Between 2006 and 2007, the National Agricultural Technology Institute (INTA, for its acronym in Spanish) has developed a project called the Structuring Plan, aimed at assessing the situation of computer systems and, on that basis, measures to take in the future. However, a report from the General Audit Office (AGN, for its acronym in Spanish) revealed that until 2011 "no relevant actions were taken" and that the initiative was developed with "many shortcomings."

On that projection, which now is a decade old, the Watchdog said that "their goals are not backed plans indicating how the objectives will be achieved", and that, specifically, "no detail in time, resources and costs involved."

"Much of the goals outlined in the Plan designed between 2006 and 2007 have not been met so far in this report," concludes the audit, which adopted its survey in October of last year.

INTA is one of the state agencies with more presence throughout the national territory, with offices in five ecoregions (NOA, NEA, Cuyo, Pampas and Patagonia). Along with a headquarters, 15 regional centers, five research complex, 50 experimental stations, 16 schools, more than 300 extension units and two private entities of its own creation: Intea SA and ArgenINTA.

In such a universe, and in the case of an entity designed to improve agriculture through technological development, the idea of Structuring Plan was to achieve 420 points interconnecting network with permanent service availability.

But the "limitations" emphasized by the Audit cautioned from planning and human resources.

With regard to personnel, the report tells us that even the headquarters of the Institute has a "lower provision to cover basic needs for management positions in Information Technology (IT)". While within the country, "the structure of computers is insufficient."

Likewise, lack of staff is not the only drawback: on the management of human resources, the AGN says that "the wages offered by INTA are below the market level, which makes the entry and retention" technical, "in a labor market which is usually provided mostly of suitable employees, in many cases non-professional, but specialized in technology, with high levels of remuneration."

The report adds: "The Institute has a limited scheme to generate new jobs, so it comes to recruitment in the form of trainees; they do not generate stable situations. It also lacks a retention policy. "And, to add one more element to this instability, the "lack of approval of a formal structure to lower IT manager positions," it noted.

Another finding of the audit, regards to employees, INTA does not preserve the software intellectual property developed behind closed doors "because it has not signed a document with developers (establishing) compliance.”

As for planning, the AGN revealed that the entity dimensioned network traffic (over 7000 users) "without taking into account existing applications developed in the various units of INTA and that, if proven its usefulness, should adopt it for corporate", i.e. used in all offices.

"There are units that have developed systems and which are not known at headquarters," delves research and, while acknowledging that "we are starting a project to centralization" was detected that the process "is in its initial stage."

This kind of disconnection is also evidenced by the fact that "there are software development and facilities that do not have the supervision of the IT department, which affects internal control. And the ownership of data and systems is not formally defined."

Moreover, the audit noted that, when buying equipment and inputs, the INTA "lacks a formulated procedure for establishing, modifying and terminating contracts with suppliers, including the responsibilities and financial and organizational obligations.”

However, once the equipment is purchased, it should place them in offices and get them started. But on this the report listed: "There are three processing centers (in three different buildings) that do not meet adequate physical security requirements for storing information. No contingency plan. At headquarters shortcomings such as lack of procedures were found responsible for authorizing access to the computer center, fire extinguishers are deposited on the floor, there are flammable materials, and the smoke detector is in maintenance. In addition shortcomings were observed in the power supply systems, which pose serious risks."

Hopefully It Does Not Crash

Another important safeguard to consider if it's computers we are talking about is related to the stability and continuity of the so called "system". However, the auditors noted that "there is no business continuity plan of IT services designed to reduce the impact of the disruption of critical processes.

The Institute is not prepared to risk of unforeseen that could cause service interruption or data loss" events. Moreover -says the research- "security functions are handled by a single officer, which must meet a projected network of approximately 420 points and over 7,000 users.

There are accounts created with more than six months of inactivity whose owners never accessed the network. Among other observations, it notes that there is no contingency plan covering computer vulnerability. "

On Maturity

It was mentioned that in the first five years of the Structuring Plan there had been no significant progress.

In this regard, the Audit explains that since 2011 it began to receive financing from the Inter-American Development Bank (IDB) and the International Bank for Recovery and Development (IBRD-World Bank) with which it was intended eventually to arm the corporate network by the end of 2013, under the Provincial Agricultural Services Program (PROSAP). On the last stage of the initiative, the report says, "when the field work, was being met with approximately 78% of the stated objectives."

To conduct their research, the AGN was supported by a "Generic Maturity Model" that allowed it to measure the work of the Institute.

After all these findings, and based on that model, the watchdog concluded that IT management processes at INTA have two levels of maturity.

On the one hand, the "initial" stage in which the Institute acknowledges the existence of a problem, and the need to deal with it, but there are no standardized processes to solve them, approximations are applied individually or case by case. 

While the other level is called "Repeatable" it means that the processes have evolved and are executed in the same way by different people, but there is no formal training or trust in the knowledge of the individuals who develop tasks.