Browse our range of reports and publications including performance and financial statement audit reports, assurance review reports, information reports and annual reports.
Government Agencies' Management of their Websites
The audit objective was to assess how well agencies manage their websites. Particular attention was given to the audited agencies' website purposes, risk management and planning, policies, content management procedures, and performance monitoring and reporting. These elements provide the framework for the design, implementation and operation of websites.
In 1997, the Australian Government ‘committed to all appropriate services being deliverable on the Internet by 2001'.1 Since then, government agencies have increased their use of websites, accessible via the Internet, to the point that, at the beginning of 2008, the Australian Government had more than 800 websites.2
Government agencies deliver a wide range of programs and services to the community through various means, such as agencies' shopfronts, call centres, educational material, and via the Internet.
The most common role of agencies' websites is to provide information about services to the public. However, recent technological improvements have allowed agencies to deliver through their websites a wider range of services. Examples include how the public can now access a wide range of statistics, lodge tax returns and apply for Medicare cards online. In addition, the Australian Government Online Service Point <www.australia.gov.au> assists the public by providing links to information and services on its websites as well as on selected state and territory resources. By accessing <www.australia.gov.au> users can search over three million government web pages. In addition the proportion of people who accessed a Government website for their most recent contact with government has grown significantly in recent times, from 19 per cent in 2004–05 to 29 per cent 2007. 3
This increased reliance by agencies on websites to provide information and services, brings with it a greater need for agencies to have sound approaches to manage their sites. Poorly managed websites not only increase the risk that information and services are not provided to website users at reasonable cost to government, but can have adverse impacts on other service channels such as extra work loads for call centres and inquiry outlets.
An agency's website management approach should take into account the function of each site in service delivery and/ or the number of sites it manages. In general, agencies with large or multiple websites or websites with significant numbers of transactions, especially financial transactions, would be expected to have a more rigorous management regime in place than those agencies with single and small sites.
The Department of Finance and Deregulation, through its Australian Government Information Management Office, has overall coordination responsibility for the use of Information and Communications Technologyi within government. AGIMO provides the Government and agencies with information and guidance on the procurement, infrastructure, management and use of ICT, including on agencies' use of websites.
The Government's ICT policy, Responsive Government A New Service Agenda 2006 e-Government Strategy,4 has four ICT strategic priorities: meeting users' needs, establishing connected service delivery, achieving value for money, and enhancing public sector capability. One important policy objective of the policy is to improve government service delivery via websites. Therefore, addressing these four priorities in managing government websites is critical to the success of the Government's ICT policy.
In April 2008, the Government commenced a review of agencies' use and management of ICT. The review examined and reported on the ‘efficiency and effectiveness of the Australian Government's current use and management of ICT to determine whether the Government was realising the greatest return from its ICT investments'.5 The review was also designed to consider ways in which ICT can be used to meet the Government's broader objectives and the means by which the financial returns to Government might be increased. This included the use of websites to deliver information and services. A report was prepared for the Minister for Finance and Deregulation in September 2008.
The audit objective was to assess how well agencies manage their websites. Particular attention was given to the audited agencies' website purposes, risk management and planning, policies, content management procedures, and performance monitoring and reporting. These elements provide the framework for the design, implementation and operation of websites. There are a range of other elements associated with website management, including specifications development and testing through to system management, technical support and security checks. These other elements were not examined in this audit.
Audit coverage and methodology
The audit approach was divided into two parts. The first part of the audit involved the ANAO surveying 40 agencies to obtain a broad appreciation of agencies' website management practices. All agencies provided a response to the survey. The second part involved an examination of the management of five websites in three agencies. The sites were the Australian Bureau of Statistics website, the Department of Agriculture, Fisheries and Forestry website and its e-Permits website, and the Department of Foreign Affairs and Trade website and its Passports website.
To guide the assessments of agencies' website management documentation, the ANAO developed a ‘decision tree' that categorises websites based on their function and associated risk level. The ANAO identified that agencies with critical or large sites have higher service delivery risks. In these circumstances, an agency's website management should be underpinned and informed by its broader risk management framework. In particular, management should be supported by specific consideration of website risks, planning, policies, procedures, and performance monitoring and reporting. In comparison, websites that are not critical or large would have lower risks, and therefore it would be sufficient that their website governance be incorporated within agency–wide ICT management documentation.
The ANAO assessed the level of the five websites' management documentation, having regard to its adequacy, scope, currency, and alignment.
Deciding on where a website fits within the assessment model is a decision for each agency to make. However, for the purposes of this audit, the ANAO classified one of the five audited websites as being of significant risk to agency service delivery, with the other four sites classified as moderate risk to agency service delivery. The three agencies managing the five audited websites had multiple websites.
Overall audit conclusion
Over the past decade Australian Government agencies' use of websites to provide information and services has grown significantly, to the point that, at the beginning of 2008, the Australian Government had more than 800 websites accessible via the Internet. Websites are now an integral part of program delivery for many agencies in contributing to program outcomes. Effective website risk management, content management and monitoring provide a sound basis for the design, implementation and operation of websites, helping to ensure that appropriate and current information and services are delivered at planned levels. Sound website management will be underpinned by a clearly stated purpose developed in association with an agency's business goals and risk management. Such an approach allows the significance of a website to service delivery to be taken into account by agencies in making decisions on website management.
Overall, the ANAO concluded that, for the five websites examined in the three audited agencies, management processes and practices provided an adequate level of support for the delivery of information and services via those websites. However, given the increasing emphasis on the use of websites for service delivery, the audit identified scope to improve the three agencies' website management.
While the audited websites each had a purpose, for most it was not clearly stated and there was little documentation showing how the purpose guided decisions on website use. This made it difficult for the owner agencies to monitor the contribution and impact of each website to the relevant program and agency outcomes.
The survey data identified considerable diversity in the number, size, and type of websites and supported the importance of website management being tailored, taking into consideration risks. For example, one large agency had 96 websites, and the surveyed agencies' websites varied in size from 35 to 900 000 pages. Agencies with multiple or large websites faced increased risks associated with opening and closing websites, and managing growth in website content. The level of supporting website risk management documentation could be improved given each website's risk profile, and that each of the agencies had multiple sites.
A majority of the website risk management documentation for the audited agencies was covered in ICT security documentation, but varied in both the scope and type of the risks covered. In addition, two of the audited websites had not reviewed their website risks for up to three years. In this time, one of these sites had changed from an information-only site to a transactional site, while another site's purpose also had changed. Periodic review and treatment of risks, specifically where the website has undergone significant change, reduces the likelihood or consequence of new or emerging weaknesses or threats to the achievement of program outcomes. This is particularly important for websites that are integral to service delivery given the key role of websites with customers and other stakeholders.
The audit also identified that government websites are growing in size, which by its nature influences the risks of websites containing inaccurate, superfluous and or outdated information. Four of the five websites examined had adequate processes to record changes to website content, archive these changes, and to record approvals. However, one of the websites, important to the provision of information to the public, had no documentation to specify content management processes. This increased the risk of the agency publishing misleading information.
Also, agencies with large or high risk websites can benefit by introducing automated content management systems. These systems provide assurance that website content will not be published without approval, and they store website content changes, and retain copies of documents prior to changes being made.
All of the audited agencies monitored website user activity and satisfaction. However, none of the audited agencies reported specifically on how their websites were meeting their respective purposes and how they were contributing to agency business goals. Also, most agencies had little information on the costs of operating and maintaining their websites. Agencies with websites that pose significant risks to service delivery or that have multiple websites would benefit from an improved understanding of their website user activity, performance, and cost information.
The ANAO has made four recommendations aimed at improving the management of websites which are integral to agencies' service delivery. In particular: the development of a clearly stated purpose for each website; strengthening agencies' decision making through improved risk management; reviewing content management processes and practices; and strengthening performance monitoring and reporting.
Key findings (by Chapter)
Website Management Framework (Chapter 2)
Four of the websites examined did not have a clearly stated purpose, and there was little documentation showing if the purpose for each of those websites had been met, and how the purpose aligned with each agency's business strategy. Clearly stating a website purpose assists each agency to manage its website risks, monitor, evaluate and report on website performance, and/ or its contribution to the program's outcomes.
The audited agencies would benefit from improving their website risk management and policies. For example:
- two of the sites categorised as being of moderate risk to service delivery had not reviewed their website risk documents for up to three years. In this time, one of these sites had changed from an information-only site to a transactional site, while the other site's purpose also had changed;
- four of the sites, three assessed by the ANAO as of moderate risk and one of significant risk to service delivery, had a variety of website management policy documents that were managed by different areas within the agency. This complicated website management; and
- three agencies did not have policy on opening and closing websites. Agencies with criteria for opening and closing websites are more likely to reduce the likelihood of an agency duplicating some of its services through multiple sites, and are more likely to control their website costs.
The three audited agencies had multiple websites, with only one having a website plan to manage its websites and a list of its websites. They had five, 52 and six sites respectively. The survey responses showed that — of the 40 agencies — 26 had multiple websites, of which 20 had not planned the future of their websites over the next three to five years. The extent of some agencies' reliance on websites is evident, for instance, in how one large agency with multiple programs had 96 sites. The nature of an agency's website planning depends upon the number of sites, their complexity, changing technology, and costs. The findings from the three agencies and the survey responses showed a majority of agencies did not plan the future of their websites over the short to medium term.
The 40 surveyed agencies had 504 websites of which 99 agency sites had a domain name6 other than gov.au, with sites varying in size from 35 to 900 000 web-pages. This shows that agencies are increasingly using websites to provide information and services, with some agencies relying more heavily than others on this channel to provide information and services. It also shows that the Government's website presence includes domain names other than gov.au. There is very little information available about non gov.au sites: for example, on whether non gov.au sites are increasing and why they exist outside the gov.au domain.
Four of the five websites had adequate documentation to support their content management, and had processes and procedures to approve changes to website information and to archive the latter. The fifth site, which was large and important to service delivery, changed its content while not having documented processes to approve those changes. This agency advised that it was reviewing its website management and investigating whether specialist software can improve its website content management.
The two agencies using well developed specialist software had an increased capacity to manage changes to web content and the approvals for that content. Agencies with large and/ or multiple websites that do not use specialist software to manage content are encouraged to examine the benefits and costs of introducing specialist software for that purpose.
Website Performance Information (Chapter 3)
The three audited agencies monitored and prepared reports for management on website user activity and performance. However, the three agencies mainly used raw user activity data in their reports to their management, with little explanation as to what the data meant. This type of reporting provided minimal benefits. For example, one agency recorded weekly the number of website hits, and provided this raw information to management. The data showed a steady increase in the number of hits on its website. This information was not accompanied by an explanation or analysis. Improved analysis and reporting of website performance is most useful when it informs management of how, over time, the website is meeting its purpose and contributing to program and agency outcomes. The information is also useful when it identifies operational and management areas for improvement.
Websites are now an integral component of program delivery for most agencies, particularly for agencies with significant or multiple websites. Therefore, it is advisable that agency executives understand how their websites are performing, and how they contribute to program and agency outcomes. The audit identified that several of the surveyed agencies that had significant or multiple websites did not report website performance to their Chief Information Office (CIO) or Executive. Performance reports for key agency staff, such as, the CIO, Executive and website owner, would benefit agencies by identifying roles and responsibilities, providing advice on user activity and identifying issues that required action to improve services. It would be beneficial for the three agencies to further develop and document their website monitoring and evaluation methods, including the development of performance targets.
The survey results highlighted that only six of the 40 agencies maintained firm website cost data. Based on estimates provided, website costs across the 40 agencies ranged from $10 000 for a small information-only website, to $15 million per annum for an agency with one large site with significant transactions. The ANAO noted there are other costs involved in using websites, such as in the development and administration of content. This limited information on the total cost of websites pointed to how only a small number of agencies monitored their website costs, and compared them with the costs of other service delivery channels.
The amount spent by the Australian Government in managing its websites is significant. Survey cost data for 35 of the 40 agencies shows total expenditure on websites was $51.5 million in 2005–06 and $55 million in 2006–07. This represented an increase of approximately six per cent. In addition, the survey showed that website costs averaged about seven per cent of total ICT expenditure.
Summary of agencies' responses
The Australian Bureau of Statistics
The ABS agrees with the findings of the ANAO report into Management of Government Agencies websites. As the primary dissemination channel for ABS publications, continued development of the website is integral to the ABS's mission to support informed decisions through the provision of high quality statistical outputs. The ANAO audit findings provide a solid governance framework for managing agency websites and the ABS has undertaken a review of existing governance strategies to ensure that best practices outlined in the ANAO report are captured and implemented.
Department of Agriculture, Fisheries and Forestry
The Department of Agriculture, Fisheries and Forestry welcomed the opportunity to participate in the audit into Government Agencies' Management of the Websites. The department notes the views formed by the ANAO and agrees with its recommendations.
Department of Foreign Affairs and Trade
The Department of Foreign Affairs and Trade welcomes the ANAO's report of its performance audit into Government Agencies' Management of their Websites. DFAT agrees with the conclusions of the report and accepts each of the ANAO's recommendations. DFAT is reviewing its website goals and practices, and is developing a Website Strategic Plan to provide a comprehensive framework for the management and operation of its online presence.
Department of Finance and Deregulation
Finance notes the two previous ANAO audit reports (No. 26, 2004-2005 Performance Audit - Measuring the Efficiency and Effectiveness of E-Government and No 30, 2003-2004 Quality Internet Services for Government Clients – Monitoring and Evaluation by Government Agencies) made findings and recommendations similar to those in this audit report in respect to website evaluation, monitoring and the use of website metrics, website objectives and planning. This suggests that these issues have not been addressed appropriately by many agencies and that they remain problematic.
While Finance, through AGIMO, has endeavoured to promote best practice, in the management of agency websites, with the Web Publishing Guide and Better Practice Checklists, it appears that a concerted whole of government effort is required to resolve these problems. Such an approach may depend on stronger governance arrangements for website management best practice and guidance. The Gershon Review has proposed a stronger “opt-out” governance approach for whole of government approaches, which could be applied to the management of government websites.
1 Investing for Growth – The Howard Government's Plan for Australian Industry, 1997. Available at http://pandora.nla.gov.au/pan/32884/20080307-000/backingaus.innovation.gov.au/docs/statement/invest_growth.pdf. Last Accessed 4 December 2008.
2 AGIMO advice.
3 Australians' Use of and Satisfaction with e-Government Services — 2007, December 2007. Available at http://www.finance.gov.au/publications/use-of-e-government-services-2007/docs/31576_AGIMO_Satisfaction-ALL.pdf . Last accessed 4 December 2008.
4 Responsive Government A New Service Agenda 2006 e-Government Strategy, AGIMO, March 2006. Available at http://www.finance.gov.au/publications/2006-e-government-strategy/index.html> [accessed 4 December 2008].
5 Review of the Australian Government's use of ICT, 11 April 2008. Available at <www.financeminister.gov.au/media/2008/mr_112008.html> [accessed 4 December 2008].
6 A domain name is an address used to clarify and locate computers and web pages on the Internet, and ends with, for example, .au. Any site that ends with an .au is a site built specifically for Internet users with Internet Service Providers located in Australia. Within the .au domain there are a number of second level domains with specific purposes. Examples of these are gov.au, com.au and org.au. AGIMO is the delegated authority to assess individual domain name applications for the Commonwealth.