Where Do Our Tax Dollars Go: A Case Study (Part 3) - "You Have My Job." The Unmanageables, Part I
This matter is currently before the Employment Relations Authority as a Personal Grievance. Everything I am sharing is drawn from documented evidence. I am living this now. Every claim in this article relates to matters that are documented and form part of those active proceedings. ERA proceedings are, in time, a matter of public record. In the interim, DIA holds the documentation. It is obtainable.
Part of the answer to how an institution ends up in the situation I described in Part 2 is the people it chooses to protect.
A few weeks before I started at DIA, my new Director, Andy James, invited me for coffee. This was before the Christmas break, before I had formally joined. We sat across from each other and Andy mentioned there were a few difficult people in the team. He said he had my back. At the end of the conversation, he offered me a hug.
That meeting was unusual in several respects. Most managers do not receive a personal invitation to coffee before their first day, accompanied by warnings about specific team dynamics and a display of physical familiarity from someone they have not yet formally worked with. It established a particular dynamic from the outset: a Director who had positioned himself as someone to trust personally, before the professional relationship had even begun. Whether that trust was warranted is something this series will continue to examine.
When I arrived on my first day in January 2025, Andy James pulled me aside. So did another senior leader. Separately, and then together, both of them told me the same thing: watch out for Simon Dannefaerd, Senior Technical Specialist, one of my direct reports. Aggressive. Confrontational. Challenging to manage. Andy told me that on his own first day at DIA, Simon had yelled at him.
Let that land. Two senior leaders. My first day in a new role. Warning me about a man who reported to me. From the very people who had the authority, the institutional knowledge, and the responsibility to have dealt with it long before I arrived.
They had not.
Simon was on leave that first week. When he returned, we arranged a one-on-one. He opened with: "What have people told you about me?" His second statement was: "You have my job."
He had applied for my position as an internal candidate. He had not been selected. He then described the process modellers and business analysts in the team as "useless." That was how he chose to begin a professional relationship with the person responsible for his employment.
I redirected the meeting. I asked the same questions I had asked every other team member. I kept it professional. I documented it.
What followed over the next weeks was exactly what Andy had described, and then considerably more.
Simon interrupted me in meetings before I could finish sentences. He challenged decisions in front of others without context or evidence. In a meeting I had scheduled to discuss his deliverables, he invited an external contractor into what should have been a private one-on-one, without my knowledge or permission. He excluded me from vendor conversations while I remained accountable for their outcomes. He refused to provide updates on his work. He withheld technical information I needed to do my job. He treated every meeting as an opportunity to establish his own authority rather than deliver anything at all.
The impact of this environment was not limited to the two people who eventually filed formal complaints. Others on the team experienced this dynamic daily. The complaints that were formally filed represent the documented record. They do not represent the full picture of what that team went through.
When I tried to obtain information he was withholding, I was told by others in the infrastructure team that it was simply "Simon's area." A government platform used by over forty agencies had become one person's private territory, and those around him had largely accommodated it. I documented every incident. I reported the pattern in writing to Andy James within weeks of Simon returning from leave.
Andy acknowledged it. And then he made a suggestion.
He proposed that I sit down with Simon and address the behavioural concerns formally, in a one-on-one. The explicit purpose, as Andy framed it, was to create a paper trail. A documented record of Simon's conduct and my professional response to it. He said that if he attended the meeting with me, it would look like escalation. We just needed the trail, he said.
Before I agreed, I asked Andy James a straightforward question. I asked whether it was safe for me to do this alone.
His answer, in substance: don't worry, he's all talk.
So I went alone. I came prepared, professional, and specific. I told Simon I had received feedback from stakeholders, both inside DIA and externally, that some of his behaviours were making people uncomfortable. I gave examples. I said I was there to understand his perspective and to help.
He demanded to know who had given the feedback. He challenged every example. And during that same meeting, he continued demonstrating the very behaviours I had described.
I documented everything I could recall and sent my notes to Andy James the same day. That was the paper trail Andy had asked me to create. What followed from DIA in response to it was, in substance, nothing.
Then came the incident that shifted something permanently.
During a one-on-one online meeting, Simon yelled at me. He refused to discuss his health or workload. He said, "Change the topic or I will hang up," and terminated the call while I was still speaking. I broke down crying. I logged off. I could not work for the rest of that day.
Within weeks of that incident, I began to hear from colleagues that Simon had been telling people I had caused him a medical event. He had experienced a single documented workplace incident during the year. That incident was now being retold in conversations I was not part of, with me reframed as the cause.
The sequence of events as described by Simon raised questions that any thorough investigation would have sought to verify through available evidence. I formally asked the investigator to obtain CCTV footage from DIA that would have been relevant to the account given. That request was acknowledged. After that, it was never raised or discussed again. No footage was ever produced.
No ambulance was called in connection with any of the incidents Simon described. In a workplace context, calling emergency services when someone experiences a medical episode is standard protocol. The absence of any such record across all of the incidents raised is a documented gap.
What I can tell you is this: when I raised concerns about the impact this environment was having on my own health, HR asked me to provide documented medical evidence. I did. GP letters, blood pressure records, documented panic attacks. The same requirement was not applied to Simon's claims about the impact I was allegedly having on his health.
One party was required to prove their health was deteriorating. The other was not.
It was also reported to me during this period that Simon had been making observations in conversations with others about my ethnicity and gender. He had apparently noted, in passing, that he could not say anything to me because he was, in his own words, a "big white man" and I was a "little Indian woman." I was not present when he said this. I am reporting what was reported to me.
When I shared this with Andy James, here is what he sent back to me, in writing, on WhatsApp:
"We'll box that little prick off, fear not. Girl Power. Tell him you identify as a white man, for shits and gigs. Can you imagine his ginger little head work that out."
Read that once more, slowly.
My Director's written response to a racially framed comment made by a member of my team, about my ethnicity, was to suggest I respond by claiming to identify as white, described as something to do "for shits and gigs," accompanied by a mockery of Simon's physical appearance.
This is the same Andy James who, months later in a formal meeting with HR present, told me I had taken that comment completely out of context. I asked him directly what he thought Simon had meant by saying he could not challenge me because he was a big white man and I was a little Indian woman. He did not answer. I asked again. Still nothing.
When the same person says one thing in a private message and the opposite thing in a formal meeting about the same incident, what does that tell you about the reliability of what they say in formal meetings?
Those WhatsApp messages later became the subject of a formal DIA investigation into Andy James's own conduct. They are documented. They are part of the formal record. They are in the ERA file.
Now let me tell you what Simon Dannefaerd was actually being paid to do, and how that holds up against the evidence.
His title was Senior Technical Specialist. His role was to be DIA's technical authority for the ARIS platform, a business process management system used by over forty government agencies and more than two hundred users across New Zealand's public sector.
It was later confirmed in writing by Software AG, the company that builds and owns ARIS (now rebranded as ARIS Group), that Simon Dannefaerd had never received formal ARIS training from the vendor. Not a course. Not a certification. Not a structured programme from the people who actually created the system he was being paid to technically lead.
This is the same person who, when I requested that a team member receive administrative access to ARIS as a standard oversight measure, raised fierce objections. He cited the risk of data loss and system instability. He told my team member directly - "You are not allowed to go into the system unless I have trained you. If anything goes wrong with the system, it's on you."
A person who had never been formally trained on a system was threatening a colleague with personal liability for accessing that very system.
Why would someone raise such urgent objections to independent visibility into a system they claimed to manage with expertise? What exactly required protecting?
When a system has no audit trail, when event logs are truncated, when the person responsible actively resists independent review by the vendor, by management, and by colleagues, the question is not just what was found when the review eventually happened. The question is what a review might have found if it had been allowed to happen sooner, and why that prospect was apparently so concerning.
Now here is where the security argument collapses entirely.
When ARIS was first brought into DIA, it had not undergone Certification and Accreditation. C&A is the formal government security assurance process that any technology system operating in a public sector environment is expected to complete before it goes into production. It is not optional. It is not a formality. It is the documented process by which an institution satisfies itself that a system is secure enough to be trusted with government data.
ARIS was brought in without it. That decision was documented. It was signed off at a senior level on the recommendation of the team responsible at the time, with the risk characterised as minimal. As of my last day in that role, the accreditation had still not been completed, and the system was being used by over forty government agencies.
Who signed that off? What due diligence was undertaken? What was the documented rationale for the minimal risk assessment? These are not rhetorical questions. They have documented answers. They are the kind of questions that can be put to DIA through an OIA request.
Let that sit alongside the claim that giving a team member administrative access to the system would create a security risk.
The same people who blocked independent access on security grounds had presided over a system with no formal security accreditation, sitting on cloud infrastructure outside New Zealand, with a testing environment running on an external contractor's tenant, outside the DIA environment, without formal documentation, and without the knowledge of the forty-plus government agencies whose work depended on it.
So what exactly were they protecting? It was not security. Security, as a formal institutional commitment, does not appear to have existed.
Simon also told senior leaders and stakeholders, that ARIS APIs did not work. This influenced planning decisions and shaped how the platform's capabilities were understood at leadership level. It was later established that the APIs had never been configured, never been requested, never been attempted. They could not have been verified as non-functional because no one had ever actually tried to make them work.
When I pushed for an independent health check of the system, Simon raised objections at every stage. He claimed in writing that DIA's legal team had previously advised such a check could not proceed due to constraints in a relevant MOU. No legal advice was ever produced. No documentation appeared. When asked directly, nothing came.
I want to say something here from my own professional experience. I have worked across multiple organisations, multiple countries, and multiple technology environments over the course of my career. I have never, not once, encountered a situation where a legal team had any meaningful say in whether a routine IT health check could proceed. Health checks are standard operational practice. They are how responsible technology teams verify that systems are functioning as intended. If someone can help me understand the circumstances under which a legal team would block one, I am genuinely interested. Because in my experience, that is not how any of this works.
If legal advice of that nature was provided to DIA, where is it? If it was not provided, what was the basis for the claim?
The health check eventually went ahead because I refused to give up doing the right thing given the role I had in DIA at the time. It found that the system tenant was undersized for the scale of use, event logs were truncated with no audit trail, there was no separate test environment within DIA, approvals were being handled manually outside the tool with no in-system record, collaboration features had been disabled, and there were significant gaps in administrative competency.
This is the state of a platform used by forty government agencies, under the stewardship of a Senior Technical Specialist drawing a salary toward the upper end of a band sitting between approximately $100,000 and $150,000 per year.
There was also the matter of how the vendor relationship was being managed.
Simon had been communicating directly with Software AG without authorisation, making representations about DIA's position in ways that bypassed management entirely. He did not inform me. He did not inform Andy James.
It was claimed, through intermediaries, that certain training materials within the ARIS system represented Simon's own intellectual property. Not DIA's. His. It is worth being precise about what that claim means legally. Any intellectual property created by a public servant in the course of their employment ordinarily belongs to the employer, not the employee. That is not a grey area. It is also work that would ordinarily be done with the employer's knowledge and formal approval. The fact that this claim was being made at all, and that it was being used to justify restricting access to a government system, is the kind of thing that in any well-governed organisation would trigger an immediate independent review of the system by an external expert. Not a review conducted by or filtered through the person making the claim. An independent one. That review was precisely what was being resisted.
There is a related question about the New South Wales Government. It was represented that Simon had worked with NSW as part of the origin story of this system's adoption in New Zealand. To my knowledge as the manager accountable for the platform, NSW had not been an active user of this system for some years at the time I held this role. The nature and currency of that working relationship would be straightforward to verify.
Among the formal allegations Simon eventually lodged against me was a claim that I had breached his privacy by disclosing his health condition.
I want to address this directly, because the record is extraordinarily clear.
Simon Dannefaerd disclosed his own medical condition. He discussed it openly with colleagues. And in 2011, fourteen years before he lodged his privacy complaint against me, he published it himself, in a written review, on a public New Zealand wedding services website. In that review, posted under his own full name, he described his condition while praising a photographer for accommodating his needs during his wedding.
The review is still online. It was posted under his full name on a public New Zealand wedding services website in 2011 and it is there today.
The privacy complaint against me was built on the premise that I had disclosed something private. The information in question was publicly self-disclosed, in writing, under his own name, and has been sitting on the internet for over a decade.
You cannot have it both ways.
During this same period, one of the most capable and high-performing colleagues I have worked alongside in my career was experiencing her own version of this treatment. It began as refusal to collaborate and refusal to provide training. As she grew into her role and began clearly articulating what she was witnessing, the conduct toward her escalated. She eventually filed her own formal complaint about his bullying behaviour. After a period during which she too was told that conversations were happening and things were being addressed, and during which nothing changed, she went to HR directly and told them they needed to take her complaint formally.
They did.
Her formal complaint was accepted. It was acted upon. She too has a personal grievance before the Employment Relations Authority.
Around this same time, I broke down at work. I told her that DIA was not allowing me to make a formal complaint. That after five months of documented escalations, formal emails, and HR meetings, I still could not get my concerns formally recorded. She laughed. She genuinely thought I was joking. Because how, she said, could a department refuse to formally take a bullying complaint from a manager who had been raising concerns in writing for five months?
She was not laughing because it was funny. She was laughing because it was incomprehensible.
From early in the year, the HR advisor managing my case had steered me toward an informal pathway. I was told that the formal investigation process was so lengthy it might adversely affect my own mental health. The informal process was presented as being in my interests. No one explained clearly how long it would last, what it would produce, or what would happen if it produced nothing. When my colleague came forward with similar concerns about the same person, the HR advisor acknowledged to me that she was aware this kind of situation had arisen at DIA before. And still, no formal process was initiated for my complaint.
I was not permitted to submit a formal complaint until after I had gone on medical leave.
Read that again. I, as a manager, had to go on medical leave before I was allowed to formally raise a bullying complaint about a member of my own team. That is the sequence. That is what the informal pathway produced after five months.
In the formal meeting eventually held to address my complaint, I was told by Andy James and the HR senior advisor that there would be no investigation. The decision had been made on the basis of conversations held with Simon, conversations I had no visibility into. No witnesses would be spoken to. No formal findings would be made. The meeting then shifted focus to concerns about my own emotional state, raised by Andy James, which had not appeared on the meeting agenda I had been sent.
At one point in that meeting, the HR senior advisor told me that if I refused to attend mediation with Simon, they would be forced to choose between the two of us. I asked what would happen to my complaint if I left DIA. The response was that since there was no formal investigation, there would be nothing to follow up on once I was no longer employed there. It was an internal matter.
I thanked her for clarifying that. Months later, they continued their investigations into me even after DIA had dismissed me.
Neither I nor the colleague who filed a similar complaint about the same person have ever received notes from the HR meetings held in relation to our complaints, despite multiple formal requests from both of us. The meetings took place. Decisions were made in those meetings that affected both of our employment. The records of those meetings have not been disclosed. If they exist and are produced at a later stage in these proceedings, the question of why they were withheld despite repeated requests will need to be answered. If they do not exist, that is a different kind of answer.
HR had, some weeks earlier, suggested I begin Employee Assistance Programme counselling. I attended those sessions. My EAP counsellor provided a clear professional assessment: I should not be in a working environment where the person identified as the source of the bullying remained connected to me through the direct reporting line. I documented that assessment. I sent an email to HR and to Andy James. I raised it verbally with Andy. I asked for the reporting arrangement to be changed.
Nothing was done.
The Health and Safety at Work Act 2015 places obligations on employers to protect workers from harm, including psychosocial harm. Those obligations are not optional. They do not disappear when they are inconvenient. I would like DIA to explain publicly how they reconcile those obligations with their decision to leave a documented professional recommendation unactioned, and to keep me in a working arrangement that a qualified counsellor had identified as harmful.
Was this an oversight? Or was it a choice? Because the distinction matters enormously, including under that Act.
My physical health did not survive the question. By late May, my blood pressure had spiked dangerously. My GP advised immediate rest and provided written documentation. I was experiencing sustained anxiety, panic attacks, inability to sleep, and, in at least one meeting, nausea and vomiting brought on by accumulated distress. I had arrived at DIA as a healthy, functioning professional. What that environment produced in six months is in my medical records.
There is something I want to say that goes beyond my own situation, and I want to say it plainly.
People die because of workplace bullying. This is not rhetorical. It is documented fact. There are cases on record, including cases involving professional women from South Asian backgrounds working in countries with strong institutional reputations, where the combination of sustained harassment, institutional failure, and isolation has produced outcomes that no subsequent inquiry or public statement can undo. In those cases, as in so many others, the institution found its language only after the worst had already happened. The review was convened. The statements were issued. The policies were updated. And the person who needed protecting was already gone.
We keep waiting for the worst before we name the problem. We wait until the outcome is irreversible, and then we express concern. I am still here. I am able to write this. But I want anyone who has been where I was in those months to know that what I experienced was not a management disagreement. It was not a personality clash. It was a sustained, documented pattern of conduct that caused measurable physical harm, drove an excellent colleague out of the organisation, and was met at every turn by an institution that had the power to act and chose not to.
Now I want to put two comparisons side by side and let them speak for themselves.
When Simon Dannefaerd's conduct was raised formally with DIA, across five months of documented written escalations, HR meetings, and formal complaints, the response was an informal pathway. No investigation. No external examiner. No terms of reference. I was told repeatedly that the formal process was too lengthy, that mediation was the appropriate route, that things were being handled. They were not handled. At the end of five months, there was no investigation, no findings, and no change in Simon's employment status or conduct.
When Simon Dannefaerd lodged a formal complaint against me, on the same day I was placed on special leave, the response was immediate. An external investigator was appointed. Full terms of reference were created. A formal process was commenced without delay.
Now the second comparison.
When a high-performing team member formally raised concerns about Simon's bullying behaviour, after a period during which she was also told conversations were happening and things were being addressed, she went to HR and told them they needed to take her complaint formally. They did. Her complaint was accepted and formally progressed.
When I raised the same concerns about the same person, across five months of documented formal records, the answer was no. Not yet. Informally. Let's try mediation.
What is the difference between that team member and me, you ask?
That is a good question. It is the same question I have been asking since the day I broke down in that office and she laughed because she genuinely could not believe they were refusing to formally take my complaint.
I would also note that I submitted a detailed ethics and integrity complaint, with supporting evidence about conduct toward external vendors, representations made to senior leaders about system capabilities, and the governance risks created across a platform used by forty government agencies. I have not received any confirmation that this complaint was formally investigated or that findings were made. If it was investigated and I was simply not informed, I would welcome DIA making those findings public.
Here is what the taxpayer paid for across this period, and the full picture is considerably worse than two salaries.
Simon Dannefaerd drew a salary toward the upper end of a band sitting between approximately $120,000 and $150,000 per year, to be the technical authority for a platform the vendor's own health check found to be ungoverned, unaudited, and administratively deficient. The person who had been aware of his conduct throughout and had not raised concerns was drawing somewhere between $100,000 and $120,000 per year. Their combined annual cost to the public purse approached a quarter of a million dollars.
While those salaries were being paid, the work they were supposed to cover was not being delivered. So DIA brought in contractors to fill the gap.
I will not state what those contractors were paid. That is information any member of the public can obtain through an OIA request. What I will say is that the contractor rate was substantially higher than the hourly equivalent of either permanent salary. You effectively had four people doing the work that two were employed and paid to do, with the two additional people costing more per hour than the permanent employees they were supplementing, over a sustained period.
That is your double dipping. And given the rates involved, it is considerably more than double.
The test environment for a system used by forty-plus government agencies was not sitting within DIA's own secure infrastructure. It was sitting on an external contractor's tenant, outside the DIA environment, without formal documentation, and without the knowledge of the agencies whose work depended on it. The whole arrangement operated on a system that, as of my last day in that role, had never received formal security Certification and Accreditation from the time it was brought into DIA, four years prior.
How this arrangement came to exist, who approved the various decisions around it, and what the relationships between the parties involved looked like over time will be examined in a later part of this series.
I want to end with some questions directed at the Public Service Commission.
The PSC recently implemented a refreshed Code of Conduct for the New Zealand public service. Why was there a need to create it? And how much did it cost? That Code sets out expectations around integrity, conduct, and how public servants are required to behave toward each other and toward the public. It is a real document with real obligations attached to it.
The Code may be new, but the problem is not. So here are my questions:
Why has no government agency ever been required to publicly report how many bullying complaints were raised, investigated, and substantiated?
Why is there no publicly accessible data on who complains, who gets investigated, and who keeps their job?
Why does the public have to fund both the salaries of people whose conduct drives colleagues out of the workplace, and the cost of replacing the work those colleagues were no longer doing?
Why does it take a dismissed employee writing a public article series to ask these questions, when the data exists across every HR system in every public sector agency in this country?
And perhaps most importantly - if a Code of Conduct exists but produces no measurable outcomes, no public reporting, and no accountability, what exactly is it for?
The data to answer those questions exists. It sits across HR systems, investigation records, exit interview responses, and payroll data across every public sector agency in this country. It is not collated. It is not reported publicly. It is not presented to Ministers, to Select Committees, or to the New Zealanders whose taxes fund every salary, every investigation, and every contractor brought in to cover work that was not delivered.
Until that data is gathered, translated, and placed in front of the public in a form they can actually understand, no one can honestly claim to know the real cost of bullying in New Zealand workplaces. Not the human cost. Not the financial cost. Not the institutional cost of looking away.
The data is all there. Why is it not being collected and shared?
