Although covid delayed the first year-long ‘tranche’ of work by around six months, Mrs Pamment found that the slippage could not be put down solely to the pandemic.
Shortage in “internal” resources, the inexperience of some key stakeholders and “weaknesses in management of interfaces and dependencies,” was also to blame, she concluded.
Mrs Pamment also found that there needed to be more communication from leaders and more effective processes around planning and prioritisation.
Pictured: C&AG Lynn Pamment.
She makes a number of recommendations, including that workshops are regularly held to prioritise work and there is better documentation of decisions.
She said: “Tranche one of the Cyber Security Programme has been delivered in a challenging environment, as the pandemic changed operational priorities and stretched resources across the Government.
“Cyber security maturity has increased across all operational areas covered by the tranche one workstreams.
“However, delays to the CSP cannot solely be attributed to the effects of the covid pandemic and the associated restrictions and changes to operational priorities.
“The success of large transformation projects is reliant on effective prioritisation, communication and engagement.
“The CSP has implemented communication pathways with business units across Government.
“However, the prioritisation of transformation programmes and projects and of the interdependencies between concurrent transformation programmes and projects could be further improved.”