What the Auditors Say

Local Government Technology Challenges - 10 years of Audit reports.

Local government technology is not just “the IT department.” It underpins the digital channels residents use for rates, permits, libraries, and reporting issues. It includes the corporate platforms running finance, HR, and records, the regulatory systems supporting planning and compliance, and increasingly operational technology such as waste sensors, flood monitoring, and emergency communications.

Councils rely on these systems to deliver essential services and safeguard sensitive community information. When audit offices talk about technology risk, they are talking about whether rates payments, permits, library data, and staff records remain confidential, accurate, and available when they are needed.

This paper draws on evidence from audit offices, cyber authorities, and council strategy and post‑incident reviews. These sources focus on what actually failed, what controls were missing, and what had to change, rather than what was hoped would work.

Where case studies are used, priority is given to examples that clearly link an operational problem, a technology and governance response, and a measurable outcome.

The Structural Challenges

The various audit offices identified the following structural challenges.

Funding

Funding is genuinely constrained. Rate-capping in NSW and Victoria limits councils’ ability to raise revenue to invest in technology. Infrastructure backlogs, cost-shifting from state governments, and narrow revenue bases mean technology investment is almost always a trade-off. Long approval cycles, deferred upgrades, and pressure to select the lowest-cost option rather than best value are common outcomes.

Scale

Scale matters more than is often acknowledged. Large metropolitan councils may have populations exceeding one million and digital teams of dozens of specialists. Small and rural councils may serve a few thousand residents with a single IT generalist responsible for everything from systems to phones. Smaller councils struggle to evaluate vendor claims, negotiate contracts, or retain scarce skills. Larger councils face different challenges: coordinating change across business units, managing complex stakeholder environments, and working within industrial and organisational constraints.

Geography

Geography compounds these issues. Remote councils deal with unreliable connectivity, limited vendor presence, high support costs, and communities with lower digital literacy. These factors shape what is realistically achievable, regardless of aspiration.

State government

State government settings add further complexity. Councils must integrate with mandated state platforms for planning, emergency management, and reporting, often with limited funding or consultation. This reduces autonomy, creates integration overhead, and introduces ongoing dependency risks around data standards, identity, and system change.

Procurement

Procurement frameworks, while essential for probity and transparency, extend timelines and reinforce vendor concentration. A small number of providers dominate core council systems, creating lock-in through proprietary data structures, complex integrations, and high switching costs. Too many contracts lack strong exit provisions, clear data handover requirements, or practical transition planning, leaving councils effectively locked into long-term relationships.

Common Operational Problems

Cyber Security

Cyber security remains the most consistently reported technology risk across Australian and New Zealand audit offices. Findings repeatedly point to gaps in governance, incident readiness, staff training, and third-party risk management. Councils generally understand the importance of cyber security, but controls, oversight, and capability often lag behind the threat environment.

Legacy Systems

Legacy systems represent a compounding risk. Platforms that are decades old persist not because they work well, but because replacement is costly, risky, and disruptive. Over time, layers of customisation, undocumented business rules, and proprietary data structures make migration harder, increase cyber exposure, and limit the ability to deliver modern digital services.

Governance Gaps

Technology failures are frequently governance failures. Audit reporting consistently links unresolved control weaknesses to resourcing constraints, unclear accountability, and weak follow-through. Risk backlogs accumulate, spanning technology, finance, and service delivery, and remain unresolved for years.

Data Quality and Integration

Councils manage long-lived physical assets that must be represented accurately across finance, GIS, planning, and operational systems. Audit findings highlight persistent issues with inconsistent asset records, poor reconciliation, and siloed data governance. The result is conflicting sources of truth, manual workarounds, and reduced confidence in both financial and operational decision-making.

Capability and Change

Capability constraints are structural, not temporary. Councils face sustained difficulty attracting and retaining specialist skills, particularly in cyber security, data, cloud architecture, and service design. Gaps show up as incomplete policies, inconsistent controls, and limited training. Beyond technical skills, many councils lack change management capability, user experience expertise, and confidence in modern delivery approaches.

Digital literacy among elected members also varies, affecting the quality of oversight and decision-making around risk, investment, and delivery timelines.

Digital Inclusion

Digital-first services risk excluding those who cannot reliably access or use them. Rural connectivity gaps, affordability issues, disability access requirements, and the needs of Aboriginal and Māori communities all demand inclusive-by-design approaches. Digital inclusion is not a parallel concern; it directly shapes service outcomes and trust.

Amalgamations

Council amalgamations routinely underestimate technology complexity. NSW experience following the 2016 mergers shows that ICT integration can take many years, delay financial reporting, and consume significant organisational capacity. Consolidating systems, data, contracts, and teams during broader organisational change creates sustained risk and cost long after formal mergers conclude.

Conclusion

A decade of audit reporting shows that local government technology challenges in Australia and New Zealand are structural, not accidental. Funding constraints, uneven scale, geographic realities, state dependencies, and procurement settings consistently limit what councils can deliver and explain why the same risks recur over time.

The audits also make clear that technology problems are rarely technical in isolation. Cyber security failures, legacy system risk, poor data quality, and service disruption are usually symptoms of deeper governance, capability, and investment issues. Where risks persist, it is typically because councils lack the capacity or flexibility to address them, not because the problems are misunderstood.

Progress comes less from new platforms and large transformation programs, and more from disciplined attention to fundamentals: clear accountability, realistic investment decisions, sustainable operating models, and technology that is tightly aligned to service delivery. Councils that perform best focus on what is operationally achievable and build credibility through delivery rather than ambition.