public sector, including local government, can build on existing initiatives to ensure that strategic supply risks affecting important public services are well understood, managed, and co-ordinated; and
  2. work with Te Kawa Mataaho Public Service Commission to ensure that roles and responsibilities are clearly assigned.

The following information details how DIA has addressed OAG’s recommendation. Please note, the GCDO does not have a role in determining local government procurement.

DIA, as Lead Agency for the All of Government (AoG) Portfolio of ICT services, actively manages the performance of suppliers of Common Capabilities, Framework Agreements and Marketplace services. This means DIA has a system wide view of agency spend across AoG ICT services, as well as the type of services being delivered.

AoG ICT Common Capabilities suppliers are assigned a Supplier Portfolio & Contracts Manager that manages the supplier and contract, alongside an Enterprise Security Assurance Consultant. They do this through monthly or quarterly governance, and undertake the following:

  1. understand levels of supplier resilience and assess supply chain risk,
  2. facilitate the receipt of contract and security deliverables,
  3. facilitate changes to the contract,
  4. perform security assurance activities including review of Business Continuity and Disaster Recovery Plans, and
  5. handle incident and risk management.

DIA also takes a structured approach to the identification and management of strategic suppliers. These suppliers:

  1. collect annual revenue through AoG ICT services contracts of more than $40 million and deliver services to more than 50 agencies, or
  2. are of strategic importance to DIA, for example, a supplier with an AoG Cloud Framework Agreement.

In addition to standard supplier management activities, strategic suppliers meet with the GCDO and Deputy GCDO three times a year. These meetings enable regular mana to mana engagement and strategic dialogue between the parties, at an executive and all of government level, and include:

  1. supply chain risk management,
  2. high level issues management,
  3. agreement on collaborative actions, and
  4. sharing Portfolio Roadmaps.

The benefits of DIA’s approach to supplier management was evident during the COVID-19 pandemic, when suppliers were dealing with delivery and supply chain risks. As a result of the relationships and information channels DIA has in place with suppliers, agencies could rely on regular communication and risk identification and management, and experienced minimal service disruption during this challenging period.

DIA is also strengthening its approach to understanding agency spend outside of the Common Capabilities Agreements, through the Digital Investment Office (DIO). DIO was established in December 2022 and supports the GCDO with oversight of digital investments across the public sector. Although still in an early stage of development, it is intended that the DIO will guide and support agencies to invest in digital solutions that best meet their operational needs, while addressing risk and aligning with government policy and strategies.

DIA’s data collection processes and analytical capabilities has substantially improved since November 2020, when OAG first requested information for the Performance Audit. This is mainly due to the development of PowerBI Dashboards, and we now have much stronger insight into agency and supplier procurement engagement and consumption patterns.

DIA has also recently developed a Supplier Portfolio Dashboard. This Dashboard is reviewed at the GCDO Operational Review Board on a quarterly basis, and provides oversight of supplier performance across a range of metrics, including:

  1. governance,
  2. deliverables,
  3. security certification,
  4. service delivery performance, and
  5. commercial, contractual and agency escalations.

Another initiative to address OAG’s recommendation, is the continued expansion of the Marketplace (DIA’s procurement platform), particularly the migration of more capabilities into the Marketplace. The ‘always open’ approach of the Marketplace simplifies procurement for agencies and expands the supplier options available to them.

Significantly more services and suppliers are available through the Marketplace, compared to the previous closed Panels. Increased supplier diversity supports market development and growth, and we expect that in time this will also result in lower supply risk. This is also applicable to Framework Agreements, which are now in place for several Cloud service providers and enable greater supply choice and the potential for a reduction in supply chain risk.

I trust the information provided answers your query. Please let me know if you require any further information.

Ngā mihi,

Colin Holden
Acting Deputy Chief Executive
Te Kōtui Whitiwhiti | Digital Public Service Branch