Trust us - we know what we are doing. No phrase is more likely to elicit a belly laugh about the public service after two reports exposing widespread incompetence in its management of big IT projects.

The ministerial inquiry into Novopay catalogued a slew of bad decisions, and despite the ducking of ministerial responsibility by those who signed off the various stages of the project, it must also raise questions about Government oversight.

Equally concerning were the findings of an inquiry into information security after a blogger exposed security flaws in Ministry of Social Development self service kiosks.

That report revealed weak points in 12 of the 215 public accessible systems reviewed, suggesting the security and privacy of information held by them could not be guaranteed.

Assurances were given that none of those weak points led to unauthorised access to information.

But in the wake of mass ACC and Earthquake Commission privacy breaches, that is hardly reassuring. Neither is the fact that it took six months to release the report. The reason given was that the agencies concerned were working on their response.

Presumably, that was not to finesse the wording. The more likely reason is that that is how long it took to plug the gaps identified in the report. Given that the agencies involved included Corrections, the Education Ministry, Justice and MidCentral DHB among others, it was probably considered imperative to do so before the report went public and opened the door to more security breaches.

In the Novopay debacle, meanwhile, there was a catastrophic failure to learn from the mistakes of the past - notably the bungled police computer project, Incis, which was abandoned in 1999 at a cost of around $100 million.

The sorry nine-year history of Novopay is a picture of Ministry of Education managers ducking responsibility, lack of expertise and capacity, a failure to ask the right questions at every level - including ministerial level - and a shoddy process that meant key milestones and deadlines were missed without anyone raising the alarm.

It is also a tale of a ministry which appeared to suffer from over-confidence in its own capability, and which was consequently overwhelmed by the nature and scale of the problems when they occurred.

Politically, however, the crucial date is June 5, 2012, when Finance Minister Bill English, Education Minister Hekia Parata and Associate Education Minister Craig Foss were asked to approve the continuation of the project.

The inquiry lets the ministers off the hook by stating that they only did so because the June paper "misrepresented" the state of the project and gave assurances about payroll provider Talent2's readiness to proceed.

The ministry has apparently instigated employment action against two staff as a result.

But the questions over who should be held responsible must surely go wider than a couple of ministry staff, no matter how senior.

The Government's claim that there is no ministerial responsibility rests on the shaky platform that it was misled by the ministry's June paper that the project was in a fit state to proceed.

But that in itself is a staggering admission given the number of other agencies involved.

They include the State Services Commission, which sat on the project board. It has acknowledged that it "lost its detachment from the project" and its focus on "getting the project over the line" meant it "was not able to exercise its monitoring role properly". Yet the SSC also alerted former education minister Anne Tolley back in 2009 of escalating risks with the project and apparently never blew the whistle on the Ministry of Education blatantly misleading ministers.

Treasury and DPMC also had oversight roles. However apparently that did not extend to checking why key milestones were never met.

Both agencies told the inquiry they relied on the fact that SSC was the principal monitor for their assurance that everything was on track.

Meanwhile, it seems like everyone from the secretary of education down took greater comfort than they should have from the involvement of consulting firm PricewaterhouseCoopers, and were also confused about exactly what role they played. Ministers, meanwhile, apparently never raised any concerns with the secretary of education that reports to them were being signed off at a lower level. It seems that it was not even normal practice for the secretary of education to see briefings on Novopay before they went to the minister till after the system disastrously went live.

Tellingly, it seems there were plenty of people at various levels who thought the project might be in trouble. But none of them considered it was their job to raise the alarm, or take ownership of the problem.

That is particularly chilling.

The Government has embarked on a massive push to drag the public service into the digital age. We will be doing far more online as taxpayers and users of the public service in future, not less. Consequently more and more of our private information will be stored online - and increasingly will be shared between government agencies and across borders.

The message from Government ministers after the Novopay and MSD reports this week was that there will be no slowdown in the process. Yet public trust and confidence in the Government to keep peoples' private information safe must be at an all time low.

Given that the next big IT project in the public service is likely to be the Inland Revenue Department, and the nature of information it holds, the pressing priority must surely be to restore public confidence first.

Given that project is tipped to cost as much as $1 billion, ministers must also explain to the public how they let a $200 million project get away from them without any one of their officials raising the alarm.