The audit management team decided to extend the audit subject to public spending for the preparation of the Polish Election Bureau for presidential and parliamentary elections in 2015. The audit will probably finish at the end of March 2015. Only then its results will be made public along with NIK’s recommendations for auditees.
The Internal Security Agency (ISA) presented the Supreme Audit Office with the preliminary analysis of IT incidents related to the system used by the Polish Election Bureau. The analysis documentation from ISA has been incorporated into the audit files. NIK will use it while drafting the final report. NIK has also received documents from the Polish Election Bureau concerning , among other things, IT tenders which finally led to the appointment of the election system provider. The documents delivered to NIK are reviewed in NIK headquarters to make sure employees of the Polish Election Bureau could focus on performing their duties related to local government elections.
NIK already audited the Polish Election Bureau in 2003 in terms of public spending for IT support of local government elections. The NIK audit at that time revealed a lot of irregularities and mistakes made at the planning stage and also as regards the IT project organisation, management, financing, software production and configuration of the IT system.
Errors in the previous election supporting system (based on expertise of 2003):
According to IT experts hired by the Supreme Audit Office, direct causes of the IT system inefficiency were technical errors in terms of:
- selection of programming tools,
- adopted development solutions,
- software source code,
- central database configuration.
The experts believe that each of these errors – along with the absence of remedy procedures – could have led to the system failure.
In particular, the fundamental error was communication between the central system and local subsystems by means of defective mechanisms (P4GL package), without simultaneous use of structured access to the central database, provided by relevant software.
According to the IT experts, the P4GL tool was not provided with complete, professional documentation enabling software engineers participating in the project and designing programmes in P4GL to get familiar with the way the programme operates in the target environment.
Errors were also identified in the programming tool P4GL. The experts also pointed to the improperly developed configuration of the central database DB2. The DB2 database developer recommends experimental selection of database parameter values, tailor-made to each database user and to the system load typical for the system. The selection of parameter values was not possible because no representative tests of the system capacity were made.
Other errors were detected in applications handling communication processes between field election commissions and the central system, which significantly influenced the system capacity. Above all, the applications improperly handled and responded to the input data.
The ill-configured database, not very well known and untested tool used to handle communication, cooperating with defective communication applications resulted in the system slowdown.
Further reduction of the system capacity was caused by ineffective and repeated attempts of the system users to communicate with the central system. The chaos was deepened by the absence of clear information on the existing communication problems and on the procedures users could resort to in such situations.
Regardless of errors in the software which was not verified by the inspection of the source code, the testing of full configuration of the system was also abandoned, including its capacity in particular. It should be emphasised at the same time that the system documentation did not even include any superficial analysis of potential system load. According to the IT experts this is a breach of elementary principles of software engineering.
The decision to stop testing the system was taken by the Head of the Election IT Support Team (he said it was for economic reasons). When concluding contracts no attempt was even made to negotiate the conduct of capacity tests with contractors.
According to NIK, the absence of any emergency procedure in case of the central system breakdown and the decision not to conduct capacity tests were against the integrity and sound management principles.
