Over the Christmas holiday period, the ATO quietly released PwC’s report into its December 2016 digital meltdown. This is almost a year on from appointing the big four firm to investigate the outages. Accountants Daily understands the ATO has had the final report since October last year, and initial findings since May last year.
The exact cause, or combination of causes, of the failure could not be determined, creating a “residual risk” of further downtime, PwC said.
The ATO has been advised by business owners that data reconciliation efforts have been successful, PwC said, consistent with the tax office’s commitments throughout periods of extended outages. However, in some cases, full restoration of data reconciliation remains ongoing.
PwC also said it wasn’t handed evidence of total readiness for an outage of the scale and scope experienced, and found early indications of a looming failure weren’t effectively addressed.
“The storage area network (SAN) service provider had not taken effective action on pre-incident ‘warnings’. Analysis of SAN log data for the six months preceding the incident identified indications of potential issues with the SAN similar to those experienced in the December 2016 outage,” PwC said.
“Whilst the service provider had taken some actions in response to these indicators – including the replacement of specific cables – errors continued to be reported that indicated these actions did not resolve the potential SAN stability risk,” PwC said.
The big four firm has made significant recommendations to mitigate risk of a repeat, including strengthening the ATO’s technical expertise and understanding of infrastructure design.
“Strengthening these capabilities will not only contribute to overall improvements in infrastructure resilience, but will also form a key building block for the effective transition to future infrastructure models (i.e. cloud),” the report said.
PwC acknowledged that the ATO acted as quickly as possible to respond to the outages, and restore services.