Credit: Dreamstime
An IT contractor for Melton City Council in Victoria was found to have directed more than $1 million of IT work into his own company for more than two years.
The diversion of funds was uncovered as part of an investigation by the Victorian Ombudsman into the engagement with IT company MK Datanet, which was awarded a three-year contract to provide $1.3 million in IT services, commencing December 2018.
The investigation involved a senior member of the IT staff of Melton City Council for over two years who was contracted as a technology architect in May 2017 to November 2019.
He was brought on through a recruitment agency to work as part of a team tasked with designing the business transformation program and establishing its underlying technical strategy. He reported to the council’s enterprise application coordinator.
While working at the council, the contractor was paid $840 per day, collecting a total of $473,760.
The report found the staffer was able to direct more than one million dollars of IT work into one of his own companies, while using other companies he controlled (Datafusion Technology and Softech Australia) to provide additional, unfavourable quotes, giving the impression that the procurement rules were met.
The project work involved Civica and Mulesoft consulting services; Sailpoint licenses; and a Mulesoft proof of concept integration platform.
The antics of the person in question were described by ombudsman Deborah Glass as ‘childlike’, going as far as sending responses to quotes to himself under fake identities. She said he “knowingly misused his position at the council to obtain a significant private benefit of $1.6 million.
“Lax oversight allowed him to manipulate council processes for almost two years,” she said.
The report found that the person never declared his conflicts of interest in the processes. His company became the successful tenderer for a major contract, despite not meeting one of the mandatory requirements.
“The tender attached an OHS policy copied from another industry containing plainly irrelevant references to activities such as ‘mustering’ and ‘windmill maintenance.’ Clearly, no-one checked,” Glass said. “The charade that he was not connected with the company was maintained to the end -- when the company thanked him for working with them and asked for a reference.
“It is staggering those proper checks and balances were not followed and that he was able to deceive the council for as long as he did.”
The report delved into how this happened, revealing the person was engaged by the council through multiple layers of contractual arrangements, which masked his associations.
Added to this was a lack of ‘effective oversight', so much so that when another staffer was queried by the ombudsman after trying to gain an understanding of what the actual work was, he couldn’t ‘make heads or tails’ of it.
Glass said finally there was a “worrying lack of due diligence in the tender and procurement process," particularly as the report found that council was continuing to pay MK Datanet despite not performing or providing services as per its contract.
To top it off, MK Datanet were charging council for tasks that were already features of the software products and ‘overestimated’ the effort required for other tasks. There was also no ‘traceability’ of the tasks completed.
Even after 18 months of work, the council was not using Mulesoft or Sailpoint and there was nothing in production and no business use/value by MK Datanet, the report found.
During the investigation, the council decided to commission Mulesoft to independently review MK Datanet’s work relating to the software, finding that out of 18 work items, only two had been implemented, six were partially implemented and five others had no code or configuration, three items were an unknown implementation status, and two were not applicable because they didn’t relate to Mulesoft or weren’t required.
The report found that Mulesoft software wasn’t being used at all.
As a result, the ombudsman made recommendations, which the council has accepted, to consider raising the issues in the report to Victoria Police and the Australian Securities and Investments Commission (ASIC).
